diff --git a/module/.gitignore b/module/.gitignore new file mode 100644 index 0000000..3ce8af8 --- /dev/null +++ b/module/.gitignore @@ -0,0 +1,2 @@ +public_key +private_key diff --git a/module/build.gradle.kts b/module/build.gradle.kts index 41d7778..26397ee 100644 --- a/module/build.gradle.kts +++ b/module/build.gradle.kts @@ -3,6 +3,18 @@ import org.apache.tools.ant.filters.ReplaceTokens import org.apache.tools.ant.filters.FixCrLfFilter +import org.apache.commons.codec.binary.Hex +import java.nio.ByteBuffer +import java.nio.ByteOrder +import java.security.KeyFactory +import java.security.KeyPairGenerator +import java.security.Signature +import java.security.interfaces.EdECPrivateKey +import java.security.interfaces.EdECPublicKey +import java.security.spec.EdECPrivateKeySpec +import java.security.spec.NamedParameterSpec +import java.util.TreeSet + plugins { alias(libs.plugins.agp.lib) } @@ -27,7 +39,7 @@ androidComponents.onVariants { variant -> val variantCapped = variant.name.capitalize() val buildTypeLowered = variant.buildType?.toLowerCase() - val moduleDir = "$buildDir/outputs/module/$variantLowered" + val moduleDir = layout.buildDirectory.dir("outputs/module/$variantLowered") val zipFileName = "$moduleName-$verName-$verCode-$commitHash-$buildTypeLowered.zip".replace(' ', '-') val prepareModuleFilesTask = task("prepareModuleFiles$variantCapped") { @@ -39,7 +51,7 @@ androidComponents.onVariants { variant -> into(moduleDir) from("${rootProject.projectDir}/README.md") from("$projectDir/src") { - exclude("module.prop", "customize.sh", "post-fs-data.sh", "service.sh", "zygisk-ctl.sh") + exclude("module.prop", "customize.sh", "post-fs-data.sh", "service.sh", "zygisk-ctl.sh", "mazoku") filter("eol" to FixCrLfFilter.CrLf.newInstance("lf")) } from("$projectDir/src") { @@ -51,6 +63,7 @@ androidComponents.onVariants { variant -> "versionCode" to verCode ) } + from("$projectDir/src/mazoku") from("$projectDir/src") { include("customize.sh", "post-fs-data.sh", "service.sh", "zygisk-ctl.sh") val tokens = mapOf( @@ -72,13 +85,101 @@ androidComponents.onVariants { variant -> } doLast { + if (file("private_key").exists()) { + println("=== machikado intergity signing ===") + val privateKey = file("private_key").readBytes() + val publicKey = file("public_key").readBytes() + val namedSpec = NamedParameterSpec("ed25519") + val privKeySpec = EdECPrivateKeySpec(namedSpec, privateKey) + val kf = KeyFactory.getInstance("ed25519") + val privKey = kf.generatePrivate(privKeySpec); + val sig = Signature.getInstance("ed25519") + fun File.sha(realFile: File? = null) { + val path = this.path.replace("\\", "/") + sig.update(this.name.toByteArray()) + sig.update(0) // null-terminated string + val real = realFile ?: this + val buffer = ByteBuffer.allocate(8) + .order(ByteOrder.LITTLE_ENDIAN) + .putLong(real.length()) + .array() + sig.update(buffer) + println("sha $path ${real.length()}") + real.forEachBlock { bytes, size -> + sig.update(bytes, 0, size) + } + } + + fun getSign(name: String, abi32: String, abi64: String) { + println("getSign for $name $abi32 $abi64") + val set = + TreeSet> { o1, o2 -> o1.first.path.replace("\\", "/").compareTo(o2.first.path.replace("\\", "/")) } + val root = moduleDir.get() + set.add(Pair(root.file("module.prop").asFile, null)) + set.add(Pair(root.file("sepolicy.rule").asFile, null)) + set.add(Pair(root.file("post-fs-data.sh").asFile, null)) + set.add(Pair(root.file("service.sh").asFile, null)) + set.add(Pair(root.file("mazoku").asFile, null)) + set.add( + Pair( + root.file("lib/libzygisk.so").asFile, + root.file("lib/$abi32/libzygisk.so").asFile + ) + ) + set.add( + Pair( + root.file("lib64/libzygisk.so").asFile, + root.file("lib/$abi64/libzygisk.so").asFile + ) + ) + set.add( + Pair( + root.file("bin/zygisk-ptrace32").asFile, + root.file("lib/$abi32/libzygisk_ptrace.so").asFile + ) + ) + set.add( + Pair( + root.file("bin/zygisk-ptrace64").asFile, + root.file("lib/$abi64/libzygisk_ptrace.so").asFile + ) + ) + set.add( + Pair( + root.file("bin/zygiskd32").asFile, + root.file("bin/$abi32/zygiskd").asFile + ) + ) + set.add( + Pair( + root.file("bin/zygiskd64").asFile, + root.file("bin/$abi64/zygiskd").asFile + ) + ) + set.add( + Pair( + root.file("bin/zygisk-ctl").asFile, + root.file("zygisk-ctl.sh").asFile + ) + ) + sig.initSign(privKey) + set.forEach { it.first.sha(it.second) } + val signFile = root.file(name).asFile + signFile.writeBytes(sig.sign()) + signFile.appendBytes(publicKey) + } + + getSign("machikado.arm", "armeabi-v7a", "arm64-v8a") + getSign("machikado.x86", "x86", "x86_64") + } + fileTree(moduleDir).visit { if (isDirectory) return@visit val md = MessageDigest.getInstance("SHA-256") file.forEachBlock(4096) { bytes, size -> md.update(bytes, 0, size) } - file(file.path + ".sha256").writeText(org.apache.commons.codec.binary.Hex.encodeHexString(md.digest())) + file(file.path + ".sha256").writeText(Hex.encodeHexString(md.digest())) } } } diff --git a/module/src/customize.sh b/module/src/customize.sh index 3a31dd7..46442bc 100644 --- a/module/src/customize.sh +++ b/module/src/customize.sh @@ -80,11 +80,6 @@ extract "$ZIPFILE" 'customize.sh' "$TMPDIR/.vunzip" extract "$ZIPFILE" 'verify.sh' "$TMPDIR/.vunzip" extract "$ZIPFILE" 'sepolicy.rule' "$TMPDIR" -if [ "$DEBUG" = true ]; then - ui_print "- Add debug SELinux policy" - echo "allow crash_dump adb_data_file dir search" >> "$TMPDIR/sepolicy.rule" -fi - if [ "$KSU" ]; then ui_print "- Checking SELinux patches" if ! check_sepolicy "$TMPDIR/sepolicy.rule"; then @@ -100,6 +95,7 @@ extract "$ZIPFILE" 'module.prop' "$MODPATH" extract "$ZIPFILE" 'post-fs-data.sh' "$MODPATH" extract "$ZIPFILE" 'service.sh' "$MODPATH" extract "$ZIPFILE" 'zygisk-ctl.sh' "$MODPATH" +extract "$ZIPFILE" 'mazoku' "$MODPATH" mv "$TMPDIR/sepolicy.rule" "$MODPATH" mkdir "$MODPATH/bin" @@ -121,6 +117,9 @@ if [ "$ARCH" = "x86" ] || [ "$ARCH" = "x64" ]; then extract "$ZIPFILE" 'lib/x86_64/libzygisk.so' "$MODPATH/lib64" true extract "$ZIPFILE" 'lib/x86_64/libzygisk_ptrace.so' "$MODPATH/bin" true mv "$MODPATH/bin/libzygisk_ptrace.so" "$MODPATH/bin/zygisk-ptrace64" + + extract "$ZIPFILE" 'machikado.x86' "$MODPATH" true + mv "$MODPATH/machikado.x86" "$MODPATH/machikado" else ui_print "- Extracting arm libraries" extract "$ZIPFILE" 'bin/armeabi-v7a/zygiskd' "$MODPATH/bin" true @@ -135,6 +134,9 @@ else extract "$ZIPFILE" 'lib/arm64-v8a/libzygisk.so' "$MODPATH/lib64" true extract "$ZIPFILE" 'lib/arm64-v8a/libzygisk_ptrace.so' "$MODPATH/bin" true mv "$MODPATH/bin/libzygisk_ptrace.so" "$MODPATH/bin/zygisk-ptrace64" + + extract "$ZIPFILE" 'machikado.arm' "$MODPATH" true + mv "$MODPATH/machikado.arm" "$MODPATH/machikado" fi ui_print "- Generating magic" diff --git a/module/src/mazoku b/module/src/mazoku new file mode 100644 index 0000000..a7cd563 --- /dev/null +++ b/module/src/mazoku @@ -0,0 +1 @@ +c—„ˆ]œ‘ „[{Ú­‚BÒuÞ5=ÙrEUÕZ„Ê¿èã<¦5ß_oñãMéL•l•¢ÛQ#ÿøœC¾}ù eäfjÙ‚/©7³‡Ž(â´g