Skip to content

Commit

Permalink
- Fixed various bugs with "Auto injector"
Browse files Browse the repository at this point in the history 
- Fixed memory leaks during "phone-switch" connection
  • Loading branch information
Pavel Rekun committed Jul 26, 2018
1 parent d5ead17 commit 15cfbba
Show file tree
Hide file tree
Showing 16 changed files with 118 additions and 75 deletions.
11 changes: 11 additions & 0 deletions app/proguard-rules.pro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,14 @@
# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile

-keepattributes *Annotation*
-keepclassmembers class * {
@org.greenrobot.eventbus.Subscribe <methods>;
}
-keep enum org.greenrobot.eventbus.ThreadMode { *; }

# Only required if you use AsyncExecutor
-keepclassmembers class * extends org.greenrobot.eventbus.util.ThrowableFailureEvent {
<init>(java.lang.Throwable);
}
1 change: 0 additions & 1 deletion app/src/main/AndroidManifest.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@
android:exported="false"
android:label="@string/app_name"
android:noHistory="true"
android:process=":UsbEventReceiverActivityProcess"
android:taskAffinity="com.example.taskAffinityUsbEventReceiver"
android:theme="@style/RekadoInvisibleTheme">
<intent-filter>
Expand Down
3 changes: 2 additions & 1 deletion app/src/main/java/com/pavelrekun/rekado/screens/logs_fragment/adapters/LogsAdapter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import com.pavelrekun.rekado.R
import com.pavelrekun.rekado.RekadoApplication
import com.pavelrekun.rekado.data.Log
import com.pavelrekun.rekado.services.logs.LogHelper
import com.pavelrekun.rekado.services.logs.LogHelper.ERROR
import kotlinx.android.extensions.LayoutContainer
import kotlinx.android.synthetic.main.item_log.*

Expand Down Expand Up @@ -36,7 +37,7 @@ class LogsAdapter(var data: MutableList<Log>) : RecyclerView.Adapter<LogsAdapter
fun bind(log: Log) {
itemLogName.text = log.message

itemLogType.setBackgroundColor(if(log.type == 0) ContextCompat.getColor(RekadoApplication.instance.applicationContext, R.color.colorRed)
itemLogType.setBackgroundColor(if(log.type == ERROR) ContextCompat.getColor(RekadoApplication.instance.applicationContext, R.color.colorRed)
else ContextCompat.getColor(RekadoApplication.instance.applicationContext, R.color.colorGreen))
}

Expand Down
2 changes: 1 addition & 1 deletion app/src/main/java/com/pavelrekun/rekado/screens/payload_fragment/PayloadsFragment.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ class PayloadsFragment : Fragment() {
mvpView.onRequestPermissionsResult(requestCode, permissions, grantResults)
}

@Subscribe(threadMode = ThreadMode.MAIN, sticky = true)
@Subscribe(threadMode = ThreadMode.MAIN)
fun onEvent(event: Events.UpdateListEvent) {
mvpView.updateList()
}
Expand Down
6 changes: 3 additions & 3 deletions app/src/main/java/com/pavelrekun/rekado/screens/payload_fragment/PayloadsView.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,11 @@ class PayloadsView(private val activity: BaseActivity, private val fragment: Fra
try {
MemoryUtils.toFile(pathFile, (PayloadHelper.FOLDER_PATH + "/" + payload.name))

EventBus.getDefault().postSticky(Events.UpdateListEvent())
LogHelper.log(1, "Added new payload: ${payload.name}")
EventBus.getDefault().post(Events.UpdateListEvent())
LogHelper.log(LogHelper.INFO, "Added new payload: ${payload.name}")
} catch (e: IOException) {
e.printStackTrace()
LogHelper.log(0, "Failed to add payload: ${payload.name}")
LogHelper.log(LogHelper.ERROR, "Failed to add payload: ${payload.name}")
}
}
}
4 changes: 2 additions & 2 deletions app/src/main/java/com/pavelrekun/rekado/screens/payload_fragment/adapters/PayloadsAdapter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ class PayloadsAdapter(var data: MutableList<Payload>) : RecyclerView.Adapter<Pay

itemPayloadRemove.setOnClickListener {
MemoryUtils.removeFile(payload.path)
EventBus.getDefault().postSticky(Events.UpdateListEvent())
LogHelper.log(1, "Payload ${payload.name} deleted!")
EventBus.getDefault().post(Events.UpdateListEvent())
LogHelper.log(LogHelper.INFO, "Payload ${payload.name} deleted!")
}
}

Expand Down
6 changes: 3 additions & 3 deletions app/src/main/java/com/pavelrekun/rekado/screens/settings_activity/SettingsFragment.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@ class SettingsFragment : PreferenceFragmentCompat() {
autoInjectorPayload.isEnabled = newValue as Boolean

if (newValue) {
LogHelper.log(1, "\"Auto injector\" enabled!")
LogHelper.log(LogHelper.INFO, "\"Auto injector\" enabled!")
autoInjectorEnable.setTitle(R.string.settings_auto_injector_status_title_enabled)
} else {
LogHelper.log(1, "\"Auto injector\" disabled!")
LogHelper.log(LogHelper.INFO, "\"Auto injector\" disabled!")
autoInjectorEnable.setTitle(R.string.settings_auto_injector_status_title_disabled)
}

Expand All @@ -60,7 +60,7 @@ class SettingsFragment : PreferenceFragmentCompat() {
PayloadHelper.clearFolder()
dialog.dismiss()

LogHelper.log(1, "Payloads database cleaned!")
LogHelper.log(LogHelper.INFO, "Payloads database cleaned!")
}
true
}
Expand Down
21 changes: 13 additions & 8 deletions app/src/main/java/com/pavelrekun/rekado/services/dialogs/Dialogs.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import org.greenrobot.eventbus.EventBus

object Dialogs {

fun showInjectorSelectorDialog(activity: BaseActivity) {
fun showInjectorSelectorDialog(activity: BaseActivity): AlertDialog {
val builder = AlertDialog.Builder(activity)
val view = LayoutInflater.from(activity).inflate(R.layout.dialog_injector_selector, null)
builder.setView(view)
Expand All @@ -28,23 +28,23 @@ object Dialogs {
dialog.show()

dialog.setOnDismissListener {
EventBus.getDefault().postSticky(Events.InjectorMethodNotSelected())
dialog.hide()
EventBus.getDefault().post(Events.InjectorMethodNotSelected())
}

bootPayload.setOnClickListener {
EventBus.getDefault().postSticky(Events.InjectorMethodPayloadSelected())
EventBus.getDefault().post(Events.InjectorMethodPayloadSelected())
dialog.hide()
}

bootLakka.setOnClickListener {
LogHelper.log(1, "Boot Lakka selected!")
EventBus.getDefault().postSticky(Events.InjectorMethodLakkaSelected())
EventBus.getDefault().post(Events.InjectorMethodLakkaSelected())
dialog.hide()
}

return dialog
}

fun showPayloadsDialog(activity: BaseActivity) {
fun showPayloadsDialog(activity: BaseActivity): MaterialDialog {

val dialog = MaterialDialog.Builder(activity)
.title(R.string.dialog_loader_title)
Expand All @@ -54,14 +54,19 @@ object Dialogs {
.items(PayloadHelper.getNames())
.itemsCallback { dialog, _, _, name ->
PayloadHelper.putChosen(PayloadHelper.find(name.toString()) as Payload)
EventBus.getDefault().post(Events.PayloadSelected())
dialog.hide()
}

.dismissListener {
EventBus.getDefault().postSticky(Events.PayloadNotSelected())
EventBus.getDefault().post(Events.PayloadNotSelected())
}

.build()

dialog.show()

return dialog
}

fun showPayloadsResetDialog(activity: BaseActivity): AlertDialog {
Expand Down
28 changes: 14 additions & 14 deletions app/src/main/java/com/pavelrekun/rekado/services/lakka/LakkaLoader.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import android.content.Context
import android.hardware.usb.*
import com.pavelrekun.rekado.RekadoApplication
import com.pavelrekun.rekado.services.logs.LogHelper
import com.pavelrekun.rekado.services.logs.LogHelper.ERROR
import com.pavelrekun.rekado.services.logs.LogHelper.INFO
import com.pavelrekun.rekado.services.usb.USBHandler
import com.pavelrekun.rekado.services.utils.BinaryUtils
import com.pavelrekun.rekado.services.utils.Utils
Expand Down Expand Up @@ -73,12 +75,12 @@ class LakkaLoader : USBHandler {
try {
sanityCheck(SOURCE_BASE, DESTINATION_BASE)
} catch (e: RuntimeException) {
LogHelper.log(1, "Adding more data!")
LogHelper.log(INFO, "Adding more data!")
val data = ByteArray(xferLength)
write(data, 0, data.size)
}

LogHelper.log(1, "Triggering Lakka!")
LogHelper.log(INFO, "Triggering Lakka!")

nativeControlReadUnbounded(usbConnection.fileDescriptor, OVERRIDE_LENGTH)

Expand All @@ -91,12 +93,10 @@ class LakkaLoader : USBHandler {
}

val cmd = String(tempBuffer, 0, length).trim()
LogHelper.log(1, "In $cmd")
LogHelper.log(INFO, "Entering $cmd")

if (cmd == "CBFS") {
cbfs()
LogHelper.log(1, "Exploit triggering finished!")
releaseInterface()
break
}

Expand All @@ -107,7 +107,7 @@ class LakkaLoader : USBHandler {
usbConnection.claimInterface(usbInterface, true)
}

private fun releaseInterface() {
override fun releaseDevice() {
usbConnection.releaseInterface(usbInterface)
}

Expand All @@ -120,7 +120,7 @@ class LakkaLoader : USBHandler {
private fun write(data: ByteArray, offset: Int, length: Int) {
val ret = usbConnection.bulkTransfer(endEndpoint, data, offset, length, 0)
if (ret < length) {
LogHelper.log(0, "Write failed (ret = $ret, expected = $length)!")
LogHelper.log(ERROR, "Write failed (ret = $ret, expected = $length)!")
}
}

Expand All @@ -129,9 +129,9 @@ class LakkaLoader : USBHandler {
val length = usbConnection.bulkTransfer(startEndpoint, data, data.size, 20)

if (length >= 0) {
LogHelper.log(1, "Device ID: ${Utils.bytesToHex(data)}")
LogHelper.log(INFO, "Device ID: ${Utils.bytesToHex(data)}")
} else {
LogHelper.log(0, "Device ID not found!")
LogHelper.log(ERROR, "Failed to get Device ID!")
}
}

Expand All @@ -140,7 +140,7 @@ class LakkaLoader : USBHandler {
val length = usbConnection.controlTransfer(0x82, 0, 0, 0, buffer, buffer.size, 0)

if (length != 0x1000) {
LogHelper.log(0, "Failed to read length: $length!")
LogHelper.log(ERROR, "Failed to read length: $length!")
}

val currentSource = BinaryUtils.readInt32(buffer, 0xc)
Expand All @@ -159,15 +159,15 @@ class LakkaLoader : USBHandler {
val data = dataStream.toByteArray()

if (data.size < 20 * 1024) {
LogHelper.log(0, "Invalid coreboot.rom!")
LogHelper.log(ERROR, "Invalid coreboot.rom!")
}

val inBuffer = ByteArray(8)

while (true) {
val inLength = usbConnection.bulkTransfer(startEndpoint, inBuffer, 8, 0)
if (inLength < 8) {
LogHelper.log(0, "Failed to read coreboot.rom!")
LogHelper.log(ERROR, "Failed to read coreboot.rom!")
}

var offset = BinaryUtils.readInt32BE(inBuffer, 0)
Expand All @@ -177,7 +177,7 @@ class LakkaLoader : USBHandler {
return
}

LogHelper.log(1, "Sent 0x${length.toString(16)} bytes")
LogHelper.log(INFO, "Sent 0x${length.toString(16)} bytes")

while (length > 0) {
var tempLength = length
Expand All @@ -189,7 +189,7 @@ class LakkaLoader : USBHandler {
val ret = usbConnection.bulkTransfer(endEndpoint, data, offset, tempLength, 0)

if (ret < 0) {
LogHelper.log(0, "Failed to transfer $ret!")
LogHelper.log(ERROR, "Failed to transfer $ret!")
}

offset += ret
Expand Down
6 changes: 4 additions & 2 deletions app/src/main/java/com/pavelrekun/rekado/services/logs/LogHelper.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,19 @@ object LogHelper {

private const val LOGS_LIST_KEY = "LOGS_LIST_KEY"

const val INFO = 1
const val ERROR = 0

private lateinit var logsList: MutableList<Log>

fun init() {
logsList = ArrayList()
log(1, "Application started!")
log(INFO, "Application started!")
saveLogs()
}

fun log(type: Int, message: String) {
logsList.add(Log(message, type))
android.util.Log.i("Rekado", "!!! $type $message")
saveLogs()
}

Expand Down
1 change: 0 additions & 1 deletion app/src/main/java/com/pavelrekun/rekado/services/payloads/PayloadHelper.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,6 @@ object PayloadHelper {

fun putChosen(payload: Payload) {
Paper.book().write(CHOSEN_PAYLOAD, payload)
EventBus.getDefault().postSticky(Events.PayloadSelected())
}

fun getChosen(): Payload {
Expand Down
Loading

0 comments on commit 15cfbba

Please sign in to comment.