-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
# YayServiceScriptYay | ||
# backup if we need to adjust how to apply certs | ||
|
||
MODDIR=${0%/*} | ||
|
||
# wait for boot to complete | ||
while [ "$(getprop sys.boot_completed)" != 1 ]; do | ||
sleep 1 | ||
done | ||
|
||
# ensure boot has actually completed | ||
sleep 5 | ||
|
||
# if android 34 or above, use new way to install custom root CAs | ||
# credit: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/ | ||
yayandroidversionyay=$(getprop ro.build.version.sdk) | ||
if [ $yayandroidversionyay -gt 33 ]; then | ||
# create temp dir | ||
mkdir -p -m 700 /data/local/tmp/yaytmpcayay | ||
|
||
# copy system CAs | ||
cp -f /apex/com.android.conscrypt/cacerts/* /data/local/tmp/yaytmpcayay/ | ||
|
||
# mount temp directory into memory | ||
mount -t tmpfs tmpfs /system/etc/security/cacerts | ||
|
||
# copy system CAs into old CA directory | ||
cp -f /data/local/tmp/yaytmpcayay/* /system/etc/security/cacerts/ | ||
|
||
# copy user CAs into old CA directory | ||
cp -f /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts/ | ||
|
||
# update permissions | ||
chown root:root /system/etc/security/cacerts/* | ||
chmod 644 /system/etc/security/cacerts/* | ||
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/* | ||
fi | ||
|
||
yaymountedyay=0 | ||
while true; do | ||
# check if frida-server is running | ||
yayfridapsyay=$(ps -A | grep frida-server | grep -v busybox) | ||
# if the frida-server is not running, start it | ||
if [[ -z $yayfridapsyay ]]; then | ||
frida-server & | ||
fi | ||
# move the certs if wifi is connected and android version is at least 34 | ||
if [ $yayandroidversionyay -gt 33 ]; then | ||
if [ "$yaymountedyay" -eq 0 ]; then | ||
# get wifi card | ||
yaywificardyay=$(ip link show | grep wlan | cut -d " " -f2 | cut -d ":" -f1) | ||
yaywehaveanipyay=$(ip address show $yaywificardyay | grep inet) | ||
# output is not empty | ||
if [[ ! -z "$yaywehaveanipyay" ]]; then | ||
# we are connected to a wifi network | ||
# time to move certs | ||
# get zygote processes | ||
ZYGOTE_PID=$(pidof zygote || true) | ||
ZYGOTE64_PID=$(pidof zygote64 || true) | ||
|
||
# mount old CA directory into newly spawned process from zygote | ||
for Z_PID in "$ZYGOTE_PID" "$ZYGOTE64_PID"; do | ||
if [ -n "$Z_PID" ]; then | ||
nsenter --mount=/proc/$Z_PID/ns/mnt -- \ | ||
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts | ||
fi | ||
done | ||
|
||
# mount old CA directory into all already running zygote processes | ||
APP_PIDS=$( | ||
echo "$ZYGOTE_PID $ZYGOTE64_PID" | \ | ||
xargs -n1 ps -o 'PID' -P | \ | ||
grep -v PID | ||
) | ||
for PID in $APP_PIDS; do | ||
nsenter --mount=/proc/$PID/ns/mnt -- \ | ||
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts & | ||
done | ||
wait # Launched in parallel - wait for completion here | ||
|
||
# we ran mounted | ||
yaymountedyay=$((yaymountedyay + 1)) | ||
fi | ||
fi | ||
fi | ||
|
||
#loop every 5 seconds | ||
sleep 5 | ||
|
||
done |