package com.pavelrekun.rekado.services.usb;

import android.content.Context;
import android.hardware.usb.UsbDevice;
import android.hardware.usb.UsbDeviceConnection;
import android.hardware.usb.UsbEndpoint;
import android.hardware.usb.UsbInterface;
import android.hardware.usb.UsbManager;
import androidx.constraintlayout.widget.ConstraintLayout;
import androidx.core.provider.FontsContractCompat;
import com.pavelrekun.rekado.R;
import com.pavelrekun.rekado.data.Payload;
import com.pavelrekun.rekado.services.handlers.PayloadsHandler;
import com.pavelrekun.rekado.services.utils.LoginUtils;
import com.pavelrekun.rekado.services.utils.Utils;
import dagger.hilt.android.qualifiers.ApplicationContext;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: USBPayloadLoader.kt */
@Metadata(d1 = {"\u0000F\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\b\n\u0002\b\u0004\u0018\u0000 \u00192\u00020\u0001:\u0001\u0019B\u001b\b\u0007\u0012\b\b\u0001\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0004\b\u0006\u0010\u0007J\u0016\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u0011J\u0006\u0010\u0012\u001a\u00020\rJ\u0010\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u000e\u001a\u00020\u000fH\u0002J\u0019\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00162\u0006\u0010\u0018\u001a\u00020\u0016H\u0082 R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082.¢\u0006\u0002\n\u0000¨\u0006\u001a"}, d2 = {"Lcom/pavelrekun/rekado/services/usb/USBPayloadLoader;", "", "context", "Landroid/content/Context;", "payloadsHandler", "Lcom/pavelrekun/rekado/services/handlers/PayloadsHandler;", "<init>", "(Landroid/content/Context;Lcom/pavelrekun/rekado/services/handlers/PayloadsHandler;)V", "usbConnection", "Landroid/hardware/usb/UsbDeviceConnection;", "usbInterface", "Landroid/hardware/usb/UsbInterface;", "handleDevice", "", "chosenPayload", "Lcom/pavelrekun/rekado/data/Payload;", "device", "Landroid/hardware/usb/UsbDevice;", "releaseDevice", "decodePayload", "", "nativeTriggerExploit", "", "fd", "length", "Companion", "[5.3] Rekado (110)_release"}, k = 1, mv = {2, 0, 0}, xi = ConstraintLayout.LayoutParams.Table.LAYOUT_CONSTRAINT_VERTICAL_CHAINSTYLE)
/* loaded from: classes3.dex */
public final class USBPayloadLoader {
    private static final int INTERMEZZO_LOCATION = 1073868800;
    private static final int MAX_LENGTH = 197272;
    private static final int PAYLOAD_LOAD_BLOCK = 1073872896;
    private static final int RCM_PAYLOAD_ADDR = 1073807360;
    private final Context context;
    private final PayloadsHandler payloadsHandler;
    private UsbDeviceConnection usbConnection;
    private UsbInterface usbInterface;

    static {
        System.loadLibrary("payload_launcher");
    }

    @Inject
    public USBPayloadLoader(@ApplicationContext Context context, PayloadsHandler payloadsHandler) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(payloadsHandler, "payloadsHandler");
        this.context = context;
        this.payloadsHandler = payloadsHandler;
    }

    private final byte[] decodePayload(Payload chosenPayload) {
        FileInputStream fileInputStream = new FileInputStream(this.payloadsHandler.getPayloadPath(chosenPayload));
        LoginUtils.INSTANCE.info("Opening chosen payload: " + chosenPayload);
        byte[] bArr = new byte[fileInputStream.available()];
        LoginUtils.INSTANCE.info("Read " + fileInputStream.read(bArr) + " bytes from payload file!");
        fileInputStream.close();
        return bArr;
    }

    private final native int nativeTriggerExploit(int fd, int length);

    public final void handleDevice(Payload chosenPayload, UsbDevice device) {
        UsbDeviceConnection usbDeviceConnection;
        Intrinsics.checkNotNullParameter(chosenPayload, "chosenPayload");
        Intrinsics.checkNotNullParameter(device, "device");
        LoginUtils.INSTANCE.info("Triggering selected payload!");
        Object systemService = this.context.getSystemService("usb");
        Intrinsics.checkNotNull(systemService, "null cannot be cast to non-null type android.hardware.usb.UsbManager");
        UsbManager usbManager = (UsbManager) systemService;
        this.usbInterface = device.getInterface(0);
        UsbInterface usbInterface = this.usbInterface;
        if (usbInterface == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
            usbInterface = null;
        }
        UsbEndpoint endpoint = usbInterface.getEndpoint(0);
        UsbInterface usbInterface2 = this.usbInterface;
        if (usbInterface2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
            usbInterface2 = null;
        }
        UsbEndpoint endpoint2 = usbInterface2.getEndpoint(1);
        this.usbConnection = usbManager.openDevice(device);
        UsbDeviceConnection usbDeviceConnection2 = this.usbConnection;
        if (usbDeviceConnection2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
            usbDeviceConnection2 = null;
        }
        UsbInterface usbInterface3 = this.usbInterface;
        if (usbInterface3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
            usbInterface3 = null;
        }
        usbDeviceConnection2.claimInterface(usbInterface3, true);
        byte[] bArr = new byte[16];
        UsbDeviceConnection usbDeviceConnection3 = this.usbConnection;
        if (usbDeviceConnection3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
            usbDeviceConnection3 = null;
        }
        if (usbDeviceConnection3.bulkTransfer(endpoint, bArr, bArr.length, 999) != bArr.length) {
            LoginUtils.INSTANCE.error("Failed to get Device ID!");
            return;
        }
        LoginUtils.INSTANCE.info("Device ID: " + Utils.INSTANCE.bytesToHex(bArr));
        ByteBuffer allocate = ByteBuffer.allocate(MAX_LENGTH);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(MAX_LENGTH);
        allocate.put(new byte[676]);
        for (int i = RCM_PAYLOAD_ADDR; i < INTERMEZZO_LOCATION; i += 4) {
            allocate.putInt(INTERMEZZO_LOCATION);
        }
        try {
            InputStream openRawResource = this.context.getResources().openRawResource(R.raw.intermezzo);
            Intrinsics.checkNotNullExpressionValue(openRawResource, "openRawResource(...)");
            byte[] bArr2 = new byte[openRawResource.available()];
            openRawResource.read(bArr2);
            openRawResource.close();
            allocate.put(bArr2);
            allocate.put(new byte[4096 - bArr2.length]);
            try {
                allocate.put(decodePayload(chosenPayload));
                int position = allocate.position();
                allocate.position(0);
                boolean z = true;
                byte[] bArr3 = new byte[4096];
                int i2 = 0;
                while (true) {
                    if (i2 >= position && !z) {
                        LoginUtils.INSTANCE.info("Sent " + i2 + " bytes");
                        UsbDeviceConnection usbDeviceConnection4 = this.usbConnection;
                        if (usbDeviceConnection4 == null) {
                            Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
                            usbDeviceConnection = null;
                        } else {
                            usbDeviceConnection = usbDeviceConnection4;
                        }
                        switch (nativeTriggerExploit(usbDeviceConnection.getFileDescriptor(), 28672)) {
                            case FontsContractCompat.FontRequestCallback.FAIL_REASON_SECURITY_VIOLATION /* -4 */:
                                LoginUtils.INSTANCE.error("Wrong URB reaped!  Maybe that doesn't matter?");
                                return;
                            case -3:
                                LoginUtils.INSTANCE.error("REAPURB failed!");
                                return;
                            case -2:
                                LoginUtils.INSTANCE.error("DISCARDURB failed!");
                                return;
                            case -1:
                                LoginUtils.INSTANCE.error("SUBMITURB failed!");
                                return;
                            case 0:
                                LoginUtils.INSTANCE.info("Exploit triggered!");
                                return;
                            default:
                                return;
                        }
                    }
                    allocate.get(bArr3);
                    UsbDeviceConnection usbDeviceConnection5 = this.usbConnection;
                    if (usbDeviceConnection5 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
                        usbDeviceConnection5 = null;
                    }
                    if (usbDeviceConnection5.bulkTransfer(endpoint2, bArr3, bArr3.length, 999) != bArr3.length) {
                        LoginUtils.INSTANCE.error("Sending payload failed at offset " + i2);
                        return;
                    } else {
                        z = !z;
                        i2 += 4096;
                    }
                }
            } catch (IOException e) {
                LoginUtils.INSTANCE.error("Failed to read payload: " + e);
            }
        } catch (IOException e2) {
            LoginUtils.INSTANCE.error("Failed to read intermezzo: " + e2);
        }
    }

    public final void releaseDevice() {
        UsbDeviceConnection usbDeviceConnection = this.usbConnection;
        UsbInterface usbInterface = null;
        if (usbDeviceConnection == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbConnection");
            usbDeviceConnection = null;
        }
        UsbInterface usbInterface2 = this.usbInterface;
        if (usbInterface2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("usbInterface");
        } else {
            usbInterface = usbInterface2;
        }
        usbDeviceConnection.releaseInterface(usbInterface);
    }
}
