AT Command Injection

First thing you need to do before using this is give a BIG THANK YOU to @E3V3A (E:V:A on xda) for determining how this implementation was possible because without his perseverance this would not be possible! ROOT IS REQUIRED!! Root terminal methods are used to execute the AT Command Injection so this fragment will check for both ROOT (su binary) and BUSYBOX to confirm both are available on your device, if not the execution section of the fragment WILL NOT DISPLAY. If the initial setup works correctly the next step is trying to determine your Ril Serial Device through the system property ril.libargs if this is successful then you are in business and the AT Command Injection system is available for you to test. This will probably NOT WORK on many devices (such as my i9100) but it will provide details of the failure if available and display them to the screen but also write them to the file error.txt in the AIMSICD directory of your external storage. Have fun and try not to break anything.
CellularPrivacy · Jun 21, 2014 · 00ced4f · 00ced4f
1 parent abb4ebf
commit 00ced4f
Show file tree

Hide file tree

Showing 8 changed files with 178 additions and 60 deletions.
diff --git a/app/build.gradle b/app/build.gradle
@@ -23,12 +23,12 @@ android {
             assets.srcDirs = ['src/main/assets']
         }
     }
-
     compileOptions {
         sourceCompatibility JavaVersion.VERSION_1_7
         targetCompatibility JavaVersion.VERSION_1_7
     }
-
+    productFlavors {
+    }
 }
 
 dependencies {

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
           package="com.SecUpwN.AIMSICD"
-          android:versionCode="19"
-          android:versionName="0.1.19">
+          android:versionCode="20"
+          android:versionName="0.1.20">
 
     <uses-feature
             android:glEsVersion="0x00020000"

diff --git a/app/src/main/java/com/SecUpwN/AIMSICD/fragments/AtCommandFragment.java b/app/src/main/java/com/SecUpwN/AIMSICD/fragments/AtCommandFragment.java
@@ -2,49 +2,68 @@
 
 import com.SecUpwN.AIMSICD.R;
 import com.SecUpwN.AIMSICD.service.AimsicdService;
+import com.SecUpwN.AIMSICD.utils.CMDProcessor;
+import com.SecUpwN.AIMSICD.utils.CommandResult;
 import com.SecUpwN.AIMSICD.utils.Helpers;
 
 import android.app.Activity;
+import android.app.Fragment;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.ServiceConnection;
 import android.os.AsyncTask;
 import android.os.Bundle;
 import android.os.IBinder;
-import android.app.Fragment;
 import android.text.TextUtils;
 import android.util.Log;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
 import android.widget.Button;
 import android.widget.EditText;
+import android.widget.RelativeLayout;
 import android.widget.TextView;
 
 import java.util.List;
 
 public class AtCommandFragment extends Fragment {
 
+    //Return value constants
+    private final int RIL_INIT_OK = 200;
+    private final int RIL_INIT_ERROR = 201;
+    private final int ROOT_UNAVAILABLE = 202;
+    private final int BUSYBOX_UNAVAILABLE = 203;
+
+    //System items
     private AimsicdService mAimsicdService;
     private boolean mBound;
     private Context mContext;
     private Activity mActivity;
+
+    //Layout items
     private View mView;
+    private RelativeLayout mAtCommandLayout;
+    private TextView mAtCommandError;
+    private TextView mRilDeviceDisplay;
     private Button mAtCommandExecute;
     private TextView mAtResponse;
     private EditText mAtCommand;
+    private String mRilDevice;
 
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup container,
             Bundle savedInstanceState) {
         mView = inflater.inflate(R.layout.at_command_fragment, container, false);
         if (mView != null) {
+            mAtCommandLayout = (RelativeLayout) mView.findViewById(R.id.atcommandView);
+            mAtCommandError = (TextView) mView.findViewById(R.id.at_command_error);
             mAtCommandExecute = (Button) mView.findViewById(R.id.execute);
+            mRilDeviceDisplay = (TextView) mView.findViewById(R.id.ril_device);
+            mAtResponse = (TextView) mView.findViewById(R.id.response);
+            mAtCommand = (EditText) mView.findViewById(R.id.at_command);
+            mAtCommandExecute.setOnClickListener(new btnClick());
         }
-        mAtCommandExecute.setOnClickListener(new btnClick());
-        mAtResponse = (TextView) mView.findViewById(R.id.response);
-        mAtCommand = (EditText) mView.findViewById(R.id.at_command);
 
         return mView;
     }
@@ -74,6 +93,54 @@ public void onDestroy() {
         }
     }
 
+    @Override
+    public void onResume() {
+        super.onResume();
+        if (!mBound) {
+            // Bind to LocalService
+            Intent intent = new Intent(mContext, AimsicdService.class);
+            mContext.bindService(intent, mConnection, Context.BIND_AUTO_CREATE);
+        }
+
+        int rilInit = initialiseRil();
+
+        switch (rilInit) {
+            case RIL_INIT_OK:
+                mAtCommandLayout.setVisibility(View.VISIBLE);
+                break;
+            case ROOT_UNAVAILABLE:
+                String rootUnavailable = "Unable to acquire ROOT access on your device. \n\n" +
+                        "AT Command Injection requires ROOT Terminal access. \n\n" +
+                        "Please check your device is ROOTED and try again";
+                mAtCommandError.setText(rootUnavailable);
+                break;
+            case BUSYBOX_UNAVAILABLE:
+                String busyboxUnavailable = "Unable to detect Busybox on your device. \n\n" +
+                        "AT Command Injection requires Busybox components to function correctly. \n\n"
+                        + "Please check your device has Busybox installed and try again";
+                mAtCommandError.setText(busyboxUnavailable);
+                break;
+            case RIL_INIT_ERROR:
+                String error =
+                        "An unknown error has occurred trying to acquire the Ril Serial Device.\n\n"
+                                + "Please check your logcat for any errors and post them to Github "
+                                + "or XDA, links to both of these locations can be found within the "
+                                + "About section of the application.";
+                mAtCommandError.setText(error);
+                break;
+            default:
+                String unknownError =
+                        "An unknown error has occurred trying to initialise the AT Command Injector.\n\n"
+                                + "Please check your logcat for any errors and post them to Github or "
+                                + "XDA, links to both of these locations can be found within the "
+                                + "About section of the application.";
+                mAtCommandError.setText(unknownError);
+                break;
+        }
+
+
+    }
+
     /**
      * Service Connection to bind the activity to the service
      */
@@ -92,53 +159,65 @@ public void onServiceDisconnected(ComponentName arg0) {
     };
 
     private class btnClick implements View.OnClickListener {
+
         @Override
         public void onClick(View v) {
-                executeAT();
+            executeAT();
         }
     }
 
-    private void executeAT() {
-/*        if (mBound && !mView.findViewById(R.id.at_command).toString().isEmpty()) {
-            //Try SamSung MultiRil Implementation
-            DetectResult rilStatus = mAimsicdService.getRilExecutorStatus();
-            if (rilStatus.available) {
-                new RequestOemInfoTask().execute();
-            }
-        }*/
-        Helpers.sendMsg(mContext, "Coming soon...");
-    }
+    private int initialiseRil() {
+        //Check for root access
+        boolean root = Helpers.checkSu();
+        if (!root) {
+            return ROOT_UNAVAILABLE;
+        }
 
-    private void requestResponse() {
-        try {
-            String[] atCommand = new String[]{mAtCommand.getText().toString()};
-            final List<String> list = mAimsicdService.executeAtCommand(atCommand);
-            mActivity.runOnUiThread(new Runnable() {
-                @Override
-                public void run() {
-                    if (list != null) {
-                        mAtResponse.setText(TextUtils.join("\n", list));
-                    }
-                }
-            });
-        }catch (Exception e) {
-            Log.e("AIMSICD", "requestResponse " + e);
+        //Check busybox is installed
+        boolean busybox = Helpers.checkBusybox();
+        if (!busybox) {
+            return BUSYBOX_UNAVAILABLE;
         }
+
+        //Draw Ril Serial Device details from the System Property
+        String rilDevice = Helpers.getSystemProp(mContext, "rild.libargs", "UNKNOWN");
+        mRilDevice = (rilDevice.equals("UNKNOWN") ? rilDevice : rilDevice.substring(3));
+        mRilDeviceDisplay.setText(mRilDevice);
+
+        if (mRilDevice.equals("UNKNOWN"))
+            return RIL_INIT_ERROR;
+
+        return RIL_INIT_OK;
     }
 
+    private void executeAT() {
+        if (mAtCommand.getText() != null) {
+            mAtResponse.setText("");
+            String cmdSetup = "cat " + mRilDevice + " &";
+            new ExecuteAtCommand().execute(cmdSetup);
+            String atCommand = mAtCommand.getText().toString();
+            new ExecuteAtCommand().execute("echo -e " + atCommand +"\r > " + mRilDevice);
+        }
+    }
 
-    private class RequestOemInfoTask extends AsyncTask<Void, Void, Void> {
-        @Override
-        protected Void doInBackground(Void... string) {
-            if (!mBound) return null;
-            requestResponse();
+    private class ExecuteAtCommand extends AsyncTask<String, Integer, CommandResult> {
 
-            return null;
+        protected CommandResult doInBackground(String... atCommand) {
+            return CMDProcessor.runSuCommand(atCommand[0]);
         }
 
-        @Override
-        protected void onPostExecute(Void aVoid) {
-            super.onPostExecute(aVoid);
+        protected void onPostExecute(CommandResult result) {
+            if (result != null) {
+                Log.i("AIMSICD_ATCommand", "Stdout: " + result.getStdout() +
+                        " StdErr: " + result.getStderr() + " Exit Value: " + result.getExitValue());
+                if (!result.getStdout().isEmpty())
+                    mAtResponse.append(result.getStdout());
+                else if (!result.getStderr().isEmpty())
+                    mAtResponse.append(result.getStderr());
+                else
+                    mAtResponse.append("No response or error detected...");
+            }
         }
     }
+
 }
diff --git a/app/src/main/java/com/SecUpwN/AIMSICD/utils/CommandResult.java b/app/src/main/java/com/SecUpwN/AIMSICD/utils/CommandResult.java
@@ -21,6 +21,8 @@
 
 package com.SecUpwN.AIMSICD.utils;
 
+import com.SecUpwN.AIMSICD.adapters.AIMSICDDbAdapter;
+
 import android.os.Environment;
 import android.os.Parcel;
 import android.os.Parcelable;
@@ -106,8 +108,7 @@ private void checkForErrors() {
             FileWriter errorWriter = null;
             try {
                 File errorLogFile = new File(
-                        Environment.getExternalStorageDirectory()
-                                + "/aokp/error.txt"
+                        AIMSICDDbAdapter.FOLDER + "error.txt"
                 );
                 if (!errorLogFile.exists()) {
                     errorLogFile.createNewFile();
@@ -175,7 +176,6 @@ public CommandResult[] newArray(int size) {
         }
     };
 
-
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -189,8 +189,8 @@ public boolean equals(Object o) {
 
         return (mStartTime == that.mStartTime &&
                 mExitValue == that.mExitValue &&
-                mStdout == that.mStdout &&
-                mStderr == that.mStderr &&
+                mStdout.equals(that.mStdout) &&
+                mStderr.equals(that.mStderr) &&
                 mEndTime == that.mEndTime);
     }
 

diff --git a/app/src/main/java/com/SecUpwN/AIMSICD/utils/Helpers.java b/app/src/main/java/com/SecUpwN/AIMSICD/utils/Helpers.java
@@ -125,7 +125,7 @@ public static Boolean isNetAvailable(Context context) {
      * @param lat Latitude of current location
      * @param lng Longitude of current location
      */
-    public static void getOpenCellData(Context context, double lat, double lng, int type) {
+    public static void getOpenCellData(Context context, double lat, double lng, char type) {
         if (Helpers.isNetAvailable(context)) {
             double earthRadius = 6371.01;
 

diff --git a/app/src/main/java/com/SecUpwN/AIMSICD/utils/RequestTask.java b/app/src/main/java/com/SecUpwN/AIMSICD/utils/RequestTask.java
@@ -22,25 +22,25 @@
 import java.net.URL;
 import java.net.URLConnection;
 
-public class RequestTask extends AsyncTask<String, String, String> {
+public class RequestTask extends AsyncTask<String, Integer, String> {
 
-    public static final int OPEN_CELL_ID_REQUEST = 1;
-    public static final int OPEN_CELL_ID_REQUEST_FROM_MAP = 2;
-    public static final int BACKUP_DATABASE = 3;
-    public static final int RESTORE_DATABASE = 4;
+    public static final char OPEN_CELL_ID_REQUEST = 1;
+    public static final char OPEN_CELL_ID_REQUEST_FROM_MAP = 2;
+    public static final char BACKUP_DATABASE = 3;
+    public static final char RESTORE_DATABASE = 4;
 
     private final AIMSICDDbAdapter mDbAdapter;
     private final Context mContext;
-    private final int mType;
+    private final char mType;
 
-    public RequestTask(Context context, int type) {
+    public RequestTask(Context context, char type) {
         mType = type;
         mContext = context;
         mDbAdapter = new AIMSICDDbAdapter(mContext);
     }
 
     @Override
-    protected String doInBackground(String... urlString) {
+    protected String doInBackground(String... commandString) {
 
         switch (mType) {
             case OPEN_CELL_ID_REQUEST:
@@ -56,7 +56,7 @@ protected String doInBackground(String... urlString) {
                     }
                     File file = new File(dir, "opencellid.csv");
 
-                    URL url = new URL(urlString[0]);
+                    URL url = new URL(commandString[0]);
                     URLConnection connection = url.openConnection();
                     connection.connect();
 
@@ -78,7 +78,7 @@ protected String doInBackground(String... urlString) {
 
                     while ((count = input.read(data)) != -1) {
                         total += count;
-                        AIMSICD.mProgressBar.setProgress((int) ((total * 100) / lengthOfFile));
+                        publishProgress((int) ((total * 100) / lengthOfFile));
 
                         // writing data to file
                         output.write(data, 0, count);
@@ -118,6 +118,11 @@ protected String doInBackground(String... urlString) {
         return null;
     }
 
+
+    protected void onProgressUpdate(Integer... values) {
+        AIMSICD.mProgressBar.setProgress(values[0]);
+    }
+
     @Override
     protected void onPostExecute(String result) {
         super.onPostExecute(result);