From 58960ab36baf6deefd65af4e0c478ed8b8f1f9cd Mon Sep 17 00:00:00 2001 From: Cooper Quintin Date: Fri, 18 Oct 2024 11:40:13 -0700 Subject: [PATCH 1/7] update shell path and some docs --- README.md | 4 +++- dist/install-common.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0cc2653..134ceb8 100644 --- a/README.md +++ b/README.md @@ -35,8 +35,10 @@ linux/qualcom devices but this is the only one we have tested on. Buy the orbic ## Setup +*NOTE: We don't currently support automated installs on windows, you will have to follow the manual install instructions below* + 1. Install the Android Debug Bridge (ADB) on your computer (don't worry about instructions for installing it on a phone/device yet). You can find instructions for doing so on your platform [here](https://www.xda-developers.com/install-adb-windows-macos-linux/#how-to-set-up-adb-on-your-computer). -2. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and extract it (on Windows use 7zip). +2. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and extract it (on Windows use WSL ). 3. Run the install script inside the bundle corresponding to your platform (`install-linux.sh`, `install-mac.sh`). 4. Once finished, rayhunter should be running! You can verify this by visiting the web UI as described below. diff --git a/dist/install-common.sh b/dist/install-common.sh index 6eaf7c7..8f9b766 100755 --- a/dist/install-common.sh +++ b/dist/install-common.sh @@ -1,4 +1,4 @@ -#!/bin/env bash +#!/usr/bin/env bash install() { if [[ -z "${SERIAL_PATH}" ]]; then echo "SERIAL_PATH not set, did you run this from install-linux.sh or install-mac.sh?" From 1827068ebc8a1c22b6ac647980e88799950d4096 Mon Sep 17 00:00:00 2001 From: Cooper Quintin Date: Mon, 21 Oct 2024 12:56:02 -0700 Subject: [PATCH 2/7] download ADB if not present --- README.md | 9 ++++----- dist/install-common.sh | 40 ++++++++++++++++++---------------------- dist/install-linux.sh | 9 +++++++++ dist/install-mac.sh | 9 +++++++++ 4 files changed, 40 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 134ceb8..ed48fc1 100644 --- a/README.md +++ b/README.md @@ -37,10 +37,9 @@ linux/qualcom devices but this is the only one we have tested on. Buy the orbic *NOTE: We don't currently support automated installs on windows, you will have to follow the manual install instructions below* -1. Install the Android Debug Bridge (ADB) on your computer (don't worry about instructions for installing it on a phone/device yet). You can find instructions for doing so on your platform [here](https://www.xda-developers.com/install-adb-windows-macos-linux/#how-to-set-up-adb-on-your-computer). -2. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and extract it (on Windows use WSL ). -3. Run the install script inside the bundle corresponding to your platform (`install-linux.sh`, `install-mac.sh`). -4. Once finished, rayhunter should be running! You can verify this by visiting the web UI as described below. +1. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and extract it. +2. Run the install script inside the bundle corresponding to your platform (`install-linux.sh`, `install-mac.sh`). +3. Once finished, rayhunter should be running! You can verify this by visiting the web UI as described below. ## Usage @@ -48,7 +47,7 @@ Once installed, rayhunter will run automatically whenever your Orbic device is r 1. Over wifi: Connect your phone/laptop to the Orbic's wifi network and visit `http://192.168.1.1:8080` (click past your browser warning you about the connection not being secure, rayhunter doesn't have HTTPS yet!) * Note that you'll need the Orbic's wifi password for this, which can be retrieved by pressing the "MENU" button on the device and opening the 2.4 GHz menu. -2. Over usb: Connect the Orbic device to your laptop via usb. Run `adb forward tcp:8080 tcp:8080`, then visit `http://localhost:8080`. +2. Over usb: Connect the Orbic device to your laptop via usb. Run `adb forward tcp:8080 tcp:8080`, then visit `http://localhost:8080`. For this you will need to install the Android Debug Bridge (ADB) on your computer, you can copy the version that was downloaded inside the releases/platform-tools/` folder to somewhere else in your path or you can install it manually. You can find instructions for doing so on your platform [here](https://www.xda-developers.com/install-adb-windows-macos-linux/#how-to-set-up-adb-on-your-computer), (don't worry about instructions for installing it on a phone/device yet). ## Development * Install ADB on your computer using the instructions above. diff --git a/dist/install-common.sh b/dist/install-common.sh index 8f9b766..1a83df5 100755 --- a/dist/install-common.sh +++ b/dist/install-common.sh @@ -1,24 +1,20 @@ #!/usr/bin/env bash install() { if [[ -z "${SERIAL_PATH}" ]]; then - echo "SERIAL_PATH not set, did you run this from install-linux.sh or install-mac.sh?" + echo "\$SERIAL_PATH not set, did you run this from install-linux.sh or install-mac.sh?" exit 1 fi - check_adb + if [[ -z "${ADB}" ]]; then + echo "\$ADB not set, did you run this from install-linux.sh or install-mac.sh?" + exit 1 + fi + echo "Using adb at $ADB" force_debug_mode setup_rootshell setup_rayhunter test_rayhunter } -check_adb() { - if ! command -v adb &> /dev/null - then - echo "adb not found, please ensure it's installed or check the README.md" - exit 1 - fi -} - force_debug_mode() { echo "Force a switch into the debug mode to enable ADB" "$SERIAL_PATH" --root @@ -31,14 +27,14 @@ force_debug_mode() { } wait_for_atfwd_daemon() { - until [ -n "$(adb shell 'pgrep atfwd_daemon')" ] + until [ -n "$($ADB shell 'pgrep atfwd_daemon')" ] do sleep 1 done } wait_for_adb_shell() { - until adb shell true 2> /dev/null + until $ADB shell true 2> /dev/null do sleep 1 done @@ -51,29 +47,29 @@ setup_rootshell() { "$SERIAL_PATH" "AT+SYSCMD=chown root /bin/rootshell" sleep 1 "$SERIAL_PATH" "AT+SYSCMD=chmod 4755 /bin/rootshell" - adb shell /bin/rootshell -c id + $ADB shell /bin/rootshell -c id echo "we have root!" } _adb_push() { - adb push "$(dirname "$0")/$1" "$2" + $ADB push "$(dirname "$0")/$1" "$2" } setup_rayhunter() { - adb shell '/bin/rootshell -c "mkdir -p /data/rayhunter"' + $ADB shell '/bin/rootshell -c "mkdir -p /data/rayhunter"' _adb_push config.toml.example /data/rayhunter/config.toml _adb_push rayhunter-daemon /data/rayhunter/ _adb_push scripts/rayhunter_daemon /tmp/rayhunter_daemon _adb_push scripts/misc-daemon /tmp/misc-daemon - adb shell '/bin/rootshell -c "cp /tmp/rayhunter_daemon /etc/init.d/rayhunter_daemon"' - adb shell '/bin/rootshell -c "cp /tmp/misc-daemon /etc/init.d/misc-daemon"' - adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/rayhunter_daemon"' - adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/misc-daemon"' + $ADB shell '/bin/rootshell -c "cp /tmp/rayhunter_daemon /etc/init.d/rayhunter_daemon"' + $ADB shell '/bin/rootshell -c "cp /tmp/misc-daemon /etc/init.d/misc-daemon"' + $ADB shell '/bin/rootshell -c "chmod 755 /etc/init.d/rayhunter_daemon"' + $ADB shell '/bin/rootshell -c "chmod 755 /etc/init.d/misc-daemon"' echo -n "waiting for reboot..." - adb shell '/bin/rootshell -c reboot' + $ADB shell '/bin/rootshell -c reboot' # first wait for shutdown (it can take ~10s) - until ! adb shell true 2> /dev/null + until ! $ADB shell true 2> /dev/null do sleep 1 done @@ -86,7 +82,7 @@ setup_rayhunter() { test_rayhunter() { URL="http://localhost:8080" - adb forward tcp:8080 tcp:8080 > /dev/null + $ADB forward tcp:8080 tcp:8080 > /dev/null echo -n "checking for rayhunter server..." SECONDS=0 diff --git a/dist/install-linux.sh b/dist/install-linux.sh index b188f9c..1eb4019 100755 --- a/dist/install-linux.sh +++ b/dist/install-linux.sh @@ -1,6 +1,15 @@ #!/bin/env bash set -e +if ! command -v adb &> /dev/null; then + echo "adb not found, downloading local copy" + curl -o "https://dl.google.com/android/repository/platform-tools-latest-linux.zip" + unzip platform-tools-latest-linux.zip + export ADB=`./platform-tools/adb` +else + export ADB=`which adb` +fi + export SERIAL_PATH="./serial-ubuntu-latest/serial" . "$(dirname "$0")"/install-common.sh install diff --git a/dist/install-mac.sh b/dist/install-mac.sh index e497d10..1a93cf0 100755 --- a/dist/install-mac.sh +++ b/dist/install-mac.sh @@ -1,6 +1,15 @@ #!/usr/bin/env bash set -e +if ! command -v adb &> /dev/null; then + echo "adb not found, downloading local copy" + curl -o "https://dl.google.com/android/repository/platform-tools-latest-darwin.zip" + unzip platform-tools-latest-darwin.zip + export ADB=`./platform-tools/adb` +else + export ADB=`which adb` +fi + export SERIAL_PATH="./serial-macos-latest/serial" . "$(dirname "$0")"/install-common.sh install From 877dac8d9627f47293a3c2e5ff09892aa29b82cf Mon Sep 17 00:00:00 2001 From: Cooper Quintin Date: Mon, 21 Oct 2024 13:07:01 -0700 Subject: [PATCH 3/7] big O not little o --- dist/install-linux.sh | 2 +- dist/install-mac.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/install-linux.sh b/dist/install-linux.sh index 1eb4019..1341374 100755 --- a/dist/install-linux.sh +++ b/dist/install-linux.sh @@ -3,7 +3,7 @@ set -e if ! command -v adb &> /dev/null; then echo "adb not found, downloading local copy" - curl -o "https://dl.google.com/android/repository/platform-tools-latest-linux.zip" + curl -O "https://dl.google.com/android/repository/platform-tools-latest-linux.zip" unzip platform-tools-latest-linux.zip export ADB=`./platform-tools/adb` else diff --git a/dist/install-mac.sh b/dist/install-mac.sh index 1a93cf0..ccc7351 100755 --- a/dist/install-mac.sh +++ b/dist/install-mac.sh @@ -3,7 +3,7 @@ set -e if ! command -v adb &> /dev/null; then echo "adb not found, downloading local copy" - curl -o "https://dl.google.com/android/repository/platform-tools-latest-darwin.zip" + curl -O "https://dl.google.com/android/repository/platform-tools-latest-darwin.zip" unzip platform-tools-latest-darwin.zip export ADB=`./platform-tools/adb` else From bbf2d8b137dfc99dbe89447eb4148ceaaecadfbd Mon Sep 17 00:00:00 2001 From: Cooper Quintin Date: Mon, 21 Oct 2024 16:09:30 -0700 Subject: [PATCH 4/7] bugfix --- dist/install-common.sh | 4 ++-- dist/install-linux.sh | 10 ++++++---- dist/install-mac.sh | 10 ++++++---- lib/src/analysis/mod.rs | 1 - 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/dist/install-common.sh b/dist/install-common.sh index 1a83df5..b7d4199 100755 --- a/dist/install-common.sh +++ b/dist/install-common.sh @@ -8,7 +8,6 @@ install() { echo "\$ADB not set, did you run this from install-linux.sh or install-mac.sh?" exit 1 fi - echo "Using adb at $ADB" force_debug_mode setup_rootshell setup_rayhunter @@ -16,6 +15,7 @@ install() { } force_debug_mode() { + echo $("Using adb at $ADB") echo "Force a switch into the debug mode to enable ADB" "$SERIAL_PATH" --root echo -n "adb enabled, waiting for reboot..." @@ -27,7 +27,7 @@ force_debug_mode() { } wait_for_atfwd_daemon() { - until [ -n "$($ADB shell 'pgrep atfwd_daemon')" ] + until [ -n "$ADB shell 'pgrep atfwd_daemon'" ] do sleep 1 done diff --git a/dist/install-linux.sh b/dist/install-linux.sh index 1341374..cd263c8 100755 --- a/dist/install-linux.sh +++ b/dist/install-linux.sh @@ -2,10 +2,12 @@ set -e if ! command -v adb &> /dev/null; then - echo "adb not found, downloading local copy" - curl -O "https://dl.google.com/android/repository/platform-tools-latest-linux.zip" - unzip platform-tools-latest-linux.zip - export ADB=`./platform-tools/adb` + if [ ! -d ./platform-tools ] ; then + echo "adb not found, downloading local copy" + curl -O "https://dl.google.com/android/repository/platform-tools-latest-linux.zip" + unzip platform-tools-latest-linux.zip + fi + export ADB="./platform-tools/adb" else export ADB=`which adb` fi diff --git a/dist/install-mac.sh b/dist/install-mac.sh index ccc7351..88d1409 100755 --- a/dist/install-mac.sh +++ b/dist/install-mac.sh @@ -2,10 +2,12 @@ set -e if ! command -v adb &> /dev/null; then - echo "adb not found, downloading local copy" - curl -O "https://dl.google.com/android/repository/platform-tools-latest-darwin.zip" - unzip platform-tools-latest-darwin.zip - export ADB=`./platform-tools/adb` + if [ ! -d ./platform-tools ]; then + echo "adb not found, downloading local copy" + curl -O "https://dl.google.com/android/repository/platform-tools-latest-darwin.zip" + unzip platform-tools-latest-darwin.zip + fi + export ADB="./platform-tools/adb" else export ADB=`which adb` fi diff --git a/lib/src/analysis/mod.rs b/lib/src/analysis/mod.rs index a0cdd3f..aa0b490 100644 --- a/lib/src/analysis/mod.rs +++ b/lib/src/analysis/mod.rs @@ -3,4 +3,3 @@ pub mod information_element; pub mod lte_downgrade; pub mod imsi_provided; pub mod null_cipher; -pub mod test_analyzer; From dc39f2a7f5243dd587b24465eacff53ae7a0c2a8 Mon Sep 17 00:00:00 2001 From: Cooper Quintin Date: Mon, 21 Oct 2024 16:16:00 -0700 Subject: [PATCH 5/7] bugfix --- dist/install-common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/install-common.sh b/dist/install-common.sh index b7d4199..692b2d4 100755 --- a/dist/install-common.sh +++ b/dist/install-common.sh @@ -15,7 +15,7 @@ install() { } force_debug_mode() { - echo $("Using adb at $ADB") + echo "Using adb at $ADB" echo "Force a switch into the debug mode to enable ADB" "$SERIAL_PATH" --root echo -n "adb enabled, waiting for reboot..." From 893f5d60c47c92a547eb3bb605ac1729b7578d82 Mon Sep 17 00:00:00 2001 From: Cooper Quintin Date: Mon, 21 Oct 2024 16:31:54 -0700 Subject: [PATCH 6/7] silence errors for macos developers --- lib/src/diag_device.rs | 6 +++++- rootshell/src/main.rs | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/src/diag_device.rs b/lib/src/diag_device.rs index d27ef02..117f33e 100644 --- a/lib/src/diag_device.rs +++ b/lib/src/diag_device.rs @@ -63,10 +63,14 @@ const MEMORY_DEVICE_MODE: i32 = 2; const DIAG_IOCTL_REMOTE_DEV: u32 = 32; #[cfg(target_arch = "x86_64")] const DIAG_IOCTL_REMOTE_DEV: u64 = 32; +#[cfg(target_arch = "aarch64")] +const DIAG_IOCTL_REMOTE_DEV: u64 = 32; #[cfg(target_arch = "arm")] const DIAG_IOCTL_SWITCH_LOGGING: u32 = 7; -#[cfg(target_arch = "x86_64")] +#[cfg(target_arch = "x86_64")] +const DIAG_IOCTL_SWITCH_LOGGING: u64 = 7; +#[cfg(target_arch = "aarch64")] const DIAG_IOCTL_SWITCH_LOGGING: u64 = 7; pub struct DiagDevice { diff --git a/rootshell/src/main.rs b/rootshell/src/main.rs index d70d73b..ca9e5b5 100644 --- a/rootshell/src/main.rs +++ b/rootshell/src/main.rs @@ -6,6 +6,7 @@ use std::process::Command; use std::os::unix::process::CommandExt; use std::env; +#[cfg(target_arch = "arm")] use nix::unistd::Gid; fn main() { @@ -14,11 +15,13 @@ fn main() { // Android's "paranoid network" feature restricts network access to // processes in specific groups. More info here: // https://www.elinux.org/Android_Security#Paranoid_network-ing + #[cfg(target_arch = "arm")] { let gids = &[ Gid::from_raw(3003), // AID_INET Gid::from_raw(3004), // AID_NET_RAW ]; nix::unistd::setgroups(gids).expect("setgroups failed"); + } // discard argv[0] let _ = args.next(); From b34a97b95b3ea3765e8d105262540d84845bc846 Mon Sep 17 00:00:00 2001 From: Cooper Quintin Date: Tue, 22 Oct 2024 12:01:20 -0700 Subject: [PATCH 7/7] Update dist/install-common.sh Co-authored-by: Will Greenberg --- dist/install-common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/install-common.sh b/dist/install-common.sh index 692b2d4..ba100a8 100755 --- a/dist/install-common.sh +++ b/dist/install-common.sh @@ -27,7 +27,7 @@ force_debug_mode() { } wait_for_atfwd_daemon() { - until [ -n "$ADB shell 'pgrep atfwd_daemon'" ] + until [ -n "$($ADB shell 'pgrep atfwd_daemon)'" ] do sleep 1 done