efforg/rayhunter#928

View on GitHub →
#928 Persistent ADB on wingtech and tmosh1
BeigeBoxBeigeBoxOpenGeneral

Here’s a script you can use (once connected to their wifi) to enable adb and make it persistent. There’s currently a function of the installer to enable adb but it doesn’t persist across reboots.

#!/usr/bin/env bash
set -euo pipefail

DEVICE=""
ADMIN_PASSWORD=""

usage() {
    echo "Usage: $0 --device <tmobile|wingtech> --admin-password <ADMIN_PASSWORD>"
    echo ""
    echo "Enables ADB on a T-Mobile TMOHS1 or Wingtech CT2MHS01 via the web"
    echo "exploit, then installs an init script so ADB (composition 9025)"
    echo "survives reboots."
    echo ""
    echo "The boot USB init (S30usb) forces composition 9057 (RNDIS+ECM, no ADB)"
    echo "on every boot. This script adds S31enable_adb to override it with 9025"
    echo "(DIAG+ADB+MODEM+NMEA+QMI_RMNET) immediately after."
    echo ""
    echo "Prerequisites: must be connected to the device's WiFi hotspot."
    exit 1
}

while [[ $# -gt 0 ]]; do
    case "$1" in
        --device) DEVICE="$2"; shift 2 ;;
        --admin-password) ADMIN_PASSWORD="$2"; shift 2 ;;
        *) usage ;;
    esac
done

[[ -z "$DEVICE" ]] && usage
[[ -z "$ADMIN_PASSWORD" ]] && usage

case "$DEVICE" in
    tmobile)  START_ADB_CMD="tmobile-start-adb" ;;
    wingtech) START_ADB_CMD="wingtech-start-adb" ;;
    *) echo "Unknown device: $DEVICE (expected tmobile or wingtech)"; exit 1 ;;
esac

echo "Enabling temporary ADB on $DEVICE..."
cargo run -p installer -- util "$START_ADB_CMD" --admin-password "$ADMIN_PASSWORD"

echo "Waiting for ADB device..."
for i in $(seq 1 30); do
    if adb devices 2>/dev/null | grep -q "device$"; then
        echo "ADB connected."
        break
    fi
    if [[ $i -eq 30 ]]; then
        echo "Timed out waiting for ADB device"
        exit 1
    fi
    sleep 1
done

echo "Installing persistent ADB init script..."
adb shell "mount -o remount,rw /"

adb shell "printf '#!/bin/sh\ncase \"\$1\" in\nstart)\n    /sbin/usb/compositions/9025 n\n    ;;\nesac\n' > /etc/init.d/enable_adb"

adb shell "chmod 755 /etc/init.d/enable_adb"
adb shell "ln -sf ../init.d/enable_adb /etc/rcS.d/S31enable_adb"
adb shell "mount -o remount,ro /"

if adb shell "test -x /etc/init.d/enable_adb" 2>/dev/null; then
    echo "Init script installed."
else
    echo "Failed to install init script."
    exit 1
fi

echo "Rebooting device..."
adb reboot

echo "Waiting for device to come back (up to 90s)..."
for i in $(seq 1 90); do
    if adb devices 2>/dev/null | grep -q "device$"; then
        echo "ADB persistent after reboot."
        exit 0
    fi
    sleep 1
done

echo "Device did not reappear with ADB after reboot."
echo "Try power cycling manually and check: adb devices"
exit 1
1