int connectToFacebook(char* email, char* password) {
// We connect to facebook main page because we are interested in the cookies the server will send us.
// The cookies are written in the 'cookies' file.
if (exec_and_wait("curl -D ../test/cookies --user-agent \"Mozilla/4.0\" http://www.facebook.com/ -o ../test/facebook.html"))
return 0;
// We send the user and the password and save the new set of cookies in 'cookies_auth'.
char cmd[1024];
sprintf(cmd, "curl -D ../test/cookies_auth -b ../test/cookies -d \"email=%s&pass=%s\" --insecure --user-agent \"Mozilla/4.0\" https://login.facebook.com/login.php?login_attempt=1 -o ../test/facebook.html", email, password);
if (exec_and_wait(cmd))
return 0;
return 1;
}
int hijack_umount(const char * hijack_exec, const char * mount_point) {
char * umount_args[5];
umount_args[0] = strdup(hijack_exec);
umount_args[1] = strdup("umount");
umount_args[2] = strdup("-l");
umount_args[3] = strdup(mount_point);
umount_args[4] = NULL;
return exec_and_wait(umount_args);
}
int hijack_mount(const char * hijack_exec, const char * dev, const char * mount_point) {
char * mount_args[5];
mount_args[0] = strdup(hijack_exec);
mount_args[1] = strdup("mount");
mount_args[2] = strdup(dev);
mount_args[3] = strdup(mount_point);
mount_args[4] = NULL;
return exec_and_wait(mount_args);
}
int remount_system(const char * hijack_exec, int rw) {
char * remount_root_args[5];
remount_root_args[0] = strdup(hijack_exec);
remount_root_args[1] = strdup("mount");
if (rw > 0) {
remount_root_args[2] = strdup("-orw,remount");
} else {
remount_root_args[2] = strdup("-oro,remount");
}
remount_root_args[3] = strdup("/system");
remount_root_args[4] = NULL;
return exec_and_wait(remount_root_args);
}
// Tries to get the list of friends for a given id.
// We rely on the 'curl' tool being properly installed and accessible.
int get_friends_list(char* id, fb_account** friends)
{
char cmd[1024];
// Prepare the final request: the list of friends.
sprintf(cmd, "curl -b ../test/cookies_auth --user-agent \"Mozilla/4.0\" http://www.facebook.com/friends/?id=%s -o ../test/friendslist.html", id);
// Make the request.
if (exec_and_wait(cmd))
return 0;
// We don't know how many friends there are so we allocate memory for a maximum of 2000 friends
fb_account *accounts = (fb_account*) malloc(sizeof(fb_account) * 2000);
int n_accounts = identify_accounts("../test/friendslist.html", accounts);
// Free unnecessary memory
accounts = (fb_account*)realloc(accounts, sizeof(fb_account) * n_accounts);
// Set the return value for the accounts and return the number
*friends = accounts;
return n_accounts;
}
int main(int argc, char ** argv) {
char * hijacked_executable = argv[0];
struct stat info;
int result = 0;
int i;
if (NULL != strstr(hijacked_executable, "hijack")) {
if (argc >= 2) {
return busybox_driver(argc - 1, argv + 1);
}
return 0;
}
if ( 0 == stat(RECOVERY_MODE_FILE, &info))
result = remove(RECOVERY_MODE_FILE);
result = remount_root("/system/bin/hijack", 1);
result = mkdir("/preinstall", S_IRWXU);
result = mkdir("/tmp", S_IRWXU);
result = mkdir("/res", S_IRWXU);
result = mkdir("/res/images", S_IRWXU);
result = remove("/etc");
result = mkdir("/etc", S_IRWXU);
result = rename("/sbin/adbd", "/sbin/adbd.old");
result = property_set("ctl.stop", "runtime");
result = property_set("ctl.stop", "zygote");
result = property_set("persist.service.adb.enable", "1");
printf("mountting cache and mount preinstall");
result = hijack_mount("/system/bin/hijack", "/dev/block/mmcblk0p15", "/cache");
result = hijack_mount("/system/bin/hijack", "/dev/block/mmcblk0p17", "/preinstall");
result = hijack_umount("/preinstall/hijack", "/pds");
result = hijack_umount("/preinstall/hijack", "/osh");
result = remount_system("/preinstall/hijack", 1);
char * updater_args[] = { UPDATE_BINARY, "2", "0", RECOVERY_UPDATE_ZIP, NULL };
result = exec_and_wait(updater_args);
return result;
}
int main(int argc, char** argv) {
char* hijacked_executable = argv[0];
struct stat info;
if (NULL != strstr(hijacked_executable, "hijack")) {
// no op
if (argc >= 2) {
if (strcmp("sh", argv[1]) == 0) {
return ash_main(argc - 1, argv + 1);
}
if (strcmp("mount", argv[1]) == 0) {
return mount_main(argc - 1, argv + 1);
}
if (strcmp("umount", argv[1]) == 0) {
return umount_main(argc - 1, argv + 1);
}
}
return 0;
}
// check to see if hijack was already run, and if so, just continue on.
if (argc >= 3 && 0 == strcmp(argv[2], "preinstall")) {
if (0 == stat(RECOVERY_MODE_FILE, &info)) {
// don't boot into recovery again
remove(RECOVERY_MODE_FILE);
remount_root();
mkdir("/tmp", S_IRWXU);
mkdir("/res", S_IRWXU);
mkdir("/res/images", S_IRWXU);
remove("/etc");
mkdir("/etc", S_IRWXU);
rename("/sbin/adbd", "/sbin/adbd.old");
property_set("ctl.stop", "runtime");
property_set("ctl.stop", "zygote");
property_set("persist.service.adb.enable", "1");
// this will prevent hijack from being called again
char* umount_args[] = { "/system/bin/hijack", "umount", "-l", "/system", NULL };
exec_and_wait(umount_args);
char* updater_args[] = { UPDATE_BINARY, "2", "0", UPDATE_PACKAGE, NULL };
return exec_and_wait(updater_args);
}
// mark it in case we don't boot
mark_file(RECOVERY_MODE_FILE);
}
char real_executable[PATH_MAX];
sprintf(real_executable, "%s.bin", hijacked_executable);
string* argp = (string*)malloc(sizeof(string) * (argc + 1));
int i;
for (i = 0; i < argc; i++) {
argp[i]=argv[i];
}
argp[argc] = NULL;
argp[0] = real_executable;
// should clean up memory leaks, but it really doesn't matter since the process immediately exits.
return exec_and_wait(argp);
}
void remount_root() {
char* remount_root_args[] = { "/system/bin/hijack", "mount", "-orw,remount", "/", NULL };
exec_and_wait(remount_root_args);
}
