murkmod.sh 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
  1. #!/bin/bash
  2. CURRENT_MAJOR=6
  3. CURRENT_MINOR=0
  4. CURRENT_VERSION=0
  5. if [[ -z "${MURKMOD_BRANCH}" ]]; then
  6. BRANCH="main"
  7. else
  8. BRANCH="${MURKMOD_BRANCH}"
  9. fi
  10. get_asset() {
  11. curl -s -f "https://api.github.com/repos/rainestorme/murkmod/contents/$1?ref=$BRANCH" | jq -r ".content" | base64 -d
  12. }
  13. get_asset_fakemurk() {
  14. curl -s -f "https://api.github.com/repos/MercuryWorkshop/fakemurk/contents/$1" | jq -r ".content" | base64 -d
  15. }
  16. get_built_asset_fakemurk() {
  17. curl -SLk "https://github.com/MercuryWorkshop/fakemurk/releases/latest/download/1"
  18. }
  19. install() {
  20. TMP=$(mktemp)
  21. get_asset "$1" >"$TMP"
  22. if [ "$?" == "1" ] || ! grep -q '[^[:space:]]' "$TMP"; then
  23. echo "Failed to install $1 to $2"
  24. rm -f "$TMP"
  25. exit
  26. fi
  27. # Don't mv, that would break permissions
  28. cat "$TMP" >"$2"
  29. rm -f "$TMP"
  30. }
  31. install_fakemurk() {
  32. TMP=$(mktemp)
  33. get_asset_fakemurk "$1" >"$TMP"
  34. if [ "$?" == "1" ] || ! grep -q '[^[:space:]]' "$TMP"; then
  35. echo "Failed to install $1 to $2"
  36. rm -f "$TMP"
  37. exit
  38. fi
  39. # Don't mv, that would break permissions
  40. cat "$TMP" >"$2"
  41. rm -f "$TMP"
  42. }
  43. install_built_fakemurk() {
  44. TMP=$(mktemp)
  45. get_built_asset_fakemurk "$1" >"$TMP"
  46. if [ "$?" == "1" ] || ! grep -q '[^[:space:]]' "$TMP"; then
  47. echo "failed to install $1 to $2"
  48. rm -f "$TMP"
  49. return 1
  50. fi
  51. cat "$TMP" >"$2"
  52. rm -f "$TMP"
  53. }
  54. if [ "$BRANCH" != "main" ]; then
  55. echo "Using branch $BRANCH - Keep in mind any alternate branches can be unstable and are not reccomended!"
  56. if [ "$0" != "/usr/local/tmp/murkmod.sh" ]; then
  57. echo "Fetching installer on alternate branch..."
  58. mkdir -p /usr/local/tmp
  59. install "murkmod.sh" /usr/local/tmp/murkmod.sh
  60. chmod 755 /usr/local/tmp/murkmod.sh
  61. clear
  62. echo "Handing over to alternate branch..."
  63. MURKMOD_BRANCH=$BRANCH /usr/local/tmp/murkmod.sh
  64. exit 0
  65. else
  66. echo "Running installer from branch $BRANCH!"
  67. fi
  68. fi
  69. show_logo() {
  70. echo -e " __ .___\n _____ __ _________| | __ _____ ____ __| _/\n / \| | \_ __ \ |/ // \ / _ \ / __ | \n| Y Y \ | /| | \/ <| Y Y ( <_> ) /_/ | \n|__|_| /____/ |__| |__|_ \__|_| /\____/\____ | \n \/ \/ \/ \/\n"
  71. echo " The fakemurk plugin manager - v$CURRENT_MAJOR.$CURRENT_MINOR.$CURRENT_VERSION"
  72. }
  73. lsbval() {
  74. local key="$1"
  75. local lsbfile="${2:-/etc/lsb-release}"
  76. if ! echo "${key}" | grep -Eq '^[a-zA-Z0-9_]+$'; then
  77. return 1
  78. fi
  79. sed -E -n -e \
  80. "/^[[:space:]]*${key}[[:space:]]*=/{
  81. s:^[^=]+=[[:space:]]*::
  82. s:[[:space:]]+$::
  83. p
  84. }" "${lsbfile}"
  85. }
  86. install_patched_files() {
  87. install "daemon.sh" /sbin/murkmod-daemon.sh
  88. local milestone=$(lsbval CHROMEOS_RELEASE_CHROME_MILESTONE $ROOT/etc/lsb-release)
  89. if [ "$milestone" -gt "116" ]; then
  90. echo "Detected v116 or higher, using new chromeos_startup"
  91. install "chromeos_startup.sh" /sbin/chromeos_startup
  92. touch /new-startup
  93. else
  94. install "chromeos_startup.sh" /sbin/chromeos_startup.sh
  95. fi
  96. install "mush.sh" /usr/bin/crosh
  97. install "pre-startup.conf" /etc/init/pre-startup.conf
  98. install "cr50-update.conf" /etc/init/cr50-update.conf
  99. install "ssd_util.sh" /usr/share/vboot/bin/ssd_util.sh
  100. install "image_patcher.sh" /sbin/image_patcher.sh
  101. chmod 777 /sbin/murkmod-daemon.sh /sbin/chromeos_startup.sh /sbin/chromeos_startup /usr/bin/crosh /usr/share/vboot/bin/ssd_util.sh /sbin/image_patcher.sh
  102. }
  103. create_stateful_files() {
  104. # This is only here for backwards compatibility
  105. touch /mnt/stateful_partition/murkmod_version
  106. echo "$CURRENT_MAJOR $CURRENT_MINOR $CURRENT_VERSION" > /mnt/stateful_partition/murkmod_version
  107. mkdir -p /mnt/stateful_partition/murkmod/plugins
  108. touch /mnt/stateful_partition/murkmod/settings
  109. if [ ! -f /mnt/stateful_partition/murkmod/settings ]; then
  110. echo "# ----- murkmod settings -----" > /mnt/stateful_partition/murkmod/settings
  111. echo "" >> /mnt/stateful_partition/murkmod/settings
  112. echo "# this file is unused for now, but this might change" >> /mnt/stateful_partition/murkmod/settings
  113. fi
  114. }
  115. check_for_emergencyshell() {
  116. if test -d "/home/chronos/user/Downloads/fix-mush"; then
  117. echo "Running from emergency shell, reverting..."
  118. rm -Rf /home/chronos/user/Downloads/fix-mush
  119. fi
  120. }
  121. do_policy_patch() {
  122. url1="https://raw.githubusercontent.com/rainestorme/murkmod/main/pollen.json"
  123. url2="https://raw.githubusercontent.com/MercuryWorkshop/fakemurk/main/pollen.json"
  124. response1=$(curl -s "$url1")
  125. response2=$(curl -s "$url2")
  126. if [ "$response1" = "$response2" ]; then
  127. install "pollen.json" /etc/opt/chrome/policies/managed/policy.json
  128. else
  129. read -r -p "Use murkmod reccomended pollen config? [Y/n] " choice
  130. case "$choice" in
  131. n | N) install_fakemurk "pollen.json" /etc/opt/chrome/policies/managed/policy.json ;;
  132. *) install "pollen.json" /etc/opt/chrome/policies/managed/policy.json ;;
  133. esac
  134. fi
  135. }
  136. set_chronos_password() {
  137. echo -en "murkmod\nmurkmod\n" | passwd chronos > /dev/null
  138. }
  139. set_sudo_perms() {
  140. if ! cat /etc/sudoers | grep chronos; then
  141. echo "Sudo permissions are not already set, setting..."
  142. echo "chronos ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
  143. else
  144. echo "Looks like sudo permissions are already set correctly."
  145. fi
  146. }
  147. collect_analytics() {
  148. hwid=$(crossystem.old hwid)
  149. if [ ! -f /mnt/stateful_partition/murkmod/method_collected ]; then
  150. read -r -p "Did you use sh1mmer to unenroll this device? Reply with N if you used a different method. [y/N] " choice
  151. case "$choice" in
  152. y | Y) used_sh1mmer="yes" && touch /mnt/stateful_partition/murkmod/method_collected ;;
  153. *) used_sh1mmer="no" && touch /mnt/stateful_partition/murkmod/method_collected ;;
  154. esac
  155. curl -X POST \
  156. -H "Content-Type: application/json" \
  157. -d "{\"hwid\":\"${hwid}\",\"method\":\"${used_sh1mmer}\"}" \
  158. https://murkmod-analytics.besthaxer.repl.co/addmethod > /dev/null
  159. fi
  160. if [ ! -f /mnt/stateful_partition/murkmod/guide_collected ]; then
  161. read -r -p "Did you use the Chromebook Exploit Guide (chromebook-guide.github.io) to fakemurk your device? [y/N] " choice
  162. case "$choice" in
  163. y | Y) used_guide="yes" && touch /mnt/stateful_partition/murkmod/guide_collected ;;
  164. *) used_guide="no" && touch /mnt/stateful_partition/murkmod/guide_collected ;;
  165. esac
  166. curl -X POST \
  167. -H "Content-Type: application/json" \
  168. -d "{\"hwid\":\"${hwid}\",\"guide\":\"${used_guide}\"}" \
  169. https://murkmod-analytics.besthaxer.repl.co/addguide > /dev/null
  170. fi
  171. fakemurk_version=$(cat /mnt/stateful_partition/fakemurk_version | base64 -w 0 || echo "")
  172. murkmod_version=$(cat /mnt/stateful_partition/murkmod_version | base64 -w 0)
  173. release_board=$(lsbval CHROMEOS_RELEASE_BOARD)
  174. devicetype=$(lsbval DEVICETYPE)
  175. auserver=$(lsbval CHROMEOS_AUSERVER)
  176. chromeos_version=$(lsbval CHROMEOS_RELEASE_DESCRIPTION)
  177. build_type=$(lsbval CHROMEOS_RELEASE_BUILD_TYPE)
  178. chrome_milestone=$(lsbval CHROMEOS_RELEASE_CHROME_MILESTONE)
  179. release_track=$(lsbval CHROMEOS_RELEASE_TRACK)
  180. curl -X POST \
  181. -H "Content-Type: application/json" \
  182. -d "{\"murkmod_version\":\"${murkmod_version}\",\"fakemurk_version\":\"${fakemurk_version}\",\"hwid\":\"${hwid}\",\"release_board\":\"${release_board}\",\"devicetype\":\"${devicetype}\",\"auserver\":\"${auserver}\",\"cros_version\":\"${chromeos_version}\",\"build_type\":\"${build_type}\",\"chrome_milestone\":\"${chrome_milestone}\",\"release_track\":\"${release_track}\"}" \
  183. https://murkmod-analytics.besthaxer.repl.co/analytics > /dev/null
  184. echo "Analytics collected."
  185. }
  186. get_analytics_permission() {
  187. echo "Analytics are completely anonymous - based on HWID only. It only collects basic information about your device and requires only minimal information on your part."
  188. echo "Although I would greatly appreciate it if you opt in, this is completely optional and you can opt out at any time by deleting /mnt/stateful_partition/murkmod/analytics_opted_in."
  189. read -r -p "Opt-in to analytics? [y/N] " choice
  190. case "$choice" in
  191. y | Y) collect_analytics && touch /mnt/stateful_partition/murkmod/analytics_opted_in ;;
  192. *) echo "Opting out of analytics." && touch /mnt/stateful_partition/murkmod/analytics_opted_out ;;
  193. esac
  194. }
  195. set_cros_debug() {
  196. sed -i "s/\(cros_debug=\).*/\11/" /usr/bin/crossystem
  197. }
  198. check_legacy_daemon() {
  199. if [ -f /sbin/fakemurk-daemon.sh ]; then
  200. echo "Found legacy fakemurk daemon, removing..."
  201. kill $(pgrep fakemurk)
  202. rm -f /sbin/fakemurk-daemon.sh
  203. mkdir -p /var/murkmod
  204. echo "Restarting daemon..."
  205. /sbin/murkmod-daemon.sh >/var/murkmod/daemon-log 2>&1 &
  206. fi
  207. }
  208. murkmod() {
  209. show_logo
  210. if [ "$1" != "--dryrun" ]; then
  211. if [ ! -f /sbin/fakemurk-daemon.sh ]; then
  212. if [ ! -f /sbin/murkmod-daemon.sh ]; then
  213. echo "Either your system has a broken fakemurk/murkmod installation or your system doesn't have a fakemurk or murkmod installation at all. (Re)install fakemurk/murkmod, then re-run this script."
  214. exit
  215. fi
  216. fi
  217. echo "Checking for emergency shell..."
  218. check_for_emergencyshell
  219. echo "Installing patched files..."
  220. install_patched_files
  221. echo "Checking for legacy fakemurk daemon..."
  222. check_legacy_daemon
  223. echo "Creating stateful partition files..."
  224. create_stateful_files
  225. echo "Patching policy..."
  226. do_policy_patch
  227. echo "Setting chronos user password..."
  228. set_chronos_password
  229. echo "Checking sudo perms..."
  230. set_sudo_perms
  231. echo "Setting crossystem cros_debug..."
  232. set_cros_debug
  233. if [ ! -f /mnt/stateful_partition/murkmod/analytics_opted_in ]; then
  234. if [ ! -f /mnt/stateful_partition/murkmod/analytics_opted_out ]; then
  235. get_analytics_permission
  236. fi
  237. else
  238. collect_analytics
  239. fi
  240. fi
  241. read -n 1 -s -r -p "Done. If cros_debug was enabled for the first time, a reboot may be required. Press any key to exit."
  242. exit
  243. }
  244. if [ "$0" = "$BASH_SOURCE" ]; then
  245. if [ "$EUID" -ne 0 ]; then
  246. echo "Please run this as root from mush. Use option 1 (root shell) instead of any other method of getting to a shell."
  247. exit
  248. fi
  249. murkmod
  250. fi