1+ #include < cstdio>
2+ #include < sys/capability.h>
3+
4+ #include " super_root.h"
5+ #include " adb_inject.h"
6+ #define ROOT_KEY 0x7F6766F8
7+
8+ void show_capability_info ()
9+ {
10+ struct __user_cap_header_struct cap_header_data;
11+ cap_user_header_t cap_header = &cap_header_data;
12+
13+ struct __user_cap_data_struct cap_data_data;
14+ cap_user_data_t cap_data = &cap_data_data;
15+
16+ cap_header->pid = getpid ();
17+ cap_header->version = _LINUX_CAPABILITY_VERSION_3; // _1、_2、_3
18+
19+ if (capget (cap_header, cap_data) < 0 ) {
20+ perror (" FAILED capget()"
21+ exit (1 );
22+ }
23+
24+ printf (" Cap data 0x%x, 0x%x, 0x%x\n " effective , cap_data->permitted , cap_data->inheritable );
25+ printf (" now getuid()=%d,geteuid()=%d,getgid()=%d,getegid()=%d\n " getuid (), geteuid (), getgid (), getegid ());
26+
27+ FILE * fp = popen (" getenforce" " r"
28+ if (fp)
29+ {
30+ char cmd[512 ] = { 0 };
31+ fread (cmd, 1 , sizeof (cmd), fp);
32+ pclose (fp);
33+
34+ printf (" SELinux status: %s\n "
35+ }
36+ }
37+ void test_root ()
38+ {
39+ show_capability_info ();
40+
41+ printf (" get_root ret:%d\n " get_root (ROOT_KEY));
42+
43+ show_capability_info ();
44+
45+ // system("id");
46+ // system("/data/local/tmp/getmyinfo");
47+ // system("insmod /sdcard/rwProcMem37.ko ; echo $?");
48+ // system("cat /proc/1/maps");
49+ // system("ls /proc");
50+ // system("screencap -p /sdcard/temp.png");
51+ return ;
52+ }
53+
54+ void test_disable_selinux ()
55+ {
56+ int ret = disable_selinux (ROOT_KEY);
57+ printf (" disable_selinux ret:%d\n "
58+ printf (" done.\n "
59+ return ;
60+ }
61+
62+ void test_enable_selinux ()
63+ {
64+ int ret = enable_selinux (ROOT_KEY);
65+ printf (" enable_selinux ret:%d\n "
66+ printf (" done.\n "
67+ return ;
68+ }
69+
70+
71+ void test_run_cmd (char * cmd, bool bKeepAdbRoot = false ) {
72+ printf (" inject_cmd_remote_process(%s)\n "
73+ char szResult[0x1000 ] = { 0 };
74+ ssize_t ret = safe_inject_adb_process_run_cmd_wrapper (ROOT_KEY, cmd, bKeepAdbRoot, szResult, sizeof (szResult));
75+ printf (" inject_cmd_remote_process ret val:%zd\n "
76+ printf (" inject_cmd_remote_process result:%s\n "
77+ }
78+
79+ int main (int argc, char *argv[])
80+ {
81+ printf (
82+ " ======================================================\n "
83+ " 本工具名称: Linux ARM64 完美隐藏ROOT演示\n "
84+ " 本工具功能列表:\n "
85+ " \t 1.显示自身权限信息\n "
86+ " \t 2.获取ROOT权限\n "
87+ " \t 3.绕过SELinux\n "
88+ " \t 4.还原SELinux\n "
89+ " \t 5.执行ROOT权限级别的Shell命令\n "
90+ " \t 6.赋予ADB最高级别权限\n "
91+ " \t 新一代root,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,挑战全网root检测手段,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。\n "
92+ " ======================================================\n "
93+ );
94+
95+
96+ ++argv;
97+ --argc;
98+
99+
100+ int cmdc;
101+ char *cmdv[6 ];
102+
103+ while (argc) {
104+ // Clean up
105+ cmdc = 0 ;
106+ memset (cmdv, 0 , sizeof (cmdv));
107+
108+ // Split the commands
109+ for (char *tok = strtok (argv[0 ], " " strtok (nullptr , " "
110+ {
111+ cmdv[cmdc++] = tok;
112+ if (cmdc == 0 )
113+ {
114+ continue ;
115+ }
116+ }
117+
118+
119+ if (strcmp (cmdv[0 ], " show" 0 ) {
120+ show_capability_info ();
121+ }
122+ else if (strcmp (cmdv[0 ], " root" 0 ) {
123+ test_root ();
124+ }
125+ else if (strcmp (cmdv[0 ], " disable" 0 ) {
126+ test_disable_selinux ();
127+ }
128+ else if (strcmp (cmdv[0 ], " enable" 0 ) {
129+ test_enable_selinux ();
130+ }
131+ else if (strcmp (cmdv[0 ], " cmd" 0 ) {
132+ test_run_cmd (" id"
133+ // test_run_cmd("id > /sdcard/run.txt");
134+ // test_run_cmd("insmod rwProcMem37.ko > /sdcard/run.txt");
135+ }
136+ else if (strcmp (cmdv[0 ], " adb" 0 ) {
137+ test_run_cmd (" id" true );
138+ }
139+ else {
140+ return 1 ;
141+ }
142+
143+ --argc;
144+ ++argv;
145+ }
146+ return 0 ;
147+ }
0 commit comments