diff --git a/.gitignore b/.gitignore index 10ea8f7..577ab8b 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ secrets mkbootimg fw_updater_packer_unpacker/pkg_example/official_cp1_1.4.02.09061 fw_updater_packer_unpacker/pkg_example/official_rp1_1.4.01.16100 +fw_updater_packer_unpacker/pkg_example/official_cp1rp1_1.6.00.15110 fw_updater_packer_by_shankerzhiwu/fw.pkg fw_updater_packer_by_shankerzhiwu/payload.tar.gz fw_updater_packer_by_shankerzhiwu/FwUpdater diff --git a/README.md b/README.md index cfdec96..e30bf29 100644 --- a/README.md +++ b/README.md @@ -34,16 +34,31 @@ To flash pkg with unverified signature, you need to modify the updater file at ` Check [this README](https://github.com/HappyZ/dpt-tools/blob/master/fw_updater_packer_unpacker/README.md) for more details. +## systemimg_packer_unpacker + +Used to translate the sparse Android image (e.g., system.img) into a mountable ext4 format, and vice versa. + +For example: +``` +make +./simg2img sparse_image_file_path generated_mountable_file_path +``` + # 0x4 Tutorials -Most people would be interested in [the Rooting Guide](https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide). Note that (03/22/2019) I have updated it with a super simple two-step process. But as usual: **read carefully before proceed**! +Most people would be interested in [the Rooting Guide](https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide) and [the Upgrading Guide](https://github.com/HappyZ/dpt-tools/wiki/The-Upgrade-Guide). As usual: **read carefully before proceed**! Also, **do NOT press RESET button if anything goes wrong unless you know what is it actually doing, be patient**. -After rooting, if interested, please do [the suggested launcher mod](https://github.com/HappyZ/dpt-tools/wiki/Suggested-Launcher-Mod). +After rooting, if not using the fully customized PKG, please do [the suggested launcher mod](https://github.com/HappyZ/dpt-tools/wiki/Suggested-Launcher-Mod). Details in [wiki](https://github.com/HappyZ/dpt-tools/wiki). I have also made flashable PKGs so you do not need to go through nasty steps any more. +# 0x5 About Framework Layout + +To achieve a perfect framework layout, it requires you to modify `framework-res.apk` which is too much work to me. I have committed a few modifications for fun at [this place](https://github.com/HappyZ/dpt-framework-res). If you find taobao PKG has a working framework, feel free to drop a message and we can test it. Otherwise, I do not plan to continue on this path. + +Note that you can still use `adb shell wm density 200` to change the density (default is 160, the larger the number, the larger the icon. For per app control, it is possible through the xposed framework and a script. I do hope to find a better solution. Need some insights though. # 0xF Mission Impossible diff --git a/dpt-tools.py b/dpt-tools.py index 0bcb460..7e0ab25 100644 --- a/dpt-tools.py +++ b/dpt-tools.py @@ -8,7 +8,6 @@ import argparse from python_api.libDPT import DPT from python_api.libInteractive import diagnosis_mode from python_api.libInteractive import update_firmware -from python_api.libInteractive import obtain_diagnosis_access def print_info(): @@ -18,7 +17,6 @@ def print_info(): Thanks for using DPT Tools. Type `help` to show this message. Supported commands: fw -- update firmware - root -- obtain root access (thanks to shankerzhiwu and his/her anoymous friend) diagnosis -- enter diagnosis mode (to gain adb, su, etc.) exit/quit -- leave the tool """) @@ -53,9 +51,13 @@ def interactive(dpt, diagnosis=False): print() cmd = '' dpt.err_print(str(e)) - if cmd == 'root': - obtain_diagnosis_access(dpt) - elif cmd == 'exit' or cmd == 'quit': + # reauthenticate after every command + if not dpt.reauthenticate(): + dpt.err_print("Cannot reauthenticate, did you reboot into normal mode?") + dpt.err_print("Client id filepath: {}".format(dpt.client_id_fp)) + dpt.err_print("Client key filepath: {}".format(dpt.key_fp)) + break + if cmd == 'exit' or cmd == 'quit': dpt.info_print("Exiting... Thanks for using...") break elif cmd == 'fw': @@ -64,12 +66,6 @@ def interactive(dpt, diagnosis=False): print_info() elif cmd == 'diagnosis': diagnosis_mode(dpt) - # reauthenticate after every command - if not dpt.reauthenticate(): - dpt.err_print("Cannot reauthenticate, did you reboot into normal mode?") - dpt.err_print("Client id filepath: {}".format(dpt.client_id_fp)) - dpt.err_print("Client key filepath: {}".format(dpt.key_fp)) - break def main(): diff --git a/fw_updater_packer_by_shankerzhiwu/FwUpdater/eufwupdater.sh b/fw_updater_packer_by_shankerzhiwu/FwUpdater/eufwupdater.sh index 808b13a..732628a 100755 --- a/fw_updater_packer_by_shankerzhiwu/FwUpdater/eufwupdater.sh +++ b/fw_updater_packer_by_shankerzhiwu/FwUpdater/eufwupdater.sh @@ -36,8 +36,8 @@ echo "This is a demo update package which does nothing." echo "enjoy" for i in $(seq 10 -1 1); do - echo "will done in ${i} seconds." - sleep 1 + echo "will done in ${i} seconds." + sleep 1 done exit 0 diff --git a/fw_updater_packer_unpacker/README.md b/fw_updater_packer_unpacker/README.md index bd7fddf..fc273f7 100644 --- a/fw_updater_packer_unpacker/README.md +++ b/fw_updater_packer_unpacker/README.md @@ -2,25 +2,11 @@ This doc assumes to be a MacOS. Linux may have GNU commands that differ from the # 0x0 Allow your DPT to accept PKG without correct key -This will create SECURITY FLAW in your system! +This will create SECURITY FLAW in your system! Use PKG [here](https://github.com/HappyZ/dpt-tools/blob/master/fw_updater_packer_by_shankerzhiwu/pkg_example/hack_basics/fw.pkg). -Comment out the key verification in file `/usr/local/bin/start_eufwupdater.sh`: (edit via `busybox vi`) -``` -######################################## -# verify sig -######################################## -# dd if=$1 bs=$(($DATA_OFFSET)) skip=1 2>/dev/null | head -c $(($BODY_SIZE)) | -# openssl dgst -sha256 -verify $3 -signature $SIG_FILE 1>/dev/null -# if [ $? -ne 0 ] -# then -# echo "Verify failed." -# exit 0 -# fi -``` +Note: you will still be able to flash the official PKG afterwards. -Also, to prevent permanent brick, modify `/usr/local/bin/updater_check.sh` according to `python_api/assets/updater_check.sh`. - -An easier way to do above is to run `patch-updater-bash` in `dpt-tools.py --diagnosis` in diagnosis mode. +Windows users: do NOT try to edit the update script with your notepad, as it will alternate the newline `\n` into `\r\n` which halts the system and brick the system! # 0x1 Create your own PKG package diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater.pkg b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater.pkg new file mode 100644 index 0000000..fbf4091 Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater.pkg differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/animation.sh b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/animation.sh similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/animation.sh rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/animation.sh diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/bluetooth/Bluetooth.apk b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/bluetooth/Bluetooth.apk new file mode 100755 index 0000000..9c77d35 Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/bluetooth/Bluetooth.apk differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/bluetooth/Bluetooth.odex b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/bluetooth/Bluetooth.odex new file mode 100755 index 0000000..135ec68 Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/bluetooth/Bluetooth.odex differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/eufwupdater.sh b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/eufwupdater.sh new file mode 100755 index 0000000..18f4a09 --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/eufwupdater.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# initialization +UPDATER_BASE=$(dirname ${0}) +ANIM_PID=0 +EPOCH=$(date +%s) +LOG_FP=/root/updater_$EPOCH.log +echo "" > $LOG_FP + +# start animation script +${UPDATER_BASE}/animation.sh $LOG_FP & +ANIM_PID=$! +sleep 2 + +# disable bluetooth hid by recovering the stock bluetooth apk +echo "[updater.sh] run recover.sh" >> $LOG_FP +${UPDATER_BASE}/gethid.sh $LOG_FP +if [ ! $? -eq 0 ] +then + # shutdown, remove update, error occurs + RET=$? +fi + +sleep 2 + +# stop animation +if [ $ANIM_PID -ne 0 ] +then + kill $ANIM_PID +fi + +# if returned 1, will shutdown +exit $RET diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status01.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status01.bmp similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status01.bmp rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status01.bmp diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status02.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status02.bmp similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status02.bmp rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status02.bmp diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status03.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status03.bmp similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status03.bmp rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status03.bmp diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status04.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status04.bmp similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status04.bmp rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status04.bmp diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status05.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status05.bmp similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status05.bmp rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status05.bmp diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status06.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status06.bmp similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status06.bmp rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status06.bmp diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status07.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status07.bmp similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/images/status07.bmp rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/images/status07.bmp diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/recover.sh b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/recover.sh new file mode 100755 index 0000000..668ac5c --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/recover.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# initialization +UPDATER_BASE=$(dirname ${0}) +TAG="[gethid.sh]" +LOG_FP=$1 + +BLU_APK=${UPDATER_BASE}/bluetooth/Bluetooth.apk +BLUE_ODEX=${UPDATER_BASE}/bluetooth/Bluetooth.odex + +SYSTMP=${UPDATER_BASE}/systmp +SYSBLUAPP=${SYSTMP}/app/Bluetooth +BLK09="/dev/mmcblk0p9" + +# funcs +log_print() { + echo $TAG $1 >> $LOG_FP +} + +cp_perm() { + log_print "copy from $4 to $5 w. perm $1.$2 $3" + rm -f $5 + if [ -f "$4" ]; then + cat $4 > $5 + set_perm $1 $2 $3 $5 + fi +} + +set_perm() { + log_print "set perm $1.$2 $3 for $4" + chown $1.$2 $4 + chown $1:$2 $4 + chmod $3 $4 +} + +# check file existence +if ! [ -f $BLU_APK -a -f $BLUE_ODEX ] +then + log_print "missing necessary files.." + exit 2 +fi + +# mount system +mkdir -p $SYSTMP >> $LOG_FP 2>&1 +mount $BLK09 $SYSTMP >> $LOG_FP 2>&1 + +if [ ! $? -eq 0 ] +then + log_print "failed to mount system partition" + umount $SYSTMP >> $LOG_FP 2>&1 + exit 2 +fi +log_print "system partition mounted" + + +log_print "copying original bluetooth files.." +cp_perm 0 0 0644 ${BLU_APK} ${SYSBLUAPP}/Bluetooth.apk +cp_perm 0 0 0644 ${BLUE_ODEX} ${SYSBLUAPP}/arm/Bluetooth.odex + +# finishing up +log_print "un-mount the system partition" +umount $SYSTMP >> $LOG_FP 2>&1 + +exit 0 \ No newline at end of file diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/usbmemupdater.sh b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/usbmemupdater.sh similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/usbmemupdater.sh rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/FwUpdater/usbmemupdater.sh diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/aes.key b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/aes.key similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/aes.key rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/aes.key diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/init_vector b/fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/init_vector similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/init_vector rename to fw_updater_packer_unpacker/pkg_example/flashable_bluetooth_recover/init_vector diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/boot-1.4.01.16100-mod-190322.img.md5 b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/boot-1.4.01.16100-mod-190322.img.md5 deleted file mode 100644 index 1a2bb96..0000000 --- a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/boot-1.4.01.16100-mod-190322.img.md5 +++ /dev/null @@ -1 +0,0 @@ -9eb64a72d5dcf141fad34a13c3fb3b1a diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/version b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/version deleted file mode 100644 index 46f3713..0000000 --- a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/version +++ /dev/null @@ -1 +0,0 @@ -1.4.01.16100 general \ No newline at end of file diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater.pkg b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater.pkg similarity index 57% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater.pkg rename to fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater.pkg index ce59fe4..ca955a4 100644 Binary files a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater.pkg and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater.pkg differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/animation.sh b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/animation.sh new file mode 100755 index 0000000..d6de63c --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/animation.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +epd_cmd() +{ + epd_fb_test $@ >/dev/null 2>&1 +} + +dispClear() +{ + epd_cmd gray DU PART 0 +} + +get_screen_resolution() +{ + head -1 /sys/class/graphics/fb0/modes | sed -e 's/^.*://' -e 's/p.*$//' -e 's/x/ /' +} + +get_screen_width() +{ + set `get_screen_resolution` + echo $1 +} + +get_screen_height() +{ + set `get_screen_resolution` + echo $2 +} + +LOG_FP=$1 + +dispClear + +while [ 1 ] +do + for file in `\find $(dirname ${0})/images -name '*.bmp' | sort`; do + epd_cmd file GC16 PART $file + echo "[anim] displaying $file" >> $LOG_FP + sleep 1 + done +done + +exit 0 diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/boot-1.4.01.16100-mod-190322.img b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/boot-1.6.00.15110-mod-190516.img similarity index 57% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/boot-1.4.01.16100-mod-190322.img rename to fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/boot-1.6.00.15110-mod-190516.img index cc2706d..983acd6 100644 Binary files a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/boot-1.4.01.16100-mod-190322.img and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/boot-1.6.00.15110-mod-190516.img differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/boot-1.6.00.15110-mod-190516.img.md5 b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/boot-1.6.00.15110-mod-190516.img.md5 new file mode 100644 index 0000000..83dd330 --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/boot-1.6.00.15110-mod-190516.img.md5 @@ -0,0 +1 @@ +0badb67ed237d73e653b70de32912e7e diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/chkver.sh b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/chkver.sh similarity index 100% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/chkver.sh rename to fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/chkver.sh diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/eufwupdater.sh b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/eufwupdater.sh similarity index 91% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/eufwupdater.sh rename to fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/eufwupdater.sh index 0339b9c..f6ff083 100755 --- a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/eufwupdater.sh +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/eufwupdater.sh @@ -27,9 +27,9 @@ sleep 2 # flash customized boot img echo "[updater.sh] writing boot.img.." >> $LOG_FP -if [ -f ${UPDATER_BASE}/boot-1.4.01.16100-mod-190322.img ] ; +if [ -f ${UPDATER_BASE}/boot-1.6.00.15110-mod-190516.img ] ; then - dd if=${UPDATER_BASE}/boot-1.4.01.16100-mod-190322.img of=/dev/mmcblk0p8 bs=4M + dd if=${UPDATER_BASE}/boot-1.6.00.15110-mod-190516.img of=/dev/mmcblk0p8 bs=4M sync else echo "[updater.sh] desired boot.img not exit; nothing did to boot partition" >> $LOG_FP diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status01.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status01.bmp new file mode 100755 index 0000000..1353c8b Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status01.bmp differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status02.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status02.bmp new file mode 100755 index 0000000..2b97c2a Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status02.bmp differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status03.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status03.bmp new file mode 100755 index 0000000..3d49761 Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status03.bmp differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status04.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status04.bmp new file mode 100755 index 0000000..81ae252 Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status04.bmp differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status05.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status05.bmp new file mode 100755 index 0000000..052759d Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status05.bmp differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status06.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status06.bmp new file mode 100755 index 0000000..f335ccd Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status06.bmp differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status07.bmp b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status07.bmp new file mode 100755 index 0000000..17f2960 Binary files /dev/null and b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/images/status07.bmp differ diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/usbmemupdater.sh b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/usbmemupdater.sh new file mode 100755 index 0000000..81c13bf --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/usbmemupdater.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +UPDATER_BASE=$(dirname ${0}) +${UPDATER_BASE}/eufwupdater.sh +# tentative exit +exit $? \ No newline at end of file diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/verify.sh b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/verify.sh similarity index 74% rename from fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/verify.sh rename to fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/verify.sh index 85245bf..9e1cfae 100755 --- a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img/FwUpdater/verify.sh +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/verify.sh @@ -5,11 +5,11 @@ echo 3 > /proc/sys/vm/drop_caches LOG_FP=$2 -BOOT_IMG_SIZE=`stat -c%s $1/boot-1.4.01.16100-mod-190322.img` +BOOT_IMG_SIZE=`stat -c%s $1/boot-1.6.00.15110-mod-190516.img` BLK8_MD5=`dd if=/dev/mmcblk0p8 bs=$BOOT_IMG_SIZE count=1 | md5sum | cut -d " " -f1` -BOOT_MD5=`cat $1/boot-1.4.01.16100-mod-190322.img.md5` +BOOT_MD5=`cat $1/boot-1.6.00.15110-mod-190516.img.md5` echo "BLK08=$BLK8_MD5" >> $LOG_FP echo " BOOT=$BOOT_MD5" >> $LOG_FP diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/version b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/version new file mode 100644 index 0000000..56ce25b --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/FwUpdater/version @@ -0,0 +1 @@ +1.6.00.15110 general \ No newline at end of file diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/aes.key b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/aes.key new file mode 100644 index 0000000..479d751 --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/aes.key @@ -0,0 +1 @@ +2714eb0d158c256c4868ef04f93cb50c56d0092c8df6285304b8ddb78d5f1ef9 diff --git a/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/init_vector b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/init_vector new file mode 100644 index 0000000..f49f0ba --- /dev/null +++ b/fw_updater_packer_unpacker/pkg_example/flashable_mod_boot_img_1.6.00.15110/init_vector @@ -0,0 +1 @@ +55460c2e3abf285af96fe660c0880bc diff --git a/python_api/libInteractive.py b/python_api/libInteractive.py index c459f82..7031bc1 100644 --- a/python_api/libInteractive.py +++ b/python_api/libInteractive.py @@ -2,6 +2,7 @@ # built-ins import os +import sys import time import subprocess @@ -42,104 +43,6 @@ def update_firmware(dpt): return False -def validate_required_files(dpt, purpose='diagnosis'): - if purpose == 'su-binary': - requiredFiles = [ - 'python_api/assets/su', - 'python_api/assets/supolicy', - 'python_api/assets/libsupol.so', - 'python_api/assets/install-recovery.sh' - ] - elif purpose == 'eufwupdater': - requiredFiles = [ - 'python_api/assets/start_eufwupdater.sh', - 'python_api/assets/updater_check.sh' - ] - else: - requiredFiles = [ - 'python_api/assets/shankerzhiwu_disableidcheck.pkg', - 'python_api/assets/shankerzhiwu_changepwd.pkg' - ] - dpt.dbg_print('Checking required files...') - for file in requiredFiles: - if not os.path.isfile(file): - dpt.err_print('File {0} does not exist!'.format(file)) - return False - return True - - -def disable_id_check(dpt): - ''' - disable the id check (thanks to shankerzhiwu and his/her friend) - ''' - fp = 'python_api/assets/shankerzhiwu_disableidcheck.pkg' - try: - resp = input('>>> Have you disabled the id check already? [yes/no]: ') - if resp == 'no': - if not dpt.update_firmware(open(fp, 'rb')): - dpt.err_print('Failed to upload shankerzhiwu_disableidcheck pkg') - return False - return True - elif resp == 'yes': - return True - else: - dpt.err_print('Unrecognized response: {}'.format(resp)) - except BaseException as e: - dpt.err_print(str(e)) - return False - - -def reset_root_password(dpt): - ''' - reset the root password (thanks to shankerzhiwu and his/her friend) - ''' - fp = 'python_api/assets/shankerzhiwu_changepwd.pkg' - try: - if not dpt.update_firmware(open(fp, 'rb')): - dpt.err_print('Failed to upload shankerzhiwu_changepwd pkg') - return False - return True - except BaseException as e: - dpt.err_print(str(e)) - return False - - -def obtain_diagnosis_access(dpt): - ''' - root thanks to shankerzhiwu - ''' - dpt.info_print( - 'Please make sure you have charged your battery before this action.') - dpt.info_print( - 'Thank shankerzhiwu (and his/her anonymous friend) a lot on this hack!!!' + - 'All credits go to him (and his/her anonymous friend)!') - if not validate_required_files(dpt): - return False - # step 1: disable the id check - if not disable_id_check(dpt): - return False - dpt.info_print('Congrats! You are half-way through! You have disabled the OTG ID check') - try: - input( - '>>> After your DPT reboots, shows `update failure` message, ' + - 'connects back to WiFi, etc., press `Enter` key to continue') - except BaseException as e: - dpt.err_print(str(e)) - return False - if not dpt.reauthenticate(): - dpt.err_print("Cannot reauthenticate after reboot") - dpt.err_print("Client id filepath: {}".format(dpt.client_id_fp)) - dpt.err_print("Client key filepath: {}".format(dpt.key_fp)) - return False - # step 2: reset root password - if not reset_root_password(dpt): - return False - dpt.info_print( - 'You are all set! Wait till your DPT reboots and ' + - 'shows `update failure` message! More edits will be added to this tool.') - return True - - ''' Diagnosis Related ''' @@ -154,14 +57,13 @@ It behaves similarly to regular serial session with less flexibility (cannot use This mode intends to automate some complicated procedures. Supported commands: - `patch-updater-bash`-- patch the updater bash to bypass sig validation - `push-file` -- transfer file to DPT at 800bps (=100Bps) - `pull-file` -- transfer file from DPT - `backup-bootimg` -- backup the boot img and download it to local device - `restore-bootimg` -- restore the boot img (use `boot.img.bak`) - `restore-systemimg` -- restore the system img (use `system.img`) - `get-su-bin` -- enable `su` (root) in adb - `exit`/`quit` -- leave the tool + `push-file` -- devlop usage only, transfer file to DPT at 800bps (=100Bps) + `pull-file` -- devlop usage only, transfer file from DPT + `restore-boot-img` -- restore the boot img (use `boot.img`) + `restore-system-img` -- restore the system img (use `system.img`) + `install-pkg` -- mount mass storage and put in pkg (`FwUpdater.pkg`) to install + `reboot` -- get out of diagnosis mode and reboot into normal system + `exit`/`quit` -- leave the tool and many unix cmds (do not support less/head) """) @@ -339,164 +241,6 @@ def diagnosis_push_file( return None -def diagnosis_patch_eufwupdater(dpt): - ''' - patch the start_eufwupdater.sh to bypass pkg check - ''' - if not validate_required_files(dpt, purpose='eufwupdater'): - return False - # patch start_eufwupdater.sh - bashfp = diagnosis_push_file( - dpt, - localfp='python_api/assets/start_eufwupdater.sh', - folder='/usr/local/bin', - overwrite=True) - if bashfp is None: - dpt.err_print("Failed to patch start_eufwupdater.sh!!") - return False - dpt.diagnosis_set_perm(bashfp, owner='1496.1496', perm='0775') - # patch updater_check.sh - bashfp = diagnosis_push_file( - dpt, - localfp='python_api/assets/updater_check.sh', - folder='/usr/local/bin', - overwrite=True) - if bashfp is None: - dpt.err_print("Failed to patch updater_check.sh!!") - return False - dpt.diagnosis_set_perm(bashfp, owner='1496.1496', perm='0775') - # success - dpt.info_print("Success!") - return True - - -def diagnosis_backup_bootimg(dpt): - ''' - backup boot img and then pull img from DPT to local disk - ''' - remotefp = dpt.diagnosis_backup_boot(toSD=True) - md5 = dpt.diagnosis_md5sum_file(remotefp) - dpt.info_print("Success!") - # mount mass storage to allow quick copy of backup - dpt.diagnosis_start_mass_storage() - dpt.info_print("Your computer shall have mounted a disk.") - dpt.info_print("Please open that disk and copy your backup") - dpt.info_print("`boot.img.bak` to a safe place.") - dpt.info_print("Also, check if its MD5 is: {}.".format(md5)) - dpt.info_print("After then you can delete the file in that disk.") - try: - input( - "While done, please eject the disk, " + - "and press Enter key to continue..") - dpt.diagnosis_stop_mass_storage() - except KeyboardInterrupt: - dpt.err_print("Nothing happened..") - dpt.diagnosis_stop_mass_storage() - return False - # # pull this backup file to current folder - # if remotefp: - # fp = diagnosis_pull_file( - # dpt, remotefp=remotefp, folder=".", overwrite=True - # ) - # if fp is not None: - # dpt.info_print("Success!") - # return True - # dpt.info_print("Nothing happened..") - # return False - - -def diagnosis_get_su_bin(dpt): - ''' - get sudo access in adb mode (so it would be much much eaiser to - make changes (no painful serial data transfer) - after doing this, adb should handle most necessary modifications - here we use system-method (push binary files to system) - ''' - if not validate_required_files(dpt, purpose='su-binary'): - return False - dpt.info_print("Mounting /system partition..") - mountpoint = dpt.diagnosis_mount_system() - dpt.info_print("Mounted to {}".format(mountpoint)) - if not mountpoint: - dpt.err_print("Nothing happened..") - return False - - dpt.info_print("Uploading su file to /system/xbin..") - sufp = diagnosis_push_file( - dpt, - localfp='python_api/assets/su', - folder='{}/xbin'.format(mountpoint), - overwrite=True) - if sufp is None: - dpt.err_print("Due to previous failure, we stopped..") - return False - dpt.diagnosis_set_perm(sufp, owner='0.0', perm='0755') - daemonsufp = sufp[:-2] + 'daemonsu' - dpt.diagnosis_write('cp {0} {1}'.format(sufp, daemonsufp)) - extfolder = "{}/bin/.ext".format(mountpoint) - dpt.diagnosis_mkdir(extfolder) - dpt.diagnosis_set_perm(extfolder, owner='0.0', perm='0777') - dpt.diagnosis_write('cp {0} {1}/.su'.format(sufp, extfolder)) - - dpt.info_print("Uploading supolicy file to /system/xbin..") - supolicyfp = diagnosis_push_file( - dpt, - localfp='python_api/assets/supolicy', - folder='{}/xbin'.format(mountpoint), - overwrite=True) - if supolicyfp is None: - dpt.err_print("Due to previous failure, we stopped..") - return False - dpt.diagnosis_set_perm(supolicyfp, owner='0.0', perm='0755') - libsupolsofp = diagnosis_push_file( - dpt, - localfp='python_api/assets/libsupol.so', - folder='{}/lib'.format(mountpoint), - overwrite=True) - if libsupolsofp is None: - dpt.err_print("Due to previous failure, we stopped..") - return False - dpt.diagnosis_set_perm(libsupolsofp, owner='0.0', perm='0644') - - dpt.info_print("Uploading install-recovery.sh to /system/bin..") - installrecfp = diagnosis_push_file( - dpt, - localfp='python_api/assets/install-recovery.sh', - folder='{}/bin'.format(mountpoint), - overwrite=True) - if installrecfp is None: - dpt.err_print("Due to previous failure, we stopped..") - return False - dpt.diagnosis_set_perm(installrecfp, owner='0.0', perm='0755') - - dpt.info_print("Tweaking /system/bin/app_process..") - appprocessfp = '{0}/bin/app_process'.format(mountpoint) - dpt.diagnosis_write('mv {0} {0}_bak'.format(appprocessfp)) - dpt.diagnosis_ln("/system/xbin/daemonsu", appprocessfp) - - dpt.info_print("Tweaking /system/bin/app_process32..") - appprocess32fp = '{0}32'.format(appprocessfp) - if dpt.diagnosis_isfile("{}_original".format(appprocess32fp)): - dpt.diagnosis_remove_file(appprocess32fp) - else: - dpt.diagnosis_write("mv {0} {0}_original".format(appprocess32fp)) - dpt.diagnosis_ln("/system/xbin/daemonsu", appprocess32fp) - - dpt.info_print("Tweaking /system/bin/app_process_init..") - if not dpt.diagnosis_isfile("{}_init".format(appprocessfp)): - dpt.diagnosis_write( - "cp {0}_original {1}_init".format(appprocess32fp, appprocessfp)) - dpt.diagnosis_set_perm( - "{}_init".format(appprocessfp), owner='0.2000', perm='0755') - - dpt.info_print("Misc: add /system/etc/.installed_su_daemon") - miscfp = "{}/etc/.installed_su_daemon".format(mountpoint) - dpt.diagnosis_write("echo 1 > {}".format(miscfp)) - dpt.diagnosis_set_perm(miscfp, owner='0.0', perm='0644') - - dpt.info_print("Done!") - - def diagnosis_restore_systemimg(dpt): ''' restore system img @@ -528,22 +272,13 @@ def diagnosis_restore_systemimg(dpt): return False -def diagnosis_restore_bootimg(dpt, usetmpfp=None, bootimgfp=None): +def diagnosis_restore_bootimg(dpt, bootimgfp=None): ''' restore boot img ''' - if usetmpfp is None: - resp = input('> Upload boot img? [yes/no]: ') - usetmpfp = False if resp == 'yes' else True - # directly use the original backup, if exists - if usetmpfp: - dpt.info_print("Trying to use /root/boot.img.bak") - return dpt.diagnosis_restore_boot(fp="/root/boot.img.bak") - # otherwise we need to first upload our own boot img - # NOTE: use mass storage instead dpt.diagnosis_start_mass_storage() dpt.info_print("Your computer shall have mounted a disk.") - dpt.info_print("Please copy your `boot.img.bak` there.") + dpt.info_print("Please copy your `boot.img` there.") try: input("When done, plz eject disk and press Enter to continue..") dpt.diagnosis_stop_mass_storage() @@ -559,7 +294,7 @@ def diagnosis_restore_bootimg(dpt, usetmpfp=None, bootimgfp=None): dpt.err_print("Nothing happened..") return False if resp == 'yes': - if dpt.diagnosis_restore_boot(fp="boot.img.bak", fromSD=True): + if dpt.diagnosis_restore_boot(fp="boot.img", fromSD=True): dpt.info_print("Success!") return True dpt.err_print("Failed..") @@ -568,6 +303,37 @@ def diagnosis_restore_bootimg(dpt, usetmpfp=None, bootimgfp=None): return False +def diagnosis_restore_pkg(dpt): + ''' + install/restore from an uploaded pkg in diagnosis mode + ''' + dpt.diagnosis_start_mass_storage() + dpt.info_print("Your computer shall have mounted a disk.") + dpt.info_print("Please copy your `FwUpdater.pkg` there.") + try: + input("When done, plz eject disk and press Enter to continue..") + dpt.diagnosis_stop_mass_storage() + except KeyboardInterrupt: + dpt.diagnosis_stop_mass_storage() + return False + dpt.info_print("We will now reboot the device to install PKG") + dpt.info_print("") + dpt.info_print("Hold the HOME button while rebooting") + dpt.info_print("Wait till lights turning off and start flashing yellow,") + dpt.info_print("then release the button and enjoy a cup of coffee") + dpt.info_print("") + dpt.info_print("If you changed your mind before the third bar appears,") + dpt.info_print("press the POWER button during the reboot,") + dpt.info_print("it will skip the PKG update and go to normal system") + dpt.info_print("") + dpt.info_print("You can also instead press the HOME button during the reboot,") + dpt.info_print("it will go back into diagnosis mode") + input("Ready? Press Enter to continue..") + dpt.info_print("System rebooting..") + dpt.diagnosis_write("reboot &") + return True + + def diagnosis_cmd(dpt): ''' run commands in diagnosis mode @@ -590,27 +356,28 @@ def diagnosis_cmd(dpt): elif cmd == 'help': print_diagnosis_info() continue - elif cmd =='patch-updater-bash': - diagnosis_patch_eufwupdater(dpt) - continue elif cmd == 'push-file': diagnosis_push_file(dpt) continue elif cmd == 'pull-file': diagnosis_pull_file(dpt) continue - elif cmd == 'backup-bootimg': - diagnosis_backup_bootimg(dpt) - continue - elif cmd == 'restore-bootimg': + elif cmd == 'restore-boot-img': diagnosis_restore_bootimg(dpt) continue - elif cmd == 'restore-systemimg': + elif cmd == 'restore-system-img': diagnosis_restore_systemimg(dpt) continue - elif cmd == 'get-su-bin': - diagnosis_get_su_bin(dpt) - continue + elif cmd == 'install-pkg': + diagnosis_restore_pkg(dpt) + dpt.info_print("due to the reboot, exiting the tool..") + dpt.shut_down_diagnosis() + raise EOFError + elif cmd == 'reboot': + dpt.info_print("due to the reboot, exiting the tool..") + dpt.diagnosis_write('reboot &') + dpt.shut_down_diagnosis() + raise EOFError rawresp = dpt.diagnosis_write(cmd) # ignore first and last echos tmp = rawresp.splitlines() @@ -658,4 +425,5 @@ def diagnosis_mode(dpt): return False diagnosis_cmd(dpt) dpt.shut_down_diagnosis() + dpt.info_print("got out of diagnosis") return True