diff --git a/README.md b/README.md index 347e4d1..0cc2653 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ linux/qualcom devices but this is the only one we have tested on. Buy the orbic ## Setup 1. Install the Android Debug Bridge (ADB) on your computer (don't worry about instructions for installing it on a phone/device yet). You can find instructions for doing so on your platform [here](https://www.xda-developers.com/install-adb-windows-macos-linux/#how-to-set-up-adb-on-your-computer). -2. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and unzip it. +2. Download the latest [rayhunter release bundle](https://github.com/EFForg/rayhunter/releases) and extract it (on Windows use 7zip). 3. Run the install script inside the bundle corresponding to your platform (`install-linux.sh`, `install-mac.sh`). 4. Once finished, rayhunter should be running! You can verify this by visiting the web UI as described below. @@ -61,9 +61,9 @@ rustup target add x86_64-unknown-linux-gnu rustup target add armv7-unknown-linux-gnueabihf ``` -Now you can root your device and install rayhunter by running `./install.sh` - **Note:** You will have to install the cross compile tooling below before running this. +Now you can root your device and install rayhunter by running `./tools/install-dev.sh` -### If you aren't on linux or can't run the install scripts +### If you are on windows or can't run the install scripts * Root your device on windows using the instructions here: https://xdaforums.com/t/resetting-verizon-orbic-speed-rc400l-firmware-flash-kajeet.4334899/#post-87855183 * Build for arm using `cargo build` diff --git a/dist/install-common.sh b/dist/install-common.sh index a8ca804..1b37ad8 100755 --- a/dist/install-common.sh +++ b/dist/install-common.sh @@ -1,5 +1,4 @@ #!/bin/env bash - install() { if [[ -z "${SERIAL_PATH}" ]]; then echo "SERIAL_PATH not set, did you run this from install-linux.sh or install-mac.sh?" @@ -21,8 +20,8 @@ check_adb() { } force_debug_mode() { - # Force a switch into the debug mode to enable ADB - "$SERIAL_PATH" AT + echo " Force a switch into the debug mode to enable ADB" + "$SERIAL_PATH" --root echo -n "adb enabled, waiting for reboot" wait_for_adb_shell echo "it's alive!" diff --git a/install.sh b/install.sh deleted file mode 100755 index 27fefc5..0000000 --- a/install.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/env bash - -set -e - -cargo build --bin serial -cargo build --bin rootshell --target armv7-unknown-linux-gnueabihf --release - -# Force a switch into the debug mode to enable ADB -cargo run --bin serial -- AT -echo -n "adb enabled, waiting for reboot" -until adb shell true 2> /dev/null -do - echo -n . - sleep 1 -done -echo -echo "it's alive!" -adb push target/armv7-unknown-linux-gnueabihf/release/rootshell /tmp/ -cargo run --bin serial -- "AT+SYSCMD=mv /tmp/rootshell /bin/rootshell" -sleep 1 -cargo run --bin serial -- "AT+SYSCMD=chown root /bin/rootshell" -sleep 1 -cargo run --bin serial -- "AT+SYSCMD=chmod 4755 /bin/rootshell" -echo "we have root!" -adb shell /bin/rootshell -c id -adb shell '/bin/rootshell -c "mkdir /data/rayhunter"' -adb push config.toml.example /data/rayhunter/config.toml -adb push scripts/rayhunter_daemon /tmp/rayhunter_daemon -adb push scripts/misc-daemon /tmp/misc-daemon -adb shell '/bin/rootshell -c "mv /tmp/rayhunter_daemon /etc/init.d/rayhunter_daemon"' -adb shell '/bin/rootshell -c "mv /tmp/misc-daemon /etc/init.d/misc-daemon"' -adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/rayhunter_daemon"' -adb shell '/bin/rootshell -c "chmod 755 /etc/init.d/misc-daemon"' -./make.sh diff --git a/serial/src/main.rs b/serial/src/main.rs index fd2a20c..64f18e1 100644 --- a/serial/src/main.rs +++ b/serial/src/main.rs @@ -1,13 +1,13 @@ -//! Serial communication with the orbic device -//! -//! This binary has two main functions, putting the orbic device in update mode which enables ADB +//! Serial communication with the orbic device +//! +//! This binary has two main functions, putting the orbic device in update mode which enables ADB //! and running AT commands on the serial modem interface which can be used to upload a shell and chown it to root -//! +//! //! # Panics -//! -//! No device found - make sure your device is plugged in and turned on. If it is, it's possible you have a device with a different -//! usb id, file a bug with the output of `lsusb` attached. -//! +//! +//! No device found - make sure your device is plugged in and turned on. If it is, it's possible you have a device with a different +//! usb id, file a bug with the output of `lsusb` attached. +//! //! # Examples //! ``` //! match rusb::Context::new() { @@ -23,9 +23,7 @@ use std::str; use std::thread::sleep; use std::time::Duration; -use rusb::{ - Context, DeviceHandle, UsbContext, -}; +use rusb::{Context, DeviceHandle, UsbContext}; fn main() { let args: Vec = std::env::args().collect(); @@ -36,22 +34,21 @@ fn main() { } match Context::new() { - Ok(mut context) => match open_orbic(&mut context) { - Some(mut handle) => { - send_command(&mut handle, &args[1]) - }, - None => panic!("No Orbic device found"), - }, - Err(e) => panic!("Failed to initialize libusb: {0}", e), + Ok(mut context) => match open_orbic(&mut context) { + Some(mut handle) => { + if &args[1] != "--root" { + send_command(&mut handle, &args[1]) + } + } + None => panic!("No Orbic device found"), + }, + Err(e) => panic!("Failed to initialize libusb: {0}", e), } } /// Sends an AT command to the usb device over the serial port -/// +/// /// First establish a USB handle and context by calling `open_orbic() -fn send_command( - handle: &mut DeviceHandle, - command: &str, -) { +fn send_command(handle: &mut DeviceHandle, command: &str) { let mut data = String::new(); data.push_str("\r\n"); data.push_str(command); @@ -61,95 +58,95 @@ fn send_command( let mut response = [0; 256]; // Set up the serial port appropriately - handle.write_control(0x21, 0x22, 3, 1, &[], timeout).expect("Failed to send control request"); + handle + .write_control(0x21, 0x22, 3, 1, &[], timeout) + .expect("Failed to send control request"); // Send the command - handle.write_bulk(0x2, data.as_bytes(), timeout).expect("Failed to write command"); + handle + .write_bulk(0x2, data.as_bytes(), timeout) + .expect("Failed to write command"); // Consume the echoed command - handle.read_bulk(0x82, &mut response, timeout).expect("Failed to read submitted command"); + handle + .read_bulk(0x82, &mut response, timeout) + .expect("Failed to read submitted command"); // Read the actual response - handle.read_bulk(0x82, &mut response, timeout).expect("Failed to read response"); + handle + .read_bulk(0x82, &mut response, timeout) + .expect("Failed to read response"); let responsestr = str::from_utf8(&response).expect("Failed to parse response"); if !responsestr.starts_with("\r\nOK\r\n") { - println!("Received unexpected response{0}", responsestr) + println!("Received unexpected response{0}", responsestr) } } /// Send a command to switch the device into generic mode, exposing serial -/// +/// /// If the device reboots while the command is still executing you may get a pipe error here, not sure what to do about this race condition. -fn switch_device( - handle: &mut DeviceHandle, -) { +fn switch_device(handle: &mut DeviceHandle) { let timeout = Duration::from_secs(1); if let Err(e) = handle.write_control(0x40, 0xa0, 0, 0, &[], timeout) { - // If the device reboots while the command is still executing we - // may get a pipe error here - if e == rusb::Error::Pipe { - return - } - panic!("Failed to send device switch control request: {0}", e) + // If the device reboots while the command is still executing we + // may get a pipe error here + if e == rusb::Error::Pipe { + return; + } + panic!("Failed to send device switch control request: {0}", e) } } /// Get a handle and contet for the orbic device -/// +/// /// If the device isn't already in command mode this function will call swtich_device to switch it into command mode -fn open_orbic( - context: &mut T, -) -> Option> { +fn open_orbic(context: &mut T) -> Option> { // Device after initial mode switch if let Some(handle) = open_device(context, 0x05c6, 0xf601) { - return Some(handle) + return Some(handle); } // Device with rndis enabled as well if let Some(handle) = open_device(context, 0x05c6, 0xf622) { - return Some(handle) + return Some(handle); } // Device in out-of-the-box state, need to switch to diag mode match open_device(context, 0x05c6, 0xf626) { - Some(mut handle) => switch_device(&mut handle), - None => panic!("No Orbic device detected") + Some(mut handle) => switch_device(&mut handle), + None => panic!("No Orbic device detected"), } for _ in 1..10 { - if let Some(handle) = open_device(context, 0x05c6, 0xf601) { - return Some(handle) - } - sleep(Duration::from_secs(10)) + if let Some(handle) = open_device(context, 0x05c6, 0xf601) { + return Some(handle); + } + sleep(Duration::from_secs(10)) } panic!("No Orbic device detected") } /// Generic function to open a USB device -fn open_device( - context: &mut T, - vid: u16, - pid: u16, -) -> Option> { +fn open_device(context: &mut T, vid: u16, pid: u16) -> Option> { let devices = match context.devices() { - Ok(d) => d, - Err(_) => return None, + Ok(d) => d, + Err(_) => return None, }; for device in devices.iter() { - let device_desc = match device.device_descriptor() { - Ok(d) => d, - Err(_) => continue, - }; - - if device_desc.vendor_id() == vid && device_desc.product_id() == pid { - match device.open() { - Ok(handle) => return Some(handle), - Err(e) => panic!("device found but failed to open: {}", e), - } - } + let device_desc = match device.device_descriptor() { + Ok(d) => d, + Err(_) => continue, + }; + + if device_desc.vendor_id() == vid && device_desc.product_id() == pid { + match device.open() { + Ok(handle) => return Some(handle), + Err(e) => panic!("device found but failed to open: {}", e), + } + } } None diff --git a/tools/install-dev.sh b/tools/install-dev.sh new file mode 100755 index 0000000..914a164 --- /dev/null +++ b/tools/install-dev.sh @@ -0,0 +1,18 @@ +#!/bin/env bash + +set -e + +mkdir build +cd build +curl -LOs "https://github.com/EFForg/rayhunter/releases/latest/download/release.tar" +curl -LOs "https://github.com/EFForg/rayhunter/releases/latest/download/release.tar.sha256" +if ! sha256sum -c --quiet release.tar.sha256; then + echo "Download corrupted! (╯°□°)╯︵ ┻━┻" + exit 1 +fi + +tar -xf release.tar +./install-linux.sh + +cd .. +rm -rf build \ No newline at end of file