diff --git a/.arcconfig b/.arcconfig new file mode 100644 index 0000000..3fb21bb --- /dev/null +++ b/.arcconfig @@ -0,0 +1,4 @@ +{ + "phabricator.uri": "https://hub.sealcode.org/", + "arc.land.onto.default": "master" +} \ No newline at end of file diff --git a/.gitignore b/.gitignore index ffb3643..c2e2275 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ test node_modules TODO certificates -images \ No newline at end of file +images +*.png \ No newline at end of file diff --git a/android/Dockerfile b/android/Dockerfile index 6bdacb5..35f4af1 100644 --- a/android/Dockerfile +++ b/android/Dockerfile @@ -5,9 +5,8 @@ ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/andro RUN sdkmanager "system-images;android-33;google_apis;x86_64" RUN echo no | avdmanager create avd -n virtual_dev -b google_apis/x86_64 -k "system-images;android-33;google_apis;x86_64" -#remove iproute2 ping -RUN apt-get update && apt-get install -y iproute2 iputils-ping iptables redsocks openssh-server +RUN apt-get update && apt-get install -y iproute2 iputils-ping iptables redsocks npm -EXPOSE 22 +EXPOSE 3000 CMD bash /conf/docker-entrypoint.sh diff --git a/android/code/index.js b/android/code/index.js new file mode 100644 index 0000000..981810b --- /dev/null +++ b/android/code/index.js @@ -0,0 +1,25 @@ +const net = require("net"); +const child_process = require("child_process"); +const fs = require("fs"); + +const server = net.createServer(); + +//maybe check output of child processe and send errors in some way +server.on("connection", (socket) => { + socket.on("data", async (dataBuf) => { + data = dataBuf.toString(); + if (data === "screenshot") { + socket.write("start"); + child_process.spawnSync("bash", ["/conf/screenshot.sh"]); + socket.write(fs.readFileSync("/screenshot.png")); + socket.write("ENDOFMSG"); + } else if (data.includes("touch")) { + dataSplit = data.split(" "); + child_process.spawnSync("bash", ["/conf/touch.sh", dataSplit[1], dataSplit[2]]); + } + }); +}); + +server.listen(3000, () => { + console.log("listening on 3000"); +}); diff --git a/android/code/package-lock.json b/android/code/package-lock.json new file mode 100644 index 0000000..15021ed --- /dev/null +++ b/android/code/package-lock.json @@ -0,0 +1,24 @@ +{ + "name": "code", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "dependencies": { + "net": "^1.0.2" + } + }, + "node_modules/net": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/net/-/net-1.0.2.tgz", + "integrity": "sha512-kbhcj2SVVR4caaVnGLJKmlk2+f+oLkjqdKeQlmUtz6nGzOpbcobwVIeSURNgraV/v3tlmGIX82OcPCl0K6RbHQ==" + } + }, + "dependencies": { + "net": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/net/-/net-1.0.2.tgz", + "integrity": "sha512-kbhcj2SVVR4caaVnGLJKmlk2+f+oLkjqdKeQlmUtz6nGzOpbcobwVIeSURNgraV/v3tlmGIX82OcPCl0K6RbHQ==" + } + } +} diff --git a/android/code/package.json b/android/code/package.json new file mode 100644 index 0000000..d7363ab --- /dev/null +++ b/android/code/package.json @@ -0,0 +1,5 @@ +{ + "dependencies": { + "net": "^1.0.2" + } +} diff --git a/android/conf/docker-entrypoint.sh b/android/conf/docker-entrypoint.sh index 1a7f0d0..7ac81b4 100644 --- a/android/conf/docker-entrypoint.sh +++ b/android/conf/docker-entrypoint.sh @@ -1,12 +1,12 @@ hashed_name=`openssl x509 -inform PEM -subject_hash_old -in /ca-cert.cer | head -1` +npm i -C /code cp /ca-cert.cer /$hashed_name.0 bash /conf/iptables_conf.sh redsocks -c /conf/redsocks.conf & emulator -avd virtual_dev -writable-system -no-window -no-audio & bash /conf/install_cert.sh $hashed_name.0 -#wait for cert to be installed before being able to connect through ssh -echo root:toor | chpasswd -bash /conf/sshd_config.sh +#wait for cert to be installed before launching socket server +node /code/index.js -tail -f /dev/null +#tail -f /dev/null diff --git a/android/conf/sshd_config.sh b/android/conf/sshd_config.sh deleted file mode 100644 index 5ae1cc7..0000000 --- a/android/conf/sshd_config.sh +++ /dev/null @@ -1,3 +0,0 @@ -echo "PermitRootLogin yes" >> /etc/ssh/sshd_config - -service ssh start \ No newline at end of file diff --git a/diagram.md b/diagram.md new file mode 100644 index 0000000..3efc5cd --- /dev/null +++ b/diagram.md @@ -0,0 +1,56 @@ +RENTGEN_ANDROID docker structure + +// Arrows show direction of requests + + + INTERNET + /|\ + | + | ++--------------------------+---------------------------+ +| MITMPROXY | | +| | | +| | | +| | | +| | | +| | | +| :1080 | ++--------------------------+---------------------------+ + | + | SOCKS 5 + | ++--------------------------+---------------------------+ +| ANDROID_CONTAINER :12345 | +| | | +| +------------------+--------------------+ | +| | ANDROID | | | +| | | | | +| | | | +| | | | +| | /|\ | | +| | | | | +| +-------------------------+-------------+ | +| | | +| | ADB SHELL | +| | | +| :3000 | ++---------------------------------+--------------------+ + | + | SOCKETS + | ++---------------------------------+--------------------+ +| HTTP_SERVER | | +| | | +| | | +| | | +| | | +| | | +| | | +| | | +| | | +| :8080 | ++---------------------------------+--------------------+ + | + | HTTP: - GET /: screenshot + | - POST /: touch, query params x, y indicate position + | diff --git a/docker-compose.yaml b/docker-compose.yaml index 1c2d90d..a06075c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -20,6 +20,7 @@ services: volumes: - $PWD/android/conf:/conf - $PWD/certificates/mitmproxy-ca-cert.cer:/ca-cert.cer + - $PWD/android/code:/code http_server: build: ./http_server/ container_name: http_server diff --git a/http_server/Dockerfile b/http_server/Dockerfile index f6500f4..8765f61 100644 --- a/http_server/Dockerfile +++ b/http_server/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.18.2 -RUN apk add npm openssh sshpass +RUN apk add npm RUN mkdir /images diff --git a/http_server/code/docker-entrypoint.sh b/http_server/code/docker-entrypoint.sh index 305f871..6126394 100644 --- a/http_server/code/docker-entrypoint.sh +++ b/http_server/code/docker-entrypoint.sh @@ -1,13 +1,7 @@ #!/bin/bash npm i -C /code -mkdir /root/.ssh +node /code/waitSocket.mjs +node /code/index.js -#for ssh not asking us to add to known_hosts -ssh-keyscan -H android >> /root/.ssh/known_hosts -while [ $? != 0 ]; do - sleep 2 - ssh-keyscan -H android >> /root/.ssh/known_hosts -done - -node /code/index.js \ No newline at end of file +#tail -f /dev/null \ No newline at end of file diff --git a/http_server/code/index.js b/http_server/code/index.js index 120694f..9f01fce 100644 --- a/http_server/code/index.js +++ b/http_server/code/index.js @@ -1,34 +1,36 @@ const express = require("express"); -const child_process = require("child_process"); +const net = require("net"); +const fs = require("fs"); const device_size_x = 320; const device_size_y = 640; -let app = express(); +const app = express(); +const socket_client = net.createConnection({ port: 3000, host: "android" }); -app.get("/", function (req, res) { - const screenshot_cmd_res = child_process.spawnSync("sshpass", [ - "-p", - "toor", - "ssh", - "android", - "bash", - "/conf/screenshot.sh", - ]); - if (screenshot_cmd_res.status === 0) { - const scp_cmd_res = child_process.spawnSync("sshpass", [ - "-p", - "toor", - "scp", - "android:/screenshot.png", - "/images/screenshot.png", - ]); - if (scp_cmd_res.status === 0) { - res.sendFile("/images/screenshot.png"); - return; - } +async function sleep(time) { + return new Promise((resolve) => setTimeout(resolve, time)); +} + +let doneWrite = 0; +let fd; +socket_client.on("data", (dataBuf) => { + if (dataBuf.toString() === "start") + fd = fs.openSync("/code/screenshot.png", "w"); + else { + if (dataBuf.toString().includes("ENDOFMSG")) { + fs.writeSync(fd, dataBuf); + fs.close(fd); + doneWrite = 1; + } else fs.writeSync(fd, dataBuf); } - res.send("Screenshot event didnt happen\n"); +}); + +app.get("/", async function (req, res) { + socket_client.write("screenshot"); + while (!doneWrite) await sleep(15); + res.sendFile("/code/screenshot.png"); + doneWrite = 0; }); app.post("/", function (req, res) { @@ -40,19 +42,9 @@ app.post("/", function (req, res) { `the query params must be x <= ${device_size_x}, y <= ${device_size_y}\n` ); } else { - const cmd_res = child_process.spawnSync("sshpass", [ - "-p", - "toor", - "ssh", - "android", - "bash", - "/conf/touch.sh", - x, - y, - ]); - if (cmd_res.status === 0) res.sendStatus(200); - else res.send("Touch event didnt happen\n"); + socket_client.write(`touch ${x} ${y}`); + res.sendStatus(200); } }); -app.listen(8080, () => console.log("Listening in port 8080\n")); +app.listen(8080, () => console.log("Listening in port 8080")); diff --git a/http_server/code/package-lock.json b/http_server/code/package-lock.json index 8f4da94..18aabe0 100644 --- a/http_server/code/package-lock.json +++ b/http_server/code/package-lock.json @@ -5,7 +5,8 @@ "packages": { "": { "dependencies": { - "express": "^4.18.2" + "express": "^4.18.2", + "net": "^1.0.2" } }, "node_modules/accepts": { @@ -380,6 +381,11 @@ "node": ">= 0.6" } }, + "node_modules/net": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/net/-/net-1.0.2.tgz", + "integrity": "sha512-kbhcj2SVVR4caaVnGLJKmlk2+f+oLkjqdKeQlmUtz6nGzOpbcobwVIeSURNgraV/v3tlmGIX82OcPCl0K6RbHQ==" + }, "node_modules/object-inspect": { "version": "1.12.3", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", diff --git a/http_server/code/package.json b/http_server/code/package.json index 0e6cd98..f2cb654 100644 --- a/http_server/code/package.json +++ b/http_server/code/package.json @@ -1,5 +1,6 @@ { "dependencies": { - "express": "^4.18.2" + "express": "^4.18.2", + "net": "^1.0.2" } } diff --git a/http_server/code/waitSocket.mjs b/http_server/code/waitSocket.mjs new file mode 100644 index 0000000..512855c --- /dev/null +++ b/http_server/code/waitSocket.mjs @@ -0,0 +1,16 @@ +import net from "net"; +import { exit } from "process"; + +async function sleep(time) { + return new Promise((resolve) => setTimeout(resolve, time)); +} + +while (true) { + let socket = net.createConnection({ port: 3000, host: "android" }); + + socket.on("connect", () => { + exit(0); + }); + socket.on("error", () => {}); + await sleep(200); +}