TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2024-11-25 02:55:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Obfuscate socket name to prevent detection

Browse Source 
Because why not
This commit is contained in:
topjohnwu 2018-02-11 03:40:09 +08:00
parent 7193374a7e
commit ebd509d92d
5 changed files with 134 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
native/jni/core/magiskinit.c
View File

@ -56,6 +56,8 @@
extern policydb_t *policydb; extern policydb_t *policydb;
int (*init_applet_main[]) (int, char *[]) = { magiskpolicy_main, magiskpolicy_main, NULL }; int (*init_applet_main[]) (int, char *[]) = { magiskpolicy_main, magiskpolicy_main, NULL };
static int keepverity = 0, keepencrypt = 0; static int keepverity = 0, keepencrypt = 0;
static char RAND_SOCKET_NAME[sizeof(SOCKET_NAME)];
static int SOCKET_OFF = -1;
struct cmdline { struct cmdline {
int skip_initramfs; int skip_initramfs;
@ -367,6 +369,23 @@ static int dump_magiskrc(const char *path, mode_t mode) {
return 0; return 0;
} }
static void patch_socket_name(const char *path) {
void *buf;
size_t size;
mmap_rw(path, &buf, &size);
if (SOCKET_OFF < 0) {
for (int i = 0; i < size; ++i) {
if (memcmp(buf + i, SOCKET_NAME, sizeof(SOCKET_NAME)) == 0) {
SOCKET_OFF = i;
break;
}
}
}
gen_rand_str(RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
memcpy(buf + SOCKET_OFF, RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
munmap(buf, size);
}
static void magisk_init_daemon() { static void magisk_init_daemon() {
setsid(); setsid();
@ -381,7 +400,8 @@ static void magisk_init_daemon() {
dup3(null, STDIN_FILENO, O_CLOEXEC); dup3(null, STDIN_FILENO, O_CLOEXEC);
dup3(null, STDOUT_FILENO, O_CLOEXEC); dup3(null, STDOUT_FILENO, O_CLOEXEC);
dup3(null, STDERR_FILENO, O_CLOEXEC); dup3(null, STDERR_FILENO, O_CLOEXEC);
close(null); if (null > STDERR_FILENO)
close(null);
// Transit our context to su (mimic setcon) // Transit our context to su (mimic setcon)
int fd, crap; int fd, crap;
@ -398,6 +418,7 @@ static void magisk_init_daemon() {
while (1) { while (1) {
struct sockaddr_un sun; struct sockaddr_un sun;
fd = setup_socket(&sun); fd = setup_socket(&sun);
memcpy(sun.sun_path + 1, RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
while (connect(fd, (struct sockaddr*) &sun, sizeof(sun))) while (connect(fd, (struct sockaddr*) &sun, sizeof(sun)))
usleep(10000); /* Wait 10 ms after each try */ usleep(10000); /* Wait 10 ms after each try */
@ -446,6 +467,7 @@ int main(int argc, char *argv[]) {
dump_magisk("/overlay/sbin/magisk", 0755); dump_magisk("/overlay/sbin/magisk", 0755);
mkdir("/overlay/root", 0755); mkdir("/overlay/root", 0755);
link("/init", "/overlay/root/magiskinit"); link("/init", "/overlay/root/magiskinit");
patch_socket_name("/overlay/sbin/magisk");
struct cmdline cmd; struct cmdline cmd;
parse_cmdline(&cmd); parse_cmdline(&cmd);
@ -535,6 +557,9 @@ int main(int argc, char *argv[]) {
} }
close(overlay); close(overlay);
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
if (fork_dont_care() == 0) { if (fork_dont_care() == 0) {
strcpy(argv[0], "magiskinit"); strcpy(argv[0], "magiskinit");

173
native/jni/core/socket.c
View File

@ -10,11 +10,12 @@
/* Setup the address and return socket fd */ /* Setup the address and return socket fd */
int setup_socket(struct sockaddr_un *sun) { int setup_socket(struct sockaddr_un *sun) {
int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0); int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
memset(sun, 0, sizeof(*sun)); memset(sun, 0, sizeof(*sun));
sun->sun_family = AF_LOCAL; sun->sun_family = AF_LOCAL;
memcpy(sun->sun_path, REQUESTOR_DAEMON_PATH, sizeof(REQUESTOR_DAEMON_PATH) - 1); sun->sun_path[0] = '\0';
return fd; memcpy(sun->sun_path + 1, SOCKET_NAME, sizeof(SOCKET_NAME));
return fd;
} }
@ -28,49 +29,49 @@ int setup_socket(struct sockaddr_un *sun) {
* On error the function terminates by calling exit(-1) * On error the function terminates by calling exit(-1)
*/ */
int recv_fd(int sockfd) { int recv_fd(int sockfd) {
// Need to receive data from the message, otherwise don't care about it. // Need to receive data from the message, otherwise don't care about it.
char iovbuf; char iovbuf;
struct iovec iov = { struct iovec iov = {
.iov_base = &iovbuf, .iov_base = &iovbuf,
.iov_len = 1, .iov_len = 1,
}; };
char cmsgbuf[CMSG_SPACE(sizeof(int))]; char cmsgbuf[CMSG_SPACE(sizeof(int))];
struct msghdr msg = { struct msghdr msg = {
.msg_iov = &iov, .msg_iov = &iov,
.msg_iovlen = 1, .msg_iovlen = 1,
.msg_control = cmsgbuf, .msg_control = cmsgbuf,
.msg_controllen = sizeof(cmsgbuf), .msg_controllen = sizeof(cmsgbuf),
}; };
xrecvmsg(sockfd, &msg, MSG_WAITALL); xrecvmsg(sockfd, &msg, MSG_WAITALL);
// Was a control message actually sent? // Was a control message actually sent?
switch (msg.msg_controllen) { switch (msg.msg_controllen) {
case 0: case 0:
// No, so the file descriptor was closed and won't be used. // No, so the file descriptor was closed and won't be used.
return -1; return -1;
case sizeof(cmsgbuf): case sizeof(cmsgbuf):
// Yes, grab the file descriptor from it. // Yes, grab the file descriptor from it.
break; break;
default: default:
goto error; goto error;
} }
struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
if (cmsg == NULL || if (cmsg == NULL ||
cmsg->cmsg_len != CMSG_LEN(sizeof(int)) || cmsg->cmsg_len != CMSG_LEN(sizeof(int)) ||
cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_level != SOL_SOCKET ||
cmsg->cmsg_type != SCM_RIGHTS) { cmsg->cmsg_type != SCM_RIGHTS) {
error: error:
LOGE("unable to read fd"); LOGE("unable to read fd");
exit(-1); exit(-1);
} }
return *(int *)CMSG_DATA(cmsg); return *(int *)CMSG_DATA(cmsg);
} }
/* /*
@ -83,70 +84,70 @@ error:
* but no control message with the FD is sent. * but no control message with the FD is sent.
*/ */
void send_fd(int sockfd, int fd) { void send_fd(int sockfd, int fd) {
// Need to send some data in the message, this will do. // Need to send some data in the message, this will do.
struct iovec iov = { struct iovec iov = {
.iov_base = "", .iov_base = "",
.iov_len = 1, .iov_len = 1,
}; };
struct msghdr msg = { struct msghdr msg = {
.msg_iov = &iov, .msg_iov = &iov,
.msg_iovlen = 1, .msg_iovlen = 1,
}; };
char cmsgbuf[CMSG_SPACE(sizeof(int))]; char cmsgbuf[CMSG_SPACE(sizeof(int))];
if (fd != -1) { if (fd != -1) {
// Is the file descriptor actually open? // Is the file descriptor actually open?
if (fcntl(fd, F_GETFD) == -1) { if (fcntl(fd, F_GETFD) == -1) {
if (errno != EBADF) { if (errno != EBADF) {
PLOGE("unable to send fd"); PLOGE("unable to send fd");
} }
// It's closed, don't send a control message or sendmsg will EBADF. // It's closed, don't send a control message or sendmsg will EBADF.
} else { } else {
// It's open, send the file descriptor in a control message. // It's open, send the file descriptor in a control message.
msg.msg_control = cmsgbuf; msg.msg_control = cmsgbuf;
msg.msg_controllen = sizeof(cmsgbuf); msg.msg_controllen = sizeof(cmsgbuf);
struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_len = CMSG_LEN(sizeof(int)); cmsg->cmsg_len = CMSG_LEN(sizeof(int));
cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS; cmsg->cmsg_type = SCM_RIGHTS;
*(int *)CMSG_DATA(cmsg) = fd; *(int *)CMSG_DATA(cmsg) = fd;
} }
} }
xsendmsg(sockfd, &msg, 0); xsendmsg(sockfd, &msg, 0);
} }
int read_int(int fd) { int read_int(int fd) {
int val; int val;
xxread(fd, &val, sizeof(int)); xxread(fd, &val, sizeof(int));
return val; return val;
} }
void write_int(int fd, int val) { void write_int(int fd, int val) {
if (fd < 0) return; if (fd < 0) return;
xwrite(fd, &val, sizeof(int)); xwrite(fd, &val, sizeof(int));
} }
char* read_string(int fd) { char* read_string(int fd) {
int len = read_int(fd); int len = read_int(fd);
if (len > PATH_MAX || len < 0) { if (len > PATH_MAX || len < 0) {
LOGE("invalid string length %d", len); LOGE("invalid string length %d", len);
exit(1); exit(1);
} }
char* val = xmalloc(sizeof(char) * (len + 1)); char* val = xmalloc(sizeof(char) * (len + 1));
xxread(fd, val, len); xxread(fd, val, len);
val[len] = '\0'; val[len] = '\0';
return val; return val;
} }
void write_string(int fd, const char* val) { void write_string(int fd, const char* val) {
if (fd < 0) return; if (fd < 0) return;
int len = strlen(val); int len = strlen(val);
write_int(fd, len); write_int(fd, len);
xwrite(fd, val, len); xwrite(fd, val, len);
} }

2
native/jni/include/magisk.h
View File

@ -7,7 +7,7 @@
#include "logging.h" #include "logging.h"
#define MAGISK_VER_STR xstr(MAGISK_VERSION) ":MAGISK" #define MAGISK_VER_STR xstr(MAGISK_VERSION) ":MAGISK"
#define REQUESTOR_DAEMON_PATH "\0MAGISK" #define SOCKET_NAME "d30138f2310a9fb9c54a3e0c21f58591"
#ifndef ARG_MAX #ifndef ARG_MAX
#define ARG_MAX 4096 #define ARG_MAX 4096

1
native/jni/include/utils.h
View File

@ -90,6 +90,7 @@ void get_client_cred(int fd, struct ucred *cred);
int switch_mnt_ns(int pid); int switch_mnt_ns(int pid);
int fork_dont_care(); int fork_dont_care();
void wait_till_exists(const char *target); void wait_till_exists(const char *target);
void gen_rand_str(char *buf, int len);
// file.c // file.c

19
native/jni/utils/misc.c
View File

@ -17,6 +17,7 @@
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/inotify.h> #include <sys/inotify.h>
#include <sys/sysmacros.h>
#include "logging.h" #include "logging.h"
#include "utils.h" #include "utils.h"
@ -341,3 +342,21 @@ void wait_till_exists(const char *target) {
} }
close(fd); close(fd);
} }
void gen_rand_str(char *buf, int len) {
const char base[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.";
int urandom;
if (access("/dev/urandom", R_OK) == 0) {
urandom = xopen("/dev/urandom", O_RDONLY | O_CLOEXEC);
} else {
mknod("/urandom", S_IFCHR | 0666, makedev(1, 9));
urandom = xopen("/urandom", O_RDONLY | O_CLOEXEC);
unlink("/urandom");
}
xxread(urandom, buf, len - 1);
close(urandom);
for (int i = 0; i < len - 1; ++i) {
buf[i] = base[buf[i] % (sizeof(base) - 1)];
}
buf[len - 1] = '\0';
}