-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
/
magisk.py
112 lines (91 loc) · 3.1 KB
/
magisk.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import hashlib
import os
from zipfile import ZipFile
from cryptography import x509
from cryptography.hazmat.primitives import serialization
from mitmproxy import certs
from mitmproxy import ctx
from mitmproxy.options import CONF_BASENAME
# The following 3 variables are for including in the magisk module as text file
MODULE_PROP_TEXT = """id=mitmproxycert
name=MITMProxy cert
version=v1
versionCode=1
author=mitmproxy
description=Adds the mitmproxy certificate to the system store
template=3"""
CONFIG_SH_TEXT = """
MODID=mitmproxycert
AUTOMOUNT=true
PROPFILE=false
POSTFSDATA=false
LATESTARTSERVICE=false
print_modname() {
ui_print "*******************************"
ui_print " MITMProxy cert installer "
ui_print "*******************************"
}
REPLACE="
"
set_permissions() {
set_perm_recursive $MODPATH 0 0 0755 0644
}
"""
UPDATE_BINARY_TEXT = """
#!/sbin/sh
#################
# Initialization
#################
umask 022
# echo before loading util_functions
ui_print() { echo "$1"; }
require_new_magisk() {
ui_print "*******************************"
ui_print " Please install Magisk v20.4+! "
ui_print "*******************************"
exit 1
}
OUTFD=$2
ZIPFILE=$3
mount /data 2>/dev/null
[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
. /data/adb/magisk/util_functions.sh
[ $MAGISK_VER_CODE -lt 20400 ] && require_new_magisk
install_module
exit 0
"""
def get_ca_from_files() -> x509.Certificate:
# Borrowed from tlsconfig
certstore_path = os.path.expanduser(ctx.options.confdir)
certstore = certs.CertStore.from_store(
path=certstore_path,
basename=CONF_BASENAME,
key_size=ctx.options.key_size,
passphrase=ctx.options.cert_passphrase.encode("utf8")
if ctx.options.cert_passphrase
else None,
)
return certstore.default_ca._cert
def subject_hash_old(ca: x509.Certificate) -> str:
# Mimics the -subject_hash_old option of openssl used for android certificate names
full_hash = hashlib.md5(ca.subject.public_bytes()).digest()
sho = full_hash[0] | (full_hash[1] << 8) | (full_hash[2] << 16) | full_hash[3] << 24
return hex(sho)[2:]
def write_magisk_module(path: str):
# Makes a zip file that can be loaded by Magisk
# Android certs are stored as DER files
ca = get_ca_from_files()
der_cert = ca.public_bytes(serialization.Encoding.DER)
with ZipFile(path, "w") as zipp:
# Main cert file, name is always the old subject hash with a '.0' added
zipp.writestr(f"system/etc/security/cacerts/{subject_hash_old(ca)}.0", der_cert)
zipp.writestr("module.prop", MODULE_PROP_TEXT)
zipp.writestr("config.sh", CONFIG_SH_TEXT)
zipp.writestr("META-INF/com/google/android/updater-script", "#MAGISK")
zipp.writestr("META-INF/com/google/android/update-binary", UPDATE_BINARY_TEXT)
zipp.writestr(
"common/file_contexts_image", "/magisk(/.*)? u:object_r:system_file:s0"
)
zipp.writestr("common/post-fs-data.sh", "MODDIR=${0%/*}")
zipp.writestr("common/service.sh", "MODDIR=${0%/*}")
zipp.writestr("common/system.prop", "")