forked from tuya-cloudcutter/tuya-cloudcutter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommon_run.sh
executable file
·134 lines (123 loc) · 5.83 KB
/
common_run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/usr/bin/env bash
# Select the right device
if [ "${PROFILE}" == "" ]; then
if [ $METHOD_FLASH ]; then
run_in_docker pipenv run python3 get_input.py -w /work -o /work/profile.txt choose-profile -f
else
run_in_docker pipenv run python3 get_input.py -w /work -o /work/profile.txt choose-profile
fi
else
run_in_docker pipenv run python3 get_input.py -w /work -o /work/profile.txt write-profile $PROFILE
fi
if [ ! $? -eq 0 ]; then
echo "Failed to choose a profile, please run this script again"
exit 1
fi
PROFILE=$(cat profile.txt)
rm -f profile.txt
LOCAL_PROFILE=$(echo "${PROFILE}" | sed 's/\/work\///g')
SLUGS=($(cat ${LOCAL_PROFILE} | grep -oP '(?<="slug": ")[^"]*'))
if ! [ -z "${SLUGS}" ]; then
DEVICESLUG="${SLUGS[0]}"
if [ "${#SLUGS[@]}" -eq 1 ]; then
PROFILES_GREP=($(cat ${LOCAL_PROFILE} | grep -A1 '"profiles": \[' | tr -d "\t" | tr -d "\"" | tr -d " " | tr -d "["))
PROFILESLUG="${PROFILES_GREP[1]}"
else
PROFILESLUG="${SLUGS[1]}"
fi
fi
CHIP=$(cat "${LOCAL_PROFILE}" | grep -o '"chip": "[^"]*' | grep -o '[^"]*$')
run_helper_script "pre-safety-checks"
source safety_checks.sh
if [ $METHOD_FLASH ]; then
# Select the right firmware
if [ "${FIRMWARE}" == "" ]; then
run_in_docker pipenv run python3 get_input.py -w /work -o /work/firmware.txt choose-firmware -c "${CHIP}"
else
run_in_docker pipenv run python3 get_input.py -w /work -o /work/firmware.txt validate-firmware-file "${FIRMWARE}" -c "${CHIP}"
fi
if [ ! $? -eq 0 ]; then
exit 1
fi
FIRMWARE=$(cat firmware.txt)
rm -f firmware.txt
fi
echo "Selected Device Slug: ${DEVICESLUG}"
echo "Selected Profile: ${PROFILESLUG}"
if ! [ -z "${FIRMWARE}" ]; then
echo "Selected Firmware: ${FIRMWARE}"
fi
if ! [ -z "${AUTHKEY}" ] && ! [ -z "${UUID}" ] && ! [ -z "${PSKKEY}" ]; then
echo "Using AuthKey ${AUTHKEY} , UUID ${UUID} , and PSKKey ${PSKKEY}"
if ! [ -z "${DEVICEID}" ] && ! [ -z "${LOCALKEY}" ]; then
echo "Using DeviceId ${DEVICEID} and LocalKey ${LOCALKEY}"
fi
echo "Writing deviceconfig file..."
OUTPUT=$(run_in_docker pipenv run python3 -m cloudcutter write_deviceconfig "${PROFILE}" "${VERBOSE_OUTPUT}" --deviceid "${DEVICEID}" --localkey "${LOCALKEY}" --authkey "${AUTHKEY}" --uuid "${UUID}" --pskkey "${PSKKEY}")
else
# Connect to Tuya device's WiFi
echo ""
echo "================================================================================"
echo "Place your device in AP (slow blink) mode. This can usually be accomplished by either:"
echo "Power cycling off/on - 3 times and wait for the device to fast-blink, then repeat 3 more times. Some devices need 4 or 5 times on each side of the pause"
echo "Long press the power/reset button on the device until it starts fast-blinking, then releasing, and then holding the power/reset button again until the device starts slow-blinking."
echo "See https://support.tuya.com/en/help/_detail/K9hut3w10nby8 for more information."
echo "================================================================================"
echo ""
run_helper_script "pre-wifi-exploit"
wifi_connect
if [ ! $? -eq 0 ]; then
echo "Failed to connect, please run this script again"
exit 1
fi
# Exploit chain
echo "Waiting 1 sec to allow device to set itself up..."
sleep 1
echo "Running initial exploit toolchain..."
if ! [ -z "${DEVICEID}" ] && ! [ -z "${LOCALKEY}" ]; then
echo "Using DeviceId ${DEVICEID} and LocalKey ${LOCALKEY}"
fi
OUTPUT=$(run_in_docker pipenv run python3 -m cloudcutter exploit_device "${PROFILE}" "${VERBOSE_OUTPUT}" --deviceid "${DEVICEID}" --localkey "${LOCALKEY}")
fi
RESULT=$?
echo "${OUTPUT}"
if [ ! $RESULT -eq 0 ]; then
echo "Oh no, something went wrong with running the exploit! Try again I guess..."
exit 1
fi
CONFIG_DIR=$(echo "${OUTPUT}" | grep "output=" | awk -F '=' '{print $2}' | sed -e 's/\r//')
echo "Saved device config in ${CONFIG_DIR}"
# Connect to Tuya device's WiFi again, to make it connect to our hostapd AP later
echo ""
echo "================================================================================"
echo "Power cycle and place your device in AP (slow blink) mode again. This can usually be accomplished by either:"
echo "Power cycling off/on - 3 times and wait for the device to fast-blink, then repeat 3 more times. Some devices need 4 or 5 times on each side of the pause"
echo "Long press the power/reset button on the device until it starts fast-blinking, then releasing, and then holding the power/reset button again until the device starts slow-blinking."
echo "See https://support.tuya.com/en/help/_detail/K9hut3w10nby8 for more information."
echo "================================================================================"
echo ""
sleep 5
run_helper_script "pre-wifi-config"
wifi_connect
if [ ! $? -eq 0 ]; then
echo "Failed to connect, please run this script again"
exit 1
fi
# If the AP prefix did not change, the exploit was not successful
# End the process now to end further confusion
if [[ $AP_MATCHED_NAME != A-* ]] && [ -z "${AUTHKEY}" ]; then
echo "================================================================================"
echo "[!] The profile you selected did not result in a successful exploit."
echo "================================================================================"
exit 1
fi
# Add a minor delay to stabilize after connection
sleep 1
OUTPUT=$(run_in_docker pipenv run python3 -m cloudcutter configure_wifi "cloudcutterflash" "abcdabcd" "${VERBOSE_OUTPUT}")
RESULT=$?
echo "${OUTPUT}"
if [ ! $RESULT -eq 0 ]; then
echo "Oh no, something went wrong with making the device connect to our hostapd AP! Try again I guess..."
exit 1
fi
echo "Device is connecting to 'cloudcutterflash' access point. Passphrase for the AP is 'abcdabcd' (without ')"