From 4f81f09a674eee441afbf6493167252cbb55bbc7 Mon Sep 17 00:00:00 2001
From: 5ec1cff <ewtqyqyewtqyqy@gmail.com>
Date: Fri, 8 Dec 2023 20:20:59 +0800
Subject: [PATCH] randomize init control socket & add shortcut
 (/data/adb/modules/zygisksu/bin/zygisk-ctl)

---
 loader/src/include/daemon.h    |  1 +
 loader/src/ptracer/main.cpp    | 25 ++++++++++++++-----------
 loader/src/ptracer/monitor.cpp | 12 ++++++++++--
 module/build.gradle.kts        |  4 ++--
 module/src/customize.sh        | 10 ++++++----
 module/src/post-fs-data.sh     |  4 +++-
 module/src/zygisk-ctl.sh       |  3 +++
 7 files changed, 39 insertions(+), 20 deletions(-)
 create mode 100644 module/src/zygisk-ctl.sh

diff --git a/loader/src/include/daemon.h b/loader/src/include/daemon.h
index b2c002b..f44eb89 100644
--- a/loader/src/include/daemon.h
+++ b/loader/src/include/daemon.h
@@ -13,6 +13,7 @@
 
 constexpr auto kCPSocketName = "/" LP_SELECT("cp32", "cp64") ".sock";
 constexpr const auto MAGIC_PATH_ENV = "MAGIC_PATH";
+constexpr const auto MAGIC_ENV = "MAGIC";
 
 class UniqueFd {
     using Fd = int;
diff --git a/loader/src/ptracer/main.cpp b/loader/src/ptracer/main.cpp
index 6da35d2..8b4cbe3 100644
--- a/loader/src/ptracer/main.cpp
+++ b/loader/src/ptracer/main.cpp
@@ -27,18 +27,21 @@ int main(int argc, char **argv) {
             return 1;
         }
         return 0;
-    } else if (argc >= 3 && argv[1] == "ctl"sv) {
-        if (argv[2] == "start"sv) {
-            send_control_command(START);
-        } else if (argv[2] == "stop"sv) {
-            send_control_command(STOP);
-        } else if (argv[2] == "exit"sv) {
-            send_control_command(EXIT);
-        } else {
-            printf("Usage: %s ctl start|stop|exit\n", argv[0]);
-            return 1;
+    } else if (argc >= 2 && argv[1] == "ctl"sv) {
+        if (argc == 3) {
+            if (argv[2] == "start"sv) {
+                send_control_command(START);
+                return 0;
+            } else if (argv[2] == "stop"sv) {
+                send_control_command(STOP);
+                return 0;
+            } else if (argv[2] == "exit"sv) {
+                send_control_command(EXIT);
+                return 0;
+            }
         }
-        return 0;
+        printf("Usage: %s ctl start|stop|exit\n", argv[0]);
+        return 1;
     } else {
         LOGE("usage: %s monitor | trace <pid> | ctl <command>", argv[0]);
         return 1;
diff --git a/loader/src/ptracer/monitor.cpp b/loader/src/ptracer/monitor.cpp
index 69bcfed..8ae2efe 100644
--- a/loader/src/ptracer/monitor.cpp
+++ b/loader/src/ptracer/monitor.cpp
@@ -33,6 +33,12 @@ enum TracingState {
 
 constexpr char SOCKET_NAME[] = "init_monitor";
 
+std::string GetControlSocketName() {
+    auto env = getenv(MAGIC_ENV);
+    if (env == nullptr) return SOCKET_NAME;
+    return std::string(SOCKET_NAME) + env;
+}
+
 struct EventLoop;
 
 struct EventHandler {
@@ -115,7 +121,8 @@ struct SocketHandler : public EventHandler {
                 .sun_family = AF_UNIX,
                 .sun_path={0},
         };
-        strcpy(addr.sun_path + 1, SOCKET_NAME);
+        auto socket_name = GetControlSocketName();
+        strcpy(addr.sun_path + 1, socket_name.c_str());
         socklen_t socklen = sizeof(sa_family_t) + strlen(addr.sun_path + 1) + 1;
         if (bind(sock_fd_, (struct sockaddr *) &addr, socklen) == -1) {
             PLOGE("bind socket");
@@ -379,7 +386,8 @@ void send_control_command(Command cmd) {
             .sun_family = AF_UNIX,
             .sun_path={0},
     };
-    strcpy(addr.sun_path + 1, SOCKET_NAME);
+    auto socket_name = GetControlSocketName();
+    strcpy(addr.sun_path + 1, socket_name.c_str());
     socklen_t socklen = sizeof(sa_family_t) + strlen(addr.sun_path + 1) + 1;
     auto nsend = sendto(sockfd, (void *) &cmd, sizeof(cmd), 0, (sockaddr *) &addr, socklen);
     if (nsend == -1) {
diff --git a/module/build.gradle.kts b/module/build.gradle.kts
index eb9a6ab..41d7778 100644
--- a/module/build.gradle.kts
+++ b/module/build.gradle.kts
@@ -39,7 +39,7 @@ androidComponents.onVariants { variant ->
         into(moduleDir)
         from("${rootProject.projectDir}/README.md")
         from("$projectDir/src") {
-            exclude("module.prop", "customize.sh", "post-fs-data.sh", "service.sh")
+            exclude("module.prop", "customize.sh", "post-fs-data.sh", "service.sh", "zygisk-ctl.sh")
             filter<FixCrLfFilter>("eol" to FixCrLfFilter.CrLf.newInstance("lf"))
         }
         from("$projectDir/src") {
@@ -52,7 +52,7 @@ androidComponents.onVariants { variant ->
             )
         }
         from("$projectDir/src") {
-            include("customize.sh", "post-fs-data.sh", "service.sh")
+            include("customize.sh", "post-fs-data.sh", "service.sh", "zygisk-ctl.sh")
             val tokens = mapOf(
                 "DEBUG" to if (buildTypeLowered == "debug") "true" else "false",
                 "MIN_KSU_VERSION" to "$minKsuVersion",
diff --git a/module/src/customize.sh b/module/src/customize.sh
index bbe6750..78efb9b 100644
--- a/module/src/customize.sh
+++ b/module/src/customize.sh
@@ -99,6 +99,7 @@ ui_print "- Extracting module files"
 extract "$ZIPFILE" 'module.prop'     "$MODPATH"
 extract "$ZIPFILE" 'post-fs-data.sh' "$MODPATH"
 extract "$ZIPFILE" 'service.sh'      "$MODPATH"
+extract "$ZIPFILE" 'zygisk-ctl.sh'   "$MODPATH"
 mv "$TMPDIR/sepolicy.rule" "$MODPATH"
 
 HAS32BIT=false && [ $(getprop ro.product.cpu.abilist32) ] && HAS32BIT=true
@@ -106,6 +107,7 @@ HAS32BIT=false && [ $(getprop ro.product.cpu.abilist32) ] && HAS32BIT=true
 mkdir "$MODPATH/bin"
 mkdir "$MODPATH/lib"
 mkdir "$MODPATH/lib64"
+mv "$MODPATH/zygisk-ctl.sh" "$MODPATH/bin/zygisk-ctl"
 
 if [ "$ARCH" = "x86" ] || [ "$ARCH" = "x64" ]; then
   if [ "$HAS32BIT" = true ]; then
@@ -145,15 +147,15 @@ else
   mv "$MODPATH/bin/libzygisk_ptrace.so" "$MODPATH/bin/zygisk-ptrace64"
 fi
 
+ui_print "- Generating magic"
+MAGIC=$(tr -dc 'a-f0-9' </dev/urandom | head -c 18)
+echo -n "$MAGIC" > "$MODPATH/magic"
+
 ui_print "- Setting permissions"
 set_perm_recursive "$MODPATH/bin" 0 0 0755 0755
 set_perm_recursive "$MODPATH/lib" 0 0 0755 0644 u:object_r:system_lib_file:s0
 set_perm_recursive "$MODPATH/lib64" 0 0 0755 0644 u:object_r:system_lib_file:s0
 
-ui_print "- Generating magic"
-MAGIC=$(tr -dc 'a-f0-9' </dev/urandom | head -c 18)
-echo -n "$MAGIC" > "$MODPATH/magic"
-
 # If Huawei's Maple is enabled, system_server is created with a special way which is out of Zygisk's control
 HUAWEI_MAPLE_ENABLED=$(grep_prop ro.maple.enable)
 if [ "$HUAWEI_MAPLE_ENABLED" == "1" ]; then
diff --git a/module/src/post-fs-data.sh b/module/src/post-fs-data.sh
index d86282d..829063a 100644
--- a/module/src/post-fs-data.sh
+++ b/module/src/post-fs-data.sh
@@ -7,7 +7,9 @@ fi
 
 cd "$MODDIR"
 
-MAGIC_PATH=/dev/zygisk_$(cat ./magic)
+MAGIC=$(cat ./magic)
+MAGIC_PATH=/dev/zygisk_$MAGIC
+export MAGIC
 export MAGIC_PATH
 
 if [ "$(which magisk)" ]; then
diff --git a/module/src/zygisk-ctl.sh b/module/src/zygisk-ctl.sh
new file mode 100644
index 0000000..c351490
--- /dev/null
+++ b/module/src/zygisk-ctl.sh
@@ -0,0 +1,3 @@
+MODDIR=${0%/*}/..
+export MAGIC=$(cat $MODDIR/magic)
+exec $MODDIR/bin/zygisk-ptrace64 ctl $*