Home Explore Help
Sign In
rainestorme
/
fakemurk
mirror of https://github.com/MercuryWorkshop/fakemurk
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Tree: bddf2116fa
Branches Tags
fakemurk
/
fakemurk.sh.pre

fakemurk.sh.pre 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238 
  1. #include "fakemurk_lib.sh.pre"
    2. 

  2. drop_image_patcher(){
    3. 

  3.     base64 -d <<-EOF | bunzip2 -dc >"$ROOT/sbin/image_patcher.sh"
    4. 

  4. #include "image_patcher.sh.b64"
    5. 

  5. EOF
    6. 

  6.     chmod 777 "$ROOT/sbin/image_patcher.sh"
    7. 

  7. }
    8. 

  8. is_target_booted() {
    9. 

  9.     [ -z "$COMPAT" ] && [ "$(get_booted_kernnum)" == "$TGT_KERNNUM" ]
    10. 

  10. }
    11. 

  11. opposite_num() {
    12. 

  12.     if [ "$1" == "2" ]; then
    13. 

  13.         echo -n 4
    14. 

  14.     elif [ "$1" == "4" ]; then
    15. 

  15.         echo -n 2
    16. 

  16.     elif [ "$1" == "3" ]; then
    17. 

  17.         echo -n 5
    18. 

  18.     elif [ "$1" == "5" ]; then
    19. 

  19.         echo -n 3
    20. 

  20.     else
    21. 

  21.         return 1
    22. 

  22.     fi
    23. 

  23. }
    24. 

  24. 

  25. 

  26. 

  27. prepare_target_root() {
    28. 

  28.     sleep 2
    29. 

  29.     if verity_enabled_for_n "$TGT_KERNNUM"; then
    30. 

  30.         echo "removing rootfs verification on target kernel $TGT_KERN_DEV"
    31. 

  31.         /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --partitions "$TGT_KERNNUM" -i "$DST" 2>/dev/null
    32. 

  32.         if is_target_booted; then
    33. 

  33.             # if we're booted from the target kernel, we need to reboot. this is a pretty rare circumstance
    34. 

  34. 

  35.             cat <<-EOF
    36. 

  36. ROOTFS VERIFICATION SUCCESSFULLY REMOVED
    37. 

  37. IN ORDER TO PROCCEED, THE CHROMEBOOK MUST BE REBOOTED
    38. 

  38. 

  39. PRESS ENTER TO REBOOT, THEN ONCE BOOTED RUN THIS SCRIPT AGAIN
    40. 

  40. EOF
    41. 

  41.             swallow_stdin
    42. 

  42.             read -r
    43. 

  43.             reboot
    44. 

  44.             leave
    45. 

  45.         fi
    46. 

  46.     fi
    47. 

  47. 

  48.     if ! is_target_booted; then
    49. 

  49.         mkdir /tmp/rootmnt
    50. 

  50.         mount "$TGT_ROOT_DEV" /tmp/rootmnt
    51. 

  51.         ROOT=/tmp/rootmnt
    52. 

  52.     else
    53. 

  53.         ROOT=
    54. 

  54.     fi
    55. 

  55. }
    56. 

  56. 

  57. get_largest_cros_blockdev() {
    58. 

  58.     local largest size dev_name tmp_size remo
    59. 

  59.     size=0
    60. 

  60.     for blockdev in /sys/block/"${dev%n*}"*; do
    61. 

  61.         dev_name="${blockdev##*/}"
    62. 

  62.         echo "$dev_name" | grep -q '^\(loop\|ram\)' && continue
    63. 

  63.         tmp_size=$(cat "$blockdev"/size)
    64. 

  64.         remo=$(cat "$blockdev"/removable)
    65. 

  65.         if [ "$tmp_size" -gt "$size" ] && [ "${remo:-0}" -eq 0 ]; then
    66. 

  66.             case "$(sfdisk -l -o name "/dev/$dev_name" 2>/dev/null)" in
    67. 

  67.                 *STATE*KERN-A*ROOT-A*KERN-B*ROOT-B*)
    68. 

  68.                     largest="/dev/$dev_name"
    69. 

  69.                     size="$tmp_size"
    70. 

  70.                     ;;
    71. 

  71.             esac
    72. 

  72.         fi
    73. 

  73.     done
    74. 

  74.     echo "$largest"
    75. 

  75. }
    76. 

  76. verity_enabled_for_n() {
    77. 

  77.     grep -q "root=/dev/dm" <"${DST}p${1}"
    78. 

  78. }
    79. 

  79. get_booted_kernnum() {
    80. 

  80.     # for some reason priorities can be like 2 and 1 instead of just 0 and 1???
    81. 

  81.     if (($(cgpt show -n "$DST" -i 2 -P) > $(cgpt show -n "$DST" -i 4 -P))); then
    82. 

  82.         echo -n 2
    83. 

  83.     else
    84. 

  84.         echo -n 4
    85. 

  85.     fi
    86. 

  86. }
    87. 

  87. cleanup() {
    88. 

  88. 

  89.     if [ "$COMPAT" == "1" ]; then
    90. 

  90.         echo "pressure washing..."
    91. 

  91.         yes | mkfs.ext4 "${DST}p1" >/dev/null 2>&1 || : # hope you didn't have anything valuable on there
    92. 

  92.     fi
    93. 

  93. 

  94.     cvpd -i RW_VPD -s check_enrollment=1 2>/dev/null
    95. 

  95.     cvpd -i RW_VPD -s block_devmode=0 2>/dev/null
    96. 

  96.     csys block_devmode=0 2>/dev/null
    97. 

  97. }
    98. 

  98. 

  99. set_kernel_priority() {
    100. 

  100.     cgpt add "$DST" -i 4 -P 0
    101. 

  101.     cgpt add "$DST" -i 2 -P 0
    102. 

  102.     cgpt add "$DST" -i "$TGT_KERNNUM" -P 1
    103. 

  103. }
    104. 

  104. 

  105. configure_target() {
    106. 

  106. 

  107.     # remember, the goal here is to end up with one kernel that can be patched, and one kernel for the revert function.
    108. 

  108.     # we prioritize the non booted kernel so a reboot isn't needed
    109. 

  109. 

  110.     DST="$(get_largest_cros_blockdev)"
    111. 

  111.     if [ "$DST" == "" ]; then
    112. 

  112.         echo "No CrOS SSD found on device!"
    113. 

  113.         leave
    114. 

  114.     fi
    115. 

  115. 

  116.     if verity_enabled_for_n 2 && verity_enabled_for_n 4; then
    117. 

  117.         TGT_KERNNUM=
    118. 

  118.     elif verity_enabled_for_n 2; then
    119. 

  119.         TGT_KERNNUM=4
    120. 

  120.     elif verity_enabled_for_n 4; then
    121. 

  121.         TGT_KERNNUM=2
    122. 

  122.     else
    123. 

  123.         TGT_KERNNUM=
    124. 

  124.         if [ "$ROOTFS_BACKUP" == "1" ]; then
    125. 

  125.             echo "Rootfs restore is requested to be enabled, but both partitions have rootfs verification disabled. Please go through the recovery process to enable rootfs verification or run again and do not choose to enable rootfs restore."
    126. 

  126.             leave
    127. 

  127.         fi
    128. 

  128.     fi
    129. 

  129. 

  130.     if [ "$TGT_KERNNUM" != "2" ] && [ "$TGT_KERNNUM" != "4" ]; then
    131. 

  131.         if [ "$COMPAT" == "1" ]; then
    132. 

  132.             TGT_KERNNUM=2
    133. 

  133.         else
    134. 

  134.             TGT_KERNNUM=$(opposite_num "$(get_booted_kernnum)")
    135. 

  135.         fi
    136. 

  136.     fi
    137. 

  137.     TGT_ROOTNUM=$((TGT_KERNNUM + 1))
    138. 

  138.     TGT_KERN_DEV="${DST}p$TGT_KERNNUM"
    139. 

  139.     TGT_ROOT_DEV="${DST}p$TGT_ROOTNUM"
    140. 

  140. 

  141.     ALT_ROOTNUM=$(opposite_num "$TGT_ROOTNUM")
    142. 

  142.     ALT_KERNNUM=$(opposite_num "$TGT_KERNNUM")
    143. 

  143.     ALT_KERN_DEV="${DST}p$ALT_KERNNUM"
    144. 

  144.     ALT_ROOT_DEV="${DST}p$ALT_ROOTNUM"
    145. 

  145. 

  146.     echo "target kern is $TGT_KERNNUM@$TGT_KERN_DEV"
    147. 

  147.     echo "target root is $TGT_ROOTNUM@$TGT_ROOT_DEV"
    148. 

  148.     echo
    149. 

  149.     echo "backup kern is $ALT_KERNNUM@$ALT_KERN_DEV"
    150. 

  150.     echo "backup root is $ALT_ROOTNUM@$ALT_ROOT_DEV"
    151. 

  151. }
    152. 

  152. 

  153. patch_root() {
    154. 

  154.     echo "disabling autoupdates"
    155. 

  155.     disable_autoupdates
    156. 

  156.     drop_cr50_update
    157. 

  157.     sleep 2
    158. 

  158.     echo "dropping crossystem.sh"
    159. 

  159.     mv "$ROOT/usr/bin/crossystem" "$ROOT/usr/bin/crossystem.old"
    160. 

  160.     drop_crossystem_sh
    161. 

  161.     echo "staging sshd"
    162. 

  162.     sleep 2
    163. 

  163.     echo "dropping pollen"
    164. 

  164.     drop_pollen
    165. 

  165.     sleep 2
    166. 

  166.     echo "preventing stateful bootloop"
    167. 

  167.     drop_startup_patch
    168. 

  168.     if [ "$COMPAT" == "1" ]; then
    169. 

  169.         touch "$ROOT/stateful_unfucked"
    170. 

  170.     fi
    171. 

  171.     echo "installing mush shell"
    172. 

  172.     drop_mush
    173. 

  173.     sleep 2
    174. 

  174.     echo "dropping fakemurk daemon"
    175. 

  175.     drop_daemon
    176. 

  176. 

  177.     echo "preparing ausystem"
    178. 

  178.     drop_ssd_util
    179. 

  179.     drop_image_patcher
    180. 

  180. 

  181.     if [ "$DEVBUILD" == "1" ]; then
    182. 

  182.         devbuild_patchroot
    183. 

  183.     fi
    184. 

  184. }
    185. 

  185. main() {
    186. 

  186.     traps
    187. 

  187.     fakemurk_info
    188. 

  188.     config
    189. 

  189. 

  190.     if csys mainfw_type?recovery; then
    191. 

  191.         echo "Entering shim compatability mode"
    192. 

  192.         COMPAT=1
    193. 

  193.         stty sane
    194. 

  194.         sleep 1
    195. 

  195.     fi
    196. 

  196. 

  197.     # make sure it doesn't accidentally brick
    198. 

  198.     crossystem dev_boot_signed_only=0
    199. 

  199. 

  200.     echo "----- stage 1: grabbing disk configuration -----"
    201. 

  201.     configure_target
    202. 

  202. 

  203.     sleep 2
    204. 

  204. 

  205.     echo "----- stage 2: patching target rootfs -----"
    206. 

  206.     prepare_target_root
    207. 

  207.     patch_root
    208. 

  208.     sync
    209. 

  209. 

  210.     sleep 2
    211. 

  211. 

  212.     echo "----- stage 3: cleaning up -----"
    213. 

  213.     cleanup
    214. 

  214.     sleep 1
    215. 

  215.     echo "setting kernel priority"
    216. 

  216.     set_kernel_priority
    217. 

  217. 

  218.     sleep 1
    219. 

  219.     echo "done! press enter to reboot, and your chromebook should enroll into management when rebooted, but stay hidden in devmode"
    220. 

  220.     swallow_stdin
    221. 

  221.     read -r
    222. 

  222.     reboot
    223. 

  223.     leave
    224. 

  224. 

  225. }
    226. 

  226. if [ "$0" = "$BASH_SOURCE" ]; then
    227. 

  227.     stty sane
    228. 

  228.     # if [ "$SHELL" != "/bin/bash" ]; then
    229. 

  229.     #     echo "hey! you ran this with \"sh\" (or some other shell). i would really prefer if you ran it with \"bash\" instead"
    230. 

  230.     # fi
    231. 

  231. 

  232.     if [ "$EUID" -ne 0 ]; then
    233. 

  233.         echo "Please run as root"
    234. 

  234.         exit
    235. 

  235.     fi
    236. 

  236.     main
    237. 

  237. fi
    238. 

  238.