-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathextract_crypto_blobs.sh
252 lines (224 loc) · 8.73 KB
/
extract_crypto_blobs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
#!/bin/bash
# Check if a directory path is provided as an argument
if [ "$#" -ne 1 ]; then
echo "Usage: $0 path/to/rom/dump"
exit 1
fi
# Assign the provided argument to a variable
ROM_DUMP_DIR="$1"
# Define destination directories
DEST_SYSTEM_LIB64="./system/lib64"
DEST_SYSTEM_LIB64_HW="./system/lib64/hw"
DEST_SYSTEM_EXT_LIB64="./system_ext/lib64"
DEST_SYSTEM_EXT_LIB64_HW="./system_ext/lib64/hw"
DEST_VENDOR_LIB64="./vendor/lib64"
DEST_VENDOR_LIB64_HW="./vendor/lib64/hw"
DEST_VENDOR_BIN="./vendor/bin"
DEST_VENDOR_BIN_HW="./vendor/bin/hw"
DEST_VENDOR_APP_MCRegistry="./vendor/app/mcRegistry"
DEST_VENDOR_THH="./vendor/thh"
DEST_VENDOR_THH_TA="./vendor/thh/ta"
DEST_VENDOR_MITEE_TA="./vendor/mitee/ta"
# Create destination directories if they don't exist
mkdir -p "$DEST_SYSTEM_LIB64"
mkdir -p "$DEST_SYSTEM_LIB64_HW"
mkdir -p "$DEST_SYSTEM_EXT_LIB64"
mkdir -p "$DEST_SYSTEM_EXT_LIB64_HW"
mkdir -p "$DEST_VENDOR_LIB64"
mkdir -p "$DEST_VENDOR_LIB64_HW"
mkdir -p "$DEST_VENDOR_BIN"
mkdir -p "$DEST_VENDOR_BIN_HW"
mkdir -p "$DEST_VENDOR_APP_MCRegistry"
mkdir -p "$DEST_VENDOR_THH_TA"
mkdir -p "$DEST_VENDOR_MITEE_TA"
# Debugging - log the ROM dump directory
echo "Using ROM dump directory: $ROM_DUMP_DIR"
echo "Searching for libraries, binaries, mcRegistry, thh/ta files, mcDriverDaemon, teei_daemon, and .rc files in this path..."
# Search for .rc files and copy them to the current directory
find "$ROM_DUMP_DIR" -type f \( -name "microtrust.rc" -o -name "trustonic.rc" -o -name "tee.rc" \) | while read -r rc_file; do
echo "Found .rc file: $rc_file"
echo "Copying to current directory"
cp -v "$rc_file" ./
# Check if trustonic.rc is found and update init.custom.rc
if [[ "$rc_file" == *"trustonic.rc"* ]]; then
echo "trustonic.rc detected. Adding Trustonic mount instructions to init.custom.rc"
INIT_CUSTOM_RC="./init.custom.rc"
if [ ! -f "$INIT_CUSTOM_RC" ]; then
touch "$INIT_CUSTOM_RC"
fi
echo -e "\n#Added Manual For Trustonic" >> "$INIT_CUSTOM_RC"
echo "mkdir /mnt/vendor/persist" >> "$INIT_CUSTOM_RC"
echo "mount ext4 /dev/block/by-name/persist /mnt/vendor/persist rw" >> "$INIT_CUSTOM_RC"
fi
done
# Search for "keymaster", "gatekeeper", "keymint", "TEE", or "McClient" related .so files
find "$ROM_DUMP_DIR" -type f \( -name "*keymaster*.so" -o -name "*gatekeeper*.so" -o -name "*keymint*.so" -o -name "*TEE*.so" -o -name "*McClient*.so" \) | while read -r file; do
echo "Found: $file"
# Copy logic for system, system_ext, vendor directories
if [[ "$file" == *"/system_ext/lib64/hw/"* ]]; then
echo "Copying to system_ext/lib64/hw/"
cp -v "$file" "$DEST_SYSTEM_EXT_LIB64_HW/"
elif [[ "$file" == *"/system_ext/lib64/"* ]]; then
echo "Copying to system_ext/lib64/"
cp -v "$file" "$DEST_SYSTEM_EXT_LIB64/"
elif [[ "$file" == *"/system/lib64/hw/"* ]]; then
echo "Copying to system/lib64/hw/"
cp -v "$file" "$DEST_SYSTEM_LIB64_HW/"
elif [[ "$file" == *"/system/lib64/"* ]]; then
echo "Copying to system/lib64/"
cp -v "$file" "$DEST_SYSTEM_LIB64/"
elif [[ "$file" == *"/vendor/lib64/hw/"* ]]; then
echo "Copying to vendor/lib64/hw/"
cp -v "$file" "$DEST_VENDOR_LIB64_HW/"
elif [[ "$file" == *"/vendor/lib64/"* ]]; then
echo "Copying to vendor/lib64/"
cp -v "$file" "$DEST_VENDOR_LIB64/"
else
echo "Unknown or unhandled path for: $file - skipping."
fi
done
# Search for binaries in vendor/bin/hw/ related to keymaster, gatekeeper, keymint, or teei_daemon
find "$ROM_DUMP_DIR/vendor/bin/hw" -type f \( -name "*keymaster*" -o -name "*gatekeeper*" -o -name "*keymint*" -o -name "teei_daemon" \) | while read -r bin_file; do
echo "Found binary: $bin_file"
# Copy logic for vendor/bin/hw
if [[ "$bin_file" == *"/vendor/bin/hw/"* ]]; then
echo "Copying to vendor/bin/hw/"
cp -v "$bin_file" "$DEST_VENDOR_BIN_HW/"
else
echo "Unknown or unhandled binary path for: $bin_file - skipping."
fi
done
# Search for mcDriverDaemon in vendor/bin
find "$ROM_DUMP_DIR/vendor/bin" -type f -name "mcDriverDaemon" | while read -r mc_driver_file; do
echo "Found mcDriverDaemon: $mc_driver_file"
echo "Copying to vendor/bin/"
cp -v "$mc_driver_file" "$DEST_VENDOR_BIN/"
done
# Extract all files in vendor/app/mcRegistry if it exists
if [ -d "$ROM_DUMP_DIR/vendor/app/mcRegistry" ]; then
echo "Found vendor/app/mcRegistry directory. Extracting files..."
cp -r -v "$ROM_DUMP_DIR/vendor/app/mcRegistry/." "$DEST_VENDOR_APP_MCRegistry/"
else
echo "No vendor/app/mcRegistry directory found. Skipping."
fi
# Extract all files in vendor/thh/ta if it exists
if [ -d "$ROM_DUMP_DIR/vendor/thh/ta" ]; then
echo "Found vendor/thh/ta directory. Extracting files..."
cp -r -v "$ROM_DUMP_DIR/vendor/thh/ta/." "$DEST_VENDOR_THH_TA/"
else
echo "No vendor/thh/ta directory found. Skipping."
fi
# Extract all files in vendor/mitee/ta if it exists
if [ -d "$ROM_DUMP_DIR/vendor/mitee/ta" ]; then
echo "Found vendor/mitee/ta directory. Extracting files..."
cp -r -v "$ROM_DUMP_DIR/vendor/mitee/ta/." "$DEST_VENDOR_MITEE_TA/"
else
echo "No vendor/mitee/ta directory found. Skipping."
fi
# Check if the mitee folder exists in the ROM dump
if [ -d "$ROM_DUMP_DIR/vendor/mitee" ]; then
echo "Detected vendor/mitee folder. Creating init.mitee.rc file..."
# Create the init.mitee.rc file
cat > init.mitee.rc << 'EOF'
service tee-supplicant /vendor/bin/tee-supplicant
class core
user root
group root
disabled
seclabel u:r:recovery:s0
service miteelog /vendor/bin/miteelog
user root
group root
disabled
seclabel u:r:recovery:s0
# tee-supplicant
on fs
write /proc/bootprof "init tee-supplicant"
# set SELinux security contexts on upgrade or policy update
restorecon_recursive /mnt/vendor/persist
chmod 0660 /dev/tee0
chmod 0660 /dev/teepriv0
chown system system /dev/tee0
chown system system /dev/teepriv0
chmod 0660 /dev/rpmb0
chmod 0660 /dev/mmcblk0rpmb
chmod 0660 /dev/0:0:0:49476
chmod 0660 /dev/ufs-bsg0
chmod 0666 /dev/kmsg
chown system system /dev/rpmb0
chown system system /dev/mmcblk0rpmb
chown system system /dev/0:0:0:49476
chown system system /dev/ufs-bsg0
start tee-supplicant
mkdir /mnt/vendor/persist/data 0755 system system
mkdir /mnt/vendor/persist/fdsd 0755 system system
setprop vendor.teefs_state ready
setprop ro.hardware.gatekeeper mitee
# miteelog
on post-fs-data
mkdir /data/vendor/mitee
chmod 0755 /data/vendor/mitee
chown system system /data/vendor/mitee
mkdir /data/vendor/thh
chmod 0755 /data/vendor/thh
chown system system /data/vendor/thh
write /proc/bootprof "init miteelog"
start miteelog
EOF
echo "init.mitee.rc file created successfully."
else
echo "No vendor/mitee folder detected. Skipping init.mitee.rc creation."
fi
# Function to delete empty directories
delete_empty_dirs() {
local dir="$1"
find "$dir" -type d -empty -delete
}
# Cleanup: Remove any empty directories
echo "Cleaning up empty directories..."
delete_empty_dirs "$DEST_SYSTEM_LIB64"
delete_empty_dirs "$DEST_SYSTEM_LIB64_HW"
delete_empty_dirs "$DEST_SYSTEM_EXT_LIB64"
delete_empty_dirs "$DEST_SYSTEM_EXT_LIB64_HW"
delete_empty_dirs "$DEST_VENDOR_LIB64"
delete_empty_dirs "$DEST_VENDOR_LIB64_HW"
delete_empty_dirs "$DEST_VENDOR_BIN_HW"
delete_empty_dirs "$DEST_VENDOR_BIN"
delete_empty_dirs "$DEST_VENDOR_APP_MCRegistry"
delete_empty_dirs "$DEST_VENDOR_THH_TA"
delete_empty_dirs "$DEST_VENDOR_MITEE_TA"
# Special cleanup for vendor/thh if it's empty
if [ -d "$DEST_VENDOR_THH" ]; then
echo "Checking if vendor/thh is empty..."
if [ -z "$(ls -A "$DEST_VENDOR_THH")" ]; then
echo "vendor/thh is empty. Deleting it..."
rm -rf "$DEST_VENDOR_THH"
echo "Deleted empty vendor/thh directory."
else
echo "vendor/thh is not empty. Skipping deletion."
fi
fi
# Special cleanup for system_ext if it's empty
if [ -d "./system_ext" ]; then
echo "Checking if system_ext is empty..."
if [ -z "$(ls -A ./system_ext)" ]; then
echo "system_ext is empty. Deleting it..."
rm -rf "./system_ext"
echo "Deleted empty system_ext directory."
else
echo "system_ext is not empty. Skipping deletion."
fi
fi
# Special cleanup for vendor/mitee if it's empty
if [ -d "./vendor/mitee" ]; then
echo "Checking if vendor/mitee is empty..."
if [ -z "$(ls -A ./vendor/mitee)" ]; then
echo "vendor/mitee is empty. Deleting it..."
rm -rf "./vendor/mitee"
echo "Deleted empty vendor/mitee directory."
else
echo "vendor/mitee is not empty. Skipping deletion."
fi
fi
# Final Debugging Log
echo "Extraction and cleanup completed."