diff --git a/.gitmodules b/.gitmodules index a030752..6fd3880 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +1,9 @@ [submodule "httpmitm"] path = httpmitm + url = https://git.kxtz.dev/kxtzownsu/Icarus-Lite.git + branch = main + +[submodule "httpmitm-old"] + path = httpmitm-old url = https://git.kxtz.dev/kxtzownsu/httpmitm.git branch = main diff --git a/Makefile b/Makefile index ec1ddc8..d0e1153 100644 --- a/Makefile +++ b/Makefile @@ -1,28 +1,27 @@ -setup-venv: - python3 -m venv .venv - bash setup_venv.sh - exit -enter-venv: - bash enter_venv.sh +venv: + bash venv.sh + setup-python: mkdir -p gen/python - protoc --python_out=gen/python crs.proto - protoc --python_out=gen/python pins.proto - protoc --python_out=gen/python ct.proto + protoc --python_out=gen/python proto/crs.proto + protoc --python_out=gen/python proto/pins.proto + protoc --python_out=gen/python cproto/t.proto cp gen/python/crs_pb2.py src/root_store_gen cp gen/python/pins_pb2.py src/root_store_gen cp gen/python/ct_pb2.py src/root_store_gen exit + build-packed-data: mkdir -p out/PKIMetadata - make setup-venv + make venv make setup-python + clean: rm -rf out/ -start-server: start-httpmitm -start-httpmitm: - cd httpmitm; bash start-proxy.sh - -start-dmbackend: - bash httpmitm/dmbackend/start_server.sh +start-server: + bash -c "while tmux has-session -t icarus; do tmux kill-session -t icarus; done" + echo "set -g mouse on" > ~/.tmux.conf + tmux new -d -s icarus "cd httpmitm; bash start_proxy.sh" + tmux splitw -t icarus -h "cd httpmitm/dmbackend; bash start_server.sh" + tmux a -t icarus diff --git a/README.md b/README.md index beefa81..70a9b73 100644 --- a/README.md +++ b/README.md @@ -12,15 +12,13 @@ Clone the repo with ``git clone --recursive https://git.kxtz.dev/kxtzownsu/icaru Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand): -- `make setup-venv` -- `make enter-venv` -- `make setup-python` +- `make venv` - `make build-packed-data` +- `make ca-keys` -Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 2000.) +Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 9999.) -- `bash get_original_data.sh` -- `bash make_out.sh myCA.der` +- `bash create_out.sh myCA.der` After doing this the output directory (from here on reffered to as PKIMetadata) will be generated, which is the custom Certificate Authority. @@ -58,12 +56,6 @@ Reboot the device. You'll boot into verified mode. Once you have your server run - If that didn't work, powerwash your device and re-run the modified shim, and keep the server running. -
- make_out.sh is prompting me for a password! - - The password is 'icarus' without quotes. -
- ## New Credits - [kxtzownsu](https://github.com/kxtzownsu) - rolling ssl keys, maintaining this fork :D diff --git a/get_original_data.sh b/get_original_data.sh deleted file mode 100755 index 92427a1..0000000 --- a/get_original_data.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -echo This script may be removed or disabled later with discretion of google. - -echo "using chrome ${CHROME:="google-chrome"}" - -if [ ! -d "$HOME/.config/$CHROME/PKIMetadata" ] -then - "$CHROME" chrome://components &> /dev/null & - exit 0 -fi -# Search directory for versions -HIGHESTVERSIONAPPARENTLY=$(find "$HOME/.config/$CHROME/PKIMetadata/" -maxdepth 1 -mindepth 1 -type d| head -n 1) -if [ -z ${HIGHESTVERSIONAPPARENTLY} ]; then - echo "Failed to find PKIMetadata directory" - exit 1 -fi - -#Let the user know what version we are on -echo "$HIGHESTVERSIONAPPARENTLY" - -# Prepare output directory (version is 2000 for now. Don't ask why) -mkdir -p original/PKIMetadata/2000 - -#Copy latest version as base (idk if this is reliable) -if [ "$HIGHESTVERSIONAPPARENTLY" != "" ]; then - cp -rvf "$HIGHESTVERSIONAPPARENTLY"/. original/PKIMetadata/2000 -else - echo "Variable HIGHESTVERSIONAPPARENTLY returned empty, failing." - exit 1 -fi - -#Remove metadata and fingerprint(just sha256 of manifest) to be accepted -rm -rvf original/PKIMetadata/2000/_metadata -rm -rvf original/PKIMetadata/2000/manifest.fingerprint - -#end of script diff --git a/httpmitm-old b/httpmitm-old new file mode 160000 index 0000000..81119be --- /dev/null +++ b/httpmitm-old @@ -0,0 +1 @@ +Subproject commit 81119bef0c029d9bbde827acb1022f8434cec829 diff --git a/make_out.sh b/make_out.sh deleted file mode 100755 index 6a47d9c..0000000 --- a/make_out.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -mkdir -p out/PKIMetadata/ -SCRIPT_DIR=$(dirname $0) -if [ $# -lt 1 ] -then - echo "Usage: " - exit 1 -fi -# Copy all directories, and will be modified by future calls -rm -rvf "${SCRIPT_DIR}"/out -mkdir "${SCRIPT_DIR}"/out -mkdir -p "${SCRIPT_DIR}"/out/PKIMetadata/. -cp -rvf "${SCRIPT_DIR}"/original/PKIMetadata/2000/. "${SCRIPT_DIR}"/out/PKIMetadata -rm -rvf "${SCRIPT_DIR}"/out/PKIMetadata/_metadata # verified contents not necessary -rm -rvf "${SCRIPT_DIR}out/PKIMetadata/"*.fingerprint -python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/original/PKIMetadata/2000/crs.pb" "$@" "${SCRIPT_DIR}/out/PKIMetadata/crs.pb" -# Modify version in manifest - -python3 <" + exit 1 +fi + +for file in "$@"; do + if [ ! -f "$file" ]; then + echo "$file missing!" + exit 1 + fi +done + +echo "using chrome ${CHROME:="google-chrome"}" +if [ ! -d "$HOME/.config/$CHROME/PKIMetadata" ] +then + echo "Opened chrome automatically, make sure you follow the README!" + "$CHROME" chrome://components &> /dev/null & + exit 0 +fi +HIGHESTVERSIONAPPARENTLY=$(find "$HOME/.config/$CHROME/PKIMetadata/" -maxdepth 1 -mindepth 1 -type d| head -n 1) +if [ -z ${HIGHESTVERSIONAPPARENTLY} ]; then + echo "Failed to find PKIMetadata directory" + exit 1 +fi +mkdir -p original/PKIMetadata/9999 +if [ "$HIGHESTVERSIONAPPARENTLY" != "" ]; then + cp -rvf "$HIGHESTVERSIONAPPARENTLY"/. original/PKIMetadata/9999 +else + echo "Variable HIGHESTVERSIONAPPARENTLY returned empty, failing." + exit 1 +fi + +rm -rvf original/PKIMetadata/9999/_metadata +rm -rvf original/PKIMetadata/9999/manifest.fingerprint + +# Copy all directories, and will be modified by future calls +rm -rvf "${SCRIPT_DIR}"/out +mkdir "${SCRIPT_DIR}"/out +mkdir -p "${SCRIPT_DIR}"/out/PKIMetadata/. +cp -rvf "${SCRIPT_DIR}"/original/PKIMetadata/9999/. "${SCRIPT_DIR}"/out/PKIMetadata +rm -rvf "${SCRIPT_DIR}"/out/PKIMetadata/_metadata # verified contents not necessary +rm -rvf "${SCRIPT_DIR}out/PKIMetadata/"*.fingerprint +python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/original/PKIMetadata/9999/crs.pb" "$@" "${SCRIPT_DIR}/out/PKIMetadata/crs.pb" +# Modify version in manifest + +python3 <