Skip to content

Commit

Permalink
absurdly buggy complete refactor
Browse files Browse the repository at this point in the history
  • Loading branch information
@velzie
velzie committed Mar 2, 2023
1 parent 5f61515 commit 8896ae7
Showing 1 changed file with 106 additions and 69 deletions.
175 changes: 106 additions & 69 deletions fakemurk.sh.pre
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,11 @@ traps() {
trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
trap 'echo "\"${last_command}\" command failed with exit code $?. THIS IS A BUG, REPORT IT HERE https://github.com/MercuryWorkshop/fakemurk"' EXIT
}

leave() {
trap - EXIT
echo "exiting successfully"
exit
}
config() {
swallow_stdin
read -r -p "Would you like to enable rootfs restore? It will add an option to quickly revert all changes and re-enroll. (Y/n)" choice
Expand Down Expand Up @@ -89,7 +93,7 @@ csys() {
if [ "$COMPAT" == "1" ]; then
crossystem "$@"
elif test -f "$ROOT/usr/bin/crossystem.old"; then
"ROOT/usr/bin/crossystem.old" "$@"
"$ROOT/usr/bin/crossystem.old" "$@"
else
"$ROOT/usr/bin/crossystem" "$@"
fi
Expand Down Expand Up @@ -224,43 +228,100 @@ move_bin() {
fi
}

is_target_booted() {
[ -z "$COMPAT" ] && [ "$TGT_ROOT_DEV" == "$ROOTDEV" ]
}

disable_autoupdates() {
# thanks phene i guess?
sed -i "$ROOT/etc/lsb-release" -e "s/CHROMEOS_AUSERVER=.*/CHROMEOS_AUSERVER=$(sed_escape "https://mercurywork.shop/update")/"
}

disable_verity() {
prepare_target_root() {
sleep 2
echo "ROOTFS VERIFICATION IS ON! IT WILL NOW BE REMOVED"
if [ "$COMPAT" == "1" ]; then
umount $ROOT || :
/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification -i $DST 2>/dev/null
mount $ROOTBLK $ROOT
sleep 2
echo "ROOTFS VERIFICATION SUCCESSFULLY REMOVED"
else
/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --partitions 2 -i $DST 2>/dev/null
/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --partitions 4 -i $DST 2>/dev/null
cat <<-EOF
if verity_enabled_for_n "$TGT_KERNNUM"; then
echo "removing rootfs verification on target kernel $TGT_KERN_DEV"
/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --partitions "$TGT_KERNNUM" -i "$DST" 2>/dev/null
if is_target_booted; then
# if we're booted from the target kernel, we need to reboot. this is a pretty rare circumstance

cat <<-EOF
ROOTFS VERIFICATION SUCCESSFULLY REMOVED
IN ORDER TO PROCCEED, THE CHROMEBOOK MUST BE REBOOTED

PRESS ENTER TO REBOOT, THEN ONCE BOOTED RUN THIS SCRIPT AGAIN
EOF
swallow_stdin
read -r
reboot
swallow_stdin
read -r
reboot
fi
fi

if ! is_target_booted; then
mkdir /tmp/rootmnt
mount "$TGT_ROOT_DEV" /tmp/rootmnt
ROOT=/tmp/rootmnt
else
ROOT=
fi
}

verity_enabled_for_n() {
grep -q "root=/dev/dm" <"${DST}p${1}"
}

enable_autoenrollment() {
cleanup() {

if [ "$COMPAT" == "1" ]; then
echo "pressure washing..."
yes | mkfs.ext4 "${DST}p1" >/dev/null 2>&1 || : # hope you didn't have anything valuable on there
fi

cvpd -i RW_VPD -s check_enrollment=1 2>/dev/null
cvpd -i RW_VPD -s block_devmode=0 2>/dev/null
csys block_devmode=0 2>/dev/null
}

fakemurk() {
touch "$ROOT/sbin/init" 2>/dev/null || disable_verity
set_kernel_priority() {
cgpt add "$DST" -i 4 -P 0
cgpt add "$DST" -i 2 -P 0
cgpt add "$DST" -i "$TGT_KERNNUM" -P 1
}

configure_target() {
DST=/dev/$(get_largest_nvme_namespace)
if [ "$DST" == "/dev/" ]; then
DST=/dev/mmcblk0
fi

if verity_enabled_for_n 2 && verity_enabled_for_n 4; then
:
elif verity_enabled_for_n 2; then
TGT_KERNNUM=4
elif verity_enabled_for_n 4; then
TGT_KERNNUM=2
else
if [ "$ROOTFS_BACKUP" == "1" ]; then
echo "Rootfs restore is requested to be enabled, but both partitions have rootfs verification disabled. Please go through the recovery process to enable rootfs verification or run again and do not choose to enable rootfs restore."
leave
fi
fi

if [ -z "$TGT_KERNNUM" ]; then
if [ "$COMPAT" == "1" ]; then
TGT_KERNNUM=2
# 2 is the default simply because it's easier
else
ROOTDEV=$(rootdev)
TGT_KERNNUM=${ROOTDEV:(-1)}
fi
fi
TGT_ROOTNUM=$((TGT_KERNNUM + 1))
TGT_KERN_DEV="${DST}p$TGT_KERNNUM"
TGT_ROOT_DEV="${DST}p$TGT_ROOTNUM"
}

patch_root() {
echo "disabling autoupdates"
disable_autoupdates
sleep 2
Expand Down Expand Up @@ -292,67 +353,43 @@ main() {
fakemurk_info
config

DST=/dev/$(get_largest_nvme_namespace)
if [ "$DST" == "/dev/" ]; then
DST=/dev/mmcblk0
fi

KERNA_ACTIVE=$(cgpt show -n "$DST" -i 2 -P)
KERNB_ACTIVE=$(cgpt show -n "$DST" -i 4 -P)
# if []

if csys mainfw_type?recovery; then
echo "Entering shim compatability mode"
COMPAT=1
stty sane
# stops the weird input stuff

sleep 3
mkdir /mnta >/dev/null 2>&1 || :
mkdir /mntb >/dev/null 2>&1 || :

ROOT=/mnta
ROOTBLK=${DST}p3
mount "${DST}p3" /mnta >/dev/null 2>&1 || disable_verity
fakemurk
echo "murking alternative root"
sleep 3
ROOT=/mntb
ROOTBLK=${DST}p5
mount "${DST}p5" /mntb >/dev/null 2>&1 || disable_verity
fakemurk
sync
if [ "$COMPAT" == "1" ]; then
echo "pressure washing..."
yes | mkfs.ext4 "${DST}p1" >/dev/null 2>&1 || : # hope you didn't have anything valuable on there
fi
umount /mnta
umount /mntb
else
if [ "$ROOTFS_BACKUP" == "1" ]; then
touch "$ROOT/sbin/init" 2>/dev/null
if [ $? -eq 1 ]; then
echo "staging rootfs backup"
ROOTDEV=$(rootdev)
cgpt add "$DST" -i 2 -P 1

else
:
fi
fi
sleep 1
fi

echo "----- stage 1: grabbing disk configuration -----"
configure_target

sleep 2

echo "----- stage 2: patching target rootfs -----"
prepare_target_root
patch_root
sync

sleep 2

echo "----- stage 3: cleaning up -----"

fakemurk
if [ "$COMPAT" == "1" ]; then
echo "pressure washing..."
yes | mkfs.ext4 "${DST}p1" >/dev/null 2>&1 || : # hope you didn't have anything valuable on there
fi
cleanup
sleep 1
echo "setting kernel priority"
set_kernel_priority

echo "cleaning up"
enable_autoenrollment
sleep 1
echo "done! press enter to reboot, and your chromebook should enroll into management when rebooted, but stay hidden in devmode"
swallow_stdin
read -r
sync
reboot
trap - EXIT
exit
leave

}
if [ "$0" = "$BASH_SOURCE" ]; then
Expand Down

0 comments on commit 8896ae7

Please sign in to comment.