forked from TeamWin/android_bootable_recovery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
amonet.cpp
169 lines (129 loc) · 4.19 KB
/
amonet.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#ifdef TW_AMONET
#include <string.h>
#include "amonet.h"
#include "microloader.h"
#include "twcommon.h"
#include "partitions.hpp"
int unpatch_part(const char* part_path) {
FILE *fp = NULL;
uint8_t boot_data[0x800];
int ret = -1;
const char *part_name = &part_path[1];
TWPartition* partition = PartitionManager.Find_Partition_By_Path(part_path);
const char* amonet_part = partition?partition->Actual_Block_Device.c_str():"";
gui_print_color("highlight", EXPLOIT_TAG "Remove %s patch...\n", part_name);
fp = fopen(amonet_part, "r+b");
if (!fp) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to open the %s device\n", part_name);
goto cleanup;
}
if (fread(boot_data, sizeof(boot_data), 1, fp) != 1) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to read data\n");
goto cleanup;
}
if (memcmp(boot_data + 0x400, "ANDROID!", 8) != 0) {
// Exploit not installed yet, but that's okay
gui_print_color("highlight", EXPLOIT_TAG "NOT_INSTALLED\n");
ret = 0;
goto cleanup;
}
// Assume exploit is installed. Uninstall it by copying the second 0x400 over the first 0x400
memcpy(boot_data, boot_data + 0x400, 0x400);
// and zero out the second 0x400
memset(boot_data + 0x400, 0, 0x400);
if (fseek(fp, 0, SEEK_SET) != 0) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to seek\n");
goto cleanup;
}
if (fwrite(boot_data, sizeof(boot_data), 1, fp) != 1) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to write data\n");
goto cleanup;
}
gui_print_color("highlight", EXPLOIT_TAG "OK\n");
ret = 0;
cleanup:
if (fp) {
fclose(fp);
fp = NULL;
}
return ret;
}
int patch_part(const char* part_path) {
FILE *fp = NULL;
uint8_t boot_data[0x800];
int ret = -1;
const char *part_name = &part_path[1];
TWPartition* partition = PartitionManager.Find_Partition_By_Path(part_path);
const char *amonet_part = partition?partition->Actual_Block_Device.c_str():"";
gui_print_color("highlight", EXPLOIT_TAG "Install %s patch... \n", part_name);
fp = fopen(amonet_part, "r+b");
if (!fp) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to open the %s device\n", part_name);
goto cleanup;
}
if (fread(boot_data, sizeof(boot_data), 1, fp) != 1) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to read data\n");
goto cleanup;
}
if (memcmp(boot_data + 0x400, "ANDROID!", 8) == 0) {
gui_print_color("highlight", EXPLOIT_TAG "ALREADY_INSTALLED\n"); // If the rom author injected the boot image herself
ret = 0;
goto cleanup;
}
// Copy first half to the second half, replace first half with the microloader
memcpy(boot_data + 0x400, boot_data, 0x400);
memcpy(boot_data, microloader_bin, 0x400);
if (fseek(fp, 0, SEEK_SET) != 0) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to seek\n");
goto cleanup;
}
if (fwrite(boot_data, sizeof(boot_data), 1, fp) != 1) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to write data\n");
goto cleanup;
}
gui_print_color("highlight", EXPLOIT_TAG "OK\n");
ret = 0;
cleanup:
if (fp) {
fclose(fp);
fp = NULL;
}
return ret;
}
int load_microloader() {
#ifdef TW_MICROLOADER
return 0;
#else
FILE *fp = NULL;
uint8_t boot_data[0x800];
int ret = -1;
static const char *part_path = "/recovery";
const char *part_name = &part_path[1];
TWPartition* partition = PartitionManager.Find_Partition_By_Path(part_path);
const char *amonet_part = partition?partition->Actual_Block_Device.c_str():"";
gui_print_color("highlight", EXPLOIT_TAG "Load microloader from %s... \n", part_name);
fp = fopen(amonet_part, "r+b");
if (!fp) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to open the %s device\n", part_name);
goto cleanup;
}
if (fread(boot_data, sizeof(boot_data), 1, fp) != 1) {
gui_print_color("highlight", EXPLOIT_TAG "Failed to read data\n");
goto cleanup;
}
if (memcmp(boot_data + 0x400, "ANDROID!", 8) != 0) {
gui_print_color("highlight", EXPLOIT_TAG "No microloader found in recovery\n");
ret = 0;
goto cleanup;
}
if(memcpy(microloader_bin, boot_data, 0x400))
ret = 0;
cleanup:
if (fp) {
fclose(fp);
fp = NULL;
}
return ret;
#endif
}
#endif