#!/sbin/sh ########################################################################################## # # NanoDroid Patcher survival script # by Nanolx # ########################################################################################## ########################################################################################## # Generic Functions ########################################################################################## setup_environment () { TMPDIR=/dev/tmp/install export ANDROID_DATA=${TMPDIR} export PATCHER_ADDOND_DATA=/data/adb/nanodroid_patcher MAGISK_IMG=/data/adb/magisk.img MAGISK_PATH=/dev/tmp/magisk_img } ui_print() { echo -n -e "ui_print $1\n" >> /proc/self/fd/$OUTFD echo -n -e "ui_print\n" >> /proc/self/fd/$OUTFD } is_mounted () { if [ ! -z "$2" ]; then cat /proc/mounts | grep $1 | grep $2, >/dev/null else cat /proc/mounts | grep $1 >/dev/null fi return $? } mount_image() { if [ ! -d "$2" ]; then mount -o rw,remount rootfs / mkdir -p "$2" 2>/dev/null [ ! -d "$2" ] && return 1 fi if ! is_mounted "$2"; then LOOPDEVICE= for LOOP in 0 1 2 3 4 5 6 7; do if ! is_mounted "$2"; then LOOPDEVICE=/dev/block/loop$LOOP [ -e $LOOPDEVICE ] || mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null losetup $LOOPDEVICE "$1" && mount -t ext4 -o loop $LOOPDEVICE "$2" if is_mounted "$2"; then break; fi fi done fi } # taken from Magisk, with minor modifications for NanoDroid mount_partitions () { SLOT=$(grep_cmdline androidboot.slot_suffix) if [ -z ${SLOT} ]; then SLOT=_$(grep_cmdline androidboot.slot) [ "${SLOT}" = "_" ] && SLOT= fi is_mounted /data || mount /data || error "failed to mount /data!" ${BOOTMODE} || mount -o bind /dev/urandom /dev/random ! is_mounted /system && mount -o rw /system if [ ! -f /system/build.prop ]; then SYSTEMBLOCK=$(find /dev/block -iname system${SLOT} | head -n 1) mount -t ext4 -o rw ${SYSTEMBLOCK} /system fi [ -f /system/build.prop ] || is_mounted /system || error "failed to mount /system (unsupported A/B device?)" if [ -f /system/init ]; then mkdir /system_root 2>/dev/null mount --move /system /system_root mount -o bind /system_root/system /system fi [ ! -f /system/build.prop ] && error "failed to mount /system (unsupported A/B device?)" if [ -L /system/vendor ]; then ! is_mounted /vendor && mount /vendor if ! is_mounted /vendor; then VENDORBLOCK=$(find /dev/block -iname vendor${SLOT} | head -n 1) mount -t ext4 -o ro ${VENDORBLOCK} /vendor fi elif [ -d /system/vendor ]; then ### XXX work-around required for some ROMs echo " xxx compat /vendor link created!" ln -sf /system/vendor /vendor >/dev/null fi mount | awk '{print $1 " on " $3}' } error () { ui_print " " ui_print " !! ${@}" ui_print " " magisk_cleanup exit 1 } ########################################################################################## # Device Functions ########################################################################################## detect_outfd () { if [ -z $OUTFD ] || readlink /proc/$$/fd/$OUTFD | grep -q /tmp; then # We will have to manually find out OUTFD for FD in `ls /proc/$$/fd`; do if readlink /proc/$$/fd/$FD | grep -q pipe; then if ps | grep -v grep | grep -q " 3 $FD "; then OUTFD=$FD break fi fi done fi } detect_bootmode () { ps | grep zygote | grep -qv grep && BOOTMODE=true || BOOTMODE=false ${BOOTMODE} || ps -A | grep zygote | grep -qv grep && BOOTMODE=true } grep_prop() { REGEX="${1}" shift FILES="${@}" [ -z "${@}" ] && FILES='/system/build.prop' sed -n "s/^${REGEX}=//p" ${FILES} | \ head -n 1 } grep_cmdline() { local REGEX="s/^${1}=//p" sed -E 's/ +/\n/g' /proc/cmdline | \ sed -n "${REGEX}" 2>/dev/null } detect_odex () { SERVICES_JAR_DEX=$(unzip -lq /system/framework/services.jar | grep classes.dex) if [ -n "$(find '/system/framework/' -name 'services.vdex')" ]; then ROM_DEX_STATUS=VDEX elif [ -n "$(find '/system/framework/' -name 'services.odex')" ]; then ROM_DEX_STATUS=ODEX else ROM_DEX_STATUS=UNKOWN fi [ "${SERVICES_JAR_DEX}" ] && ROM_DEX_STATUS=DEODEX ui_print " " ui_print " ++" ui_print " ++ services.jar status: ${ROM_DEX_STATUS}" ui_print " ++" [ "${SDK_VERSION}" -gt 27 -a "${ROM_DEX_STATUS}" != "DEODEX" ] && \ error "Pie is only supported on de-odexed ROMs currently" } detect_arch () { ABI=$(grep_prop ro.product.cpu.abi | cut -c-3) ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3) ABILONG=$(grep_prop ro.product.cpu.abi) ARCH=arm [ "$ABI" = "x86" ] && ARCH=x86 [ "$ABI2" = "x86" ] && ARCH=x86 [ "$ABILONG" = "arm64-v8a" ] && ARCH=arm64 [ "$ABILONG" = "x86_64" ] && ARCH=x86_64 case ${ARCH} in arm | arm64 ) ZIPB=${BASEDIR}/zip.arm if [ -f ${TMPDIR}/busybox.arm ]; then BUSY=${TMPDIR}/busybox.arm else BUSY=${BASEDIR}/busybox.arm fi ;; x86 | x86_64 ) ZIPB=${BASEDIR}/zip.x86 if [ -f ${TMPDIR}/busybox.x86 ]; then BUSY=${TMPDIR}/busybox.x86 else BUSY=${BASEDIR}/busybox.x86 fi ;; esac if [ "${CUSTOM_ROM}" -eq 1 ]; then case ${ARCH} in arm | x86 ) export LD_LIBRARY_PATH="/system/lib:/vendor/lib:/system/vendor/lib" ;; arm64 | x86_64 ) export LD_LIBRARY_PATH="/system/lib64:/vendor/lib64:/system/vendor/lib64" ;; esac else unset LD_LIBRARY_PATH unset LD_PRELOAD fi export PATH="${BASEDIR}/busybox:/system/bin:/system/xbin" V_EX=${BASEDIR}/vdexExtractor.${ARCH} chmod 0755 ${BUSY} rm -rf ${BASEDIR}/busybox mkdir -p ${BASEDIR}/busybox ln -sf ${BUSY} ${BASEDIR}/busybox/busybox ${BUSY} --install -s ${BASEDIR}/busybox/ ui_print " > device architecture: ${ARCH}" } detect_sdk () { SDK_VERSION=$(grep_prop ro.build.version.sdk) CUSTOM_ROM=0 [ "${SDK_VERSION}" -gt 28 ] && \ error "Android versions beyond Pie are not yet supported" [ "${SDK_VERSION}" -lt 16 ] && \ error "Android versions before Jelly Bean are not supported" if [ "${SDK_VERSION}" -gt 25 ]; then BAKSMALI="${BASEDIR}/baksmali_26.dex" SMALI="${BASEDIR}/smali_26.dex" else BAKSMALI="${BASEDIR}/baksmali_25.dex" SMALI="${BASEDIR}/smali_25.dex" fi PATCH_CORE="${BASEDIR}/core_services.jar.dex" PATCH_UNLP="${BASEDIR}/unifiednlp_services.jar.dex" if [ "${SDK_VERSION}" -lt 24 ]; then ui_print " > Android 4.1 - 6.0 (SDK ${SDK_VERSION}) detected" PATCH_HOOK="${BASEDIR}/hook_4.1-6.0_services.jar.dex" else ui_print " > Android 7.0 - 9.0 (SDK ${SDK_VERSION}) detected" PATCH_HOOK="${BASEDIR}/hook_7.0-9.0_services.jar.dex" fi [ "${SDK_VERSION}" -gt 21 ] && DEX_OPTS="--multi-dex-threaded" for pattern in dev-keys test-keys type=userdebug; do grep -q "${pattern}" /system/build.prop && CUSTOM_ROM=1 done [ "${CUSTOM_ROM}" -eq 1 ] && \ ui_print " > Custom ROM detected" \ || ui_print " > Stock ROM detected" } ########################################################################################## # Magisk Functions ########################################################################################## grow_magisk_img () { request_size_check /tmp/services.jar image_size_check ${MAGISK_IMG} if [ "$reqSizeM" -gt "$curFreeM" ]; then SIZE=$(((reqSizeM + curUsedM) / 32 * 32 + 64)) resize2fs -f ${MAGISK_IMG} ${SIZE}M e2fsck -yf ${MAGISK_IMG} fi } shrink_magisk_img () { image_size_check ${MAGISK_IMG} NEWDATASIZE=$((curUsedM / 32 * 32 + 32)) if [ "$curSizeM" -gt "$NEWDATASIZE" ]; then resize2fs -f ${MAGISK_IMG} ${NEWDATASIZE}M e2fsck -yf ${MAGISK_IMG} fi } request_size_check() { reqSizeM=`unzip -l "$1" 2>/dev/null | tail -n 1 | awk '{ print $1 }'` reqSizeM=$((reqSizeM / 1048576 + 1)) } image_size_check() { e2fsck -yf $1 curBlocks=`e2fsck -n $1 2>/dev/null | grep $1 | cut -d, -f3 | cut -d\ -f2`; curUsedM=`echo "$curBlocks" | cut -d/ -f1` curSizeM=`echo "$curBlocks" | cut -d/ -f1` curFreeM=$(((curSizeM - curUsedM) * 4 / 1024)) curUsedM=$((curUsedM * 4 / 1024 + 1)) curSizeM=$((curSizeM * 4 / 1024)) } magisk_setup () { if [ -f ${MAGISK_IMG} ]; then grow_magisk_img || \ error "failed to grow magisk.img" mount_image ${MAGISK_IMG} ${MAGISK_PATH} || \ error "failed to mount ${MAGISK_PATH}" fi } magisk_cleanup () { if (is_mounted ${MAGISK_PATH}); then umount ${MAGISK_PATH} losetup -d $LOOPDEVICE rmdir ${MAGISK_PATH} shrink_magisk_img || \ error "failed to shrink magisk.img" fi } ########################################################################################## # Patcher Functions ########################################################################################## setup_patcher () { ui_print " > preparing environment" rm -rf ${TMPDIR} mkdir -p ${TMPDIR} unzip -o "${ZIP}" -d ${TMPDIR} || \ error "failed to prepare environment" for bin in zip.arm zip.x86 \ vdexExtractor.arm vdexExtractor.x86 \ vdexExtractor.arm64 vdexExtractor.x86_64; do chmod 0755 "${BASEDIR}/${bin}" || \ error "failed to prepare environment" done mkdir -p /data/adb/ } call_dalvikvm () { for jar in /system/framework/*.jar ; do BOOTCLASSES=${BOOTCLASSES}:${jar} done DALVIKVM_OPTS="-verbose:gc -verbose:jit -verbose:jni -verbose:class" if [ "${ROM_DEX_STATUS}" = "DEODEX" ]; then /system/bin/dalvikvm \ -Xbootclasspath:${BOOTCLASSES} \ ${DALVIKVM_OPTS} \ "${@}" else /system/bin/dalvikvm \ ${DALVIKVM_OPTS} \ "${@}" fi } patch_services () { ui_print " " ui_print " > patching signature spoofing support" ui_print " " cp /system/framework/services.jar \ ${BASEDIR}/services.jar || \ error "failed to copy services.jar" # # XXX vdex stuff # if [ "${ROM_DEX_STATUS}" = "VDEX" ]; then ui_print " >> deodexing services.jar [VDEX]" cp /system/framework/oat/${ARCH}/services.vdex \ ${BASEDIR}/services.vdex || \ error "failed to copy services.vdex" ${V_EX} -i ${BASEDIR}/services.vdex \ --ignore-crc-error --debug=4 || \ error "failed to deodex services.vdex" mv ${BASEDIR}/services.apk_classes.dex ${BASEDIR}/classes.dex || \ error "failed to deodex services.vdex" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/classes.dex" || \ error "zip failed" # # XXX odex stuff # elif [ "${ROM_DEX_STATUS}" = "ODEX" ]; then ui_print " >> deodexing services.jar [ODEX]" cp "/system/framework/oat/${ARCH}/services.odex" "${BASEDIR}" ui_print " [1] baksmali services.odex" call_dalvikvm \ -classpath "${BAKSMALI}" \ org.jf.baksmali.Main \ x "${BASEDIR}/services.odex" \ -b "/system/framework/${ARCH}/boot.oat" \ -d "/system/framework/${ARCH}" \ -d "/system/framework" \ -o "${BASEDIR}/services.jar-deodex" || \ error "failed to deodex services.jar" ui_print " [2] smali services.odex" call_dalvikvm \ -classpath "${SMALI}" \ org.jf.smali.Main \ a "${BASEDIR}/services.jar-deodex" \ -o "${BASEDIR}/services.jar-deodex/classes.dex" || \ error "failed to rebuild classes.dex" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/services.jar-deodex"/classes*.dex || \ error "zip failed" rm -rf "${BASEDIR}/services.jar-deodex" fi mkdir -p "${BASEDIR}/services.jar-mod" PATCHES="${PATCH_HOOK} ${PATCH_CORE} ${PATCH_UNLP}" ui_print " >> patching services.jar" call_dalvikvm \ -classpath "${BASEDIR}/dexpatcher.dex" \ lanchon.dexpatcher.Main \ ${DEX_OPTS} --api-level "${SDK_VERSION}" \ --verbose --debug --output ${BASEDIR}/services.jar-mod \ ${BASEDIR}/services.jar ${PATCHES} || \ error "failed to apply patches" ${ZIPB} -d "${BASEDIR}/services.jar" \ 'classes*.dex' || \ error "zip failed" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/services.jar-mod"/classes*.dex || \ error "zip failed" } backup_services_jar () { ui_print " << backing up services.jar to: /sdcard/nanodroid_backups" mkdir -p /sdcard/nanodroid_backups cp /system/framework/services.jar /sdcard/nanodroid_backups || \ error "failed to backup services.jar" } install_services () { ui_print " " for destination in /dev/tmp/magisk_img/NanoDroid /dev/tmp/magisk_img/NanoDroid_microG \ /sbin/.core/img/NanoDroid /sbin/.core/img/NanoDroid_microG /; do if [ -d ${destination} ]; then install_path="${destination}" break fi done if [ "${install_path}" = "/" ]; then mount -orw,remount /system || \ error "failed to mount /system read-write" backup_services_jar fi ui_print " << installing patched files to: ${install_path}" mkdir -p "${install_path}/system/framework" cp ${BASEDIR}/services.jar "${install_path}/system/framework" \ || error "failed to install services.jar" touch /data/adb/NanoDroid_Patched } ########################################################################################## # addon.d ########################################################################################## install_addond () { ui_print " " ui_print " Installing addon.d restoration setup" rm -rf ${PATCHER_ADDOND_DATA} mkdir -p ${PATCHER_ADDOND_DATA} [ -d /data/nanomod.patcher ] && rm -rf /data/nanomod.patcher [ -d /data/adb/nanomod_patcher ] && rm -rf /data/nanomod_patcher rm -f /system/addon.d/75-nanomodpatcher.sh \ /system/addon.d/75-nanodroidpatcher.sh \ /system/addon.d/999-nanodroidpatcher.sh for file in core_services.jar.dex unifiednlp_services.jar.dex dexpatcher.dex \ hook_4.1-6.0_services.jar.dex hook_7.0-9.0_services.jar.dex \ baksmali_25.dex smali_25.dex baksmali_26.dex smali_26.dex; do cp "${BASEDIR}/${file}" ${PATCHER_ADDOND_DATA}/ done cp /dev/tmp/CommonPatcher ${PATCHER_ADDOND_DATA}/ for file in ${ZIPB} ${V_EX} ${BUSY}; do cp ${file} ${PATCHER_ADDOND_DATA}/ chmod 0755 ${PATCHER_ADDOND_DATA}/$(basename "${file}") done mkdir -p /system/addon.d/ cp "${BASEDIR}/70-nanodroidpatcher.sh" /system/addon.d/ chmod 0755 /system/addon.d/70-nanodroidpatcher.sh }