#!/sbin/sh ########################################################################################## # # NanoDroid Patcher survival script # by Nanolx # ########################################################################################## ########################################################################################## # Generic Functions ########################################################################################## setup_environment () { TMPDIR=/dev/tmp/install export ANDROID_DATA=${TMPDIR} export PATCHER_ADDOND_DATA=/data/adb/nanodroid_patcher if [ -f /data/adb/magisk/util_functions.sh ]; then NVBASE=/data/adb elif [ -f /data/magisk/util_functions.sh ]; then NVBASE=/data fi MAGISK_IMG=${NVBASE}/magisk.img MAGISK_PATH=/dev/tmp/magisk_img } ui_print() { echo -n -e "ui_print $1\n" >> /proc/self/fd/$OUTFD echo -n -e "ui_print\n" >> /proc/self/fd/$OUTFD } is_mounted () { if [ ! -z "$2" ]; then cat /proc/mounts | grep $1 | grep $2, >/dev/null else cat /proc/mounts | grep $1 >/dev/null fi return $? } mount_image() { if [ ! -d "$2" ]; then mount -o rw,remount rootfs / mkdir -p "$2" 2>/dev/null [ ! -d "$2" ] && return 1 fi if ! is_mounted "$2"; then LOOPDEVICE= for LOOP in 0 1 2 3 4 5 6 7; do if ! is_mounted "$2"; then LOOPDEVICE=/dev/block/loop$LOOP [ -e $LOOPDEVICE ] || mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null losetup $LOOPDEVICE "$1" && mount -t ext4 -o loop $LOOPDEVICE "$2" if is_mounted "$2"; then break; fi fi done fi } # taken from Magisk, with minor modifications for NanoDroid mount_partitions () { SLOT=$(grep_cmdline androidboot.slot_suffix) if [ -z ${SLOT} ]; then SLOT=_$(grep_cmdline androidboot.slot) [ "${SLOT}" = "_" ] && SLOT= fi is_mounted /data || mount /data || error "failed to mount /data!" ${BOOTMODE} || mount -o bind /dev/urandom /dev/random ! is_mounted /system && mount -o rw /system || mount -o rw,remount /system if [ ! -f /system/build.prop ]; then SYSTEMBLOCK=$(find /dev/block -iname system${SLOT} | head -n 1) mount -o rw ${SYSTEMBLOCK} /system fi [ -f /system/build.prop ] || is_mounted /system || error "failed to mount /system (unsupported A/B device?)" if [ -f /system/init.rc ]; then mkdir /system_root 2>/dev/null mount --move /system /system_root mount -o bind /system_root/system /system fi [ ! -f /system/build.prop ] && error "failed to mount /system (unsupported A/B device?)" if [ -L /system/vendor ]; then ! is_mounted /vendor && mount /vendor if ! is_mounted /vendor; then VENDORBLOCK=$(find /dev/block -iname vendor${SLOT} | head -n 1) mount -o ro ${VENDORBLOCK} /vendor fi elif [ -d /system/vendor ]; then ### XXX work-around required for some ROMs echo " xxx compat /vendor link created!" ln -sf /system/vendor /vendor >/dev/null fi mount | awk '{print $1 " on " $3}' } error () { ui_print " " ui_print " !! ${@}" ui_print " " magisk_cleanup exit 1 } set_perm () { chown ${2}:${3} ${1} || error "failed change owner for ${1}" chmod ${4} ${1} || error "failed to change mode for ${1}" if [ ! -z "${5}" ]; then chcon ${5} ${1} 2>/dev/null else chcon 'u:object_r:system_file:s0' ${1} 2>/dev/null fi } set_perm_recursive() { find ${1} -type d 2>/dev/null | while read dir; do set_perm ${dir} ${2} ${3} ${4} ${6} done find ${1} -type f 2>/dev/null | while read file; do set_perm ${file} ${2} ${3} ${5} ${6} done } set_perm_data () { if [ "${1}" = "-r" ]; then echo " perm: data [recursive] {${2}}" set_perm_recursive ${2} 0 0 0755 0644 else echo " perm: data [single] {${1}}" set_perm ${1} 0 0 0644 fi } ########################################################################################## # Device Functions ########################################################################################## detect_outfd () { if [ -z $OUTFD ] || readlink /proc/$$/fd/$OUTFD | grep -q /tmp; then # We will have to manually find out OUTFD for FD in `ls /proc/$$/fd`; do if readlink /proc/$$/fd/$FD | grep -q pipe; then if ps | grep -v grep | grep -q " 3 $FD "; then OUTFD=$FD break fi fi done fi } detect_bootmode () { [ -z ${BOOTMODE} ] && BOOTMODE=false ${BOOTMODE} || ps | grep zygote | grep -qv grep && BOOTMODE=true ${BOOTMODE} || ps -A | grep zygote | grep -qv grep && BOOTMODE=true } grep_prop() { [ -f /vendor/build.prop ] && \ FILES="/system/build.prop /vendor/build.prop" || \ FILES="/system/build.prop" sed -n "s/^${1}=//p" ${FILES} | head -n 1 } grep_cmdline() { local REGEX="s/^${1}=//p" sed -E 's/ +/\n/g' /proc/cmdline | \ sed -n "${REGEX}" 2>/dev/null } detect_odex () { SERVICES_JAR_DEX=$(unzip -lq /system/framework/services.jar | grep classes.dex) if [ -n "$(find '/system/framework/' -name 'services.vdex')" ]; then ROM_DEX_STATUS=VDEX elif [ -n "$(find '/system/framework/' -name 'services.odex')" ]; then ROM_DEX_STATUS=ODEX else ROM_DEX_STATUS=UNKOWN fi [ "${SERVICES_JAR_DEX}" ] && ROM_DEX_STATUS=DEODEX ui_print " " ui_print " ++" ui_print " ++ services.jar status: ${ROM_DEX_STATUS}" ui_print " ++" [ "${SDK_VERSION}" -gt 27 -a "${ROM_DEX_STATUS}" != "DEODEX" ] && \ error "Pie is only supported on de-odexed ROMs currently" } detect_arch () { ABI=$(grep_prop ro.product.cpu.abi | cut -c-3) ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3) ABILONG=$(grep_prop ro.product.cpu.abi) ARCH=arm [ "$ABI" = "x86" ] && ARCH=x86 [ "$ABI2" = "x86" ] && ARCH=x86 [ "$ABILONG" = "arm64-v8a" ] && ARCH=arm64 [ "$ABILONG" = "x86_64" ] && ARCH=x86_64 case ${ARCH} in arm | arm64 ) ZIPB=${BASEDIR}/zip.arm FILE=${BASEDIR}/file.arm if [ -f ${TMPDIR}/busybox.arm ]; then BUSY=${TMPDIR}/busybox.arm else BUSY=${BASEDIR}/busybox.arm fi ;; x86 | x86_64 ) ZIPB=${BASEDIR}/zip.x86 FILE=${BASEDIR}/file.x86 if [ -f ${TMPDIR}/busybox.x86 ]; then BUSY=${TMPDIR}/busybox.x86 else BUSY=${BASEDIR}/busybox.x86 fi ;; esac DALVIKVM_BIN=$(ls -l /system/bin/dalvikvm | awk '{print $NF}') DALVIKVM_ARCH=$("${FILE}" -m "${BASEDIR}/magic.mgc" -L /system/bin/dalvikvm) case ${DALVIKVM_BIN} in dalvikvm32 ) export LD_LIBRARY_PATH="/system/lib:/vendor/lib:/system/vendor/lib" ;; dalvikvm64 ) export LD_LIBRARY_PATH="/system/lib64:/vendor/lib64:/system/vendor/lib64" ;; dalvikvm ) case ${DALVIKVM_ARCH} in *32-bit* ) export LD_LIBRARY_PATH="/system/lib:/vendor/lib:/system/vendor/lib" ;; *64-bit* ) export LD_LIBRARY_PATH="/system/lib64:/vendor/lib64:/system/vendor/lib64" ;; esac ;; esac V_EX=${BASEDIR}/vdexExtractor.${ARCH} chmod 0755 ${BUSY} rm -rf ${BASEDIR}/busybox mkdir -p ${BASEDIR}/busybox ln -sf ${BUSY} ${BASEDIR}/busybox/busybox ${BUSY} --install -s ${BASEDIR}/busybox/ export PATH="${BASEDIR}/busybox:/system/bin:/system/xbin" ui_print " > device architecture: ${ARCH}" } detect_sdk () { SDK_VERSION=$(grep_prop ro.build.version.sdk) [ "${SDK_VERSION}" -gt 28 ] && \ error "Android versions beyond Pie are not yet supported" [ "${SDK_VERSION}" -lt 16 ] && \ error "Android versions before Jelly Bean are not supported" if [ "${SDK_VERSION}" -gt 25 ]; then BAKSMALI="${BASEDIR}/baksmali_26.dex" SMALI="${BASEDIR}/smali_26.dex" elif [ "${SDK_VERSION}" -gt 23 ]; then BAKSMALI="${BASEDIR}/baksmali_25.dex" SMALI="${BASEDIR}/smali_25.dex" else BAKSMALI="${BASEDIR}/baksmali_23.dex" SMALI="${BASEDIR}/smali_23.dex" fi PATCH_CORE="${BASEDIR}/core_services.jar.dex" if [ "${SDK_VERSION}" -lt 24 ]; then ui_print " > Android 4.1 - 6.0 (SDK ${SDK_VERSION}) detected" PATCH_HOOK="${BASEDIR}/hook_4.1-6.0_services.jar.dex" else ui_print " > Android 7.0 - 9.0 (SDK ${SDK_VERSION}) detected" PATCH_HOOK="${BASEDIR}/hook_7.0-9.0_services.jar.dex" fi [ "${SDK_VERSION}" -gt 21 ] && DEX_OPTS="--multi-dex-threaded" } ########################################################################################## # by @ale5000 ########################################################################################## search_fake_package_signature () { PERMISSION=android.permission.FAKE_PACKAGE_SIGNATURE PERMISSION_OD=$(echo -n "${PERMISSION}" | od -A n -t x1 | tr -d '\n' | sed -e 's/^ //g;s/ /00/g') HAS_FAKESIGN=false FW_RES_DIR="${TMPDIR}/framework-res" if [ ! -f ${FW_RES_DIR}/AndroidManifest.xml ]; then mkdir -p "${FW_RES_DIR}" unzip -o /system/framework/framework-res.apk -d "${FW_RES_DIR}" 2>/dev/null fi grep -qF "${PERMISSION}" "${FW_RES_DIR}/AndroidManifest.xml" && HAS_FAKESIGN=true od -A n -t x1 "${FW_RES_DIR}/AndroidManifest.xml" | tr -d ' \n' | grep -qF "${PERMISSION_OD}" && HAS_FAKESIGN=true ${HAS_FAKESIGN} && return 0 || return 1 } ########################################################################################## # Magisk Functions ########################################################################################## grow_magisk_img () { request_size_check /tmp/services.jar image_size_check ${MAGISK_IMG} if [ "$reqSizeM" -gt "$curFreeM" ]; then SIZE=$(((reqSizeM + curUsedM) / 32 * 32 + 64)) resize2fs -f ${MAGISK_IMG} ${SIZE}M e2fsck -yf ${MAGISK_IMG} fi } shrink_magisk_img () { image_size_check ${MAGISK_IMG} NEWDATASIZE=$((curUsedM / 32 * 32 + 32)) if [ "$curSizeM" -gt "$NEWDATASIZE" ]; then resize2fs -f ${MAGISK_IMG} ${NEWDATASIZE}M e2fsck -yf ${MAGISK_IMG} fi } request_size_check() { reqSizeM=`unzip -l "$1" 2>/dev/null | tail -n 1 | awk '{ print $1 }'` reqSizeM=$((reqSizeM / 1048576 + 1)) } image_size_check() { e2fsck -yf $1 curBlocks=`e2fsck -n $1 2>/dev/null | grep $1 | cut -d, -f3 | cut -d\ -f2`; curUsedM=`echo "$curBlocks" | cut -d/ -f1` curSizeM=`echo "$curBlocks" | cut -d/ -f1` curFreeM=$(((curSizeM - curUsedM) * 4 / 1024)) curUsedM=$((curUsedM * 4 / 1024 + 1)) curSizeM=$((curSizeM * 4 / 1024)) } magisk_setup () { if [ -f ${MAGISK_IMG} ]; then grow_magisk_img || \ error "failed to grow magisk.img" mount_image ${MAGISK_IMG} ${MAGISK_PATH} || \ error "failed to mount ${MAGISK_PATH}" fi } magisk_cleanup () { if (is_mounted ${MAGISK_PATH}); then umount ${MAGISK_PATH} losetup -d $LOOPDEVICE rmdir ${MAGISK_PATH} shrink_magisk_img || \ error "failed to shrink magisk.img" fi } ########################################################################################## # Patcher Functions ########################################################################################## setup_patcher () { ui_print " > preparing environment" rm -rf ${TMPDIR} mkdir -p ${TMPDIR} unzip -o "${ZIP}" -d ${TMPDIR} 2>/dev/null || \ error "failed to prepare environment" for bin in zip.arm zip.x86 \ vdexExtractor.arm vdexExtractor.x86 \ vdexExtractor.arm64 vdexExtractor.x86_64 \ file.arm file.x86; do chmod 0755 "${BASEDIR}/${bin}" || \ error "failed to prepare environment" done mkdir -p /data/adb/ } call_dalvikvm () { for jar in /system/framework/*.jar ; do BOOTCLASSES=${BOOTCLASSES}:${jar} done DALVIKVM_OPTS="-verbose:gc -verbose:jit -verbose:jni \ -verbose:class -Xnodex2oat -Xnoimage-dex2oat" if [ "${ROM_DEX_STATUS}" = "DEODEX" ]; then /system/bin/dalvikvm \ -Xbootclasspath:${BOOTCLASSES} \ ${DALVIKVM_OPTS} \ "${@}" else /system/bin/dalvikvm \ ${DALVIKVM_OPTS} \ "${@}" fi } deodex_vdex () { ui_print " >> deodexing services.jar [VDEX]" cp /system/framework/oat/${ARCH}/services.vdex \ ${BASEDIR}/services.vdex || \ error "failed to copy services.vdex" ${V_EX} -i ${BASEDIR}/services.vdex \ --ignore-crc-error --debug=4 || \ error "failed to deodex services.vdex" mv ${BASEDIR}/services.apk_classes.dex ${BASEDIR}/classes.dex || \ error "failed to deodex services.vdex" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/classes.dex" || \ error "zip failed" } deodex_odex () { ui_print " >> deodexing services.jar [ODEX]" cp "/system/framework/oat/${ARCH}/services.odex" "${BASEDIR}" # baksmali/smali options switches (version dependent) MAIN=Main DEODEX="x" ASSEMBLE="a" BOOTCLASSPATH="-b" CLASSPATHDIR="-d" if [ "${SDK_VERSION}" -lt 24 ]; then MAIN=main DEODEX="-x" ASSEMBLE= BOOTCLASSPATH="-c" fi ui_print " [1] baksmali services.odex" call_dalvikvm \ -classpath "${BAKSMALI}" \ org.jf.baksmali.${MAIN} \ ${DEODEX} \ ${BOOTCLASSPATH} "/system/framework/${ARCH}/boot.oat" \ ${CLASSPATHDIR} "/system/framework/${ARCH}" \ ${CLASSPATHDIR} "/system/framework" \ -o "${BASEDIR}/services.jar-deodex" \ "${BASEDIR}/services.odex" || \ error "failed to deodex services.jar" ui_print " [2] smali services.odex" call_dalvikvm \ -classpath "${SMALI}" \ org.jf.smali.${MAIN} \ ${ASSEMBLE} \ -o "${BASEDIR}/services.jar-deodex/classes.dex" \ "${BASEDIR}/services.jar-deodex" || \ error "failed to rebuild classes.dex" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/services.jar-deodex"/classes*.dex || \ error "zip failed" rm -rf "${BASEDIR}/services.jar-deodex" } patch_services () { ui_print " " ui_print " > patching signature spoofing support" ui_print " " cp /system/framework/services.jar \ ${BASEDIR}/services.jar || \ error "failed to copy services.jar" if [ "${ROM_DEX_STATUS}" = "VDEX" ]; then deodex_vdex elif [ "${ROM_DEX_STATUS}" = "ODEX" ]; then deodex_odex fi mkdir -p "${BASEDIR}/services.jar-mod" PATCHES="${PATCH_HOOK} ${PATCH_CORE}" ui_print " >> patching services.jar" call_dalvikvm \ -classpath "${BASEDIR}/dexpatcher.dex" \ lanchon.dexpatcher.Main \ ${DEX_OPTS} --api-level "${SDK_VERSION}" \ --verbose --debug --output ${BASEDIR}/services.jar-mod \ ${BASEDIR}/services.jar ${PATCHES} || \ error "failed to apply patches" ${ZIPB} -d "${BASEDIR}/services.jar" \ 'classes*.dex' || \ error "zip failed" ${ZIPB} -j "${BASEDIR}/services.jar" \ "${BASEDIR}/services.jar-mod"/classes*.dex || \ error "zip failed" } backup_services_jar () { ui_print " << backing up services.jar to: /sdcard/nanodroid_backups" services_name="services.jar_$(grep_prop ro.build.flavor)_$(grep_prop ro.build.id)" mkdir -p /sdcard/nanodroid_backups cp /system/framework/services.jar "/sdcard/nanodroid_backups/${services_name}" || \ error "failed to backup services.jar" } install_services () { ui_print " " for destination in /data/adb/modules/NanoDroid /data/adb/modules/NanoDroid_microG \ /dev/tmp/magisk_img/NanoDroid /dev/tmp/magisk_img/NanoDroid_microG \ /sbin/.magisk/img/NanoDroid /sbin/.magisk/img/NanoDroid_microG /; do if [ -d ${destination} ]; then install_path="${destination}" break fi done if [ "${install_path}" = "/" ]; then mount -orw,remount /system || \ error "failed to mount /system read-write" backup_services_jar fi ui_print " << installing patched files to: ${install_path}" mkdir -p "${install_path}/system/framework" cp ${BASEDIR}/services.jar "${install_path}/system/framework/" \ || error "failed to install services.jar" set_perm_data "${install_path}/system/framework/services.jar" cp "${BASEDIR}/org.spoofing.apk" "${install_path}/system/framework/" set_perm_data "${install_path}/system/framework/org.spoofing.apk" touch /data/adb/NanoDroid_Patched } ########################################################################################## # addon.d ########################################################################################## install_addond () { ui_print " " ui_print " Installing addon.d restoration setup" rm -rf ${PATCHER_ADDOND_DATA} mkdir -p ${PATCHER_ADDOND_DATA} [ -d /data/nanomod.patcher ] && rm -rf /data/nanomod.patcher [ -d /data/adb/nanomod_patcher ] && rm -rf /data/nanomod_patcher rm -f /system/addon.d/75-nanomodpatcher.sh \ /system/addon.d/75-nanodroidpatcher.sh \ /system/addon.d/999-nanodroidpatcher.sh for file in core_services.jar.dex dexpatcher.dex \ hook_4.1-6.0_services.jar.dex hook_7.0-9.0_services.jar.dex \ baksmali_23.dex baksmali_25.dex baksmali_26.dex \ smali_23.dex smali_25.dex smali_26.dex \ magic.mgc org.spoofing.apk; do cp "${BASEDIR}/${file}" ${PATCHER_ADDOND_DATA}/ done cp /dev/tmp/CommonPatcher ${PATCHER_ADDOND_DATA}/ for file in ${ZIPB} ${V_EX} ${BUSY} ${FILE}; do cp ${file} ${PATCHER_ADDOND_DATA}/ chmod 0755 ${PATCHER_ADDOND_DATA}/$(basename "${file}") done mkdir -p /system/addon.d/ cp "${BASEDIR}/70-nanodroidpatcher.sh" /system/addon.d/ chmod 0755 /system/addon.d/70-nanodroidpatcher.sh }