diff --git a/root-module-manual/main.py b/root-module-manual/main.py new file mode 100644 index 0000000..f7400e3 --- /dev/null +++ b/root-module-manual/main.py @@ -0,0 +1,164 @@ +import logging +import os +import re +import shutil +import subprocess +import sys +import zipfile + +# Define color codes for logging +class LogColors: + HEADER = '\033[95m' + OKBLUE = '\033[94m' + OKCYAN = '\033[96m' + OKGREEN = '\033[92m' + WARNING = '\033[93m' + FAIL = '\033[91m' + ENDC = '\033[0m' + BOLD = '\033[1m' + UNDERLINE = '\033[4m' + +# Custom logging formatter to include colors +class ColoredFormatter(logging.Formatter): + def format(self, record): + log_colors = { + 'DEBUG': LogColors.OKCYAN, + 'INFO': LogColors.OKGREEN, + 'WARNING': LogColors.WARNING, + 'ERROR': LogColors.FAIL, + 'CRITICAL': LogColors.FAIL + LogColors.BOLD + } + log_color = log_colors.get(record.levelname, LogColors.ENDC) + record.msg = f"{log_color}{record.msg}{LogColors.ENDC}" + return super().format(record) + +def run_command(command): + """ + Runs a shell command and logs the output. + + Args: + command (str): The command to run. + + Returns: + str: The standard output from the command. + + Raises: + SystemExit: If the command fails. + """ + logging.info(f"Running command: {command}") + result = subprocess.run(command, shell=True, capture_output=True, text=True) + if result.returncode != 0 and "Cannot determine entrypoint" not in result.stderr: + logging.error(f"Command failed: {command}\n{result.stderr}") + sys.exit(1) + logging.info(f"Command output: {result.stdout}") + return result.stdout + +def get_symbol_address(file_path, symbol_name): + """ + Gets the address of a symbol in a binary file using radare2. + + Args: + file_path (str): The path to the binary file. + symbol_name (str): The name of the symbol to find. + + Returns: + str: The address of the symbol. + + Raises: + SystemExit: If the symbol is not found. + """ + logging.info(f"Getting address for symbol: {symbol_name}") + output = run_command(f"radare2 -q -e bin.cache=true -c 'is~{symbol_name}' -z {file_path}") + match = re.search(r'0x[0-9a-fA-F]+', output) + if match: + address = match.group(0) + logging.info(f"Found address for {symbol_name}: {address}") + return address + else: + logging.error(f"Symbol {symbol_name} not found in {file_path}") + sys.exit(1) + +def patch_address(file_path, address, patch_bytes): + """ + Patches a specific address in a binary file with given bytes using radare2. + + Args: + file_path (str): The path to the binary file. + address (str): The address to patch. + patch_bytes (str): The bytes to write at the address. + + Raises: + SystemExit: If the patching command fails. + """ + logging.info(f"Patching address {address} with bytes: {patch_bytes}") + run_command(f"radare2 -q -e bin.cache=true -w -c 's {address}; wx {patch_bytes}; wci' {file_path}") + logging.info(f"Successfully patched address {address}") + +def copy_file_to_src(file_path): + """ + Copies a file to the 'src/' directory. + + Args: + file_path (str): The path to the file to copy. + """ + src_dir = 'src/' + if not os.path.exists(src_dir): + os.makedirs(src_dir) + shutil.copy(file_path, src_dir) + logging.info(f"Copied {file_path} to {src_dir}") + +def zip_src_files(): + """ + Zips all files in the 'src/' directory into 'btl2capfix.zip', preserving symlinks. + """ + with zipfile.ZipFile('btl2capfix.zip', 'w', zipfile.ZIP_DEFLATED, allowZip64=True) as zipf: + for root, dirs, files in os.walk('src/'): + for file in files: + file_path = os.path.join(root, file) + if file_path == os.path.join('src', os.path.basename(file_path)): + continue # Skip the original uploaded file + if os.path.islink(file_path): + link_target = os.readlink(file_path) + zip_info = zipfile.ZipInfo(os.path.relpath(file_path, 'src/')) + zip_info.create_system = 3 # Unix + zip_info.external_attr = 0o777 << 16 + zip_info.external_attr |= 0xA000 + zipf.writestr(zip_info, link_target) + else: + zipf.write(file_path, os.path.relpath(file_path, 'src/')) + logging.info("Zipped files under src/ into btl2capfix.zip") + +def main(): + """ + Main function to execute the script. It performs the following steps: + 1. Copies the input file to the 'src/' directory. + 2. Patches specific addresses in the binary file. + 3. Zips the files in the 'src/' directory into 'btl2capfix.zip'. + """ + logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') + logger = logging.getLogger() + handler = logger.handlers[0] + handler.setFormatter(ColoredFormatter('%(asctime)s - %(levelname)s - %(message)s')) + + if len(sys.argv) != 2: + logging.error("Usage: python main.py ") + sys.exit(1) + + file_path = sys.argv[1] + + # Patch l2c_fcr_chk_chan_modes + l2c_fcr_chk_chan_modes_address = get_symbol_address(file_path, "l2c_fcr_chk_chan_modes") + patch_address(file_path, l2c_fcr_chk_chan_modes_address, "20008052c0035fd6") + + # Patch l2cu_send_peer_info_req + l2cu_send_peer_info_req_address = get_symbol_address(file_path, "l2cu_send_peer_info_req") + patch_address(file_path, l2cu_send_peer_info_req_address, "c0035fd6") + + # Copy file to src/ + copy_file_to_src(file_path) + + # Zip files under src/ + zip_src_files() + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/root-module-manual/server.py b/root-module-manual/server.py new file mode 100644 index 0000000..530dd13 --- /dev/null +++ b/root-module-manual/server.py @@ -0,0 +1,278 @@ +from flask import Flask, request, jsonify, send_file, make_response +import os +import json +import uuid +import time +import threading +import logging +from main import get_symbol_address, patch_address, copy_file_to_src, zip_src_files + +app = Flask(__name__) +PATCHED_LIBRARIES = {} +PERMALINK_EXPIRY = 600 # 10 minutes +PATCHES_JSON = 'patches.json' + +# Configure logging +logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') +logger = logging.getLogger() + +def save_patch_info(permalink_id, file_path): + patch_info = { + 'permalink_id': permalink_id, + 'file_path': file_path, + 'timestamp': time.time() + } + if os.path.exists(PATCHES_JSON): + with open(PATCHES_JSON, 'r') as f: + patches = json.load(f) + else: + patches = [] + + patches.append(patch_info) + + with open(PATCHES_JSON, 'w') as f: + json.dump(patches, f, indent=4) + +@app.route('/') +def index(): + return ''' + + + + + + Library Patcher + + + +
+

Upload a library to patch

+
+
+ + Click to upload a file +
+ +
+
+
+
+
+ +
+ + + + ''' + +@app.route('/patch', methods=['POST']) +def patch(): + if 'file' not in request.files: + return jsonify({"error": "No file part"}), 400 + file = request.files['file'] + if file.filename == '': + return jsonify({"error": "No selected file"}), 400 + if not file.filename.endswith('.so'): + return jsonify({"error": "Invalid file type. Only .so files are allowed."}), 400 + file_path = os.path.join('uploads', file.filename) + file.save(file_path) + + # Patch the file + try: + l2c_fcr_chk_chan_modes_address = get_symbol_address(file_path, "l2c_fcr_chk_chan_modes") + patch_address(file_path, l2c_fcr_chk_chan_modes_address, "20008052c0035fd6") + l2cu_send_peer_info_req_address = get_symbol_address(file_path, "l2cu_send_peer_info_req") + patch_address(file_path, l2cu_send_peer_info_req_address, "c0035fd6") + except Exception as e: + logger.error(f"Error patching file: {str(e)}") + return jsonify({"error": f"Error patching file: {str(e)}"}), 500 + + # Create permalink + permalink_id = str(uuid.uuid4()) + PATCHED_LIBRARIES[permalink_id] = { + 'file_path': file_path, + 'timestamp': time.time() + } + + # Save patch info + save_patch_info(permalink_id, file_path) + + # Schedule deletion + threading.Timer(PERMALINK_EXPIRY, delete_expired_permalink, args=[permalink_id]).start() + + return jsonify({'permalink': f'/download/{permalink_id}'}) + +@app.route('/download/', methods=['GET']) +def download(permalink_id): + if permalink_id not in PATCHED_LIBRARIES: + return "Permalink expired or invalid", 404 + + file_path = PATCHED_LIBRARIES[permalink_id]['file_path'] + if not os.path.exists(file_path): + return "File not found", 404 + + try: + copy_file_to_src(file_path) + zip_src_files() + except Exception as e: + logger.error(f"Error preparing download: {str(e)}") + return f"Error preparing download: {str(e)}", 500 + + resp = make_response(send_file('btl2capfix.zip', as_attachment=True)) + resp.headers['Content-Disposition'] = f'attachment; filename=btl2capfix.zip' + return resp + +def delete_expired_permalink(permalink_id): + if permalink_id in PATCHED_LIBRARIES: + if os.path.exists(PATCHED_LIBRARIES[permalink_id]['file_path']): + os.remove(PATCHED_LIBRARIES[permalink_id]['file_path']) + del PATCHED_LIBRARIES[permalink_id] + +if not os.path.exists('uploads'): + os.makedirs('uploads') +if __name__ == '__main__': + app.run(debug=True, host='0.0.0.0', port=8080) diff --git a/root-module-manual/src/module.prop b/root-module-manual/src/module.prop new file mode 100644 index 0000000..616d101 --- /dev/null +++ b/root-module-manual/src/module.prop @@ -0,0 +1,6 @@ +id=btl2capfix +name=Bluetooth L2CAP workaround for AirPods +version=v1 +versionCode=1 +author=kavishdevar +description=Fixes the Bluetooth L2CAP connection issue with AirPods \ No newline at end of file diff --git a/root-module-manual/src/post-data-fs.sh b/root-module-manual/src/post-data-fs.sh new file mode 100644 index 0000000..85f3e5e --- /dev/null +++ b/root-module-manual/src/post-data-fs.sh @@ -0,0 +1,4 @@ +#!/system/bin/sh + +mount -t overlay overlay -o lowerdir=/apex/com.android.btservices/lib64,upperdir=/data/adb/modules/btl2capfix/apex/com.android.btservices/lib64,workdir=/data/adb/modules/btl2capfix/apex/com.android.btservices/work /apex/com.android.btservices/lib64 +mount -t overlay overlay -o lowerdir=/apex/com.android.btservices@352090000/lib64,upperdir=/data/adb/modules/btl2capfix/apex/com.android.btservices@352090000/lib64,workdir=/data/adb/modules/btl2capfix/apex/com.android.btservices@352090000/work /apex/com.android.btservices@352090000/lib64 \ No newline at end of file