diff --git a/build.py b/build.py index 980ac29..0617ce1 100644 --- a/build.py +++ b/build.py @@ -83,6 +83,7 @@ def getLastGithubRelease(yayrepoyay): zip_object.write('./META-INF/com/google/android/updater-script') zip_object.write('./system/etc/security/cacerts/yayplaceholderyay') zip_object.write('./system/bin/yayplaceholderyay') + zip_object.write('./data/local/tmp/yaytmpcayay/yayplaceholderyay') zip_object.write('./module.prop') zip_object.write('./post-fs-data.sh') zip_object.write('./service.sh') \ No newline at end of file diff --git a/data/local/tmp/yaytmpcayay/yayplaceholderyay b/data/local/tmp/yaytmpcayay/yayplaceholderyay new file mode 100644 index 0000000..6940c8c --- /dev/null +++ b/data/local/tmp/yaytmpcayay/yayplaceholderyay @@ -0,0 +1,3 @@ +yayplaceholderyay + +temp area to store root CAs \ No newline at end of file diff --git a/module.prop.gold b/module.prop.gold index d02cb0a..1751493 100644 --- a/module.prop.gold +++ b/module.prop.gold @@ -1,6 +1,6 @@ id=YayPentestMagiskModuleYay name=YayPentestMagiskModuleYay -version=1.1 -versionCode=2 -author=Yogehi +version=1.7 +versionCode=8 +author=Yogehi / Malicious Erection LLC description=Magisk Module to configure a device specifically for pentesting \ No newline at end of file diff --git a/post-fs-data.sh b/post-fs-data.sh index cbbef59..9a3ca31 100644 --- a/post-fs-data.sh +++ b/post-fs-data.sh @@ -4,21 +4,26 @@ MODDIR=${0%/*} # copy certificates from User Store to System Store -cp -f /data/misc/user/0/cacerts-added/* $MODDIR/system/etc/security/cacerts -chown -R 0:0 $MODDIR/system/etc/security/cacerts +yayandroidversionyay=$(getprop ro.build.version.sdk) -[ "$(getenforce)" = "Enforcing" ] || exit 0 +if [ $yayandroidversionyay -lt 34 ]; then + # android version is 33 or lower + cp -f /data/misc/user/0/cacerts-added/* $MODDIR/system/etc/security/cacerts + chown -R 0:0 $MODDIR/system/etc/security/cacerts -default_selinux_context=u:object_r:system_file:s0 -selinux_context=$(ls -Zd /system/etc/security/cacerts | awk '{print $1}') + [ "$(getenforce)" = "Enforcing" ] || exit 0 -if [ -n "$selinux_context" ] && [ "$selinux_context" != "?" ]; then - chcon -R $selinux_context $MODDIR/system/etc/security/cacerts -else - chcon -R $default_selinux_context $MODDIR/system/etc/security/cacerts -fi + default_selinux_context=u:object_r:system_file:s0 + selinux_context=$(ls -Zd /system/etc/security/cacerts | awk '{print $1}') -rm $MODDIR/system/etc/security/cacerts/yayplaceholderyay + if [ -n "$selinux_context" ] && [ "$selinux_context" != "?" ]; then + chcon -R $selinux_context $MODDIR/system/etc/security/cacerts + else + chcon -R $default_selinux_context $MODDIR/system/etc/security/cacerts + fi + + rm $MODDIR/system/etc/security/cacerts/yayplaceholderyay +fi # put frida-server on device diff --git a/service.sh b/service.sh index 1a8330e..7c0e438 100644 --- a/service.sh +++ b/service.sh @@ -10,6 +10,60 @@ done # ensure boot has actually completed sleep 5 +# if android 34 or above, use new way to install custom root CAs +# credit: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/ +yayandroidversionyay=$(getprop ro.build.version.sdk) +if [ $yayandroidversionyay -gt 33 ]; then + # android version is above 33 + echo "yay in yay" > /data/local/tmp/yay.txt + + # create temp dir + mkdir -p -m 700 /data/local/tmp/yaytmpcayay + + # copy system CAs + cp -f /apex/com.android.conscrypt/cacerts/* /data/local/tmp/yaytmpcayay/ + + # mount temp directory into memory + mount -t tmpfs tmpfs /system/etc/security/cacerts + + # copy system CAs into old CA directory + cp -f /data/local/tmp/yaytmpcayay/* /system/etc/security/cacerts/ + + # copy user CAs into old CA directory + cp -f /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts/ + + # update permissions + chown root:root /system/etc/security/cacerts/* + chmod 644 /system/etc/security/cacerts/* + chcon u:object_r:system_file:s0 /system/etc/security/cacerts/* + + # get zygote processes + ZYGOTE_PID=$(pidof zygote || true) + ZYGOTE64_PID=$(pidof zygote64 || true) + + # mount old CA directory into newly spawned process from zygote + for Z_PID in "$ZYGOTE_PID" "$ZYGOTE64_PID"; do + if [ -n "$Z_PID" ]; then + nsenter --mount=/proc/$Z_PID/ns/mnt -- \ + /bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts + fi + done + + # mount old CA directory into all already running zygote processes + APP_PIDS=$( + echo "$ZYGOTE_PID $ZYGOTE64_PID" | \ + xargs -n1 ps -o 'PID' -P | \ + grep -v PID + ) + for PID in $APP_PIDS; do + nsenter --mount=/proc/$PID/ns/mnt -- \ + /bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts & + done + wait # Launched in parallel - wait for completion here + + echo "yaydoneyay" +fi + # start frida server / restart on crash while true; do frida-server