-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathinstallSystem.sh
executable file
·99 lines (74 loc) · 3.2 KB
/
installSystem.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/bin/bash
# Source: https://stackoverflow.com/questions/28302833/how-to-install-an-app-in-system-app-while-developing-from-android-studio
# START THE EMULATOR WITH ./emulator -writable-system -netdelay none -netspeed full -avd Nexus_5_API_25_for_AppFuzzer
set -euo pipefail
# Add Android to PATH
# ****** CHANGE THIS
export ANDROID_HOME="/opt/Android/Sdk"
export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools:$ANDROID_HOME/tools/bin
# Add aapt to path
AAPT_DIR=`find "$ANDROID_HOME" -name "aapt" | head -n 1 | rev | cut -d "/" -f 1 --complement | rev`
export PATH=${PATH}:${AAPT_DIR}
app_package="com.example.link.appfuzzer"
dir_app_name="AppFuzzer"
MAIN_ACTIVITY="MainActivity"
ADB="adb" # how you execute adb
ADB_SH="$ADB shell su root"
path_sysapp="/system/priv-app" # assuming the app is privileged
apk_host_dir="./app/build/outputs/apk/"
apk_host_unsigned="${apk_host_dir}app-debug.apk"
apk_host_signed="${apk_host_dir}signed.apk"
apk_name="${dir_app_name}.apk"
apk_target_dir="$path_sysapp/$dir_app_name" # /system/priv-app/AppFuzzer
apk_target_sys="$apk_target_dir/$apk_name" # /system/priv-app/AppFuzzer/AppFuzzer.apk
# Delete previous APKs
rm -f ${apk_host_signed}
rm -f ${apk_host_unsigned}
# Compile the APK: you can adapt this for production build, flavors, etc.
./gradlew assembleDebug || exit 1
# Sign our apk
cd "$apk_host_dir"
java -jar signapk.jar platform.x509.pem platform.pk8 app-debug.apk signed.apk
cd -
# Set some parameters in Android to get AppFuzzer to work
# Activate side-loading of apps
$ADB_SH settings put secure install_non_market_apps 1
# Disable Google checks for malicious code in side-loaded apps
$ADB_SH settings put global package_verifier_enable 0
# Set animation time to 0
$ADB_SH settings put global window_animation_scale 0.0
$ADB_SH settings put global transition_animation_scale 0.0
# Set always-on when charging
$ADB_SH settings put global stay_on_while_plugged_in 3
# Find the temp dir
temp_dir="/data/local/tmp/"
# Install APK: using adb su
echo "Preparing system to install APK …"
echo "1." $ADB_SH "mount -o rw,remount /system"
$ADB_SH "mount -o rw,remount /system"
echo "2." $ADB_SH "chmod 777 /system/lib/"
$ADB_SH "chmod 777 /system/lib/"
echo "3." $ADB_SH "mkdir -p ${apk_target_dir}"
$ADB_SH "mkdir -p ${apk_target_dir}"
echo "4." $ADB push "${apk_host_signed}" "${temp_dir}${apk_name}"
$ADB push "${apk_host_signed}" "${temp_dir}${apk_name}"
echo "5." $ADB_SH "mv ${temp_dir}${apk_name} ${apk_target_sys}"
$ADB_SH "mv -f ${temp_dir}${apk_name} ${apk_target_sys}"
#echo "7." $ADB_SH "rmdir ${temp_dir}"
#$ADB_SH "rmdir ${temp_dir}"
#$ADB_SH "mount -o rw,remount /"
#$ADB remount # mount system
#$ADB push $apk_host_signed $apk_target_sys
# Give permissions
$ADB_SH "chmod 755 $apk_target_dir"
$ADB_SH "chmod 644 $apk_target_sys"
#Unmount system
#$ADB_SH "mount -o remount,ro /system"
# Stop the app
$ADB_SH "am force-stop $app_package"
# Uninstall and install the app
#$ADB_SH "pm uninstall $app_package" || echo "App not installed, so not removed."
echo "Installing the app ..."
$ADB_SH "pm install -r $apk_target_sys"
# Re execute the app
$ADB_SH "am start -n \"$app_package/$app_package.$MAIN_ACTIVITY\" -a android.intent.action.MAIN -c android.intent.category.LAUNCHER"