-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_sProps.sh
165 lines (136 loc) · 4.77 KB
/
check_sProps.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#!/system/bin/sh
# Check the sensitive [secure] properties of the device.
# ipdev @ xda-developers
# Some devices/manufacturers hide properties from user.
# For best results run this script with root privilege.
# Set main variables
# TDIR=$(pwd)
# SCRIPT=check_sProps.sh
# Set main functions
check_android_device() {
[ -f /system/bin/sh ] || [ -f /system/bin/toybox ] || [ -f /system/bin/toolbox ] && ANDROID=TRUE;
if [[ -z $ANDROID ]]; then
echo ""; echo " This script needs to be run on an Android device. "; echo "";
exit 0;
fi;
}
# set_target_directory() {
# if [ ! -f "$SCRIPT" ]; then
# TDIR=$(lsof 2>/dev/null | grep -o '[^ ]*$' | grep -m1 "$SCRIPT" | sed 's/\/'"$SCRIPT"'//g');
# cd $TDIR;
# fi
# }
# Set additional functions
note_prop_value() {
if [[ $(getprop $1) ]]; then
echo " [ Note ]" $1 "is set to" $(getprop $1)
fi
}
prop_one_value() {
if [[ $(getprop $1) ]]; then
if [[ $(getprop $1) != $2 ]]; then
echo " [ Danger ]" $1 "is set to" $(getprop $1)
echo " Safe value is" $2
else
echo " [ Safe ]" $1 "is set to" $(getprop $1)
fi
fi
}
prop_two_value() {
if [[ $(getprop $1) ]]; then
if [[ $(getprop $1) != $2 ]] && [[ $(getprop $1) != $3 ]]; then
echo " [ Danger ]" $1 "is set to" $(getprop $1)
echo " Safe value is" $2 "or" $3
else
echo " [ Safe ]" $1 "is set to" $(getprop $1)
fi
fi
}
warn_one_value() {
if [[ $(getprop $1) ]]; then
if [[ $(getprop $1) != $2 ]]; then
echo " [ Warning ]" $1 "is set to" $(getprop $1)
echo " Safe value is" $2
else
echo " [ Safe ]" $1 "is set to" $(getprop $1)
fi
fi
}
warn_two_value() {
if [[ $(getprop $1) ]]; then
if [[ $(getprop $1) != $2 ]] && [[ $(getprop $1) != $3 ]]; then
echo " [ Warning ]" $1 "is set to" $(getprop $1)
echo " Safe value is" $2 "or" $3
else
echo " [ Safe ]" $1 "is set to" $(getprop $1)
fi
fi
}
warn_three_value() {
if [[ $(getprop $1) ]]; then
if [[ $(getprop $1) != $2 ]] && [[ $(getprop $1) != $3 ]] && [[ $(getprop $1) != $4 ]]; then
echo " [ Warning ]" $1 "is set to" $(getprop $1)
echo " Safe value is" $2 "," $3 "or" $4
else
echo " [ Safe ]" $1 "is set to" $(getprop $1)
fi
fi
}
# Lets go.
# Determine if running on an Android device.
check_android_device
# # Reset and move to the target directory if needed.
# set_target_directory
echo ""
# __ Sensitive and/or Secure properties. __
echo "Sensitive and/or Secure properties."; echo "";
warn_one_value ro.adb.secure 1
prop_one_value ro.boot.flash.locked 1
# warn_one_value ro.boot.hwc GLOBAL
warn_two_value ro.boot.hwc GLOBAL GL
# warn_one_value ro.boot.hwcountry GLOBAL
warn_two_value ro.boot.hwcountry GLOBAL GL
# prop_two_value ro.boot.mode normal unknown
warn_three_value ro.boot.mode normal unknown reboot
warn_one_value ro.boot.secure_hardware 1
warn_one_value ro.boot.secureboot 1 ## Not sure if this is needed.
prop_one_value ro.boot.selinux enforcing
prop_one_value ro.boot.vbmeta.device_state locked
prop_one_value ro.boot.verifiedbootstate green
prop_one_value ro.boot.veritymode enforcing
prop_one_value ro.boot.warranty_bit 0
# prop_two_value ro.bootmode normal unknown
warn_three_value ro.bootmode normal unknown reboot
prop_one_value ro.build.selinux 1
prop_one_value ro.build.tags release-keys
prop_one_value ro.build.type user
warn_one_value ro.crypto.state encrypted
prop_one_value ro.debuggable 0
warn_one_value ro.is_ever_orange 0
prop_one_value ro.odm.build.tags release-keys
prop_one_value ro.odm.build.type user
prop_one_value ro.product.build.tags release-keys
prop_one_value ro.product.build.type user
prop_one_value ro.secure 1
warn_one_value ro.secureboot.devicelock 1 ## Not sure if this is needed.
warn_one_value ro.secureboot.lockstate locked ## Not sure if this is needed.
prop_one_value ro.system.build.tags release-keys
prop_one_value ro.system.build.type user
warn_one_value ro.vendor.boot.secure_hardware 1
prop_one_value ro.vendor.boot.warranty_bit 0
prop_one_value ro.vendor.build.tags release-keys
prop_one_value ro.vendor.build.type user
prop_one_value ro.vendor.warranty_bit 0
prop_one_value ro.warranty_bit 0
warn_one_value sys.oem_unlock_allowed 0 ## The toggle under Developer Options.
prop_two_value vendor.boot.mode normal unknown
prop_one_value vendor.boot.vbmeta.device_state locked
prop_one_value vendor.boot.verifiedbootstate green
echo ""
# __ Note properties of interest. __
echo "Properties of interest."; echo "";
note_prop_value ro.oem.key1
note_prop_value ro.oem_unlock_supported
# note_prop_value sys.oem_unlock_allowed
echo ""
return 0; exit 0;