From d0ece1d0c80d0e449d361f8f2aa395362026084d Mon Sep 17 00:00:00 2001 From: abcz316 Date: Fri, 3 Sep 2021 20:32:25 +0800 Subject: [PATCH 1/4] first commit --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 00000000..117e997d --- /dev/null +++ b/README.md @@ -0,0 +1,13 @@ + printf( + "======================================================\n" + "本工具名称: Linux ARM64 完美隐藏ROOT演示\n" + "本工具功能列表:\n" + "\t1.显示自身权限信息\n" + "\t2.获取ROOT权限\n" + "\t3.绕过SELinux\n" + "\t4.还原SELinux\n" + "\t5.执行ROOT权限级别的Shell命令\n" + "\t6.赋予ADB最高级别权限\n" + "\t新一代root,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,挑战全网root检测手段,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。\n" + "======================================================\n" + ); From 21a47a6bbd44ff2558aea8f87950f7847eb09fba Mon Sep 17 00:00:00 2001 From: abcz316 Date: Sat, 25 Sep 2021 00:51:39 +0800 Subject: [PATCH 2/4] fix error --- testRoot/main.cpp | 103 ++++++++++++++++++++++------------------------ 1 file changed, 50 insertions(+), 53 deletions(-) diff --git a/testRoot/main.cpp b/testRoot/main.cpp index ca905fee..f3731c22 100644 --- a/testRoot/main.cpp +++ b/testRoot/main.cpp @@ -1,4 +1,5 @@ #include +#include #include #include "super_root.h" @@ -27,11 +28,11 @@ void show_capability_info() FILE * fp = popen("getenforce", "r"); if (fp) { - char cmd[512] = { 0 }; - fread(cmd, 1, sizeof(cmd), fp); + char shell[512] = { 0 }; + fread(shell, 1, sizeof(shell), fp); pclose(fp); - printf("SELinux status: %s\n", cmd); + printf("SELinux status: %s\n", shell); } } void test_root() @@ -68,12 +69,20 @@ void test_enable_selinux() } -void test_run_cmd(char * cmd, bool bKeepAdbRoot = false) { - printf("inject_cmd_remote_process(%s)\n", cmd); +void test_run_adb_shell(char * shell, bool bKeepAdbRoot = false) { + printf("inject_shell_remote_process(%s)\n", shell); char szResult[0x1000] = { 0 }; - ssize_t ret = safe_inject_adb_process_run_cmd_wrapper(ROOT_KEY, cmd, bKeepAdbRoot, szResult, sizeof(szResult)); - printf("inject_cmd_remote_process ret val:%zd\n", ret); - printf("inject_cmd_remote_process result:%s\n", szResult); + ssize_t ret = safe_inject_adb_process_run_shell_wrapper(ROOT_KEY, shell, bKeepAdbRoot, szResult, sizeof(szResult)); + printf("inject_shell_remote_process ret val:%zd\n", ret); + printf("inject_shell_remote_process result:%s\n", szResult); +} + +void test_run_shell(char * shell) { + printf("test_run_shell(%s)\n", shell); + char szResult[0x1000] = { 0 }; + ssize_t ret = safe_run_shell(ROOT_KEY, shell, szResult, sizeof(szResult)); + printf("test_run_shell ret val:%zd\n", ret); + printf("test_run_shell result:%s\n", szResult); } int main(int argc, char *argv[]) @@ -86,8 +95,9 @@ int main(int argc, char *argv[]) "\t2.获取ROOT权限\n" "\t3.绕过SELinux\n" "\t4.还原SELinux\n" - "\t5.执行ROOT权限级别的Shell命令\n" - "\t6.赋予ADB最高级别权限\n" + "\t5.执行ROOT Shell命令\n" + "\t6.执行ADBShell命令\n" + "\t7.赋予ADB最高级别权限\n" "\t新一代root,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,挑战全网root检测手段,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。\n" "======================================================\n" ); @@ -97,51 +107,38 @@ int main(int argc, char *argv[]) --argc; - int cmdc; - char *cmdv[6]; - - while (argc) { - // Clean up - cmdc = 0; - memset(cmdv, 0, sizeof(cmdv)); - - // Split the commands - for (char *tok = strtok(argv[0], " "); tok; tok = strtok(nullptr, " ")) - { - cmdv[cmdc++] = tok; - if (cmdc == 0) - { - continue; - } - } - - - if (strcmp(cmdv[0], "show") == 0) { - show_capability_info(); - } - else if (strcmp(cmdv[0], "root") == 0) { - test_root(); - } - else if (strcmp(cmdv[0], "disable") == 0) { - test_disable_selinux(); - } - else if (strcmp(cmdv[0], "enable") == 0) { - test_enable_selinux(); - } - else if (strcmp(cmdv[0], "cmd") == 0) { - test_run_cmd("id"); - //test_run_cmd("id > /sdcard/run.txt"); - //test_run_cmd("insmod rwProcMem37.ko > /sdcard/run.txt"); - } - else if (strcmp(cmdv[0], "adb") == 0) { - test_run_cmd("id", true); + if (strcmp(argv[0], "show") == 0) { + show_capability_info(); + } + else if (strcmp(argv[0], "root") == 0) { + test_root(); + } + else if (argc >=2 && strcmp(argv[0], "selinux") == 0 && strcmp(argv[1], "disable") == 0) { + test_disable_selinux(); + } + else if (argc >= 2 && strcmp(argv[0], "selinux") == 0 && strcmp(argv[1], "enable") == 0) { + test_enable_selinux(); + } + else if (argc >= 2 && strcmp(argv[0], "shell") == 0) { + std::stringstream sstrCmd; + for (int i = 1; i < argc; i++) { + sstrCmd << argv[i]; } - else { - return 1; + test_run_shell((char*)sstrCmd.str().c_str()); + } + else if (argc > 2 && strcmp(argv[0], "adb") == 0 && strcmp(argv[1], "shell") == 0) { + std::stringstream sstrCmd; + for (int i = 2; i < argc; i++) { + sstrCmd << argv[i]; } - - --argc; - ++argv; + test_run_adb_shell((char*)sstrCmd.str().c_str()); + } + else if (argc >= 2 && strcmp(argv[0], "adb") == 0 && strcmp(argv[1], "root") == 0) { + test_run_adb_shell("id", true); } + else { + return 1; + } + return 0; } \ No newline at end of file From 7d5743373cad0f4a3c0e9fedfc348eecf57a4659 Mon Sep 17 00:00:00 2001 From: abcz316 Date: Sat, 25 Sep 2021 00:56:06 +0800 Subject: [PATCH 3/4] add --- find_kernel_func/empty | 0 ida_patch_cmd_creator/empty | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 find_kernel_func/empty create mode 100644 ida_patch_cmd_creator/empty diff --git a/find_kernel_func/empty b/find_kernel_func/empty new file mode 100644 index 00000000..e69de29b diff --git a/ida_patch_cmd_creator/empty b/ida_patch_cmd_creator/empty new file mode 100644 index 00000000..e69de29b From 00e2d1b89a7fecd50c4957bf6deb99411a22f1f4 Mon Sep 17 00:00:00 2001 From: abcz316 Date: Sat, 25 Sep 2021 01:46:35 +0800 Subject: [PATCH 4/4] fix error --- testRoot/main.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/testRoot/main.cpp b/testRoot/main.cpp index f3731c22..066e52a0 100644 --- a/testRoot/main.cpp +++ b/testRoot/main.cpp @@ -77,10 +77,10 @@ void test_run_adb_shell(char * shell, bool bKeepAdbRoot = false) { printf("inject_shell_remote_process result:%s\n", szResult); } -void test_run_shell(char * shell) { +void test_run_root_shell(char * shell) { printf("test_run_shell(%s)\n", shell); char szResult[0x1000] = { 0 }; - ssize_t ret = safe_run_shell(ROOT_KEY, shell, szResult, sizeof(szResult)); + ssize_t ret = run_root_shell(ROOT_KEY, shell, szResult, sizeof(szResult)); printf("test_run_shell ret val:%zd\n", ret); printf("test_run_shell result:%s\n", szResult); } @@ -96,7 +96,7 @@ int main(int argc, char *argv[]) "\t3.绕过SELinux\n" "\t4.还原SELinux\n" "\t5.执行ROOT Shell命令\n" - "\t6.执行ADBShell命令\n" + "\t6.执行ADB Shell命令\n" "\t7.赋予ADB最高级别权限\n" "\t新一代root,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,挑战全网root检测手段,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。\n" "======================================================\n" @@ -124,7 +124,7 @@ int main(int argc, char *argv[]) for (int i = 1; i < argc; i++) { sstrCmd << argv[i]; } - test_run_shell((char*)sstrCmd.str().c_str()); + test_run_root_shell((char*)sstrCmd.str().c_str()); } else if (argc > 2 && strcmp(argv[0], "adb") == 0 && strcmp(argv[1], "shell") == 0) { std::stringstream sstrCmd;