rainestorme
/
fakemurk
mirror of https://github.com/MercuryWorkshop/fakemurk


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264
							. /usr/share/misc/chromeos-common.sh || :

#define DEVBUILD_FLAG 0

#if DEVBUILD_FLAG==1
DEVBUILD=1
devbuild_config() {
    swallow_stdin

    read -r -p "Would you like to enable enrollment credentential capturer? After finishing the script, the next boot will detect all keypresses during enrollment setup and save them to a file. This file is ONLY STORED LOCALLY, and is deleted as soon as you read it, which you can confirm by reading the source code. By using this you also acknowledge that you have permission to capture these credentials. (y\N)" choice
    echo "THIS FEATURE IS FOR CYBER SECURITY RESEARCH ONLY, DO NOT USE UNLESS YOU HAVE RED TEAM PERMISSION"
    case "$choice" in
    Y | y) INSTALL_LOGKEYS=1 ;;
    esac
}

drop_logkeys() {
    mkdir "$ROOT/logkeys"

    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/usr/bin/logkeys"
#include "logkeys.elf.b64"
EOF

    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/logkeys/keymap.map"
#include "keymap.map.b64"
EOF
    chmod 777 "$ROOT/usr/bin/logkeys"
    ln -s "$ROOT/bin/grep" "$ROOT/sbin/grep"
    touch "$ROOT/sbin/dumpkeys"
}

devbuild_patchroot() {
    if [ "$INSTALL_LOGKEYS" == "1" ]; then
        echo "installing logkeys"
        drop_logkeys
        touch "$ROOT/logkeys/active"
    fi
}

#endif

traps() {
    set -e
    trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
    trap 'echo "\"${last_command}\" command failed with exit code $?. THIS IS A BUG, REPORT IT HERE https://github.com/MercuryWorkshop/fakemurk"' EXIT
}
leave() {
    trap - EXIT
    echo "exiting successfully"
    exit
}
config() {
    swallow_stdin

    swallow_stdin
    echo
    read -r -p "Would you like to enable rootfs restore? It will add an option to quickly revert all changes and re-enroll. (Y/n)" choice
    case "$choice" in
    N | n | no | No | NO) ROOTFS_BACKUP=0 ;;
    *) ROOTFS_BACKUP=1 ;;
    esac

    if [ "$DEVBUILD" == "1" ]; then
        devbuild_config
    fi
}

swallow_stdin() {
    while read -t 0 notused; do
        read input
    done
}

fakemurk_info() {
    ascii_info
    sleep 3
    cat <<-EOF

WARNING: THIS SCRIPT WILL REQUIRE THE REMOVAL OF ROOTFS VERIFICATION, AND THE DISABLING OF AUTOUPDATES
THIS MEANS THAT IF YOU EVER TURN OFF DEVMODE, YOUR SYSTEM WILL BE BRICKED UNTIL RECOVERY

WE ARE NOT RESPONSIBLE FOR DAMAGE, YOU BEING STUPID AND MISUSING THIS, OR GETTING IN TROUBLE
DO YOU UNDERSTAND??

(enter to proceed, ctrl+c to quit)
EOF
    swallow_stdin
    read -r
}

csys() {
    if [ "$COMPAT" == "1" ]; then
        crossystem "$@"
    elif test -f "$ROOT/usr/bin/crossystem.old"; then
        "$ROOT/usr/bin/crossystem.old" "$@"
    else
        "$ROOT/usr/bin/crossystem" "$@"
    fi
}
cvpd() {
    if [ "$COMPAT" == "1" ]; then
        vpd "$@"
    elif test -f "$ROOT/usr/sbin/vpd.old"; then
        "$ROOT/usr/sbin/vpd.old" "$@"
    else
        "$ROOT/usr/sbin/vpd" "$@"
    fi
}

sed_escape() {
    echo -n "$1" | while read -n1 ch; do
        if [[ "$ch" == "" ]]; then
            echo -n "\n"
            # dumbass shellcheck not expanding is the entire point
        fi
        echo -n "\\x$(printf %x \'"$ch")"
    done
}

raw_crossystem_sh() {
    base64 -d <<-EOF | bunzip2 -dc
#include "crossystem.sh.b64"
EOF
}

raw_pollen() {
    base64 -d <<-EOF | bunzip2 -dc
#include "pollen.json.b64"
EOF
}
drop_daemon() {
    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/etc/init/pre-startup.conf"
#include "pre-startup.conf.b64"
EOF
    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/sbin/fakemurk-daemon.sh"
#include "fakemurk-daemon.sh.b64"
EOF
    chmod 777 "$ROOT/sbin/fakemurk-daemon.sh"
}
drop_startup_patch() {
    move_bin "$ROOT/sbin/chromeos_startup.sh"
    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/sbin/chromeos_startup.sh"
#include "chromeos_startup.sh.b64"
EOF
    chmod 777 "$ROOT/sbin/chromeos_startup.sh"
}
drop_mush() {
    move_bin "$ROOT/usr/bin/crosh"
    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/usr/bin/crosh"
#include "mush.sh.b64"
EOF
    chmod 777 "$ROOT/usr/bin/crosh"
}
drop_ssd_util(){
    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/usr/share/vboot/bin/ssd_util.sh"
#include "lib/ssd_util.sh.b64"
EOF
    chmod 777 "$ROOT/usr/share/vboot/bin/ssd_util.sh"
}
drop_cr50_update(){
    base64 -d <<-EOF | bunzip2 -dc >"$ROOT/etc/init/cr50-update.conf"
#include "cr50-update.conf.b64"
EOF
}


drop_crossystem_sh() {

    # this weird space replacement is used because "read" has odd behaviour with spaces and newlines
    # i don't need to worry about the jank because crossystem will never have user controlled data

    vals=$(sed "s/ /THIS_IS_A_SPACE_DUMBASS/g" <<<"$(crossystem_values)")
    raw_crossystem_sh | sed -e "s/#__SED_REPLACEME_CROSSYSTEM_VALUES#/$(sed_escape "$vals")/g" | sed -e "s/THIS_IS_A_SPACE_DUMBASS/ /g" >"$ROOT/usr/bin/crossystem"
    chmod 777 "$ROOT/usr/bin/crossystem"
}
drop_pollen() {
    mkdir -p "$ROOT/etc/opt/chrome/policies/managed"
    raw_pollen >$ROOT/etc/opt/chrome/policies/managed/policy.json
    chmod 777 "$ROOT/etc/opt/chrome/policies/managed/policy.json"

}

escape() {
    case $1 in
    '' | *[!0-9]*) echo -n "\"$1\"" ;;
    *) echo -n "$1" ;;
    esac
}

crossystem_values() {
    readarray -t csys_lines <<<"$(csys)"
    for element in "${csys_lines[@]}"; do
        line_stripped=$(echo "$element" | sed -e "s/#.*//g" | sed -e 's/ .*=/=/g')
        # sed 1: cuts out all chars after the #
        # sed 2: cuts out all spaces before =
        IFS='=' read -r -a pair <<<"$line_stripped"

        key=${pair[0]}
        # cut out all characters after an instance of 2 spaces in a row
        val="$(echo ${pair[1]} | sed -e 's/  .*//g')"
        if [ "$key" == "devsw_cur" ]; then
            val=0
        fi
        if [ "$key" == "devsw_boot" ]; then
            val=0
        fi
        if [ "$key" == "mainfw_type" ]; then
            val="normal"
        fi
        if [ "$key" == "mainfw_act" ]; then
            val="A"
        fi
        if [ "$key" == "cros_debug" ]; then
            val=1
        fi
        if [ "$key" == "dev_boot_legacy" ]; then
            val=0
        fi
        if [ "$key" == "dev_boot_signed_only" ]; then
            val=0
        fi
        if [ "$key" == "dev_boot_usb" ]; then
            val=0
        fi
        if [ "$key" == "dev_default_boot" ]; then
            val="disk"
        fi
        if [ "$key" == "dev_enable_udc" ]; then
            val=0
        fi
        if [ "$key" == "alt_os_enabled" ]; then
            val=0
        fi
        if [ "$key" == "recoverysw_boot" ]; then
            val=0
        fi
        if [ "$key" == "recoverysw_cur" ]; then
            val=0
        fi
        echo "$key=$(escape "$val")"
    done
}
move_bin() {
    if test -f "$1"; then
        mv "$1" "$1.old"
    fi
}

disable_autoupdates() {
    # thanks phene i guess?
    # this is an intentionally broken url so it 404s, but doesn't trip up network logging
    sed -i "$ROOT/etc/lsb-release" -e "s/CHROMEOS_AUSERVER=.*/CHROMEOS_AUSERVER=$(sed_escape "https://updates.gooole.com/update")/"

    # we don't want to take ANY chances
    move_bin "$ROOT/usr/sbin/chromeos-firmwareupdate"
    nullify_bin "$ROOT/usr/sbin/chromeos-firmwareupdate"

    # bye bye trollers! (trollers being cros devs)
    rm -rf "$ROOT/opt/google/cr50/firmware/" || :
}