Compare commits

...

2 Commits

Author SHA1 Message Date
wpetit 2306a08844 chore: add mxq tvstick cleanup script 2024-04-24 10:50:16 +02:00
wpetit fa1ed6ea42 feat: use persistent configuration file 2024-04-24 10:49:47 +02:00
9 changed files with 389 additions and 69 deletions

View File

@ -1,30 +1,26 @@
//go:build android
// +build android
package main package main
import ( import (
"context" "context"
"crypto/tls"
"os" "os"
"sync" "path/filepath"
"forge.cadoles.com/arcad/arcast" "forge.cadoles.com/arcad/arcast"
"forge.cadoles.com/arcad/arcast/pkg/browser/gioui" "forge.cadoles.com/arcad/arcast/pkg/browser/gioui"
"forge.cadoles.com/arcad/arcast/pkg/selfsigned" "forge.cadoles.com/arcad/arcast/pkg/config"
"forge.cadoles.com/arcad/arcast/pkg/server" "forge.cadoles.com/arcad/arcast/pkg/server"
"gioui.org/app" "gioui.org/app"
"gioui.org/io/system" "gioui.org/io/system"
"gioui.org/layout" "gioui.org/layout"
"gioui.org/op" "gioui.org/op"
"github.com/gioui-plugins/gio-plugins/plugin" "github.com/gioui-plugins/gio-plugins/plugin"
"github.com/gioui-plugins/gio-plugins/safedata"
"github.com/gioui-plugins/gio-plugins/safedata/giosafedata"
"github.com/gioui-plugins/gio-plugins/webviewer/webview" "github.com/gioui-plugins/gio-plugins/webviewer/webview"
"github.com/pkg/errors" "github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger" "gitlab.com/wpetit/goweb/logger"
) )
const instanceIDSecretIdentifier = "instance_id" const packageName = "com.cadoles.arcast_player"
func main() { func main() {
ctx := context.Background() ctx := context.Background()
@ -36,12 +32,6 @@ func main() {
browser := gioui.NewBrowser(window) browser := gioui.NewBrowser(window)
var safeDataConfig safedata.Config
var safeDataConfigWaigGroup sync.WaitGroup
var initSafeDataConfig sync.Once
safeDataConfigWaigGroup.Add(1)
go func() { go func() {
ops := new(op.Ops) ops := new(op.Ops)
for { for {
@ -56,11 +46,6 @@ func main() {
gtx := layout.NewContext(ops, evt) gtx := layout.NewContext(ops, evt)
browser.Layout(gtx) browser.Layout(gtx)
evt.Frame(gtx.Ops) evt.Frame(gtx.Ops)
case app.ViewEvent:
initSafeDataConfig.Do(func() {
defer safeDataConfigWaigGroup.Done()
safeDataConfig = giosafedata.NewConfigFromViewEvent(window, evt, "com.cadoles.arcast_player")
})
} }
} }
}() }()
@ -71,26 +56,32 @@ func main() {
ctx, cancel := context.WithCancel(ctx) ctx, cancel := context.WithCancel(ctx)
defer cancel() defer cancel()
safeDataConfigWaigGroup.Wait() conf := config.DefaultConfig()
safe := safedata.NewSafeData(safeDataConfig) configFiles := getConfigFiles(ctx)
for _, f := range configFiles {
instanceID, err := getInstanceIDFromSafeData(ctx, safe) logger.Info(ctx, "loading or creating configuration file", logger.F("filename", f))
if err != nil { if err := config.LoadOrCreate(ctx, f, conf, config.DefaultTransforms...); err != nil {
logger.Fatal(ctx, "could not retrieve instance id", logger.CapturedE(errors.WithStack(err))) logger.Error(ctx, "could not load configuration file", logger.CapturedE(errors.WithStack(err)))
continue
} }
cert, err := selfsigned.NewLANCert() break
}
cert, err := tls.X509KeyPair(conf.HTTPS.Cert, conf.HTTPS.Key)
if err != nil { if err != nil {
logger.Fatal(ctx, "could not generate self signed certificate", logger.CapturedE(errors.WithStack(err))) logger.Fatal(ctx, "could not parse x509 certificate", logger.CapturedE(errors.WithStack(err)))
} }
server := server.New( server := server.New(
browser, browser,
server.WithInstanceID(instanceID), server.WithInstanceID(conf.InstanceID),
server.WithAppsEnabled(true), server.WithAppsEnabled(conf.Apps.Enabled),
server.WithDefaultApp("home"), server.WithDefaultApp(conf.Apps.DefaultApp),
server.WithApps(arcast.DefaultApps...), server.WithApps(arcast.DefaultApps...),
server.WithTLSCertificate(cert), server.WithTLSCertificate(&cert),
server.WithAddress(conf.HTTP.Address),
server.WithTLSAddress(conf.HTTPS.Address),
) )
if err := server.Start(); err != nil { if err := server.Start(); err != nil {
@ -112,26 +103,19 @@ func main() {
app.Main() app.Main()
} }
func getInstanceIDFromSafeData(ctx context.Context, safe *safedata.SafeData) (string, error) { func getConfigFiles(ctx context.Context) []string {
instanceIDSecret, err := safe.Get(instanceIDSecretIdentifier) configFiles := make([]string, 0)
if err != nil && err.Error() != "not found" {
logger.Error(ctx, "could not retrieve instance id secret", logger.CapturedE(errors.WithStack(err)))
}
var instanceID string sharedStorageConfigFile := filepath.Join("/storage/emulated/0/Android/data", packageName, "files/config.json")
if len(instanceIDSecret.Data) > 0 { configFiles = append(configFiles, sharedStorageConfigFile)
instanceID = string(instanceIDSecret.Data)
dataDir, err := app.DataDir()
if err != nil {
logger.Error(ctx, "could not retrieve app data dir", logger.CapturedE(errors.WithStack(err)))
} else { } else {
instanceID = server.NewRandomInstanceID() appDataConfigFile := filepath.Join(dataDir, "config.json")
configFiles = append(configFiles, appDataConfigFile)
instanceIDSecret.Identifier = instanceIDSecretIdentifier
instanceIDSecret.Data = []byte(instanceID)
instanceIDSecret.Description = "Arcast player instance identifier"
if err := safe.Set(instanceIDSecret); err != nil {
return "", errors.Wrapf(err, "could not save instance id secret")
}
} }
return instanceID, nil return configFiles
} }

View File

@ -1,12 +1,14 @@
package player package player
import ( import (
"context"
"crypto/tls"
"fmt" "fmt"
"os" "os"
"forge.cadoles.com/arcad/arcast" "forge.cadoles.com/arcad/arcast"
"forge.cadoles.com/arcad/arcast/pkg/browser/lorca" "forge.cadoles.com/arcad/arcast/pkg/browser/lorca"
"forge.cadoles.com/arcad/arcast/pkg/selfsigned" "forge.cadoles.com/arcad/arcast/pkg/config"
"forge.cadoles.com/arcad/arcast/pkg/server" "forge.cadoles.com/arcad/arcast/pkg/server"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/urfave/cli/v2" "github.com/urfave/cli/v2"
@ -15,9 +17,15 @@ import (
func Run() *cli.Command { func Run() *cli.Command {
defaults := lorca.NewOptions() defaults := lorca.NewOptions()
return &cli.Command{ return &cli.Command{
Name: "run", Name: "run",
Flags: []cli.Flag{ Flags: []cli.Flag{
&cli.StringFlag{
Name: "config",
EnvVars: []string{"ARCAST_DESKTOP_CONFIG"},
Value: config.DefaultConfigFile(context.Background()),
},
&cli.StringSliceFlag{ &cli.StringSliceFlag{
Name: "additional-chrome-arg", Name: "additional-chrome-arg",
EnvVars: []string{"ARCAST_DESKTOP_ADDITIONAL_CHROME_ARGS"}, EnvVars: []string{"ARCAST_DESKTOP_ADDITIONAL_CHROME_ARGS"},
@ -34,8 +42,8 @@ func Run() *cli.Command {
Value: ":", Value: ":",
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "tls-address", Name: "https-address",
EnvVars: []string{"ARCAST_DESKTOP_TLS_ADDRESS"}, EnvVars: []string{"ARCAST_DESKTOP_HTTPS_ADDRESS"},
Value: ":", Value: ":",
}, },
&cli.IntFlag{ &cli.IntFlag{
@ -55,12 +63,10 @@ func Run() *cli.Command {
}, },
}, },
Action: func(ctx *cli.Context) error { Action: func(ctx *cli.Context) error {
configFile := ctx.String("config")
windowHeight := ctx.Int("window-height") windowHeight := ctx.Int("window-height")
windowWidth := ctx.Int("window-width") windowWidth := ctx.Int("window-width")
chromeArgs := addFlagsPrefix(ctx.StringSlice("additional-chrome-arg")...) chromeArgs := addFlagsPrefix(ctx.StringSlice("additional-chrome-arg")...)
enableApps := ctx.Bool("apps")
serverAddress := ctx.String("address")
serverTLSAddress := ctx.String("tls-address")
browser := lorca.NewBrowser( browser := lorca.NewBrowser(
lorca.WithAdditionalChromeArgs(chromeArgs...), lorca.WithAdditionalChromeArgs(chromeArgs...),
@ -84,24 +90,43 @@ func Run() *cli.Command {
} }
}() }()
instanceID := ctx.String("instance-id") conf := config.DefaultConfig()
if instanceID == "" {
instanceID = server.NewRandomInstanceID() logger.Info(ctx.Context, "loading or creating configuration file", logger.F("filename", configFile))
if err := config.LoadOrCreate(ctx.Context, configFile, conf, config.DefaultTransforms...); err != nil {
logger.Error(ctx.Context, "could not load configuration file", logger.CapturedE(errors.WithStack(err)))
} }
cert, err := selfsigned.NewLANCert() instanceID := ctx.String("instance-id")
if instanceID != "" {
conf.InstanceID = instanceID
}
cert, err := tls.X509KeyPair(conf.HTTPS.Cert, conf.HTTPS.Key)
if err != nil { if err != nil {
return errors.Wrap(err, "could not generate self signed certificate") return errors.Wrap(err, "could not parse tls cert/key pair")
}
if ctx.IsSet("apps") {
conf.Apps.Enabled = ctx.Bool("apps")
}
if ctx.IsSet("address") {
conf.HTTP.Address = ctx.String("address")
}
if ctx.IsSet("https-address") {
conf.HTTPS.Address = ctx.String("tls-address")
} }
server := server.New(browser, server := server.New(browser,
server.WithInstanceID(instanceID), server.WithInstanceID(conf.InstanceID),
server.WithAppsEnabled(enableApps), server.WithAppsEnabled(conf.Apps.Enabled),
server.WithDefaultApp("home"), server.WithDefaultApp(conf.Apps.DefaultApp),
server.WithApps(arcast.DefaultApps...), server.WithApps(arcast.DefaultApps...),
server.WithAddress(serverAddress), server.WithAddress(conf.HTTP.Address),
server.WithTLSAddress(serverTLSAddress), server.WithTLSAddress(conf.HTTPS.Address),
server.WithTLSCertificate(cert), server.WithTLSCertificate(&cert),
) )
if err := server.Start(); err != nil { if err := server.Start(); err != nil {

View File

@ -0,0 +1,82 @@
### Source https://github.com/DesktopECHO/T95-H616-Malware
###
### Clobber Malware/Junk - Run in PowerShell or Bash
### Requires ADB Connection (ie: adb connect 10.13.12.11:5555)
###
### Install ADB (If not already installed)
###
### - Assuming you're on Windows, to install ADB simply
### install Chocolatey and install ADB using Choco:
### choco install adb
###
### - macOS users have Homebrew to accomplish the same thing:
### brew install android-platform-tools
###
wget https://github.com/bromite/bromite/releases/latest/download/arm_ChromePublic.apk -O chromium.apk
wget https://github.com/TeamAmaze/AmazeFileManager/releases/latest/download/app-fdroid-release.apk -O filemanager.apk
wget https://raw.githubusercontent.com/make-github-pseudonymous-again/pixels/main/1x1%23000000.jpg -O BlackBackground.jpg
wget https://f-droid.org/repo/com.termux_118.apk -O termux.apk
wget https://github.com/DesktopECHO/Pi-hole-for-Android/releases/latest/download/pideploy.apk -O pideploy.apk
adb push BlackBackground.jpg /sdcard/Download/BlackBackground.jpg
adb root
sleep 10
adb shell "cmd uimode night yes"
adb install filemanager.apk
adb install termux.apk
adb install pideploy.apk
adb install chromium.apk
adb shell pm uninstall --user 0 com.adups.fota
adb shell pm uninstall --user 0 com.ftest
adb shell pm uninstall --user 0 com.ionitech.airscreen
adb shell pm uninstall --user 0 com.charon.rocketfly
adb shell pm uninstall --user 0 com.netflix.mediaclient
adb shell pm uninstall --user 0 com.android.music
adb shell pm uninstall --user 0 com.android.dynsystem
adb shell pm uninstall --user 0 com.android.egg
adb shell pm uninstall --user 0 com.www.intallapp
adb shell pm uninstall --user 0 com.www.productdeclare
adb shell pm uninstall --user 0 org.xbmc.kodi
adb shell pm uninstall --user 0 com.softwinner.TvdFileManager
adb shell pm uninstall --user 0 com.apkpure.aegon
adb shell pm uninstall --user 0 com.amazon.avod.thirdpartyclient
adb shell pm uninstall --user 0 com.adups.market
adb shell pm uninstall --user 0 com.android.camera2
adb shell pm uninstall --user 0 com.android.deskclock
adb shell pm uninstall --user 0 com.android.chrome
adb shell pm uninstall --user 0 com.google.android.feedback
adb shell pm uninstall --user 0 com.google.android.katniss
adb shell pm uninstall --user 0 net.lightflash.wallpapersn
adb shell pm uninstall --user 0 com.google.android.youtube.tv
adb shell pm uninstall --user 0 com.android.gallery3d
adb shell pm uninstall --user 0 com.android.wallpaper.livepicker
adb shell pm uninstall --user 0 com.android.wallpaperbackup
adb shell pm uninstall --user 0 com.android.dreams.basic
adb shell pm uninstall --user 0 com.android.dreams.web
adb shell pm uninstall --user 0 com.android.dreams.phototable
adb shell pm uninstall --user 0 cm.aptoidetv.pt
adb shell rm -rf /data/data/org.xbmc.kodi
adb shell rm -rf /data/data/com.www.intallapp
adb shell rm -rf /data/data/com.www.productdeclare
adb shell rm -rf /data/media/0/Android/data/com.adups.fota
adb shell rm -rf /data/misc/profiles/ref/com.adups.fota
adb shell rm -rf /data/misc/profiles/cur/0/com.adups.fota
adb shell rm -rf /data/system/shared_prefs
adb shell mkdir -p /data/system/shared_prefs/open_preference.xml
adb shell chmod 0000 /data/system/shared_prefs/open_preference.xml
adb shell /vendor/bin/busybox chattr +i /data/system/shared_prefs/open_preference.xml
adb shell rm -rf /data/system/Corejava
adb shell touch /data/system/Corejava
adb shell chmod 0000 /data/system/Corejava
adb shell /vendor/bin/busybox chattr +i /data/system/Corejava
adb shell rm -rf /data/data/com.adups.fota
adb shell touch /data/data/com.adups.fota
adb shell chmod 0000 /data/data/com.adups.fota
adb shell /vendor/bin/busybox chattr +i /data/data/com.adups.fota
echo Cleanup finished, reboot your device.

114
pkg/config/config.go Normal file
View File

@ -0,0 +1,114 @@
package config
import (
"context"
"encoding/json"
"os"
"path/filepath"
"forge.cadoles.com/arcad/arcast/pkg/server"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
)
type Config struct {
InstanceID string `json:"instanceId"`
HTTP HTTPConfig `json:"http"`
HTTPS HTTPSConfig `json:"https"`
Apps AppsConfig `json:"apps"`
}
type HTTPConfig struct {
Address string `json:"address"`
}
type HTTPSConfig struct {
Address string `json:"address"`
Cert []byte `json:"cert"`
Key []byte `json:"key"`
SelfSigned SelfSignedCertConfig `json:"selfSigned"`
}
type SelfSignedCertConfig struct {
Enabled bool `json:"enabled"`
NetworkFingerprint string `json:"networkFingerprint"`
}
type AppsConfig struct {
Enabled bool `json:"enabled"`
DefaultApp string `json:"defaultApp"`
}
type TransformFunc func(ctx context.Context, conf *Config) error
func DefaultConfigFile(ctx context.Context) string {
configDir, err := os.UserConfigDir()
if err != nil {
logger.Error(ctx, "could not get user config dir", logger.CapturedE(errors.WithStack(err)))
configDir = ""
}
if configDir != "" {
configDir = filepath.Join(configDir, "arcast-player")
}
return filepath.Join(configDir, "config.json")
}
func LoadOrCreate(ctx context.Context, filename string, conf *Config, funcs ...TransformFunc) error {
data, err := os.ReadFile(filename)
if err != nil && !os.IsNotExist(err) {
return errors.WithStack(err)
}
if data != nil {
if err := json.Unmarshal(data, conf); err != nil {
return errors.WithStack(err)
}
}
for _, fn := range funcs {
if err := fn(ctx, conf); err != nil {
return errors.WithStack(err)
}
}
data, err = json.MarshalIndent(conf, "", " ")
if err != nil {
return errors.WithStack(err)
}
dirname := filepath.Dir(filename)
if _, err := os.Stat(dirname); os.IsNotExist(err) {
if err := os.MkdirAll(dirname, 0777); err != nil {
return errors.WithStack(err)
}
}
if err := os.WriteFile(filename, data, 0640); err != nil {
return errors.WithStack(err)
}
return nil
}
func DefaultConfig() *Config {
return &Config{
InstanceID: server.NewRandomInstanceID(),
HTTP: HTTPConfig{
Address: ":45555",
},
HTTPS: HTTPSConfig{
Address: ":45556",
SelfSigned: SelfSignedCertConfig{
Enabled: true,
NetworkFingerprint: "",
},
},
Apps: AppsConfig{
Enabled: true,
DefaultApp: "home",
},
}
}

View File

@ -0,0 +1,6 @@
package config
var DefaultTransforms = []TransformFunc{
GenerateSelfSignedCert,
RenewExpiredSelfSignedCert,
}

100
pkg/config/selfsigned.go Normal file
View File

@ -0,0 +1,100 @@
package config
import (
"context"
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"fmt"
"slices"
"time"
"forge.cadoles.com/arcad/arcast/pkg/network"
"forge.cadoles.com/arcad/arcast/pkg/selfsigned"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
)
func GenerateSelfSignedCert(ctx context.Context, conf *Config) error {
if !conf.HTTPS.SelfSigned.Enabled {
return nil
}
if conf.HTTPS.Cert != nil && conf.HTTPS.Key != nil {
return nil
}
rawCert, rawKey, err := selfsigned.NewLANKeyPair()
if err != nil {
return errors.Wrap(err, "could not generate self signed x509 key pair")
}
conf.HTTPS.Cert = rawCert
conf.HTTPS.Key = rawKey
networkFingerprint, err := getNetworkFingerprint()
if err != nil {
return errors.Wrap(err, "could not retrieve network fingerprint")
}
conf.HTTPS.SelfSigned.NetworkFingerprint = networkFingerprint
return nil
}
func RenewExpiredSelfSignedCert(ctx context.Context, conf *Config) error {
if !conf.HTTPS.SelfSigned.Enabled {
return nil
}
if conf.HTTPS.Cert == nil || conf.HTTPS.Key == nil {
if err := GenerateSelfSignedCert(ctx, conf); err != nil {
return errors.WithStack(err)
}
}
cert, err := tls.X509KeyPair(conf.HTTPS.Cert, conf.HTTPS.Key)
if err != nil {
return errors.Wrap(err, "could not parse x509 cert/key pair")
}
leaf, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
logger.Error(ctx, "could not parse x509 certificate, regenerating one", logger.CapturedE(errors.WithStack(err)))
if err := GenerateSelfSignedCert(ctx, conf); err != nil {
return errors.WithStack(err)
}
}
// Check that self-signed certificate is still valid
if time.Now().Before(leaf.NotAfter) {
return nil
}
logger.Warn(ctx, "self-signed certificate has expired, regenerating one", logger.CapturedE(errors.WithStack(err)))
if err := GenerateSelfSignedCert(ctx, conf); err != nil {
return errors.WithStack(err)
}
return nil
}
func getNetworkFingerprint() (string, error) {
ips, err := network.GetLANIPv4Addrs()
if err != nil {
return "", errors.WithStack(err)
}
slices.Sort(ips)
hash := sha256.New()
for _, ip := range ips {
if _, err := hash.Write([]byte(ip)); err != nil {
return "", errors.WithStack(err)
}
}
return fmt.Sprintf("%x", hash.Sum(nil)), nil
}

View File

@ -19,15 +19,24 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
func NewLANCert() (*tls.Certificate, error) { func NewLANKeyPair() ([]byte, []byte, error) {
hosts, err := network.GetLANIPv4Addrs() hosts, err := network.GetLANIPv4Addrs()
if err != nil { if err != nil {
return nil, errors.WithStack(err) return nil, nil, errors.WithStack(err)
} }
hosts = append(hosts, "127.0.0.1") hosts = append(hosts, "127.0.0.1")
rawCert, rawKey, err := NewCertKeyPair(hosts...) rawCert, rawKey, err := NewCertKeyPair(hosts...)
if err != nil {
return nil, nil, errors.WithStack(err)
}
return rawCert, rawKey, nil
}
func NewLANCert() (*tls.Certificate, error) {
rawCert, rawKey, err := NewLANKeyPair()
if err != nil { if err != nil {
return nil, errors.WithStack(err) return nil, errors.WithStack(err)
} }

View File

@ -41,7 +41,7 @@ func (s *Server) handleBroadcast(w http.ResponseWriter, r *http.Request) {
for { for {
messageType, message, err := c.ReadMessage() messageType, message, err := c.ReadMessage()
if err != nil { if err != nil && !websocket.IsCloseError(err, 1001) {
logger.Error(ctx, "could not read message", logger.E(errors.WithStack(err))) logger.Error(ctx, "could not read message", logger.E(errors.WithStack(err)))
break break
} }

View File

@ -3,7 +3,7 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Arcast - Idle</title> <title>Arcast - Ready to cast !</title>
<style> <style>
html { html {
box-sizing: border-box; box-sizing: border-box;