EFForg · cooperq · Aug 2, 2024 · Jul 22, 2024 · Jul 22, 2024 · Jul 22, 2024
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -2,7 +2,7 @@ name: Build Release
 
 on:
   push:
-    branches: [main]
+    branches: [main, "release-*"]
 
 env:
   CARGO_TERM_COLOR: always
@@ -62,18 +62,16 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
+      - name: Fix executable permissions on binaries
+        run: chmod +x serial-*/serial rayhunter-daemon/rayhunter-daemon
       - name: Setup release directory
         run: mv rayhunter-daemon/rayhunter-daemon rootshell/rootshell serial-* dist
       - name: Archive release directory
-        uses: thedoctor0/[email protected]
-        with:
-          type: 'zip'
-          filename: 'release.zip'
-          directory: 'dist'
+        run: tar -cvf release.tar -C dist .
       # TODO: have this create a release directly
       - name: Upload release
         uses: actions/upload-artifact@v4
         with:
-          name: release.zip
-          path: dist/release.zip
+          name: release.tar
+          path: release.tar
           if-no-files-found: error
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/dist/install-common.sh b/dist/install-common.sh
@@ -9,6 +9,7 @@ install() {
     force_debug_mode
     setup_rootshell
     setup_rayhunter
+    test_rayhunter
 }
 
 check_adb() {
@@ -21,24 +22,28 @@ check_adb() {
 
 force_debug_mode() {
     # Force a switch into the debug mode to enable ADB
-    $(SERIAL_PATH) AT
+    "$SERIAL_PATH" AT
     echo -n "adb enabled, waiting for reboot"
+    wait_for_adb_shell
+    echo "it's alive!"
+}
+
+wait_for_adb_shell() {
     until adb shell true 2> /dev/null
     do
         echo -n .
         sleep 1
     done
     echo
-    echo "it's alive!"
 }
 
 setup_rootshell() {
     _adb_push rootshell /tmp/
-    $(SERIAL_PATH) "AT+SYSCMD=mv /tmp/rootshell /bin/rootshell"
+    "$SERIAL_PATH" "AT+SYSCMD=cp /tmp/rootshell /bin/rootshell"
     sleep 1
-    $(SERIAL_PATH) "AT+SYSCMD=chown root /bin/rootshell"
+    "$SERIAL_PATH" "AT+SYSCMD=chown root /bin/rootshell"
     sleep 1
-    $(SERIAL_PATH) "AT+SYSCMD=chmod 4755 /bin/rootshell"
+    "$SERIAL_PATH" "AT+SYSCMD=chmod 4755 /bin/rootshell"
     echo "we have root!"
     adb shell /bin/rootshell -c id
 }
@@ -48,14 +53,45 @@ _adb_push() {
 }
 
 setup_rayhunter() {
-    adb shell '/bin/rootshell -c "mkdir /data/rayhunter"'
+    adb shell '/bin/rootshell -c "mkdir -p /data/rayhunter"'
     _adb_push config.toml.example /data/rayhunter/config.toml
     _adb_push rayhunter-daemon /data/rayhunter/
     _adb_push scripts/rayhunter_daemon /tmp/rayhunter_daemon
     _adb_push scripts/misc-daemon /tmp/misc-daemon
-    adb shell '/bin/rootshell -c "mv /tmp/rayhunter_daemon /etc/init.d/rayhunter_daemon"'
-    adb shell '/bin/rootshell -c "mv /tmp/misc-daemon /etc/init.d/misc-daemon"'
+    adb shell '/bin/rootshell -c "cp /tmp/rayhunter_daemon /etc/init.d/rayhunter_daemon"'
+    adb shell '/bin/rootshell -c "cp /tmp/misc-daemon /etc/init.d/misc-daemon"'
     adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/rayhunter_daemon"'
     adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/misc-daemon"'
-    adb shell '/bin/rootshell -c "/etc/init.d/rayhunter_daemon start"'
+    echo -n "rebooting, this may take a sec..."
+    adb shell '/bin/rootshell -c reboot'
+
+    # first wait for shutdown (it can take ~10s)
+    until ! adb shell true 2> /dev/null
+    do
+        echo -n '.'
+        sleep 1
+    done
+
+    # now wait for boot to finish
+    wait_for_adb_shell
+
+    echo "rebooted successfully!"
+}
+
+test_rayhunter() {
+    URL="http://localhost:8080"
+    adb forward tcp:8080 tcp:8080
+    echo -n "checking for rayhunter server..."
+
+    SECONDS=0
+    while (( SECONDS < 30 )); do
+        if curl -L --fail-with-body "$URL" -o /dev/null -s; then
+            echo
+            echo "success! you can access rayhunter at $URL"
+            return
+        fi
+        sleep 1
+        echo -n "."
+    done
+    echo "timeout reached! failed to reach rayhunter url $URL, something went wrong :("
 }
diff --git a/dist/install-linux.sh b/dist/install-linux.sh
diff --git a/dist/install-mac.sh b/dist/install-mac.sh
diff --git a/rootshell/Cargo.toml b/rootshell/Cargo.toml
@@ -6,3 +6,4 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+nix = { version = "0.29.0", features = ["user"] }
diff --git a/rootshell/src/main.rs b/rootshell/src/main.rs
@@ -1,13 +1,25 @@
 //! a simple shell for uploading to the orbic device.
 //! 
-//! It literally just runs bash as UID/GID 0 
+//! It literally just runs bash as UID/GID 0, with special Android GIDs 3003
+//! (AID_INET) and 3004 (AID_NET_RAW).
 use std::process::Command;
 use std::os::unix::process::CommandExt;
 use std::env;
 
+use nix::unistd::Gid;
+
 fn main() {
    let mut args = env::args();
 
+   // Android's "paranoid network" feature restricts network access to
+   // processes in specific groups. More info here:
+   // https://www.elinux.org/Android_Security#Paranoid_network-ing
+   let gids = &[
+      Gid::from_raw(3003), // AID_INET
+      Gid::from_raw(3004), // AID_NET_RAW
+   ];
+   nix::unistd::setgroups(gids).expect("setgroups failed");
+
    // discard argv[0]
    let _ = args.next();
    Command::new("/bin/bash")

diff --git a/tools/.gitignore b/tools/.gitignore
@@ -0,0 +1,3 @@
+.venv
+.cache
+__pycache__