feat: add USB cable deployer (deploy_usb.py) + cert/firewall fixes#7
Open
simeononsecurity wants to merge 7 commits into
Open
feat: add USB cable deployer (deploy_usb.py) + cert/firewall fixes#7simeononsecurity wants to merge 7 commits into
simeononsecurity wants to merge 7 commits into
Conversation
deploy_usb.py (new): - One-command installer via USB cable — no WiFi required - Mirrors Rayhunter orbic-usb method: USB vendor ctrl request to switch device from RNDIS (0xf626) to ADB mode (0xf601) - AT+SYSCMD path (root via atfwd_daemon) with ADB shell fallback - Pushes firmware, boot script, and TLS certs to device - Configures iptables: ACCEPT 8443 (DagShell) + 8080, MASQUERADE NAT - Boot persistence via /data/usb/boot_hsusb_composition hook - Persistent daemon launch: uses init-context nc shell (port 24) to escape Android ADB cgroup — survives ADB disconnect - Post-deploy verification: process/port/TLS checks, no WiFi needed - --verify-only flag for checking existing installs dagshell_boot.sh: - Add iptables ACCEPT rule for port 8080 alongside 8443 orbic_fw_c/gen_pki.py: - Fix leaf cert validity: 365 days → 3650 days (10 years) - Fix deprecated datetime.utcnow() → datetime.now(timezone.utc) docs/deploy_usb_feature.md (new): - Full feature description, rationale, and quick-start guide
Catch usb.core.NoBackendError at import time by probing for a working backend with usb.core.find(). Without libusb installed (e.g. on macOS before 'brew install libusb') the script crashed with a traceback at step 2. Now degrades gracefully to ADB-only mode with a clear install hint.
- requirements.txt: add pyusb (optional) with libusb + adb install notes - README.md: add USB deploy dependencies to Requirements section and new 'Option C: USB Cable Deploy' deployment walkthrough
…lback Fixes the 'Operation timed out' / 'No such device' wall of errors seen on the first run right after a USB mode switch + reboot — the device accepted the serial-interface claim but atfwd_daemon was not ready yet. - Add USB_STABILIZE_SEC settle pause after a reboot before touching AT - Add at_health_check(): probe AT interface with a no-op until responsive - at_syscmd_raw now raises ATDeviceLost on errno 19 (device dropped) so we stop retrying every command against a dead handle - Extract install_via_at() and install_via_adb_shell() helpers - Step 7 now: stabilize -> health-check -> AT install (primary), with automatic fallback to the ADB shell path if the interface is unresponsive or drops mid-install - ADB fallback gained its own readiness wait + echo health check
rootshell: 408-byte ARM asm ELF, SUID root escalation (mirrors Rayhunter) dagshell_boot.sh: start orbic_app with </dev/null to avoid fd 0 socket bug
- deploy_usb.py v2.0: 8-step pipeline with rootshell SUID root gain - AT+SYSCMD installs rootshell (3 cmds: cp, chown, chmod 4755) - All privileged ops via 'adb shell /bin/rootshell -c' - Rayhunter compatible (detects existing rootshell, skips AT step) - Device reboot after install (boot script applies iptables) - .github/workflows/build-rootshell.yml: cross-compile on release - docs/deploy_usb_feature.md: rootshell details + compatibility matrix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Branch:
usb-installer→mainCloses: #6 #5
Summary
Adds
deploy_usb.py— a one-command USB cable installer for the Orbic RCL400 that works on completely fresh devices without requiring prior root access, WiFi connectivity, or Rayhunter pre-installation. The installer mirrors Rayhunter'sorbic-usbapproach and is fully compatible with devices that already have Rayhunter installed.Key Changes
New:
deploy_usb.pyv2.0 — rootshell-based install flowuid=2000, not root), uses AT+SYSCMD to install a SUID root binary at/bin/rootshellwith just 3 commands (cp,chown,chmod 4755). All subsequent privileged operations useadb shell /bin/rootshell -c "command"./bin/rootshellalready exists — detected automatically, AT+SYSCMD step skipped entirely.dagshell_boot.shon boot (from init context with full capabilities) rather than via rootshell (which lacksCAP_NET_ADMIN).New:
orbic_fw_c/rootshell+rootshell.Ssetgroups([3003, 3004])→setgid(0)→setuid(0)→execve("/bin/sh", argv, envp)-c "command"arguments for scripted userootshell.SNew:
.github/workflows/build-rootshell.ymlrootshell.Son every releasebinutils-arm-linux-gnueabifrom Ubuntu repos (no custom toolchain needed)Fixed:
orbic_fw_c/gen_pki.pydatetime.utcnow()deprecation warningsFixed:
dagshell_boot.shorbic_applaunched with</dev/null &to prevent fd 0 bug (server_fd==0 exit check)Improved: AT+SYSCMD reliability
ATDeviceLostexception for stale USB handles (errno 19)Install Flow Diagram
Files Changed
deploy_usb.pyorbic_fw_c/rootshellorbic_fw_c/rootshell.Sorbic_fw_c/rootshell.c.github/workflows/build-rootshell.ymldagshell_boot.shorbic_fw_c/gen_pki.pydocs/deploy_usb_feature.mddocs/pr_description.mdTesting