Skip to content

Commit

Permalink
yay
Browse files Browse the repository at this point in the history
  • Loading branch information
Yogehi committed Sep 11, 2024
1 parent c7ae6f1 commit 92ced32
Showing 1 changed file with 90 additions and 0 deletions.
90 changes: 90 additions & 0 deletions service.backup
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
# YayServiceScriptYay
# backup if we need to adjust how to apply certs

MODDIR=${0%/*}

# wait for boot to complete
while [ "$(getprop sys.boot_completed)" != 1 ]; do
sleep 1
done

# ensure boot has actually completed
sleep 5

# if android 34 or above, use new way to install custom root CAs
# credit: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
yayandroidversionyay=$(getprop ro.build.version.sdk)
if [ $yayandroidversionyay -gt 33 ]; then
# create temp dir
mkdir -p -m 700 /data/local/tmp/yaytmpcayay

# copy system CAs
cp -f /apex/com.android.conscrypt/cacerts/* /data/local/tmp/yaytmpcayay/

# mount temp directory into memory
mount -t tmpfs tmpfs /system/etc/security/cacerts

# copy system CAs into old CA directory
cp -f /data/local/tmp/yaytmpcayay/* /system/etc/security/cacerts/

# copy user CAs into old CA directory
cp -f /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts/

# update permissions
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
fi

yaymountedyay=0
while true; do
# check if frida-server is running
yayfridapsyay=$(ps -A | grep frida-server | grep -v busybox)
# if the frida-server is not running, start it
if [[ -z $yayfridapsyay ]]; then
frida-server &
fi
# move the certs if wifi is connected and android version is at least 34
if [ $yayandroidversionyay -gt 33 ]; then
if [ "$yaymountedyay" -eq 0 ]; then
# get wifi card
yaywificardyay=$(ip link show | grep wlan | cut -d " " -f2 | cut -d ":" -f1)
yaywehaveanipyay=$(ip address show $yaywificardyay | grep inet)
# output is not empty
if [[ ! -z "$yaywehaveanipyay" ]]; then
# we are connected to a wifi network
# time to move certs
# get zygote processes
ZYGOTE_PID=$(pidof zygote || true)
ZYGOTE64_PID=$(pidof zygote64 || true)

# mount old CA directory into newly spawned process from zygote
for Z_PID in "$ZYGOTE_PID" "$ZYGOTE64_PID"; do
if [ -n "$Z_PID" ]; then
nsenter --mount=/proc/$Z_PID/ns/mnt -- \
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts
fi
done

# mount old CA directory into all already running zygote processes
APP_PIDS=$(
echo "$ZYGOTE_PID $ZYGOTE64_PID" | \
xargs -n1 ps -o 'PID' -P | \
grep -v PID
)
for PID in $APP_PIDS; do
nsenter --mount=/proc/$PID/ns/mnt -- \
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts &
done
wait # Launched in parallel - wait for completion here

# we ran mounted
yaymountedyay=$((yaymountedyay + 1))
fi
fi
fi

#loop every 5 seconds
sleep 5

done

0 comments on commit 92ced32

Please sign in to comment.