kxtzownsu/icarus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
kxtzownsu 2025-03-09 20:16:28 +00:00
parent 1c5fe5b3a3
commit 8f088c7086
9 changed files with 44 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -4,6 +4,5 @@ gen
original original
out out
*pb2.py *pb2.py
myCA.*
*.bin *.bin
*.bin.old *.bin.old

3
.gitmodules vendored
View File

@ -0,0 +1,3 @@
[submodule "httpmitm"]
path = httpmitm
url = https://git.kxtz.dev/kxtzownsu/Icarus-Lite.git

20
Makefile
View File

@ -1,14 +1,14 @@
venv: venv:
bash venv.sh bash scripts/venv.sh
setup-python: setup-python:
mkdir -p gen/python mkdir -p gen/python
protoc --python_out=gen/python proto/crs.proto protoc --python_out=gen/python proto/crs.proto
protoc --python_out=gen/python proto/pins.proto protoc --python_out=gen/python proto/pins.proto
protoc --python_out=gen/python cproto/t.proto protoc --python_out=gen/python proto/ct.proto
cp gen/python/crs_pb2.py src/root_store_gen cp gen/python/proto/crs_pb2.py src/root_store_gen
cp gen/python/pins_pb2.py src/root_store_gen cp gen/python/proto/pins_pb2.py src/root_store_gen
cp gen/python/ct_pb2.py src/root_store_gen cp gen/python/proto/ct_pb2.py src/root_store_gen
exit exit
build-packed-data: build-packed-data:
@ -16,12 +16,18 @@ build-packed-data:
make venv make venv
make setup-python make setup-python
ca-keys:
cd httpmitm; bash generate_certs.sh
clean: clean:
rm -rf out/ rm -rf out/
rm -rf original/
rm -rf gen
rm -rf .venv/
rm -rf src/root_store_gen/*_pb2.py
start-server: start-server:
bash -c "while tmux has-session -t icarus; do tmux kill-session -t icarus; done" bash -c "while tmux has-session -t icarus; do tmux kill-session -t icarus; done"
echo "set -g mouse on" > ~/.tmux.conf echo "set -g mouse on" > ~/.tmux.conf
tmux new -d -s icarus "cd httpmitm; bash start_proxy.sh" tmux new -d -s icarus "cd httpmitm; bash start.sh"
tmux splitw -t icarus -h "cd httpmitm/dmbackend; bash start_server.sh"
tmux a -t icarus tmux a -t icarus

13
README.md
View File

@ -7,24 +7,28 @@ An exploit for Chrome devices which allows people to unenroll devices with devic
> ANYTHING GOOGLE CAN REMOTELY PERFORM ON YOUR DEVICE, ICARUS CAN BE USED TO DO. AN EXAMPLE OF THIS IS INSTALL EXTENSIONS, SPY, USE YOUR CAMERA, REMOTE INTO YOUR DEVICE, GET YOUR PASSWORDS, AND MORE.<br><br> > ANYTHING GOOGLE CAN REMOTELY PERFORM ON YOUR DEVICE, ICARUS CAN BE USED TO DO. AN EXAMPLE OF THIS IS INSTALL EXTENSIONS, SPY, USE YOUR CAMERA, REMOTE INTO YOUR DEVICE, GET YOUR PASSWORDS, AND MORE.<br><br>
> ONLY SELF HOST ICARUS, NEVER USE A PUBLIC SERVER! > ONLY SELF HOST ICARUS, NEVER USE A PUBLIC SERVER!
<!--
> [!IMPORTANT]
> You won't be able to use pre-built shims with this! You'd need to make new shims with ***your CA certificates***!
If you want to use my (kxtz) shims, pass `--bypass` to the start.sh script below!
-->
## Setup and installation instructions ## Setup and installation instructions
Clone the repo with ``git clone --recursive https://git.kxtz.dev/kxtzownsu/icarus/` and change directory to it. Clone the repo with ``git clone --recursive https://git.kxtz.dev/kxtzownsu/icarus/` and change directory to it.
Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand): Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand):
- `make venv`
- `make build-packed-data` - `make build-packed-data`
- `make ca-keys`
Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 9999.) Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 9999.)
- `bash create_out.sh myCA.der` - `bash scripts/create_out.sh myCA.der`
After doing this the output directory (from here on reffered to as PKIMetadata) will be generated, which is the custom Certificate Authority. After doing this the output directory (from here on reffered to as PKIMetadata) will be generated, which is the custom Certificate Authority.
Now, to modify the shim with the generated PKIMetadata: Now, to modify the shim with the generated PKIMetadata:
- `bash modify.sh <shim path>` - `sudo bash modify.sh <shim path>`
Now boot the shim, and Icarus will attempt to modify your stateful partition. Now boot the shim, and Icarus will attempt to modify your stateful partition.
@ -58,6 +62,7 @@ Reboot the device. You'll boot into verified mode. Once you have your server run
## New Credits ## New Credits
- [kxtzownsu](https://github.com/kxtzownsu) - rolling ssl keys, maintaining this fork :D - [kxtzownsu](https://github.com/kxtzownsu) - rolling ssl keys, maintaining this fork :D
- [cosmicdevv](https://github.com/cosmicdevv) - creating icarus lite
## Original Credits ## Original Credits
- [MunyDev](https://github.com/MunyDev) - Creating this exploit - [MunyDev](https://github.com/MunyDev) - Creating this exploit

1
httpmitm Submodule

@ -0,0 +1 @@
Subproject commit 0f4de4c0533f5026ae95e3264d83fe4a13b98a37

5
modify.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
SCRIPT_DIR=$(readlink -f "$(dirname "$0")")
# Copyright 2019 The ChromiumOS Authors # Copyright 2019 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license that can be # Use of this source code is governed by a BSD-style license that can be
@ -87,10 +87,11 @@ mkdir -p "$MOUNT_DIR"/usr/bin
umount "$MOUNT_DIR" umount "$MOUNT_DIR"
enable_rw_mount "$LOOP_DEV"p3 enable_rw_mount "$LOOP_DEV"p3
mount "$LOOP_DEV"p3 "$MOUNT_DIR" mount "$LOOP_DEV"p3 "$MOUNT_DIR"
cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh" cp "$SCRIPT_DIR/scripts/inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh"
chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh" chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh"
umount "$MOUNT_DIR" umount "$MOUNT_DIR"
losetup -D
sync sync
sync sync
sync sync

BIN
myCA.der Normal file
View File

Binary file not shown.

20
scripts/create_out.sh
View File

@ -18,7 +18,7 @@ echo "using chrome ${CHROME:="google-chrome"}"
if [ ! -d "$HOME/.config/$CHROME/PKIMetadata" ] if [ ! -d "$HOME/.config/$CHROME/PKIMetadata" ]
then then
echo "Opened chrome automatically, make sure you follow the README!" echo "Opened chrome automatically, make sure you follow the README!"
"$CHROME" chrome://components &> /dev/null & "$CHROME" chrome://components # &> /dev/null &
exit 0 exit 0
fi fi
HIGHESTVERSIONAPPARENTLY=$(find "$HOME/.config/$CHROME/PKIMetadata/" -maxdepth 1 -mindepth 1 -type d| head -n 1) HIGHESTVERSIONAPPARENTLY=$(find "$HOME/.config/$CHROME/PKIMetadata/" -maxdepth 1 -mindepth 1 -type d| head -n 1)
@ -38,21 +38,21 @@ rm -rvf original/PKIMetadata/9999/_metadata
rm -rvf original/PKIMetadata/9999/manifest.fingerprint rm -rvf original/PKIMetadata/9999/manifest.fingerprint
# Copy all directories, and will be modified by future calls # Copy all directories, and will be modified by future calls
rm -rvf "${SCRIPT_DIR}"/out rm -rvf "${SCRIPT_DIR}"/../out
mkdir "${SCRIPT_DIR}"/out mkdir "${SCRIPT_DIR}"/../out
mkdir -p "${SCRIPT_DIR}"/out/PKIMetadata/. mkdir -p "${SCRIPT_DIR}"/../out/PKIMetadata/.
cp -rvf "${SCRIPT_DIR}"/original/PKIMetadata/9999/. "${SCRIPT_DIR}"/out/PKIMetadata cp -rvf "${SCRIPT_DIR}"/../original/PKIMetadata/9999/. "${SCRIPT_DIR}"/../out/PKIMetadata
rm -rvf "${SCRIPT_DIR}"/out/PKIMetadata/_metadata # verified contents not necessary rm -rvf "${SCRIPT_DIR}"/../out/PKIMetadata/_metadata # verified contents not necessary
rm -rvf "${SCRIPT_DIR}out/PKIMetadata/"*.fingerprint rm -rvf "${SCRIPT_DIR}/../out/PKIMetadata/"*.fingerprint
python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/original/PKIMetadata/9999/crs.pb" "$@" "${SCRIPT_DIR}/out/PKIMetadata/crs.pb" python3 ./src/root_store_gen/generate_new_pbs.py "${SCRIPT_DIR}/../original/PKIMetadata/9999/crs.pb" "$@" "${SCRIPT_DIR}/../out/PKIMetadata/crs.pb"
# Modify version in manifest # Modify version in manifest
python3 <<EOF # Set version in manifest python3 <<EOF # Set version in manifest
import json import json
from pathlib import Path from pathlib import Path
mjs = '${SCRIPT_DIR}/original/PKIMetadata/9999/manifest.json' mjs = '${SCRIPT_DIR}/../original/PKIMetadata/9999/manifest.json'
mjs = Path(mjs) mjs = Path(mjs)
newfile = Path('${SCRIPT_DIR}/out/PKIMetadata/manifest.json') newfile = Path('${SCRIPT_DIR}/../out/PKIMetadata/manifest.json')
dat = Path.read_text(mjs) dat = Path.read_text(mjs)
x = json.loads(dat) x = json.loads(dat)
x['version'] = "9999" x['version'] = "9999"

6
scripts/venv.sh
View File

@ -1,4 +1,8 @@
#!/bin/bash #!/bin/bash
source ./.venv/bin/activate SCRIPT_DIR=$(readlink -f "$(dirname "$0")")
if [ ! -e "${SCRIPT_DIR}/../.venv" ]; then
python3 -m venv ${SCRIPT_DIR}/../.venv
fi
source ${SCRIPT_DIR}/.venv/bin/activate
pip3 install protobuf pip3 install protobuf
bash bash