tool to inject a shell script into legacy shims

README.md

@@ -91,6 +91,15 @@ When this finishes, the bin file in the path you provided will have been convert
 
 After injecting, you may continue to the "[Booting Into A Shim](#booting-into-a-shim)" section.
 
+#### Preseeding
+
+Once you've built a legacy shim, you can also 'preseed' it to run a shell script on boot rather than opening the menu:
+```shell
+sudo ./wax/inject_preseed.sh -s <path/to/legacy_shim.bin> -p <path/to/preseed/file.sh>
+```
+Preseed files can call any function defined in [factory_install.sh](https://github.com/MercuryWorkshop/sh1mmer/blob/beautifulworld/wax/sh1mmer_legacy/root/noarch/usr/sbin/factory_install.sh). See [here](https://github.com/MercuryWorkshop/sh1mmer/tree/beautifulworld/wax/preseed/examples) for examples.
+
+
 ***
 
 ### Booting Into A Shim
@@ -108,6 +117,7 @@ From here, you can play around with the options and do what you want.
 
 ***
 
+
 ### The Fog....
 
 Downgrading and unenrollment has been patched by Google™️.

wax/inject_preseed.sh

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+# TODO: properly error out/notify when run on a modern or raw shim
+
+SCRIPT_DIR=$(dirname "$0")
+SCRIPT_DIR=${SCRIPT_DIR:-"."}
+. "$SCRIPT_DIR/lib/wax_common.sh"
+
+PRESEED_FILENAME="usr/sbin/preseed.sh"
+
+set -eE
+
+[ "$EUID" -ne 0 ] && fail "Please run as root"
+missing_deps=$(check_deps partx sgdisk mkfs.ext4 mkfs.ext2 e2fsck resize2fs file)
+[ -n "$missing_deps" ] && fail "The following required commands weren't found in PATH:\n${missing_deps}"
+
+cleanup () {
+    log_debug "cleaning up..."
+    [ -z "$LOOPDEV" ] || losetup -d "$LOOPDEV" || :
+    trap - EXIT INT
+}
+
+trap 'echo $BASH_COMMAND failed with exit code $?. THIS IS A BUG, PLEASE REPORT!' ERR
+trap 'cleanup; exit' EXIT
+trap 'echo Abort.; cleanup; exit' INT
+
+cat <<EOF
+┌─────────────────────────────────────────────────────────────────────────────────────┐
+│ welcome to the preseed injection tool (name not sexual innuendo)                    │
+│ bypasses the sh1mmer menu and injects a shell script to run at boot                 │
+│ (see examples @ github.com/MercuryWorkshop/sh1mmer/tree/beautifulworld/wax/preseed) │
+│ credit: b0vik (darkn and r58playz provided moral support)                           │
+│ prereq: prebuilt legacy shim (NOT bw/modern)                                        │
+└─────────────────────────────────────────────────────────────────────────────────────┘
+EOF
+
+get_flags() {
+	load_shflags
+
+	FLAGS_HELP="Usage: $0 -s <path/to/legacy/shim.bin> -p <path/to/preseed.sh> [flags]"
+
+	DEFINE_string shim "" "Path to prebuilt legacy shim" "s"
+
+    DEFINE_string preseed "$SCRIPT_DIR/preseed/examples/dev_test.sh" "Path to preseed file" "p"
+
+	DEFINE_boolean debug "$FLAGS_FALSE" "Print debug messages" "d"
+
+	FLAGS "$@" || exit $?
+	# eval set -- "$FLAGS_ARGV" # we don't need this
+
+	if [ -z "$FLAGS_shim" ] || [ -z "$FLAGS_preseed" ]; then
+		flags_help || :
+		exit 1
+	fi
+}
+
+inject_preseed_file() {
+    log_info "injecting preseed file"
+
+    MNT_SH1MMER=$(mktemp -d)
+
+    mount "${LOOPDEV}p1" "$MNT_SH1MMER"
+
+    SH1MMER_SCRIPT_ROOT="$MNT_SH1MMER/root/noarch"
+
+    cp "$1" "$SH1MMER_SCRIPT_ROOT/$PRESEED_FILENAME"
+    chmod +x "$SH1MMER_SCRIPT_ROOT/$PRESEED_FILENAME" # just in case
+
+    if grep -q '# PRESEED_LOC' "$SH1MMER_SCRIPT_ROOT/usr/sbin/factory_install.sh"; then
+        # if the PRESEED_LOC comment exists in factory_install.sh, insert before it
+        log_debug "inserting before PRESEED_LOC"
+        sed -i "/# PRESEED_LOC/i . /$PRESEED_FILENAME" "$SH1MMER_SCRIPT_ROOT/usr/sbin/factory_install.sh"
+    else
+        # for shims built before that was added, just insert before 'printf "\033[?25h"'
+        log_debug "shim (likely) built before 2024-02-23, inserting before printf"
+        sed -i "/printf \"\\\\033\[?25h\"/i . /$PRESEED_FILENAME" "$SH1MMER_SCRIPT_ROOT/usr/sbin/factory_install.sh" # aggressive character escaping there buddy
+    fi
+
+    umount "$MNT_SH1MMER"
+    rmdir "$MNT_SH1MMER"
+
+}
+
+get_flags "$@"
+IMAGE="$FLAGS_shim"
+PRESEED="$FLAGS_preseed"
+
+check_file_rw "$IMAGE" || fail "$IMAGE doesn't exist, isn't a file, or isn't RW"
+check_gpt_image "$IMAGE" || fail "$IMAGE is not GPT, or is corrupted"
+check_slow_fs "$IMAGE"
+
+log_info "Creating loop device"
+LOOPDEV=$(losetup -f)
+losetup -P "$LOOPDEV" "$IMAGE"
+safesync
+
+inject_preseed_file "$FLAGS_preseed"
+safesync
+
+# losetup -d "$LOOPDEV"
+
+log_info "Injection successful."
+
+trap - EXIT

wax/preseed/examples/dev_test.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# sample preseed file
+# this is sourced at the PRESEED_LOC comment in factory_install.sh
+
+echo "preseed file worked!"
+exec bash

wax/preseed/examples/wp_loop_then_unenroll.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/bash
+
+
+# THIS IS COMPLETELY UNTESTED
+
+
+echo -e "${COLOR_GREEN_B}Loaded preseed file.${COLOR_RESET}"
+credits
+echo -e "@twinspikes - this script\n" # lol
+
+countdown() {
+    for i in {10..1}; do
+        read -t  1 -n  1 input
+        if [ "$input" = "Q" ]; then
+            echo -e "${COLOR_CYAN_B}\ncountdown canceled      ${COLOR_RESET}"
+            exec bash
+            return
+        fi
+        echo -ne "${COLOR_RED_B}$i seconds remaining   ${COLOR_RESET}\r"
+        sleep 1
+    done
+    echo -e "\n${COLOR_RED_B}rebooting${COLOR_RESET}"
+    reboot
+}
+
+finish_unenrolling() {
+    echo -e "${COLOR_GREEN_B}Setting GBB flags...${COLOR_RESET}"
+    /usr/share/vboot/bin/set_gbb_flags.sh 0x8090
+    echo -e "${COLOR_GREEN_B}Deprovisioning...${COLOR_RESET}"
+    deprovision
+    echo -e "${COLOR_GREEN_B}Enabling USB boot...${COLOR_RESET}"
+    enable_usb_boot
+    echo -e "${COLOR_RED_B}Rebooting in 10 seconds; press SHIFT+Q to cancel${COLOR_RESET}"
+    countdown
+}
+
+
+wp_disable_loop() {
+    while :; do
+        if flashrom --wp-disable; then
+            echo -e "${COLOR_GREEN_B}Successfully disabled software WP${COLOR_RESET}"
+            finish_unenrolling
+        fi
+        echo -e "${COLOR_RED_B}Press SHIFT+Q to cancel.${COLOR_RESET}"
+        if [ "$(poll_key)" = "Q" ]; then
+            printf "\nCanceled\n"
+            return 1
+        fi
+        sleep 1
+    done
+}
+
+wp_disable_loop

wax/sh1mmer_legacy/root/noarch/usr/sbin/factory_install.sh

@@ -180,16 +180,17 @@ splash() {
 }
 
 credits() {
+	# figured i should pomelo migrate these while i was here, feel free to change back -b0vik
 	echo "CREDITS:"
-	echo "CoolElectronics#4683 - Pioneering this wild exploit"
+	echo "@coolelectronics - Pioneering this wild exploit"
 	echo "ULTRA BLUE#1850 - Testing & discovering how to disable shim rootfs verification"
-	echo "Unciaur#1408 - Found the inital RMA shim"
-	echo "TheMemeSniper#6065 - Testing"
-	echo "Rafflesia#8396 - Hosting files"
+	echo "@unciaur - Found the inital RMA shim"
+	echo "@thememesniper - Testing"
+	echo "@aliceindisarray - Hosting files"
 	echo "Bypassi#7037 - Helped with the website"
-	echo "r58Playz#3467 - Helped us set parts of the shim & made the initial GUI script"
-	echo "OlyB#9420 - Scraped additional shims + this legacy script"
-	echo "Sharp_Jack#4374 - Created wax & compiled the first shims"
+	echo "@r58playz - Helped us set parts of the shim & made the initial GUI script"
+	echo "@olyb - Scraped additional shims + this legacy script"
+	echo "@sh4rp.tech - Created wax & compiled the first shims"
 	echo "ember#0377 - Helped with the website"
 	echo "Mark - Technical Understanding and Advisory into the ChromeOS ecosystem"
 }
@@ -204,7 +205,10 @@ run_task() {
 	read -res
 }
 
-printf "\033[?25h"
+# PRESEED_LOC (see wax/inject_preseed.sh)
+# preseed file gets sourced here, if injected. above comment should be after any function definitions but before anything that requires user input gets called
+
+printf "\033[?25h" 
 
 while true; do
 	clear