package com.pavelrekun.rekado.services.payloads;

import android.content.Context;
import android.hardware.usb.UsbDevice;
import android.hardware.usb.UsbDeviceConnection;
import android.hardware.usb.UsbEndpoint;
import android.hardware.usb.UsbInterface;
import android.hardware.usb.UsbManager;
import androidx.core.provider.FontsContractCompat;
import com.pavelrekun.rekado.R;
import com.pavelrekun.rekado.RekadoApplication;
import com.pavelrekun.rekado.data.Payload;
import com.pavelrekun.rekado.services.usb.USBHandler;
import com.pavelrekun.rekado.services.utils.LoginUtils;
import com.pavelrekun.rekado.services.utils.PreferencesUtils;
import com.pavelrekun.rekado.services.utils.Utils;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: PayloadLoader.kt */
@Metadata(d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0005\u0018\u0000 \u00122\u00020\u0001:\u0001\u0012B\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\u0007\u001a\u00020\bH\u0002J\u0010\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH\u0016J\u0019\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0010\u001a\u00020\u000eH\u0082 J\b\u0010\u0011\u001a\u00020\nH\u0016R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082.¢\u0006\u0002\n\u0000¨\u0006\u0013"}, d2 = {"Lcom/pavelrekun/rekado/services/payloads/PayloadLoader;", "Lcom/pavelrekun/rekado/services/usb/USBHandler;", "()V", "usbConnection", "Landroid/hardware/usb/UsbDeviceConnection;", "usbInterface", "Landroid/hardware/usb/UsbInterface;", "getPayload", "", "handleDevice", "", "device", "Landroid/hardware/usb/UsbDevice;", "nativeTriggerExploit", "", "fd", "length", "releaseDevice", "Companion", "app_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes6.dex */
public final class PayloadLoader implements USBHandler {
    private static final int INTERMEZZO_LOCATION = 1073868800;
    private static final int MAX_LENGTH = 197272;
    private static final int PAYLOAD_LOAD_BLOCK = 1073872896;
    private static final int RCM_PAYLOAD_ADDR = 1073807360;
    private UsbDeviceConnection usbConnection;
    private UsbInterface usbInterface;

    static {
        System.loadLibrary("payload_launcher");
    }

    private final byte[] getPayload() {
        Payload chosen = PreferencesUtils.INSTANCE.getChosen();
        FileInputStream fileInputStream = new FileInputStream(chosen.getPath());
        LoginUtils.INSTANCE.info(Intrinsics.stringPlus("Opening chosen payload: ", chosen.getTitle()));
        byte[] bArr = new byte[fileInputStream.available()];
        LoginUtils.INSTANCE.info("Read " + fileInputStream.read(bArr) + " bytes from payload file!");
        fileInputStream.close();
        return bArr;
    }

    private final native int nativeTriggerExploit(int fd, int length);

    @Override // com.pavelrekun.rekado.services.usb.USBHandler
    public void handleDevice(UsbDevice device) {
        Context context;
        UsbDeviceConnection usbDeviceConnection;
        Intrinsics.checkNotNullParameter(device, "device");
        LoginUtils.INSTANCE.info("Triggering selected payload!");
        Context context2 = RekadoApplication.INSTANCE.getContext();
        Object systemService = context2.getSystemService("usb");
        if (systemService == null) {
            throw new NullPointerException("null cannot be cast to non-null type android.hardware.usb.UsbManager");
        }
        UsbManager usbManager = (UsbManager) systemService;
        UsbInterface usbInterface = device.getInterface(0);
        Intrinsics.checkNotNullExpressionValue(usbInterface, "device.getInterface(0)");
        this.usbInterface = usbInterface;
        if (usbInterface == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
            usbInterface = null;
        }
        UsbEndpoint endpoint = usbInterface.getEndpoint(0);
        UsbInterface usbInterface2 = this.usbInterface;
        if (usbInterface2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
            usbInterface2 = null;
        }
        UsbEndpoint endpoint2 = usbInterface2.getEndpoint(1);
        UsbDeviceConnection openDevice = usbManager.openDevice(device);
        Intrinsics.checkNotNullExpressionValue(openDevice, "usbManager.openDevice(device)");
        this.usbConnection = openDevice;
        if (openDevice == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
            openDevice = null;
        }
        UsbInterface usbInterface3 = this.usbInterface;
        if (usbInterface3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
            usbInterface3 = null;
        }
        openDevice.claimInterface(usbInterface3, true);
        byte[] bArr = new byte[16];
        UsbDeviceConnection usbDeviceConnection2 = this.usbConnection;
        if (usbDeviceConnection2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
            usbDeviceConnection2 = null;
        }
        if (usbDeviceConnection2.bulkTransfer(endpoint, bArr, bArr.length, 999) != bArr.length) {
            LoginUtils.INSTANCE.error("Failed to get Device ID!");
            return;
        }
        LoginUtils.INSTANCE.info(Intrinsics.stringPlus("Device ID: ", Utils.INSTANCE.bytesToHex(bArr)));
        ByteBuffer allocate = ByteBuffer.allocate(MAX_LENGTH);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(MAX_LENGTH);
        allocate.put(new byte[676]);
        for (int i = RCM_PAYLOAD_ADDR; i < INTERMEZZO_LOCATION; i += 4) {
            allocate.putInt(INTERMEZZO_LOCATION);
        }
        try {
            InputStream openRawResource = RekadoApplication.INSTANCE.getContext().getResources().openRawResource(R.raw.intermezzo);
            Intrinsics.checkNotNullExpressionValue(openRawResource, "RekadoApplication.contex…esource(R.raw.intermezzo)");
            byte[] bArr2 = new byte[openRawResource.available()];
            openRawResource.read(bArr2);
            openRawResource.close();
            allocate.put(bArr2);
            allocate.put(new byte[4096 - bArr2.length]);
            try {
                allocate.put(getPayload());
                int position = allocate.position();
                allocate.position(0);
                boolean z = true;
                byte[] bArr3 = new byte[4096];
                int i2 = 0;
                while (true) {
                    if (i2 < position) {
                        context = context2;
                    } else {
                        if (!z) {
                            LoginUtils.INSTANCE.info("Sent " + i2 + " bytes");
                            UsbDeviceConnection usbDeviceConnection3 = this.usbConnection;
                            if (usbDeviceConnection3 == null) {
                                Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
                                usbDeviceConnection = null;
                            } else {
                                usbDeviceConnection = usbDeviceConnection3;
                            }
                            switch (nativeTriggerExploit(usbDeviceConnection.getFileDescriptor(), 28672)) {
                                case FontsContractCompat.FontRequestCallback.FAIL_REASON_SECURITY_VIOLATION /* -4 */:
                                    LoginUtils.INSTANCE.error("Wrong URB reaped!  Maybe that doesn't matter?");
                                    return;
                                case -3:
                                    LoginUtils.INSTANCE.error("REAPURB failed!");
                                    return;
                                case -2:
                                    LoginUtils.INSTANCE.error("DISCARDURB failed!");
                                    return;
                                case -1:
                                    LoginUtils.INSTANCE.error("SUBMITURB failed!");
                                    return;
                                case 0:
                                    LoginUtils.INSTANCE.info("Exploit triggered!");
                                    return;
                                default:
                                    return;
                            }
                        }
                        context = context2;
                    }
                    allocate.get(bArr3);
                    UsbDeviceConnection usbDeviceConnection4 = this.usbConnection;
                    if (usbDeviceConnection4 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
                        usbDeviceConnection4 = null;
                    }
                    if (usbDeviceConnection4.bulkTransfer(endpoint2, bArr3, bArr3.length, 999) != bArr3.length) {
                        LoginUtils.INSTANCE.error(Intrinsics.stringPlus("Sending payload failed at offset ", Integer.valueOf(i2)));
                        return;
                    } else {
                        z = !z;
                        i2 += 4096;
                        context2 = context;
                    }
                }
            } catch (IOException e) {
                LoginUtils.INSTANCE.error(Intrinsics.stringPlus("Failed to read payload: ", e));
            }
        } catch (IOException e2) {
            LoginUtils.INSTANCE.error(Intrinsics.stringPlus("Failed to read intermezzo: ", e2));
        }
    }

    @Override // com.pavelrekun.rekado.services.usb.USBHandler
    public void releaseDevice() {
        UsbDeviceConnection usbDeviceConnection = this.usbConnection;
        UsbInterface usbInterface = null;
        if (usbDeviceConnection == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
            usbDeviceConnection = null;
        }
        UsbInterface usbInterface2 = this.usbInterface;
        if (usbInterface2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
        } else {
            usbInterface = usbInterface2;
        }
        usbDeviceConnection.releaseInterface(usbInterface);
    }
}
