diff --git a/README.md b/README.md index 0cc2653..ed48fc1 100644 --- a/README.md +++ b/README.md @@ -35,10 +35,11 @@ linux/qualcom devices but this is the only one we have tested on. Buy the orbic ## Setup -1. Install the Android Debug Bridge (ADB) on your computer (don't worry about instructions for installing it on a phone/device yet). You can find instructions for doing so on your platform [here](https://www.xda-developers.com/install-adb-windows-macos-linux/#how-to-set-up-adb-on-your-computer). -2. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and extract it (on Windows use 7zip). -3. Run the install script inside the bundle corresponding to your platform (`install-linux.sh`, `install-mac.sh`). -4. Once finished, rayhunter should be running! You can verify this by visiting the web UI as described below. +*NOTE: We don't currently support automated installs on windows, you will have to follow the manual install instructions below* + +1. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and extract it. +2. Run the install script inside the bundle corresponding to your platform (`install-linux.sh`, `install-mac.sh`). +3. Once finished, rayhunter should be running! You can verify this by visiting the web UI as described below. ## Usage @@ -46,7 +47,7 @@ Once installed, rayhunter will run automatically whenever your Orbic device is r 1. Over wifi: Connect your phone/laptop to the Orbic's wifi network and visit `http://192.168.1.1:8080` (click past your browser warning you about the connection not being secure, rayhunter doesn't have HTTPS yet!) * Note that you'll need the Orbic's wifi password for this, which can be retrieved by pressing the "MENU" button on the device and opening the 2.4 GHz menu. -2. Over usb: Connect the Orbic device to your laptop via usb. Run `adb forward tcp:8080 tcp:8080`, then visit `http://localhost:8080`. +2. Over usb: Connect the Orbic device to your laptop via usb. Run `adb forward tcp:8080 tcp:8080`, then visit `http://localhost:8080`. For this you will need to install the Android Debug Bridge (ADB) on your computer, you can copy the version that was downloaded inside the releases/platform-tools/` folder to somewhere else in your path or you can install it manually. You can find instructions for doing so on your platform [here](https://www.xda-developers.com/install-adb-windows-macos-linux/#how-to-set-up-adb-on-your-computer), (don't worry about instructions for installing it on a phone/device yet). ## Development * Install ADB on your computer using the instructions above. diff --git a/dist/install-common.sh b/dist/install-common.sh index 6eaf7c7..ba100a8 100755 --- a/dist/install-common.sh +++ b/dist/install-common.sh @@ -1,25 +1,21 @@ -#!/bin/env bash +#!/usr/bin/env bash install() { if [[ -z "${SERIAL_PATH}" ]]; then - echo "SERIAL_PATH not set, did you run this from install-linux.sh or install-mac.sh?" + echo "\$SERIAL_PATH not set, did you run this from install-linux.sh or install-mac.sh?" + exit 1 + fi + if [[ -z "${ADB}" ]]; then + echo "\$ADB not set, did you run this from install-linux.sh or install-mac.sh?" exit 1 fi - check_adb force_debug_mode setup_rootshell setup_rayhunter test_rayhunter } -check_adb() { - if ! command -v adb &> /dev/null - then - echo "adb not found, please ensure it's installed or check the README.md" - exit 1 - fi -} - force_debug_mode() { + echo "Using adb at $ADB" echo "Force a switch into the debug mode to enable ADB" "$SERIAL_PATH" --root echo -n "adb enabled, waiting for reboot..." @@ -31,14 +27,14 @@ force_debug_mode() { } wait_for_atfwd_daemon() { - until [ -n "$(adb shell 'pgrep atfwd_daemon')" ] + until [ -n "$($ADB shell 'pgrep atfwd_daemon)'" ] do sleep 1 done } wait_for_adb_shell() { - until adb shell true 2> /dev/null + until $ADB shell true 2> /dev/null do sleep 1 done @@ -51,29 +47,29 @@ setup_rootshell() { "$SERIAL_PATH" "AT+SYSCMD=chown root /bin/rootshell" sleep 1 "$SERIAL_PATH" "AT+SYSCMD=chmod 4755 /bin/rootshell" - adb shell /bin/rootshell -c id + $ADB shell /bin/rootshell -c id echo "we have root!" } _adb_push() { - adb push "$(dirname "$0")/$1" "$2" + $ADB push "$(dirname "$0")/$1" "$2" } setup_rayhunter() { - adb shell '/bin/rootshell -c "mkdir -p /data/rayhunter"' + $ADB shell '/bin/rootshell -c "mkdir -p /data/rayhunter"' _adb_push config.toml.example /data/rayhunter/config.toml _adb_push rayhunter-daemon /data/rayhunter/ _adb_push scripts/rayhunter_daemon /tmp/rayhunter_daemon _adb_push scripts/misc-daemon /tmp/misc-daemon - adb shell '/bin/rootshell -c "cp /tmp/rayhunter_daemon /etc/init.d/rayhunter_daemon"' - adb shell '/bin/rootshell -c "cp /tmp/misc-daemon /etc/init.d/misc-daemon"' - adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/rayhunter_daemon"' - adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/misc-daemon"' + $ADB shell '/bin/rootshell -c "cp /tmp/rayhunter_daemon /etc/init.d/rayhunter_daemon"' + $ADB shell '/bin/rootshell -c "cp /tmp/misc-daemon /etc/init.d/misc-daemon"' + $ADB shell '/bin/rootshell -c "chmod 755 /etc/init.d/rayhunter_daemon"' + $ADB shell '/bin/rootshell -c "chmod 755 /etc/init.d/misc-daemon"' echo -n "waiting for reboot..." - adb shell '/bin/rootshell -c reboot' + $ADB shell '/bin/rootshell -c reboot' # first wait for shutdown (it can take ~10s) - until ! adb shell true 2> /dev/null + until ! $ADB shell true 2> /dev/null do sleep 1 done @@ -86,7 +82,7 @@ setup_rayhunter() { test_rayhunter() { URL="http://localhost:8080" - adb forward tcp:8080 tcp:8080 > /dev/null + $ADB forward tcp:8080 tcp:8080 > /dev/null echo -n "checking for rayhunter server..." SECONDS=0 diff --git a/dist/install-linux.sh b/dist/install-linux.sh index b188f9c..cd263c8 100755 --- a/dist/install-linux.sh +++ b/dist/install-linux.sh @@ -1,6 +1,17 @@ #!/bin/env bash set -e +if ! command -v adb &> /dev/null; then + if [ ! -d ./platform-tools ] ; then + echo "adb not found, downloading local copy" + curl -O "https://dl.google.com/android/repository/platform-tools-latest-linux.zip" + unzip platform-tools-latest-linux.zip + fi + export ADB="./platform-tools/adb" +else + export ADB=`which adb` +fi + export SERIAL_PATH="./serial-ubuntu-latest/serial" . "$(dirname "$0")"/install-common.sh install diff --git a/dist/install-mac.sh b/dist/install-mac.sh index e497d10..88d1409 100755 --- a/dist/install-mac.sh +++ b/dist/install-mac.sh @@ -1,6 +1,17 @@ #!/usr/bin/env bash set -e +if ! command -v adb &> /dev/null; then + if [ ! -d ./platform-tools ]; then + echo "adb not found, downloading local copy" + curl -O "https://dl.google.com/android/repository/platform-tools-latest-darwin.zip" + unzip platform-tools-latest-darwin.zip + fi + export ADB="./platform-tools/adb" +else + export ADB=`which adb` +fi + export SERIAL_PATH="./serial-macos-latest/serial" . "$(dirname "$0")"/install-common.sh install diff --git a/lib/src/analysis/mod.rs b/lib/src/analysis/mod.rs index a0cdd3f..aa0b490 100644 --- a/lib/src/analysis/mod.rs +++ b/lib/src/analysis/mod.rs @@ -3,4 +3,3 @@ pub mod information_element; pub mod lte_downgrade; pub mod imsi_provided; pub mod null_cipher; -pub mod test_analyzer; diff --git a/lib/src/diag_device.rs b/lib/src/diag_device.rs index d27ef02..117f33e 100644 --- a/lib/src/diag_device.rs +++ b/lib/src/diag_device.rs @@ -63,10 +63,14 @@ const MEMORY_DEVICE_MODE: i32 = 2; const DIAG_IOCTL_REMOTE_DEV: u32 = 32; #[cfg(target_arch = "x86_64")] const DIAG_IOCTL_REMOTE_DEV: u64 = 32; +#[cfg(target_arch = "aarch64")] +const DIAG_IOCTL_REMOTE_DEV: u64 = 32; #[cfg(target_arch = "arm")] const DIAG_IOCTL_SWITCH_LOGGING: u32 = 7; -#[cfg(target_arch = "x86_64")] +#[cfg(target_arch = "x86_64")] +const DIAG_IOCTL_SWITCH_LOGGING: u64 = 7; +#[cfg(target_arch = "aarch64")] const DIAG_IOCTL_SWITCH_LOGGING: u64 = 7; pub struct DiagDevice { diff --git a/rootshell/src/main.rs b/rootshell/src/main.rs index d70d73b..ca9e5b5 100644 --- a/rootshell/src/main.rs +++ b/rootshell/src/main.rs @@ -6,6 +6,7 @@ use std::process::Command; use std::os::unix::process::CommandExt; use std::env; +#[cfg(target_arch = "arm")] use nix::unistd::Gid; fn main() { @@ -14,11 +15,13 @@ fn main() { // Android's "paranoid network" feature restricts network access to // processes in specific groups. More info here: // https://www.elinux.org/Android_Security#Paranoid_network-ing + #[cfg(target_arch = "arm")] { let gids = &[ Gid::from_raw(3003), // AID_INET Gid::from_raw(3004), // AID_NET_RAW ]; nix::unistd::setgroups(gids).expect("setgroups failed"); + } // discard argv[0] let _ = args.next();