refactor
This commit is contained in:
parent
1c5fe5b3a3
commit
8f088c7086
1
.gitignore
vendored
1
.gitignore
vendored
@ -4,6 +4,5 @@ gen
|
||||
original
|
||||
out
|
||||
*pb2.py
|
||||
myCA.*
|
||||
*.bin
|
||||
*.bin.old
|
||||
|
||||
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -0,0 +1,3 @@
|
||||
[submodule "httpmitm"]
|
||||
path = httpmitm
|
||||
url = https://git.kxtz.dev/kxtzownsu/Icarus-Lite.git
|
||||
20
Makefile
20
Makefile
@ -1,14 +1,14 @@
|
||||
venv:
|
||||
bash venv.sh
|
||||
bash scripts/venv.sh
|
||||
|
||||
setup-python:
|
||||
mkdir -p gen/python
|
||||
protoc --python_out=gen/python proto/crs.proto
|
||||
protoc --python_out=gen/python proto/pins.proto
|
||||
protoc --python_out=gen/python cproto/t.proto
|
||||
cp gen/python/crs_pb2.py src/root_store_gen
|
||||
cp gen/python/pins_pb2.py src/root_store_gen
|
||||
cp gen/python/ct_pb2.py src/root_store_gen
|
||||
protoc --python_out=gen/python proto/ct.proto
|
||||
cp gen/python/proto/crs_pb2.py src/root_store_gen
|
||||
cp gen/python/proto/pins_pb2.py src/root_store_gen
|
||||
cp gen/python/proto/ct_pb2.py src/root_store_gen
|
||||
exit
|
||||
|
||||
build-packed-data:
|
||||
@ -16,12 +16,18 @@ build-packed-data:
|
||||
make venv
|
||||
make setup-python
|
||||
|
||||
ca-keys:
|
||||
cd httpmitm; bash generate_certs.sh
|
||||
|
||||
clean:
|
||||
rm -rf out/
|
||||
rm -rf original/
|
||||
rm -rf gen
|
||||
rm -rf .venv/
|
||||
rm -rf src/root_store_gen/*_pb2.py
|
||||
|
||||
start-server:
|
||||
bash -c "while tmux has-session -t icarus; do tmux kill-session -t icarus; done"
|
||||
echo "set -g mouse on" > ~/.tmux.conf
|
||||
tmux new -d -s icarus "cd httpmitm; bash start_proxy.sh"
|
||||
tmux splitw -t icarus -h "cd httpmitm/dmbackend; bash start_server.sh"
|
||||
tmux new -d -s icarus "cd httpmitm; bash start.sh"
|
||||
tmux a -t icarus
|
||||
|
||||
13
README.md
13
README.md
@ -7,24 +7,28 @@ An exploit for Chrome devices which allows people to unenroll devices with devic
|
||||
> ANYTHING GOOGLE CAN REMOTELY PERFORM ON YOUR DEVICE, ICARUS CAN BE USED TO DO. AN EXAMPLE OF THIS IS INSTALL EXTENSIONS, SPY, USE YOUR CAMERA, REMOTE INTO YOUR DEVICE, GET YOUR PASSWORDS, AND MORE.<br><br>
|
||||
> ONLY SELF HOST ICARUS, NEVER USE A PUBLIC SERVER!
|
||||
|
||||
<!--
|
||||
> [!IMPORTANT]
|
||||
> You won't be able to use pre-built shims with this! You'd need to make new shims with ***your CA certificates***!
|
||||
If you want to use my (kxtz) shims, pass `--bypass` to the start.sh script below!
|
||||
-->
|
||||
|
||||
## Setup and installation instructions
|
||||
Clone the repo with ``git clone --recursive https://git.kxtz.dev/kxtzownsu/icarus/` and change directory to it.
|
||||
|
||||
Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand):
|
||||
|
||||
- `make venv`
|
||||
- `make build-packed-data`
|
||||
- `make ca-keys`
|
||||
|
||||
Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 9999.)
|
||||
|
||||
- `bash create_out.sh myCA.der`
|
||||
- `bash scripts/create_out.sh myCA.der`
|
||||
|
||||
After doing this the output directory (from here on reffered to as PKIMetadata) will be generated, which is the custom Certificate Authority.
|
||||
|
||||
Now, to modify the shim with the generated PKIMetadata:
|
||||
|
||||
- `bash modify.sh <shim path>`
|
||||
- `sudo bash modify.sh <shim path>`
|
||||
|
||||
Now boot the shim, and Icarus will attempt to modify your stateful partition.
|
||||
|
||||
@ -58,6 +62,7 @@ Reboot the device. You'll boot into verified mode. Once you have your server run
|
||||
|
||||
## New Credits
|
||||
- [kxtzownsu](https://github.com/kxtzownsu) - rolling ssl keys, maintaining this fork :D
|
||||
- [cosmicdevv](https://github.com/cosmicdevv) - creating icarus lite
|
||||
|
||||
## Original Credits
|
||||
- [MunyDev](https://github.com/MunyDev) - Creating this exploit
|
||||
|
||||
1
httpmitm
Submodule
1
httpmitm
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 0f4de4c0533f5026ae95e3264d83fe4a13b98a37
|
||||
@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
SCRIPT_DIR=$(readlink -f "$(dirname "$0")")
|
||||
|
||||
# Copyright 2019 The ChromiumOS Authors
|
||||
# Use of this source code is governed by a BSD-style license that can be
|
||||
@ -87,10 +87,11 @@ mkdir -p "$MOUNT_DIR"/usr/bin
|
||||
umount "$MOUNT_DIR"
|
||||
enable_rw_mount "$LOOP_DEV"p3
|
||||
mount "$LOOP_DEV"p3 "$MOUNT_DIR"
|
||||
cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh"
|
||||
cp "$SCRIPT_DIR/scripts/inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh"
|
||||
chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh"
|
||||
|
||||
umount "$MOUNT_DIR"
|
||||
losetup -D
|
||||
sync
|
||||
sync
|
||||
sync
|
||||
|
||||
@ -18,7 +18,7 @@ echo "using chrome ${CHROME:="google-chrome"}"
|
||||
if [ ! -d "$HOME/.config/$CHROME/PKIMetadata" ]
|
||||
then
|
||||
echo "Opened chrome automatically, make sure you follow the README!"
|
||||
"$CHROME" chrome://components &> /dev/null &
|
||||
"$CHROME" chrome://components # &> /dev/null &
|
||||
exit 0
|
||||
fi
|
||||
HIGHESTVERSIONAPPARENTLY=$(find "$HOME/.config/$CHROME/PKIMetadata/" -maxdepth 1 -mindepth 1 -type d| head -n 1)
|
||||
@ -38,21 +38,21 @@ rm -rvf original/PKIMetadata/9999/_metadata
|
||||
rm -rvf original/PKIMetadata/9999/manifest.fingerprint
|
||||
|
||||
# Copy all directories, and will be modified by future calls
|
||||
rm -rvf "${SCRIPT_DIR}"/out
|
||||
mkdir "${SCRIPT_DIR}"/out
|
||||
mkdir -p "${SCRIPT_DIR}"/out/PKIMetadata/.
|
||||
cp -rvf "${SCRIPT_DIR}"/original/PKIMetadata/9999/. "${SCRIPT_DIR}"/out/PKIMetadata
|
||||
rm -rvf "${SCRIPT_DIR}"/out/PKIMetadata/_metadata # verified contents not necessary
|
||||
rm -rvf "${SCRIPT_DIR}out/PKIMetadata/"*.fingerprint
|
||||
python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/original/PKIMetadata/9999/crs.pb" "$@" "${SCRIPT_DIR}/out/PKIMetadata/crs.pb"
|
||||
rm -rvf "${SCRIPT_DIR}"/../out
|
||||
mkdir "${SCRIPT_DIR}"/../out
|
||||
mkdir -p "${SCRIPT_DIR}"/../out/PKIMetadata/.
|
||||
cp -rvf "${SCRIPT_DIR}"/../original/PKIMetadata/9999/. "${SCRIPT_DIR}"/../out/PKIMetadata
|
||||
rm -rvf "${SCRIPT_DIR}"/../out/PKIMetadata/_metadata # verified contents not necessary
|
||||
rm -rvf "${SCRIPT_DIR}/../out/PKIMetadata/"*.fingerprint
|
||||
python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/../original/PKIMetadata/9999/crs.pb" "$@" "${SCRIPT_DIR}/../out/PKIMetadata/crs.pb"
|
||||
# Modify version in manifest
|
||||
|
||||
python3 <<EOF # Set version in manifest
|
||||
import json
|
||||
from pathlib import Path
|
||||
mjs = '${SCRIPT_DIR}/original/PKIMetadata/9999/manifest.json'
|
||||
mjs = '${SCRIPT_DIR}/../original/PKIMetadata/9999/manifest.json'
|
||||
mjs = Path(mjs)
|
||||
newfile = Path('${SCRIPT_DIR}/out/PKIMetadata/manifest.json')
|
||||
newfile = Path('${SCRIPT_DIR}/../out/PKIMetadata/manifest.json')
|
||||
dat = Path.read_text(mjs)
|
||||
x = json.loads(dat)
|
||||
x['version'] = "9999"
|
||||
|
||||
@ -1,4 +1,8 @@
|
||||
#!/bin/bash
|
||||
source ./.venv/bin/activate
|
||||
SCRIPT_DIR=$(readlink -f "$(dirname "$0")")
|
||||
if [ ! -e "${SCRIPT_DIR}/../.venv" ]; then
|
||||
python3 -m venv ${SCRIPT_DIR}/../.venv
|
||||
fi
|
||||
source ${SCRIPT_DIR}/.venv/bin/activate
|
||||
pip3 install protobuf
|
||||
bash
|
||||
Loading…
x
Reference in New Issue
Block a user