Cleanup rootshell, add better setup/testing to install script

EFForg · Jul 23, 2024 · 505767e · 505767e
1 parent a29e7e4
commit 505767e
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 7 deletions.
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -63,7 +63,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
       - name: Fix executable permissions on binaries
-        run: chmod +x serial-*/serial rayhunter-daemon
+        run: chmod +x serial-*/serial rayhunter-daemon/rayhunter-daemon
       - name: Setup release directory
         run: mv rayhunter-daemon/rayhunter-daemon rootshell/rootshell serial-* dist
       - name: Archive release directory

diff --git a/dist/install-common.sh b/dist/install-common.sh
@@ -9,6 +9,7 @@ install() {
     force_debug_mode
     setup_rootshell
     setup_rayhunter
+    test_rayhunter
 }
 
 check_adb() {
@@ -24,13 +25,17 @@ force_debug_mode() {
     echo "$SERIAL_PATH"
     "$SERIAL_PATH" AT
     echo -n "adb enabled, waiting for reboot"
+    wait_for_adb_shell
+    echo "it's alive!"
+}
+
+wait_for_adb_shell() {
     until adb shell true 2> /dev/null
     do
         echo -n .
         sleep 1
     done
     echo
-    echo "it's alive!"
 }
 
 setup_rootshell() {
@@ -58,5 +63,27 @@ setup_rayhunter() {
     adb shell '/bin/rootshell -c "cp /tmp/misc-daemon /etc/init.d/misc-daemon"'
     adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/rayhunter_daemon"'
     adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/misc-daemon"'
-    adb shell '/bin/rootshell -c "/etc/init.d/rayhunter_daemon start"'
+    echo -n "rebooting, this may take a sec..."
+    adb shell '/bin/rootshell -c reboot'
+    sleep 15
+    wait_for_adb_shell
+    echo "rebooted successfully!"
+}
+
+test_rayhunter() {
+    URL="http://localhost:8080"
+    adb forward tcp:8080 tcp:8080
+    echo -n "checking for rayhunter server..."
+
+    SECONDS=0
+    while (( SECONDS < 30 )); do
+        if curl -L --fail-with-body "$URL" -o /dev/null -s; then
+            echo
+            echo "success! you can access rayhunter at $URL"
+            return
+        fi
+        sleep 1
+        echo -n "."
+    done
+    echo "timeout reached! failed to reach $URL, something went wrong :("
 }
diff --git a/rootshell/src/main.rs b/rootshell/src/main.rs
@@ -1,17 +1,21 @@
 //! a simple shell for uploading to the orbic device.
 //! 
-//! It literally just runs bash as UID/GID 0 
+//! It literally just runs bash as UID/GID 0, with special Android GIDs 3003
+//! (AID_INET) and 3004 (AID_NET_RAW).
 use std::process::Command;
 use std::os::unix::process::CommandExt;
 use std::env;
 
-use nix::unistd::{Gid, Uid};
+use nix::unistd::Gid;
 
 fn main() {
    let mut args = env::args();
 
-   nix::unistd::setegid(Gid::from_raw(0)).expect("setegid(0) failed");
-   nix::unistd::seteuid(Uid::from_raw(0)).expect("seteuid(0) failed");
+   let gids = &[
+      Gid::from_raw(3003), // AID_INET
+      Gid::from_raw(3004), // AID_NET_RAW
+   ];
+   nix::unistd::setgroups(gids).expect("setgroups failed");
 
    // discard argv[0]
    let _ = args.next();