-
Notifications
You must be signed in to change notification settings - Fork 1
/
service.backup
90 lines (75 loc) · 3.13 KB
/
service.backup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# YayServiceScriptYay
# backup if we need to adjust how to apply certs
MODDIR=${0%/*}
# wait for boot to complete
while [ "$(getprop sys.boot_completed)" != 1 ]; do
sleep 1
done
# ensure boot has actually completed
sleep 5
# if android 34 or above, use new way to install custom root CAs
# credit: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
yayandroidversionyay=$(getprop ro.build.version.sdk)
if [ $yayandroidversionyay -gt 33 ]; then
# create temp dir
mkdir -p -m 700 /data/local/tmp/yaytmpcayay
# copy system CAs
cp -f /apex/com.android.conscrypt/cacerts/* /data/local/tmp/yaytmpcayay/
# mount temp directory into memory
mount -t tmpfs tmpfs /system/etc/security/cacerts
# copy system CAs into old CA directory
cp -f /data/local/tmp/yaytmpcayay/* /system/etc/security/cacerts/
# copy user CAs into old CA directory
cp -f /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts/
# update permissions
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
fi
yaymountedyay=0
while true; do
# check if frida-server is running
yayfridapsyay=$(ps -A | grep frida-server | grep -v busybox)
# if the frida-server is not running, start it
if [[ -z $yayfridapsyay ]]; then
frida-server &
fi
# move the certs if wifi is connected and android version is at least 34
if [ $yayandroidversionyay -gt 33 ]; then
if [ "$yaymountedyay" -eq 0 ]; then
# get wifi card
yaywificardyay=$(ip link show | grep wlan | cut -d " " -f2 | cut -d ":" -f1)
yaywehaveanipyay=$(ip address show $yaywificardyay | grep inet)
# output is not empty
if [[ ! -z "$yaywehaveanipyay" ]]; then
# we are connected to a wifi network
# time to move certs
# get zygote processes
ZYGOTE_PID=$(pidof zygote || true)
ZYGOTE64_PID=$(pidof zygote64 || true)
# mount old CA directory into newly spawned process from zygote
for Z_PID in "$ZYGOTE_PID" "$ZYGOTE64_PID"; do
if [ -n "$Z_PID" ]; then
nsenter --mount=/proc/$Z_PID/ns/mnt -- \
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts
fi
done
# mount old CA directory into all already running zygote processes
APP_PIDS=$(
echo "$ZYGOTE_PID $ZYGOTE64_PID" | \
xargs -n1 ps -o 'PID' -P | \
grep -v PID
)
for PID in $APP_PIDS; do
nsenter --mount=/proc/$PID/ns/mnt -- \
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts &
done
wait # Launched in parallel - wait for completion here
# we ran mounted
yaymountedyay=$((yaymountedyay + 1))
fi
fi
fi
#loop every 5 seconds
sleep 5
done