mirror of
https://github.com/takeshixx/redstar-tools
synced 2025-07-17 20:43:21 +00:00
Automatically defuse malicious components
This script will run all the steps that are required to disable malicious Red Star OS components like "virus scanning" and watermarking of media files. This makes it easier for everyone to further research the system.
This commit is contained in:
takeshix
129
defuse.sh
Normal file
129
defuse.sh
Normal file
@ -0,0 +1,129 @@
|
||||
#!/bin/bash
|
||||
|
||||
# This is a precompiled libos.so used as a drop-in replacement because default
|
||||
# installations of Red Star OS 3.0 Desktop do not include GCC.
|
||||
#
|
||||
# sha256sum: 8661c311a18cb7a8be4624a9930c88b3a0f43d734bcafb26f9ea15651cda2800
|
||||
LIBOS="f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAIAMAADQAAABUBgAAAAAAADQAIAAFACgAGgAXAAEAAAAA
|
||||
AAAAAAAAAAAAAABYBAAAWAQAAAUAAAAAEAAAAQAAAFgEAABYFAAAWBQAAPgAAAAAAQAABgAAAAAQ
|
||||
AAACAAAAcAQAAHAUAABwFAAAwAAAAMAAAAAGAAAABAAAAAQAAADUAAAA1AAAANQAAAAkAAAAJAAA
|
||||
AAQAAAAEAAAAUeV0ZAAAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAQAAAAEAAAAFAAAAAMAAABHTlUA
|
||||
G13eo0DDAAwZfo2/FLPAMjzpIAgDAAAABAAAAAIAAAAGAAAAiAAhAQDEQAkEAAAABgAAAAkAAAC6
|
||||
45J8Q0XV7BCOFvTYcVgcuY3xDuvT7w4AAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAIAAAACsA
|
||||
AAAAAAAAAAAAACAAAAAcAAAAAAAAAAAAAAAiAAAAaAAAAFgVAAAAAAAAEADx/1UAAABQFQAAAAAA
|
||||
ABAA8f8/AAAA8AMAAAoAAAASAAsAXAAAAFAVAAAAAAAAEADx/xAAAAC0AgAAAAAAABIACQAWAAAA
|
||||
OAQAAAAAAAASAAwAAF9fZ21vbl9zdGFydF9fAF9pbml0AF9maW5pAF9fY3hhX2ZpbmFsaXplAF9K
|
||||
dl9SZWdpc3RlckNsYXNzZXMAdmFsaWRhdGVfb3MAbGliYy5zby42AF9lZGF0YQBfX2Jzc19zdGFy
|
||||
dABfZW5kAEdMSUJDXzIuMS4zAAAAAAAAAAACAAEAAQABAAEAAQABAAAAAQABAEsAAAAQAAAAAAAA
|
||||
AHMfaQkAAAIAbQAAAAAAAABsFAAACAAAADAVAAAGAQAANBUAAAYCAAA4FQAABgMAAEgVAAAHAQAA
|
||||
TBUAAAcDAABVieVTg+wE6AAAAABbgcN8EgAAi5P0////hdJ0BegeAAAA6NUAAADoIAEAAFhbycP/
|
||||
swQAAAD/owgAAAAAAAAA/6MMAAAAaAAAAADp4P////+jEAAAAGgIAAAA6dD///8AAAAAAAAAAAAA
|
||||
AABVieVWU+i/AAAAgcMSEgAAjWQk8IC7FAAAAAB1XIuD/P///4XAdA6NgzD///+JBCTor////42z
|
||||
KP///42TJP///ynWi4MYAAAAwf4Cg+4BOfBzH5CNdCYAg8ABiYMYAAAA/5SDJP///4uDGAAAADnw
|
||||
cubGgxQAAAABjWQkEFteXcPrDZCQkJCQkJCQkJCQkJBVieVT6DAAAACBw4MRAACNZCTsi5Ms////
|
||||
hdJ0FYuD+P///4XAdAuNkyz///+JFCT/0I1kJBRbXcOLHCTDkJCQVYnluAEAAABdw5CQkJCQkFWJ
|
||||
5VZT6N////+BwzIRAACLgxz///+D+P90GY2zHP///420JgAAAACNdvz/0IsGg/j/dfRbXl3DVYnl
|
||||
U4PsBOgAAAAAW4HD+BAAAOjQ/v//WVvJwwAAAAD/////AAAAAP////8AAAAAAAAAAGwUAAABAAAA
|
||||
SwAAAAwAAAC0AgAADQAAADgEAAD1/v9v+AAAAAUAAADUAQAABgAAADQBAAAKAAAAeQAAAAsAAAAQ
|
||||
AAAAAwAAADwVAAACAAAAEAAAABQAAAARAAAAFwAAAKQCAAARAAAAhAIAABIAAAAgAAAAEwAAAAgA
|
||||
AAD+//9vZAIAAP///28BAAAA8P//b04CAAD6//9vAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFAAAAAAAAAAAAAD6AgAACgMAAEdDQzogKEdO
|
||||
VSkgNC40LjcgMjAxMjAzMTMgKFJlZCBIYXQgNC40LjctMTYpAAAuc3ltdGFiAC5zdHJ0YWIALnNo
|
||||
c3RydGFiAC5ub3RlLmdudS5idWlsZC1pZAAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUu
|
||||
dmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmlu
|
||||
aQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5kYXRhLnJlbC5ybwAuZHluYW1pYwAuZ290
|
||||
AC5nb3QucGx0AC5ic3MALmNvbW1lbnQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
AAAAAAAAABsAAAAHAAAAAgAAANQAAADUAAAAJAAAAAAAAAAAAAAABAAAAAAAAAAuAAAA9v//bwIA
|
||||
AAD4AAAA+AAAADwAAAADAAAAAAAAAAQAAAAEAAAAOAAAAAsAAAACAAAANAEAADQBAACgAAAABAAA
|
||||
AAEAAAAEAAAAEAAAAEAAAAADAAAAAgAAANQBAADUAQAAeQAAAAAAAAAAAAAAAQAAAAAAAABIAAAA
|
||||
////bwIAAABOAgAATgIAABQAAAADAAAAAAAAAAIAAAACAAAAVQAAAP7//28CAAAAZAIAAGQCAAAg
|
||||
AAAABAAAAAEAAAAEAAAAAAAAAGQAAAAJAAAAAgAAAIQCAACEAgAAIAAAAAMAAAAAAAAABAAAAAgA
|
||||
AABtAAAACQAAAAIAAACkAgAApAIAABAAAAADAAAACgAAAAQAAAAIAAAAdgAAAAEAAAAGAAAAtAIA
|
||||
ALQCAAAwAAAAAAAAAAAAAAAEAAAAAAAAAHEAAAABAAAABgAAAOQCAADkAgAAMAAAAAAAAAAAAAAA
|
||||
BAAAAAQAAAB8AAAAAQAAAAYAAAAgAwAAIAMAABgBAAAAAAAAAAAAABAAAAAAAAAAggAAAAEAAAAG
|
||||
AAAAOAQAADgEAAAcAAAAAAAAAAAAAAAEAAAAAAAAAIgAAAABAAAAAgAAAFQEAABUBAAABAAAAAAA
|
||||
AAAAAAAABAAAAAAAAACSAAAAAQAAAAMAAABYFAAAWAQAAAgAAAAAAAAAAAAAAAQAAAAAAAAAmQAA
|
||||
AAEAAAADAAAAYBQAAGAEAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAAGgUAABoBAAA
|
||||
BAAAAAAAAAAAAAAABAAAAAAAAAClAAAAAQAAAAMAAABsFAAAbAQAAAQAAAAAAAAAAAAAAAQAAAAA
|
||||
AAAAsgAAAAYAAAADAAAAcBQAAHAEAADAAAAABAAAAAAAAAAEAAAACAAAALsAAAABAAAAAwAAADAV
|
||||
AAAwBQAADAAAAAAAAAAAAAAABAAAAAQAAADAAAAAAQAAAAMAAAA8FQAAPAUAABQAAAAAAAAAAAAA
|
||||
AAQAAAAEAAAAyQAAAAgAAAADAAAAUBUAAFAFAAAIAAAAAAAAAAAAAAAEAAAAAAAAAM4AAAABAAAA
|
||||
MAAAAAAAAABQBQAALQAAAAAAAAAAAAAAAQAAAAEAAAARAAAAAwAAAAAAAAAAAAAAfQUAANcAAAAA
|
||||
AAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAGQKAAAwAwAAGQAAACoAAAAEAAAAEAAAAAkA
|
||||
AAADAAAAAAAAAAAAAACUDQAAeAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
ANQAAAAAAAAAAwABAAAAAAD4AAAAAAAAAAMAAgAAAAAANAEAAAAAAAADAAMAAAAAANQBAAAAAAAA
|
||||
AwAEAAAAAABOAgAAAAAAAAMABQAAAAAAZAIAAAAAAAADAAYAAAAAAIQCAAAAAAAAAwAHAAAAAACk
|
||||
AgAAAAAAAAMACAAAAAAAtAIAAAAAAAADAAkAAAAAAOQCAAAAAAAAAwAKAAAAAAAgAwAAAAAAAAMA
|
||||
CwAAAAAAOAQAAAAAAAADAAwAAAAAAFQEAAAAAAAAAwANAAAAAABYFAAAAAAAAAMADgAAAAAAYBQA
|
||||
AAAAAAADAA8AAAAAAGgUAAAAAAAAAwAQAAAAAABsFAAAAAAAAAMAEQAAAAAAcBQAAAAAAAADABIA
|
||||
AAAAADAVAAAAAAAAAwATAAAAAAA8FQAAAAAAAAMAFAAAAAAAUBUAAAAAAAADABUAAAAAAAAAAAAA
|
||||
AAAAAwAWAAEAAAAAAAAAAAAAAAQA8f8MAAAAWBQAAAAAAAABAA4AGgAAAGAUAAAAAAAAAQAPACgA
|
||||
AABoFAAAAAAAAAEAEAA1AAAAIAMAAAAAAAACAAsASwAAAFAVAAABAAAAAQAVAFoAAABUFQAABAAA
|
||||
AAEAFQBoAAAAsAMAAAAAAAACAAsAAQAAAAAAAAAAAAAABADx/3QAAABcFAAAAAAAAAEADgCBAAAA
|
||||
VAQAAAAAAAABAA0AjwAAAGgUAAAAAAAAAQAQAJsAAAAABAAAAAAAAAIACwCxAAAAAAAAAAAAAAAE
|
||||
APH/uQAAADwVAAAAAAAAAQDx/88AAABsFAAAAAAAAAEAEQDcAAAAZBQAAAAAAAABAA8A6QAAAOkD
|
||||
AAAAAAAAAgALAAABAABwFAAAAAAAAAEA8f8JAQAA8AMAAAoAAAASAAsAFQEAAAAAAAAAAAAAIAAA
|
||||
ACQBAAAAAAAAAAAAACAAAAA4AQAAOAQAAAAAAAASAAwAPgEAAFAVAAAAAAAAEADx/0oBAABYFQAA
|
||||
AAAAABAA8f9PAQAAUBUAAAAAAAAQAPH/VgEAAAAAAAAAAAAAIgAAAHIBAAC0AgAAAAAAABIACQAA
|
||||
Y3J0c3R1ZmYuYwBfX0NUT1JfTElTVF9fAF9fRFRPUl9MSVNUX18AX19KQ1JfTElTVF9fAF9fZG9f
|
||||
Z2xvYmFsX2R0b3JzX2F1eABjb21wbGV0ZWQuNTk3NABkdG9yX2lkeC41OTc2AGZyYW1lX2R1bW15
|
||||
AF9fQ1RPUl9FTkRfXwBfX0ZSQU1FX0VORF9fAF9fSkNSX0VORF9fAF9fZG9fZ2xvYmFsX2N0b3Jz
|
||||
X2F1eABsaWJvcy5jAF9HTE9CQUxfT0ZGU0VUX1RBQkxFXwBfX2Rzb19oYW5kbGUAX19EVE9SX0VO
|
||||
RF9fAF9faTY4Ni5nZXRfcGNfdGh1bmsuYngAX0RZTkFNSUMAdmFsaWRhdGVfb3MAX19nbW9uX3N0
|
||||
YXJ0X18AX0p2X1JlZ2lzdGVyQ2xhc3NlcwBfZmluaQBfX2Jzc19zdGFydABfZW5kAF9lZGF0YQBf
|
||||
X2N4YV9maW5hbGl6ZUBAR0xJQkNfMi4xLjMAX2luaXQA"
|
||||
|
||||
check_euid(){
|
||||
if [ "$(id -u)" != 0 ]; then
|
||||
echo "You need root privileges to run this script!"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
disable_selinux(){
|
||||
setenforce 0
|
||||
sed -i'.bak' '/kernel \/boot\/vmlinuz-2.6.38.8-24.rs3.0.i686/ s/$/ selinux=0/' /boot/grub/grub.conf
|
||||
}
|
||||
|
||||
disable_rtscan(){
|
||||
echo -e "import fcntl\nfcntl.ioctl(open('/dev/res', 'wb'), 29187)" | python
|
||||
}
|
||||
|
||||
replace_libos(){
|
||||
echo "$LIBOS" | base64 -d > /usr/lib/libos.so.0.0.0
|
||||
rm /usr/lib/libos.so.0
|
||||
ln -s /usr/lib/libos.so.0.0.0 /usr/lib/libos.so.0
|
||||
}
|
||||
|
||||
remove_autostarts(){
|
||||
mv /usr/share/autostart/scnprc.desktop /usr/share/autostart/scnprc.desktop.bak 2>/dev/null
|
||||
mv /etc/init/ctguard.conf /etc/init/ctguard.conf.bak 2>/dev/null
|
||||
}
|
||||
|
||||
main(){
|
||||
check_euid
|
||||
|
||||
echo "Disabling SELinux"
|
||||
disable_selinux
|
||||
|
||||
echo "Killing securityd"
|
||||
killall -9 securityda 2>/dev/null
|
||||
|
||||
echo "Disabling rtscan"
|
||||
disable_rtscan
|
||||
|
||||
echo "Killing scnprc and opprc"
|
||||
killall scnprc opprc 2>/dev/null
|
||||
|
||||
echo "Replacing libos"
|
||||
replace_libos
|
||||
|
||||
echo "Disabling scnprc autostart"
|
||||
remove_autostarts
|
||||
|
||||
echo "Done. Please press Return to reboot the system."
|
||||
read -r
|
||||
reboot
|
||||
}
|
||||
|
||||
main
|
||||
Reference in New Issue
Block a user