Strona główna Odkrywaj Pomoc
Zaloguj się
rainestorme
/
fakemurk
kopia lustrzana https://github.com/MercuryWorkshop/fakemurk
Obserwuj 1
Polub 0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: bddf2116fa
Gałęzie Tagi
fakemurk
/
mush.sh

mush.sh 11 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333 
  1. #!/bin/bash
    2. 

  2. 

  3. get_largest_nvme_namespace() {
    4. 

  4.     # this function doesn't exist if the version is old enough, so we redefine it
    5. 

  5.     local largest size tmp_size dev
    6. 

  6.     size=0
    7. 

  7.     dev=$(basename "$1")
    8. 

  8. 

  9.     for nvme in /sys/block/"${dev%n*}"*; do
    10. 

  10.         tmp_size=$(cat "${nvme}"/size)
    11. 

  11.         if [ "${tmp_size}" -gt "${size}" ]; then
    12. 

  12.             largest="${nvme##*/}"
    13. 

  13.             size="${tmp_size}"
    14. 

  14.         fi
    15. 

  15.     done
    16. 

  16.     echo "${largest}"
    17. 

  17. }
    18. 

  18. 

  19. traps() {
    20. 

  20.     set +e
    21. 

  21.     trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
    22. 

  22.     trap 'echo "\"${last_command}\" command failed with exit code $?. THIS IS A BUG, REPORT IT HERE https://github.com/MercuryWorkshop/fakemurk"' EXIT
    23. 

  23.     trap '' INT
    24. 

  24. }
    25. 

  25. 

  26. mush_info() {
    27. 

  27.     cat <<-EOF
    28. 

  28. Welcome to mush, the fakemurk developer shell.
    29. 

  29. 

  30. If you got here by mistake, don't panic! Just close this tab and carry on.
    31. 

  31. 

  32. This shell contains a list of utilities for performing certain actions on a fakemurked chromebook
    33. 

  33. 

  34. EOF
    35. 

  35. 

  36.     if ! test -f /mnt/stateful_partition/telemetry_selected; then
    37. 

  37.         read -r -p "Would you like to opt-in to telemetry? To figure out what Mercury should focus on next and get a general idea of what the most common policies are, your policy will be sent to our servers. Depending on how management is setup, this may contain the name of your school district and or wifi password. Policies that may contain that information will never be shared publicly. Would you like to enable this feature (pls say yes 🥺) [Y\n]" choice
    38. 

  38.         case "$choice" in
    39. 

  39.             n | N) : ;;
    40. 

  40.             *) doas touch /mnt/stateful_partition/telemetry_opted_in ;;
    41. 

  41.         esac
    42. 

  42.         doas touch /mnt/stateful_partition/telemetry_selected
    43. 

  43.     fi
    44. 

  44. }
    45. 

  45. doas() {
    46. 

  46.     ssh -t -p 1337 -i /rootkey -oStrictHostKeyChecking=no root@127.0.0.1 "$@"
    47. 

  47. }
    48. 

  48. 

  49. runjob() {
    50. 

  50.     trap 'kill -2 $! >/dev/null 2>&1' INT
    51. 

  51.     (
    52. 

  52.         $@
    53. 

  53.     )
    54. 

  54.     trap '' INT
    55. 

  55. }
    56. 

  56. 

  57. swallow_stdin() {
    58. 

  58.     while read -t 0 notused; do
    59. 

  59.         read input
    60. 

  60.     done
    61. 

  61. }
    62. 

  62. 

  63. edit() {
    64. 

  64.     if which nano 2>/dev/null; then
    65. 

  65.         doas nano "$@"
    66. 

  66.     else
    67. 

  67.         doas vi "$@"
    68. 

  68.     fi
    69. 

  69. }
    70. 

  70. 

  71. main() {
    72. 

  72.     traps
    73. 

  73.     mush_info
    74. 

  74.     while true; do
    75. 

  75.         cat <<-EOF
    76. 

  76. (1) Root Shell
    77. 

  77. (2) Chronos Shell
    78. 

  78. (3) Crosh
    79. 

  79. (4) Powerwash
    80. 

  80. (5) Soft Disable Extensions
    81. 

  81. (6) Hard Disable Extensions
    82. 

  82. (7) Hard Enable Extensions
    83. 

  83. (8) Emergency Revert & Re-Enroll
    84. 

  84. (9) Edit Pollen
    85. 

  85. EOF
    86. 

  86.         if ! test -d /mnt/stateful_partition/crouton; then
    87. 

  87.             echo "(10) Install Crouton"
    88. 

  88.         else
    89. 

  89.             echo "(11) Start Crouton"
    90. 

  90.         fi
    91. 

  91.         echo "(12) Attempt to update to the latest chrome os version (BETA, BUGGY, MAY BREAK)"
    92. 

  92.         swallow_stdin
    93. 

  93.         read -r -p "> (1-12): " choice
    94. 

  94.         case "$choice" in
    95. 

  95.         1) runjob doas bash ;;
    96. 

  96.         2) runjob bash ;;
    97. 

  97.         3) runjob /usr/bin/crosh.old ;;
    98. 

  98.         4) runjob powerwash ;;
    99. 

  99.         5) runjob softdisableext ;;
    100. 

  100.         6) runjob harddisableext ;;
    101. 

  101.         7) runjob hardenableext ;;
    102. 

  102.         8) runjob revert ;;
    103. 

  103.         9) runjob edit /etc/opt/chrome/policies/managed/policy.json ;;
    104. 

  104.         10) runjob install_crouton ;;
    105. 

  105.         11) runjob start_crouton ;;
    106. 

  106.         12) runjob attempt_update ;;
    107. 

  107.         *) echo "invalid option" ;;
    108. 

  108.         esac
    109. 

  109.     done
    110. 

  110. }
    111. 

  111. # https://chromium.googlesource.com/chromiumos/docs/+/master/lsb-release.md
    112. 

  112. lsbval() {
    113. 

  113.   local key="$1"
    114. 

  114.   local lsbfile="${2:-/etc/lsb-release}"
    115. 

  115. 

  116.   if ! echo "${key}" | grep -Eq '^[a-zA-Z0-9_]+$'; then
    117. 

  117.     return 1
    118. 

  118.   fi
    119. 

  119. 

  120.   sed -E -n -e \
    121. 

  121.     "/^[[:space:]]*${key}[[:space:]]*=/{
    122. 

  122.       s:^[^=]+=[[:space:]]*::
    123. 

  123.       s:[[:space:]]+$::
    124. 

  124.       p
    125. 

  125.     }" "${lsbfile}"
    126. 

  126. }
    127. 

  127. get_booted_kernnum() {
    128. 

  128.     if doas "((\$(cgpt show -n \"$dst\" -i 2 -P) > \$(cgpt show -n \"$dst\" -i 4 -P)))"; then
    129. 

  129.         echo -n 2
    130. 

  130.     else
    131. 

  131.         echo -n 4
    132. 

  132.     fi
    133. 

  133. }
    134. 

  134. opposite_num() {
    135. 

  135.     if [ "$1" == "2" ]; then
    136. 

  136.         echo -n 4
    137. 

  137.     elif [ "$1" == "4" ]; then
    138. 

  138.         echo -n 2
    139. 

  139.     elif [ "$1" == "3" ]; then
    140. 

  140.         echo -n 5
    141. 

  141.     elif [ "$1" == "5" ]; then
    142. 

  142.         echo -n 3
    143. 

  143.     else
    144. 

  144.         return 1
    145. 

  145.     fi
    146. 

  146. }
    147. 

  147. attempt_update(){
    148. 

  148.     local builds=$(curl https://chromiumdash.appspot.com/cros/fetch_serving_builds?deviceCategory=Chrome%20OS)
    149. 

  149.     local release_board=$(lsbval CHROMEOS_RELEASE_BOARD)
    150. 

  150.     local board=${release_board%%-*}
    151. 

  151.     local hwid=$(jq "(.builds.$board[] | keys)[0]" <<<"$builds")
    152. 

  152.     local hwid=${hwid:1:-1}
    153. 

  153.     local latest_milestone=$(jq "(.builds.$board[].$hwid.pushRecoveries | keys) | .[length - 1]" <<<"$builds")
    154. 

  154.     local remote_version=$(jq ".builds.$board[].$hwid[$latest_milestone].version" <<<"$builds")
    155. 

  155.     local remote_version=${remote_version:1:-1}
    156. 

  156.     local local_version=$(lsbval GOOGLE_RELEASE)
    157. 

  157. 

  158.     if (( ${remote_version%%\.*} > ${local_version%%\.*} )); then
    159. 

  159.         echo "updating to ${remote_version}. THIS WILL DELETE YOUR REVERT BACKUP AND YOU WILL NO LONGER BE ABLE TO REVERT! THIS MAY ALSO DELETE ALL USER DATA!! press enter to confirm, ctrl-c to cancel"
    160. 

  160.         read -r
    161. 

  161.         sleep 4
    162. 

  162.         # read choice
    163. 

  163.         local reco_dl=$(jq ".builds.$board[].$hwid.pushRecoveries[$latest_milestone]" <<< "$builds")
    164. 

  164.         local tmpdir=/mnt/stateful_partition/update_tmp/
    165. 

  165.         doas mkdir $tmpdir
    166. 

  166.         echo "downloading ${remote_version} from ${reco_dl}"
    167. 

  167.         curl "${reco_dl:1:-1}" | doas "dd of=$tmpdir/image.zip status=progress"
    168. 

  168.         echo "unzipping update binary"
    169. 

  169.         cat $tmpdir/image.zip | gunzip | doas "dd of=$tmpdir/image.bin status=progress"
    170. 

  170.         doas rm -f $tmpdir/image.zip
    171. 

  171.         echo "invoking image patcher"
    172. 

  172.         doas image_patcher.sh "$tmpdir/image.bin"
    173. 

  173. 

  174.         local loop=$(doas losetup -f | tr -d '\r')
    175. 

  175.         doas losetup -P "$loop" "$tmpdir/image.bin"
    176. 

  176.         echo "performing update"
    177. 

  177.         local dst=/dev/$(get_largest_nvme_namespace)
    178. 

  178.         local tgt_kern=$(opposite_num $(get_booted_kernnum))
    179. 

  179.         local tgt_root=$(( $tgt_kern + 1 ))
    180. 

  180. 

  181.         local kerndev=${dst}p${tgt_kern}
    182. 

  182.         local rootdev=${dst}p${tgt_root}
    183. 

  183.         echo "installing kernel patch to ${kerndev}"
    184. 

  184.         doas dd if="${loop}p4" of="$kerndev" status=progress
    185. 

  185.         echo "installing root patch to ${rootdev}"
    186. 

  186.         doas dd if="${loop}p3" of="$rootdev" status=progress
    187. 

  187.         echo "setting kernel priority"
    188. 

  188.         doas cgpt add "$dst" -i 4 -P 0
    189. 

  189.         doas cgpt add "$dst" -i 2 -P 0
    190. 

  190.         doas cgpt add "$dst" -i "$tgt_kern" -P 1
    191. 

  191. 

  192.         doas crossystem.old block_devmode=0
    193. 

  193.         doas vpd -i RW_VPD -s block_devmode=0
    194. 

  194. 

  195.         # doas rm -rf $tmpdir
    196. 

  196.     
    197. 

  197.     else
    198. 

  198.         echo "update not required"
    199. 

  199.     fi
    200. 

  200. }
    201. 

  201. powerwash() {
    202. 

  202.     echo "ARE YOU SURE YOU WANT TO POWERWASH??? THIS WILL REMOVE ALL USER ACCOUNTS"
    203. 

  203.     sleep 2
    204. 

  204.     echo "(press enter to continue, ctrl-c to cancel)"
    205. 

  205.     swallow_stdin
    206. 

  206.     read -r
    207. 

  207.     doas rm -f /stateful_unfucked
    208. 

  208.     doas reboot
    209. 

  209.     exit
    210. 

  210. }
    211. 

  211. 

  212. revert() {
    213. 

  213.     echo "This option will re-enroll your chromebook restore to before fakemurk was run. This is useful if you need to quickly go back to normal"
    214. 

  214.     echo "THIS IS A PERMANENT CHANGE!! YOU WILL NOT BE ABLE TO GO BACK UNLESS YOU UNENROLL AGAIN AND RUN THE SCRIPT, AND IF YOU UPDATE TO THE VERSION SH1MMER IS PATCHED, YOU MAY BE STUCK ENROLLED"
    215. 

  215.     echo "ARE YOU SURE YOU WANT TO CONTINUE? (press enter to continue, ctrl-c to cancel)"
    216. 

  216.     swallow_stdin
    217. 

  217.     read -r
    218. 

  218.     sleep 4
    219. 

  219.     echo "setting kernel priority"
    220. 

  220. 

  221.     DST=/dev/$(get_largest_nvme_namespace)
    222. 

  222. 

  223.     if doas "((\$(cgpt show -n \"$DST\" -i 2 -P) > \$(cgpt show -n \"$DST\" -i 4 -P)))"; then
    224. 

  224.         doas cgpt add "$DST" -i 2 -P 0
    225. 

  225.         doas cgpt add "$DST" -i 4 -P 1
    226. 

  226.     else
    227. 

  227.         doas cgpt add "$DST" -i 4 -P 0
    228. 

  228.         doas cgpt add "$DST" -i 2 -P 1
    229. 

  229.     fi
    230. 

  230.     echo "setting vpd"
    231. 

  231.     doas vpd -i RW_VPD -s check_enrollment=1
    232. 

  232.     doas vpd -i RW_VPD -s block_devmode=1
    233. 

  233.     doas crossystem.old block_devmode=1
    234. 

  234.     
    235. 

  235.     rm -f /stateful_unfucked
    236. 

  236. 

  237.     echo "Done. Press enter to reboot"
    238. 

  238.     swallow_stdin
    239. 

  239.     read -r
    240. 

  240.     echo "bye!"
    241. 

  241.     sleep 2
    242. 

  242.     doas reboot
    243. 

  243.     sleep 1000
    244. 

  244. }
    245. 

  245. harddisableext() { # calling it "hard disable" because it only reenables when you press
    246. 

  246.     echo "Please choose the extension you wish to disable."
    247. 

  247.     echo "(1) GoGuardian"
    248. 

  248.     echo "(2) Securly Filter"
    249. 

  249.     echo "(3) LightSpeed Filter"
    250. 

  250.     echo "(4) Cisco Umbrella"
    251. 

  251.     echo "(5) ContentKeeper Authenticator"
    252. 

  252.     echo "(6) Hapara"
    253. 

  253.     echo "(7) iboss"
    254. 

  254.     echo "(8) LightSpeed Classroom"
    255. 

  255.     echo "(9) Blocksi"
    256. 

  256.     echo "(10) Linewize"
    257. 

  257.     echo "(11) Securly Classroom"
    258. 

  258.     echo "(12) Impero"
    259. 

  259.     echo "(13) put extension ID in manually"
    260. 

  260.     read -r -p "> (1-13): " choice
    261. 

  261.     case "$choice" in
    262. 

  262.     1) extid=haldlgldplgnggkjaafhelgiaglafanh;;
    263. 

  263.     2) extid=iheobagjkfklnlikgihanlhcddjoihkg;;
    264. 

  264.     3) extid=adkcpkpghahmbopkjchobieckeoaoeem;;
    265. 

  265.     4) extid=jcdhmojfecjfmbdpchihbeilohgnbdci;;
    266. 

  266.     5) extid=jdogphakondfdmcanpapfahkdomaicfa;;
    267. 

  267.     6) extid=aceopacgaepdcelohobicpffbbejnfac;;
    268. 

  268.     7) extid=kmffehbidlalibfeklaefnckpidbodff;;
    269. 

  269.     8) extid=jaoebcikabjppaclpgbodmmnfjihdngk;;
    270. 

  270.     9) extid=ghlpmldmjjhmdgmneoaibbegkjjbonbk;;
    271. 

  271.     10) extid=ddfbkhpmcdbciejenfcolaaiebnjcbfc;;
    272. 

  272.     11) extid=jfbecfmiegcjddenjhlbhlikcbfmnafd;;
    273. 

  273.     12) extid=jjpmjccpemllnmgiaojaocgnakpmfgjg;;
    274. 

  274.     13) read -r -p "enter extension id>" extid;;
    275. 

  275.     *) echo "invalid option" ;;
    276. 

  276.     esac
    277. 

  277.     echo "$extid" | grep -qE '^[a-z]{32}$' && chmod 000 "/home/chronos/user/Extensions/$extid" && kill -9 $(pgrep -f "\-\-extension\-process") || "invalid input"
    278. 

  278. }
    279. 

  279. 

  280. hardenableext() {
    281. 

  281.     echo "Please choose the extension you wish to enable."
    282. 

  282.     echo "(1) GoGuardian"
    283. 

  283.     echo "(2) Securly Filter"
    284. 

  284.     echo "(3) LightSpeed Filter"
    285. 

  285.     echo "(4) Cisco Umbrella"
    286. 

  286.     echo "(5) ContentKeeper Authenticator"
    287. 

  287.     echo "(6) Hapara"
    288. 

  288.     echo "(7) iboss"
    289. 

  289.     echo "(8) LightSpeed Classroom"
    290. 

  290.     echo "(9) Blocksi"
    291. 

  291.     echo "(10) Linewize"
    292. 

  292.     echo "(11) Securly Classroom"
    293. 

  293.     echo "(12) Impero"
    294. 

  294.     echo "(13) put extension ID in manually"
    295. 

  295.     read -r -p "> (1-13): " choice
    296. 

  296.     case "$choice" in
    297. 

  297.     1) extid=haldlgldplgnggkjaafhelgiaglafanh;;
    298. 

  298.     2) extid=iheobagjkfklnlikgihanlhcddjoihkg;;
    299. 

  299.     3) extid=adkcpkpghahmbopkjchobieckeoaoeem;;
    300. 

  300.     4) extid=jcdhmojfecjfmbdpchihbeilohgnbdci;;
    301. 

  301.     5) extid=jdogphakondfdmcanpapfahkdomaicfa;;
    302. 

  302.     6) extid=aceopacgaepdcelohobicpffbbejnfac;;
    303. 

  303.     7) extid=kmffehbidlalibfeklaefnckpidbodff;;
    304. 

  304.     8) extid=jaoebcikabjppaclpgbodmmnfjihdngk;;
    305. 

  305.     9) extid=ghlpmldmjjhmdgmneoaibbegkjjbonbk;;
    306. 

  306.     10) extid=ddfbkhpmcdbciejenfcolaaiebnjcbfc;;
    307. 

  307.     11) extid=jfbecfmiegcjddenjhlbhlikcbfmnafd;;
    308. 

  308.     12) extid=jjpmjccpemllnmgiaojaocgnakpmfgjg;;
    309. 

  309.     13) read -r -p "enter extension id>" extid;;
    310. 

  310.     *) echo "invalid option" ;;
    311. 

  311.     esac
    312. 

  312.     echo "$extid" | grep -qE '^[a-z]{32}$' && chmod 777 "/home/chronos/user/Extensions/$extid" && kill -9 $(pgrep -f "\-\-extension\-process") || "invalid input"
    313. 

  313. }
    314. 

  314. 

  315. softdisableext() {
    316. 

  316.     echo "Extensions will stay disabled until you press Ctrl+c or close this tab"
    317. 

  317.     while true; do
    318. 

  318.         kill -9 $(pgrep -f "\-\-extension\-process") 2>/dev/null
    319. 

  319.         sleep 0.5
    320. 

  320.     done
    321. 

  321. }
    322. 

  322. install_crouton() {
    323. 

  323.     doas "bash <(curl -SLk https://goo.gl/fd3zc) -t xfce -r bullseye"
    324. 

  324.     touch /mnt/stateful_partition/crouton
    325. 

  325. }
    326. 

  326. start_crouton() {
    327. 

  327.     doas "startxfce4"
    328. 

  328. }
    329. 

  329. if [ "$0" = "$BASH_SOURCE" ]; then
    330. 

  330.     stty sane
    331. 

  331.     main
    332. 

  332. fi
    333. 

  333.