#!/sbin/sh ########################################################################################## # # NanoDroid Patcher survival script # by Nanolx # ########################################################################################## VERSION=22.5.99999999 ########################################################################################## # Generic Functions ########################################################################################## show_banner () { ui_print " " ui_print "********************************" ui_print " NanoDroid " ui_print " Framework Patcher " ui_print " Powered by DexPatcher " ui_print " ${VERSION} " ui_print "********************************" ui_print " " } setup_environment () { TMPDIR=/dev/tmp/install export ANDROID_DATA=${TMPDIR} export PATCHER_ADDOND_DATA=/data/adb/nanodroid_patcher if [ -f /data/adb/magisk/util_functions.sh ]; then NVBASE=/data/adb elif [ -f /data/magisk/util_functions.sh ]; then NVBASE=/data fi } ui_print() { ${BOOTMODE} && echo "${1}" || \ echo -e "ui_print ${1}\nui_print" >> /proc/self/fd/${OUTFD} } is_mounted () { if [ ! -z "$2" ]; then cat /proc/mounts | grep $1 | grep $2, >/dev/null else cat /proc/mounts | grep $1 >/dev/null fi return $? } # taken from Magisk, with minor modifications for NanoDroid mount_partitions () { DEVICE_AB=FALSE VENDOR_COMPAT=FALSE SYSTEM_AS_ROOT=$(getprop ro.build.system_root_image) SYSTEM_BLOCK=/dev/block/bootdevice/by-name/system RUNTIME_APEX="" APEX_LOOP="" if [ "${SYSTEM_AS_ROOT}" == "true" ]; then SLOT=$(grep_cmdline androidboot.slot_suffix) if [ -n "${SLOT}" ]; then DEVICE_AB=TRUE SYSTEM_BLOCK=/dev/block/bootdevice/by-name/system${SLOT} fi SYSTEM_MOUNT=/system_root else SYSTEM_MOUNT=/system fi is_mounted /data || mount /data || error "failed to mount /data!" mount -o bind /dev/urandom /dev/random ! is_mounted ${SYSTEM_MOUNT} && mount -o rw ${SYSTEM_BLOCK} ${SYSTEM_MOUNT} || mount -o rw,remount ${SYSTEM_MOUNT} if [ -f /system/init.rc ]; then [ -L /system_root ] && rm -f /system_root mkdir -p /system_root 2>/dev/null mount --move /system /system_root mount -o bind /system_root/system /system fi [ ! -f /system/build.prop ] && error "failed to mount /system (unsupported A/B device?)" if [ -f /system/apex/com.android.runtime.apex ]; then RUNTIME_APEX="/system/apex/com.android.runtime.apex" elif [ -f /system/apex/com.android.runtime.release.apex ]; then RUNTIME_APEX="/system/apex/com.android.runtime.release.apex" fi if [ -n "${RUNTIME_APEX}" ]; then mkdir -p /dev/tmp/apex unzip "${RUNTIME_APEX}" -d /dev/tmp/apex mkdir -p /apex/com.android.runtime mount -oloop,ro /dev/tmp/apex/apex_payload.img /apex/com.android.runtime APEX_LOOP=$(mount | awk '/com.android.runtime/{print $1}') fi ! is_mounted /vendor && mount /vendor if [ -L /system/vendor ]; then if ! is_mounted /vendor; then vendor_tmp=$(find /dev/block -type l -iname vendor${SLOT} | head -n 1) VENDORBLOCK=$(readlink -f ${vendor_tmp}) mount -o ro ${VENDORBLOCK} /vendor fi elif [ -d /system/vendor ]; then ### XXX work-around required for some ROMs VENDOR_COMPAT=TRUE echo " xxx compat /vendor link created!" ln -sf /system/vendor /vendor >/dev/null fi mount | awk '{print $1 " on " $3 " params: " $6}' } error () { ui_print " " ui_print " !! ${@}" ui_print " " exit 1 } set_perm () { chown ${2}:${3} ${1} || error "failed change owner for ${1}" chmod ${4} ${1} || error "failed to change mode for ${1}" if [ ! -z "${5}" ]; then chcon ${5} ${1} 2>/dev/null else chcon 'u:object_r:system_file:s0' ${1} 2>/dev/null fi } set_perm_recursive() { find ${1} -type d 2>/dev/null | while read dir; do set_perm ${dir} ${2} ${3} ${4} ${6} done find ${1} -type f 2>/dev/null | while read file; do set_perm ${file} ${2} ${3} ${5} ${6} done } set_perm_data () { if [ "${1}" = "-r" ]; then echo " perm: data [recursive] {${2}}" set_perm_recursive ${2} 0 0 0755 0644 else echo " perm: data [single] {${1}}" set_perm ${1} 0 0 0644 fi } ########################################################################################## # Device Functions ########################################################################################## detect_outfd () { if [ -z $OUTFD ] || readlink /proc/$$/fd/$OUTFD | grep -q /tmp; then # We will have to manually find out OUTFD for FD in `ls /proc/$$/fd`; do if readlink /proc/$$/fd/$FD | grep -q pipe; then if ps | grep -v grep | grep -q " 3 $FD "; then OUTFD=$FD break fi fi done fi } detect_bootmode () { [ -z ${BOOTMODE} ] && BOOTMODE=false ${BOOTMODE} || ps | grep zygote | grep -qv grep && BOOTMODE=true ${BOOTMODE} || ps -A | grep zygote | grep -qv grep && BOOTMODE=true } grep_prop() { [ -f /vendor/build.prop ] && \ FILES="/system/build.prop /vendor/build.prop" || \ FILES="/system/build.prop" sed -n "s/^${1}=//p" ${FILES} | head -n 1 } grep_cmdline() { local REGEX="s/^${1}=//p" sed -E 's/ +/\n/g' /proc/cmdline | \ sed -n "${REGEX}" 2>/dev/null } detect_odex () { SERVICES_JAR_DEX=$(unzip -lq /system/framework/services.jar | grep classes.dex) if [ -n "$(find '/system/framework/' -name 'services.vdex')" ]; then ROM_DEX_STATUS=VDEX elif [ -n "$(find '/system/framework/' -name 'services.odex')" ]; then ROM_DEX_STATUS=ODEX else ROM_DEX_STATUS=UNKOWN fi [ "${SERVICES_JAR_DEX}" ] && ROM_DEX_STATUS=DEODEX ui_print " " ui_print " ++" ui_print " ++ services.jar status: ${ROM_DEX_STATUS}" ui_print " ++" [ "${SDK_VERSION}" -gt 27 -a "${ROM_DEX_STATUS}" != "DEODEX" ] && \ error "Pie is only supported on de-odexed ROMs currently" } detect_arch () { ABI=$(grep_prop ro.product.cpu.abi | cut -c-3) ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3) ABILONG=$(grep_prop ro.product.cpu.abi) ARCH=arm [ "$ABI" = "x86" ] && ARCH=x86 [ "$ABI2" = "x86" ] && ARCH=x86 [ "$ABILONG" = "arm64-v8a" ] && ARCH=arm64 [ "$ABILONG" = "x86_64" ] && ARCH=x86_64 case ${ARCH} in arm | arm64 ) ZIPB=${BASEDIR}/zip.arm FILE=${BASEDIR}/file.arm if [ -f ${TMPDIR}/busybox.arm ]; then BUSY=${TMPDIR}/busybox.arm else BUSY=${BASEDIR}/busybox.arm fi ;; x86 | x86_64 ) ZIPB=${BASEDIR}/zip.x86 FILE=${BASEDIR}/file.x86 if [ -f ${TMPDIR}/busybox.x86 ]; then BUSY=${TMPDIR}/busybox.x86 else BUSY=${BASEDIR}/busybox.x86 fi ;; esac V_EX=${BASEDIR}/vdexExtractor.${ARCH} chmod 0755 ${BUSY} rm -rf ${BASEDIR}/busybox mkdir -p ${BASEDIR}/busybox ln -sf ${BUSY} ${BASEDIR}/busybox/busybox ${BUSY} --install -s ${BASEDIR}/busybox/ export PATH="${BASEDIR}/busybox:/system/bin:/system/xbin" DALVIKVM_BIN=$(ls -l /system/bin/dalvikvm | awk '{print $NF}') DALVIKVM_ARCH=$("${FILE}" -m "${BASEDIR}/magic.mgc" -L /system/bin/dalvikvm) case ${DALVIKVM_BIN} in dalvikvm32 ) export LD_LIBRARY_PATH="/system/lib:/vendor/lib:/system/vendor/lib" ;; dalvikvm64 ) export LD_LIBRARY_PATH="/system/lib64:/vendor/lib64:/system/vendor/lib64" ;; dalvikvm ) case ${DALVIKVM_ARCH} in *32-bit* ) export LD_LIBRARY_PATH="/system/lib:/vendor/lib:/system/vendor/lib" ;; *64-bit* ) export LD_LIBRARY_PATH="/system/lib64:/vendor/lib64:/system/vendor/lib64" ;; esac ;; esac ui_print " > device architecture: ${ARCH}" } detect_sdk () { SDK_VERSION=$(grep_prop ro.build.version.sdk) [ "${SDK_VERSION}" -gt 28 ] && \ error "Android versions beyond Pie are not yet supported" [ "${SDK_VERSION}" -lt 16 ] && \ error "Android versions before Jelly Bean are not supported" if [ "${SDK_VERSION}" -gt 25 ]; then BAKSMALI="${BASEDIR}/baksmali_26.dex" SMALI="${BASEDIR}/smali_26.dex" elif [ "${SDK_VERSION}" -gt 23 ]; then BAKSMALI="${BASEDIR}/baksmali_25.dex" SMALI="${BASEDIR}/smali_25.dex" else BAKSMALI="${BASEDIR}/baksmali_23.dex" SMALI="${BASEDIR}/smali_23.dex" fi PATCH_CORE="${BASEDIR}/core_services.jar.dex" if [ "${SDK_VERSION}" -lt 24 ]; then ui_print " > Android 4.1 - 6.0 (SDK ${SDK_VERSION}) detected" PATCH_HOOK="${BASEDIR}/hook_4.1-6.0_services.jar.dex" else ui_print " > Android 7.0 - 9.0 (SDK ${SDK_VERSION}) detected" PATCH_HOOK="${BASEDIR}/hook_7.0-9.0_services.jar.dex" fi [ "${SDK_VERSION}" -gt 21 ] && DEX_OPTS="--multi-dex-threaded" } ########################################################################################## # by @ale5000 ########################################################################################## search_fake_package_signature () { PERMISSION=android.permission.FAKE_PACKAGE_SIGNATURE PERMISSION_OD=$(echo -n "${PERMISSION}" | od -A n -t x1 | tr -d '\n' | sed -e 's/^ //g;s/ /00/g') HAS_FAKESIGN=false FW_RES_DIR="${TMPDIR}/framework-res" if [ ! -f ${FW_RES_DIR}/AndroidManifest.xml ]; then mkdir -p "${FW_RES_DIR}" unzip -oq /system/framework/framework-res.apk -d "${FW_RES_DIR}" fi grep -qF "${PERMISSION}" "${FW_RES_DIR}/AndroidManifest.xml" && HAS_FAKESIGN=true od -A n -t x1 "${FW_RES_DIR}/AndroidManifest.xml" | tr -d ' \n' | grep -qF "${PERMISSION_OD}" && HAS_FAKESIGN=true ${HAS_FAKESIGN} && return 0 || return 1 } ########################################################################################## # Patcher Functions ########################################################################################## setup_patcher () { ui_print " > preparing environment" rm -rf ${TMPDIR} mkdir -p ${TMPDIR} unzip -oq "${ZIP}" -d ${TMPDIR} || \ error "failed to prepare environment" for bin in zip.arm zip.x86 \ vdexExtractor.arm vdexExtractor.x86 \ vdexExtractor.arm64 vdexExtractor.x86_64 \ file.arm file.x86; do chmod 0755 "${BASEDIR}/${bin}" || \ error "failed to prepare environment" done mkdir -p /data/adb/ } call_dalvikvm () { for jar in /system/framework/*.jar ; do BOOTCLASSES=${BOOTCLASSES}:${jar} done supported_opts=$(/system/bin/dalvikvm --help 2>&1) DALVIKVM_OPTS="" [[ "${supported_opts}" == *\[no\]dex2oat* ]] && DALVIKVM_OPTS="${DALVIKVM_OPTS} -Xnodex2oat" [[ "${supported_opts}" == *\[no\]image-dex2oat* ]] && DALVIKVM_OPTS="${DALVIKVM_OPTS} -Xnoimage-dex2oat" [[ "${supported_opts}" == *verbose:*gc* ]] && DALVIKVM_OPTS="${DALVIKVM_OPTS} -verbose:gc" [[ "${supported_opts}" == *verbose:*jit* ]] && DALVIKVM_OPTS="${DALVIKVM_OPTS} -verbose:jit" [[ "${supported_opts}" == *verbose:*jni* ]] && DALVIKVM_OPTS="${DALVIKVM_OPTS} -verbose:jni" [[ "${supported_opts}" == *verbose:*class* ]] && DALVIKVM_OPTS="${DALVIKVM_OPTS} -verbose:class" if [ "${ROM_DEX_STATUS}" = "DEODEX" ]; then /system/bin/dalvikvm \ -Xbootclasspath:${BOOTCLASSES} \ ${DALVIKVM_OPTS} \ "${@}" else /system/bin/dalvikvm \ ${DALVIKVM_OPTS} \ "${@}" fi } deodex_vdex () { ui_print " >> deodexing services.jar [VDEX]" cp /system/framework/oat/${ARCH}/services.vdex \ ${BASEDIR}/services.vdex || \ error "failed to copy services.vdex" ${V_EX} -i ${BASEDIR}/services.vdex \ --ignore-crc-error --debug=4 || \ error "failed to deodex services.vdex" mv ${BASEDIR}/services.apk_classes.dex ${BASEDIR}/classes.dex || \ error "failed to deodex services.vdex" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/classes.dex" || \ error "zip failed" } deodex_odex () { ui_print " >> deodexing services.jar [ODEX]" cp "/system/framework/oat/${ARCH}/services.odex" "${BASEDIR}" # baksmali/smali options switches (version dependent) MAIN=Main DEODEX="x" ASSEMBLE="a" BOOTCLASSPATH="-b" CLASSPATHDIR="-d" if [ "${SDK_VERSION}" -lt 24 ]; then MAIN=main DEODEX="-x" ASSEMBLE= BOOTCLASSPATH="-c" fi ui_print " [1] baksmali services.odex" call_dalvikvm \ -classpath "${BAKSMALI}" \ org.jf.baksmali.${MAIN} \ ${DEODEX} \ ${BOOTCLASSPATH} "/system/framework/${ARCH}/boot.oat" \ ${CLASSPATHDIR} "/system/framework/${ARCH}" \ ${CLASSPATHDIR} "/system/framework" \ -o "${BASEDIR}/services.jar-deodex" \ "${BASEDIR}/services.odex" || \ error "failed to deodex services.jar" ui_print " [2] smali services.odex" call_dalvikvm \ -classpath "${SMALI}" \ org.jf.smali.${MAIN} \ ${ASSEMBLE} \ -o "${BASEDIR}/services.jar-deodex/classes.dex" \ "${BASEDIR}/services.jar-deodex" || \ error "failed to rebuild classes.dex" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/services.jar-deodex"/classes*.dex || \ error "zip failed" rm -rf "${BASEDIR}/services.jar-deodex" } patch_services () { ui_print " " ui_print " > patching signature spoofing support" ui_print " " cp /system/framework/services.jar \ ${BASEDIR}/services.jar || \ error "failed to copy services.jar" if [ "${ROM_DEX_STATUS}" = "VDEX" ]; then deodex_vdex elif [ "${ROM_DEX_STATUS}" = "ODEX" ]; then deodex_odex fi mkdir -p "${BASEDIR}/services.jar-mod" PATCHES="${PATCH_HOOK} ${PATCH_CORE}" ui_print " >> patching services.jar" call_dalvikvm \ -classpath "${BASEDIR}/dexpatcher.dex" \ lanchon.dexpatcher.Main \ ${DEX_OPTS} --api-level "${SDK_VERSION}" \ --verbose --debug --output ${BASEDIR}/services.jar-mod \ ${BASEDIR}/services.jar ${PATCHES} || \ error "failed to apply patches" ${ZIPB} -d "${BASEDIR}/services.jar" \ 'classes*.dex' || \ error "zip failed" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/services.jar-mod"/classes*.dex || \ error "zip failed" } backup_services_jar () { ui_print " << backing up services.jar to: /data/media/0/nanodroid_backups" services_name="services.jar_$(grep_prop ro.build.flavor)_$(grep_prop ro.build.id)" mkdir -p /data/media/0/nanodroid_backups cp /system/framework/services.jar "/data/media/0/nanodroid_backups/${services_name}" || \ error "failed to backup services.jar" } install_services () { ui_print " " for destination in /data/adb/modules/NanoDroid /data/adb/modules/NanoDroid_microG /; do if [ -d ${destination} ]; then install_path="${destination}" break fi done if [ "${install_path}" = "/" ]; then mount -orw,remount /system || \ error "failed to mount /system read-write" backup_services_jar fi ui_print " << installing patched files to: ${install_path}" mkdir -p "${install_path}/system/framework" cp ${BASEDIR}/services.jar "${install_path}/system/framework/" \ || error "failed to install services.jar" set_perm_data "${install_path}/system/framework/services.jar" cp "${BASEDIR}/org.spoofing.apk" "${install_path}/system/framework/" set_perm_data "${install_path}/system/framework/org.spoofing.apk" touch /data/adb/NanoDroid_Patched } ########################################################################################## # addon.d ########################################################################################## install_addond () { ui_print " " ui_print " Installing addon.d restoration setup" rm -rf ${PATCHER_ADDOND_DATA} mkdir -p ${PATCHER_ADDOND_DATA} [ -d /data/nanomod.patcher ] && rm -rf /data/nanomod.patcher [ -d /data/adb/nanomod_patcher ] && rm -rf /data/nanomod_patcher rm -f /system/addon.d/75-nanomodpatcher.sh \ /system/addon.d/75-nanodroidpatcher.sh \ /system/addon.d/999-nanodroidpatcher.sh for file in core_services.jar.dex dexpatcher.dex \ hook_4.1-6.0_services.jar.dex hook_7.0-9.0_services.jar.dex \ baksmali_23.dex baksmali_25.dex baksmali_26.dex \ smali_23.dex smali_25.dex smali_26.dex \ magic.mgc org.spoofing.apk; do cp "${BASEDIR}/${file}" ${PATCHER_ADDOND_DATA}/ done cp /dev/tmp/CommonPatcher ${PATCHER_ADDOND_DATA}/ for file in ${ZIPB} ${V_EX} ${BUSY} ${FILE}; do cp ${file} ${PATCHER_ADDOND_DATA}/ chmod 0755 ${PATCHER_ADDOND_DATA}/$(basename "${file}") done mkdir -p /system/addon.d/ cp "${BASEDIR}/70-nanodroidpatcher.sh" /system/addon.d/ chmod 0755 /system/addon.d/70-nanodroidpatcher.sh }