[MOD] PackageParser Patch - Nexus 5 Themes and Apps

This patch is against framework.jar for Android 4.4 (KRT16M) and allows you to modify system packages without them being verified.
Why would you want this?
Re-signing isn't possible with many google packages as they check their own certificates at runtime (GooglePlayServices). This patch allows you to make any modifications you like to system packages, while keeping the original certificates.
Isn't it unsafe to not verify packages?
Yes. However, this patch only applies to system packages. Those downloaded from the market are still verified as usual. The /system filesystem is read-only by default. The only way for a package to be infected is if an application has root privileges (via SuperSU or similar). Of course you should assume that after giving an application elevated privileges it could infect packages with or without this patch.
How does it work?
Packages in android are loaded by PackageParser. The method collectCertificates attempts to read the file AndroidManifest.xml from system packages, which causes the underlying JarFile to verify it against the embedded signature. If everything was successful it returns the certificate. This patch changes collectCertificates to load and return the certificate directly, without trying to read AndroidManifest.xml.
You must delete META-INF/CERT.SF and META-INF/MANIFEST.MF from any package you modify. This patch doesn't change the underlying JarFile code, which by default uses those files to check entries as they're read from the archive. You should leave META-INF/CERT.RSA alone as that's the certificate this patch loads.
The patch was produced against framework.jar from the factory image KRT16M using baksmali v2.0 .
SHA1
Code:
433eeec32008015a1f54964bf036f4eaddb3864b framework-jar-KRT16M-raw-certificates.patch
75b5999203f355cf45387a424246e988440c3068 framework.jar

*reserved*

Thanks for this great mod.. Modify system packages works but when add new apk system (like sony apps to my CM 11 device), ktkat won't accept as app installed, even when I don't modify anything in apk.
Sent from my Xperia Mini Pro using Tapatalk

Related

[Q] Run app as system app

Hi all -
Apologies if this is a stupid question. I'm trying to create an app that has the protected 2 level DEVICE_POWER permission. Is this possible without having a full-blown Custom ROM?
Things that I have tried:
1) Move apk from data/app to system/app [in packages.xml the app is then classified as system="true" but isn't allowed to get the permission]
2) In packages.xml, manually hack the certs line to be the same as a system app that does have the DEVICE_POWER permission
3) try to hack the file in /system/etc/permissions to add another gid to DEVICE_POWER or the uid of the app that I'm running
4) tried to re-sign the framework-res.apk and the other other system apk's with the same cert with the AOSP platform key [although google does seem to sign some apps with that key, B&N seems to have done the "right" thing and not signed everything with the platform key]. Just gets caught in a bootloop
In the devicemanager.db under /data/data/com.android.providers.settings/databases, in the registry table, it does show the hash of the system's private key ... wasn't sure if I could do anything with that though.
Someone created a custom screensaver that puts the cover of the book you're reading as screensaver and modified the Settings.apk to do so. I don't quite get how he was able to do that and still have the signature remain intact?
Thanks for the help!
AFAIK you have to build a custom ROM to do this.
Yeah I think so too, apps wanting that permission need to be signed with the platform key afaik.

[SCRIPTSET v2.6][02/28/2012] Build native GNU/Linux applications: the easy way

New: SANE (USB Scanner backend and drivers) - OTG equipped device needed to work for this - YES, Scanner Access Now possible and Easy with your phone
This can (in combination with tesseract-ocr) be very useful to recognize text from scanned images.
For pictures see also http://forum.xda-developers.com/showpost.php?p=23046120&postcount=187
Update 01/30/2012: Now with a small android app (ScriptStarter) to start services and other shell scripts easily from the GUI. See bottom of the post.
WHAT'S POSSIBLE WITH THIS SCRIPT:
With this bash script your are able to build relatively easy from source a lot of native software (over 90 at the moment) from the GNU/Linux community for your Android phone and you will have
the good experience with free software.
All these tools and programs are not "apps for the GUI" for Android but native running command line tools "under the surface" of your Android GUI like the kernel and other services.
Don't ask me if it makes any sense to install program xy (like MySQL) on a phone. This is your decision. It's possible, so try it and see what you can do with it.
Note: I tested most of the compiled software on a Samsung Galaxy S2 (my phone). I cannot test it on a variety of phones because I have no mobile phone shop...
Currently buildable with this scripts (abstract, see the full list in package_selection.conf):
PHP 5.3.10 (with almost all extensions and XCache)
MySQL 5.5.19 (if you want a full database server on your phone...)
lighttpd 1.4.30
OpenSSH 5.9p1
OpenSSL 1.0.0f
Samba 3.6.3
cURL 7.23.1
bash 4.2
BusyBox 1.19.3
ImageMagick 6.7.4-10
OpenVPN 2.2.2
Python 2.7.2
Node.js 0.6.7
git 1.7.9
Wget 1.13.4
Rsync 3.0.9
TCPDUMP 4.2.0
Midnight Commander 4.8.1
Pure-FTPd 1.0.35
screen 4.0.3
iptables 1.4.10 (without bionic bug "getnetbyaddr()" and with iptables-save/restore!)
BIND 9.8.1-P1
Lua 5.2.0
Ruby 1.9.3-p0
usbutils 004
MTDUtils latest git
GCC 4.6.2 (c, c++)
GNU Coreutils 8.14, Binutils 2.22, Findutils 4.4.2, Inetutils 1.8
QEMU 0.15.1
SANE 1.0.22
tesseract-ocr 3.01
...
a lot of libraries, development tools and other useful programs
...
FEATURES:
automatic download and untar the cross-compilers (if not already done) for cross compiling
automatic download and untar the source packages (if not already done), that you have selected
solve dependences and reserves additional needed packages
apply patches to the sources if necessary
build them, "install" them in a folder for later "ready to transfer" to your phone and stripes the binaries and libraries to reduce the filesize if selected
autogenerate a tar file and adb push the file to device if selected
allows you to use well-known software like PHP, MySQL, OpenSSL, OpenSSH, OpenVPN, bash and lighttpd on your phone (see the full list in file package_selection.conf, see attachement)
scripting and development on your phone
no limits with BusyBox (without want to be derogative, BusyBox is a wonderful tool), full featured tools like Coreutils, Binutils etc.
build scripts are expandable with other or newer packages you eventual want to have
QUESTIONS AND ANSWERS:
Q: Do I need native GNU/Linux programs and what is that?
A: If you do not know what native Linux applications are, then stop here - you don't need them.
Q: What can I do with these tools?
A: Many things. As a developer you can use the libraries to include them in Android GUI apps, as user you can start for example a webserver on your phone and write some HTML or PHP pages
just for fun or replace BusyBox with full featured tools (or only some commands).
Some tools are also very useful to find network errors, check the network traffic and many more.
Q: What do I need?
A: A Linux installation (VM or real), some Linux knowledge and a little bit time to read all instructions carefully. A rooted Android device with enouth free memory (ext2/3/4 formatted)
See README for details.
Q: Costs?
A: Nothing. The scripts are Open Source (GPL v3), the packages are GPL licensed or under a similar license. The cross-compilers are Open Source or free to use for non-profit purposes.
But I would be pleased if I get a donation and/or a press on the "Thanks button", if the scripts are useful for you. It was a long and hard work...
Note: The attachement scriptset-x.yy.zip is double packed (inside .bz2), because I want preserve the right settings of the scripts.
STEPS:
Selected the desired packages in the config file
Adjust the compiler settings for your phone
Run the build script to download and compile the software
Copy the generated TAR files to your phone or let "adb" this do for you and unpack them in the prepared sysroot folder
For more information please read the instructions in "README"
Please let me also know if you have any problems or if you have questions or further suggestions.
Thanks go to the Open Source community and a lot of people/webpages with hints about cross-compiling software.
Thanks
smitna
CHANGELOG:
01/14/2012 First public release v0.9
01/14/2012 Update: Removed unneeded big patch for ncurses
01/15/2012 Release of v1.0
Update: Fixed build of gcc. Note: the header files are not copied automatically with the script.
If you want to compile on your phone, set TAR_HEADERS=1 in configuraton.conf
Typos: some translations corrected in build.sh
01/16/2012 Release of v1.1
Update: Removed building of fsck from util-linux-ng, it's in e2fsprogs
Update: ISC Cron / vixie cron: set correct paths in pathnames.h before compiling
Enhancement: More detailed explanation of device specific compiler settings with list of possible values
Update: Removed dependence e2fsprogs libs from e2fsprogs
01/17/2012 Release of v1.2
Update: Build of zip, zipcloak, zipnote, zipsplit, unzip, unzipsfx and funzip now possible without errors
01/17/2012 Release of v1.3
Update: Added Node.js
Typos: some translations and language errors corrected in build.sh and README (sorry, I'm not a native English speaker...)
01/18/2012 Release of v1.4
Fixed TMP_PATH in PHP extension XCache (mmap.c) to prevent startup warning
Fixed BusyBox problems with static build against glibc ("__getpagesize" segfault with ping, traceroute and other networking parts)
and added some BusyBox patches.
BusyBox is now dynamic linked, so don't replace the system BusyBox with this build, because of missing mount/paths to libraries at phone startup
01/20/2012 Release of v1.5
Update: Cleanup in scripts and separation of configuration and code. Now it's only necessary to edit configuration.conf and package_selection.conf
Update: Added gzip
Update: Added experimental adb push to device if the device is connected and permissions are ok
Update: Check for installed programs. Script now exists on check failure to minimize errors while compiling.
01/21/2012 Release of v1.6
Bugfix: MySQL build could fail if gen_lex_hash could not generate the file sql/lex_hash.h in pass 2
Update: adb push should now work, check for connected device (and possible multiple devices) and check for right permissions to use the device
Enhancement: Even more explanation of device specific compiler flags and some hints to find the right settings.
01/21/2012 Release of v1.7
Enhancement: To eliminate sure a failing MySQL build, with every new run the source folder will be removed before completely
Enhancement: file version is now strictly checked (the host version must be the same as the cross version)
Some minor changes and filechecks (e.g. autoconf)
01/23/2012 Release of v1.8
Bugfix: Python has SQLite dependencies and SQLite must be ready before Python configure/make
Bugfix: In certain circumstances the optimizer settings get lost
Bugfix: Removed --enable-multibyte from bash, no chance to use it with NDK
01/24/2012 Release of v1.9
Update: Added ngIRCd (Please read the comment for this server, because of running as root)
Update: Sorted the links and package names in the config a little bit...
01/26/2012 Release of v2.0
Bugfix: OpenSSH wants to touch /var/empty while compiling, should be fixed --with-privsep-path now set (thanks to member dateno1 for his reports of such warnings/errors)
Bugfix: Removed a wrong CFLAG -I path from NDK config (only useful for me, really useless for others...)
Enhancement: Example for a user db for Pure-FTPd virtual user database in README (please use virtual users, it's the best and easiest solution)
Update: OpenSSH build need ssh-keygen for the generation of the default keys, added this info to README and the package selection
Bugfix: Not really a bugfix, but some installers don't set the right permissions of libraries in the sysroot folder, so set them global in the final task
Bugfix: Removed --with-lastlog=$TARGET_SYSROOT/var/log/lastlog from OpenSSH and added --with-lastlog=no, I don't know why this is not working and throws a warning, but we can live without it...
Enhancement: Added option to choose the sysroot variant from the CodeSourcery libs: v5TE (default), v4T (old), thumb2 (v7, fastest if supported by the phone)
Enhancement: Added option to tar the headers for development on the device with CodeSourcery (hint: always set rpath in LDFLAGS to make use of the CodeSourcery libs)
01/26/2012 Release of v2.1
Update: Added getcap/setcap and libraries from wishlist, needs libtoolize. Note: This is in a testing stage, kernel and filesystem support needed!
01/30/2012 Added a ScriptStarter app
09/02/2012 Release of v2.2
Update: Local compilation of static "tic" from ncurses for buildhost, if ncurses installation is missing
Enhancement: "downloading only" mode without compiling the packages (and force download)
Enhancement: some parameters for starting the script with additional functions (show with ./build.sh help)
Enhancement: more logging and outputs
Enhancement: language specs, all outputs can be changed to other languages in build.sh
Update: Added dosfstools
Update: Added Ruby
Update: Added example configs and starter scripts for Samba and OpenSSH
Update: Use of http-URLs if possible and update of some broken external links since last release
Bugfix: util-linux-ng needs gettext, added dependence
Bugfix: Added parameter to Samba to solve user/group settings and socket_wrapper support to set path vars at runtime
Update: Changed PHP version to 5.3.10, Samba to 3.6.3 and git to 1.7.9
02/11/2012 internal Release v2.3
Bugfix: openVPN patch for /dev/tun and links to ip/netstat/ifconfig/route, see hints for symlinks
02/16/2012 internal Release v2.4
02/25/2012 Release of v2.5
Update: Added LAME
Update: Added experimental CUPS
Update: Changed PNG version to 1.5.9
Update: Added Net-SNMP
Update: Added Netpbm
Update: Added PNG 1.2.47 for Netpbm and phpSANE
Update: Added LibTIFF
Update: Added SANE (USB Scanner backend and drivers) - OTG equipped device needed to work for this - YES, Scanner Access Now possible and Easy with your phone
Update: Split patches for bash (4.1 and 4.2) for better and easier (automatic) inclusion of original patches
02/28/2012 Release of v2.6
Update: Added Cuneiform OCR
Update: Added tesseract-ocr (see hints for more details howto use it)
ScriptStarter
02/03/2012 Added a small ScriptStarter for the GUI. With this app, written with JQuery, PhoneGap and Java (wrapper to execute the shell scripts) it's possible to start for example the lighttpd web server, Pure-FTPd or MySQL from within the Android GUI without a terminal and read the output. If a script needs root access, there is a checkbox to allow this. For this to work, copy the script sush in the script folder. All scripts ending with .sh can be started (please choose after the first start your script folder on the device to add the scripts to the selection, normally your [SYSROOT]/sbin folder).
Three buttons (start, stop and status) are predefined for start-stop-status scripts, there is also a parameter input field for more start values.
Free GPL v3 source code also included (Eclipse project). Please don't expect too much eye-candy. The GUI could be much better, but my CSS skills are very limited...
I added a few example scripts in the zip file, for example a battery stats reader. Before starting these scripts, have a look in the source code to be sure that they are compatible with your device.
Update 0.97 02/03/2012: Now the stderr is also printed in the output window
Update 0.99 02/10/2012: Replaced scrolling api with a much better solution (jScrollPane) for the output window. Not the real Android scroll feeling, but it's usable.
Thanks! I would hit the Thanks button, but I am on my mobile atm.
Sent from MIUI powered phone
Someone tried it? Problems?
Please, I need your feedback...
Sounds interesting, I'll try once I get back home and share feedback here
now i try to all packages for test
i will test on cortex a8 (motolora xt720)
TARGET_MARCH="armv7-a" (not work on armv7 )
TARGET_MTUNE="cortex-a8"
TARGET_MFPU="neon"
TARGET_MFLOAT="softfp"
it make dynamic binarys but i don't want dymanic type (because it difficult to divide one thing and maybe not work on android's libs)
how can i make static type?
ps : oh...it has so many comile error (even can't read or count all)
dateno1 said:
i will test on cortex a8 (motolora xt720)
TARGET_MARCH="armv7-a" (not work on armv7 )
TARGET_MTUNE="cortex-a8"
TARGET_MFPU="neon"
TARGET_MFLOAT="softfp"
it make dynamic binarys but i don't want dymanic type (because it difficult to divide one thing and maybe not work on android's libs)
Click to expand...
Click to collapse
I hope I understand your question. Why not dynamic?
Yes, you have to set the parameters for your mobile phone. For TARGET_MARCH try "armv7", for TARGET_MFLOAT "softfp" and for TARGET_MFPU "vfp" but check this last setting carefully for this phone.
It's very hard to build a full static binary (and sometimes nearly impossible) and it's also hard to build against bionic (with NDK). I had no good experience with it . A lot of compiler runs wasn't sucessful. Edit: I also had for example massive problems with openssl. I couldn't find a way to build it with NDK or static and then build other programs like cURL with openssl support.
Static binaries are also too big and not necessary. For this we have a sysroot environment to be independent from bionic and without the restrictions. The compiled libs and binaries are linked to the CodeSourcery glibc and have set the custom "rpath" for the dynamic loader. That's no problem I think.
that's simple
if someone want to make some binary for all version of android (even same cpu) it will not work well (defend on basic lib(ex : libc) is ok but complex things will not work)
i know make static type binary is very difficult but it valable
dateno1 said:
that's simple
if someone want to make some binary for all version of android (even same cpu) it will not work well (defend on basic lib(ex : libc) is ok but complex things will not work)
i know make static type binary is very difficult but it valable
Click to expand...
Click to collapse
You are right, if you want to build a "portable" binary, you have to set very safe settings, like TARGET_MARCH="armv5", the full list is in the "README". But it's not my main target to offer a solution that is easy portable to other phones, instead you can build the software with optimizations for your phone to "get the best" for it
smitna said:
You are right, if you want to build a "portable" binary, you have to set very safe settings, like TARGET_MARCH="armv5", the full list is in the "README". But it's not my main target to offer a solution that is easy portable to other phones, instead you can build the software with optimizations for your phone to "get the best" for it
Click to expand...
Click to collapse
just i want to add some more function on the phone
thanks for patch files
I want to try this, to install some apps(most interested fro mc), but I don' t wanna change my sd card.
Can I use phone' s /data partition as mysysroot directory? I have 1.5GB space available on data partition, it is 2GB all.
And If yes, I must create the dir: /data/mysyroot? And where to create this dir on pc? On root directory of my linux system?
dancer_69 said:
I want to try this, to install some apps(most interested fro mc), but I don' t wanna change my sd card.
Can I use phone' s /data partition as mysysroot directory? I have 1.5GB space available on data partition, it is 2GB all.
And If yes, I must create the dir: /data/mysyroot? And where to create this dir on pc? On root directory of my linux system?
Click to expand...
Click to collapse
You can use the /data partition. Just create a new folder, for example /data/sysroot. On your PC you have to create the same temporary with full user rights. This is not your working dir for building. Create a new dir in /home/user and unpack the files there. In settings insert the /data/sysroot as TARGET_SYSROOT and change the other settings for your phone and choose mc=yes. Then start the ./build.sh
Thanks for your quick answer.
Just to make clear because my english understanding is not in a high level
I must create the /data/sysroot dir under "/"(root directory) on linux pc with superuser rights?
dancer_69 said:
Thanks for your quick answer.
Just to make clear because my english understanding is not in a high level
I must create the /data/sysroot dir under "/"(root directory) on linux pc with superuser rights?
Click to expand...
Click to collapse
Yes, that is right. But this is the only step you need to do as root or better with root rights. After this work as usual as user.
oh it can't make mysql
package selection : mysql only
target directory (prefix) : /sddata/mysql (on sdext on my system)
armv7-a
cortex-a8
neon
softfp
then run ./build.sh 2> error.txt
it is my error messages
http://pastebin.com/g7Yi4bGz
sorry you can see this link only today (my mistake)
this setting can make some binary and lib run on my phone but fail to make gcc or mysql (when i try gcc it just fail to making gcc only (other things were made) )
dateno1 said:
package selection : mysql only
target directory (prefix) : /sddata/mysql (on sdext on my system)
armv7-a
cortex-a8
neon
softfp
then run ./build.sh 2> error.txt
it is my error messages
http://pastebin.com/g7Yi4bGz
sorry you can see this link only today (my mistake)
this setting can make some binary and lib run on my phone but fail to make gcc or mysql (when i try gcc it just fail to making gcc only (other things were made) )
Click to expand...
Click to collapse
Please notice first, that you should not run this script as root!!
Then there is something wrong with the build of the first needed packages:
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
- The script cannot find the readline sources. Do you have a subfolder readline-6.2 in folder sources in your builddir? Same for the other source folders. The script first downloads the packages to folder packages, extract the tars in folder sources, repeated for all selections.
(look at line 67 in your log: ./build.sh: 1402: cd: Python-2.7.2: No such file or directory)
- You have no "xz", install it first and make sure, that the other necessary packages are installed. MySQL and gcc are "two pass" compilations and this builds generating temporary binaries, runable on your linux pc. So you need all for a successful compilation of such binaries like gcc, make, python etc. on your linux machine. If you are using Ubuntu, then install the "meta-package" build-essential, look in the README.
Do you have the other unpacking tools like gunzip etc. Please install also "bison"
You should do following steps:
1. First select only the necessary packages (see above), all others to no.
2. If zlib, python, readline an the others are cross-compiled (without errors) and the libraries are in ./sysroot/lib, then deselect them (=no) and select mysql=yes and start a second run with ./build.sh
smitna said:
Please notice first, that you should not run this script as root!!
Then there is something wrong with the build of the first needed packages:
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
- The script cannot find the readline sources. Do you have a subfolder readline-6.2 in folder sources in your builddir? Same for the other source folders. The script first downloads the packages to folder packages, extract the tars in folder sources, repeated for all selections.
(look at line 67 in your log: ./build.sh: 1402: cd: Python-2.7.2: No such file or directory)
- You have no "xz", install it first and make sure, that the other necessary packages are installed. MySQL and gcc are "two pass" compilations and this builds generating temporary binaries, runable on your linux pc. So you need all for a successful compilation of such binaries like gcc, make, python etc. on your linux machine. If you are using Ubuntu, then install the "meta-package" build-essential, look in the README.
Do you have the other unpacking tools like gunzip etc. Please install also "bison"
You should do following steps:
1. First select only the necessary packages (see above), all others to no.
2. If zlib, python, readline an the others are cross-compiled (without errors) and the libraries are in ./sysroot/lib, then deselect them (=no) and select mysql=yes and start a second run with ./build.sh
Click to expand...
Click to collapse
i'm not edit necessary part
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
i just edit mysql=no => mysql=yes
ok try to install packages and run as not root
dateno1 said:
i'm not edit necessary part
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
i just edit mysql=no => mysql=yes
ok try to install packages and run as not root
Click to expand...
Click to collapse
Good luck!
If you can wait a little bit:
In a short time I release a new version with better error and program checks and some small bug fixes. With this version it's not longer necessary to edit the build.sh, it's now all in only two separated configuration files (configuration and package selection).
hmm...fail to compile mysql again
with this error
note: the mangling of 'va_list' has changed in GCC 4.4
full error log on http://pastebin.com/jd1Pw9Xw
dateno1 said:
with this error
note: the mangling of 'va_list' has changed in GCC 4.4
full error log on http://pastebin.com/jd1Pw9Xw
Click to expand...
Click to collapse
Hello dateno1,
first: you have *NOT* changed to a user account as promised
The va_list is only a note, not an error, no problem (but ask the MySQL devs why they haven't adapted the code to gcc 4.6.1).
Your Python cross binaries and libraries are not ok (from you broken first build?). Please start from a "fresh state" (delete the folder sources/Python-2.7.2 and sysroot) or start from a total clean state.
Please use the latest 1.5 version of the script because of the xargs warnings at the end
Delete the complete sysroot folder, there are some folders not in place (data and docs). There is a script remove_all_files.sh
Start this script in your buildroot with ./remove_all_files.sh to remove all files and symlinks in subfolder sysroot.
Edit: delete the sysroot folder complete, there are some other missing folders from your first build!
Start again with ./build.sh and activated packages (the "ALWAYS NEEDED" one and MySQL)
smitna said:
Hello dateno1,
first: you have *NOT* changed to a user account as promised
The va_list is only a note, not an error, no problem (but ask the MySQL devs why they haven't adapted the code to gcc 4.6.1).
Your Python cross binaries and libraries are not ok (from you broken first build?). Please start from a "fresh state" (delete the folder sources/Python-2.7.2 and sysroot) or start from a total clean state.
Please use the latest 1.5 version of the script because of the xargs warnings at the end
Delete the complete sysroot folder, there are some folders not in place (data and docs). There is a script remove_all_files.sh
Start this script in your buildroot with ./remove_all_files.sh to remove all files and symlinks in subfolder sysroot.
Edit: delete the sysroot folder complete, there are some other missing folders from your first build!
Start again with ./build.sh and activated packages (the "ALWAYS NEEDED" one and MySQL)
Click to expand...
Click to collapse
make new account (compile.compile) and use su -c "./build.sh" compile
i think it work (compiled file's owner is changed to compile.compile)
now i delete almost files and folders (exclude android-ndk, readline-6.2, toolchains) and retrying...oh failed (attach new log (full) )
'를 위해 할 일이 없습니다' mean 'no job for~'
'오류' mean 'error'

[Complete Guide] What is Odex and Deodex ROM?

What is an ODEX file?
In Android file system, applications come in packages with the extension .apk. These application packages, or APKs contain certain .odex files whose supposed function is to save space. These ‘odex’ files are actually collections of parts of an application that are optimized before booting. Doing so speeds up the boot process, as it preloads part of an application. On the other hand, it also makes hacking those applications difficult because a part of the coding has already been extracted to another location before execution.
What is an DEODEX file?
Deodexing is basically repackaging of these APKs in a certain way, such that they are reassembled into classes.dex files. By doing that, all pieces of an application package are put together back in one place, thus eliminating the worry of a modified APK conflicting with some separate odexed parts.
So, Deodexed ROMs (or APKs) have all their application packages put back together in one place, allowing for easy modification such as theming. Since no pieces of code are coming from any external location, custom ROMs or APKs are always deodexed to ensure integrity.
How this works?
For the majority noobs amongst us, Android OS uses a Java-based virtual machine called the Dalvik Virtual Machine. A deodexed or .dex file contains the cache used by this virtual machine (referred to as Dalvik-cache) for a program, and it is stored inside the APK. An .odex file, on the other hand, is an optimized version of this same .dex file that is stored next to the APK as opposed to inside it. Android applies this technique by default to all the system applications.
When an Android-based system is booting, the davlik cache for the Davlik VM is built using these .odex files, allowing the OS to learn in advance what applications will be loaded, and thus speeds up the booting process.
By deodexing these APKs, a developer actually puts the .odex files back inside their respective APK packages. Since all code is now contained within the APK itself, it becomes possible to modify any application package without conflicting with the operating system’s execution environment.
Advanteges & Disadvantages
The advantage of deodexing is in modification possibilities. This is most widely used in custom ROMs and themes. A developer building a custom ROM would almost always choose to deodex the ROM package first, since that would not only allow him to modify various APKs, but also leave room for post-install theming.
On the other hand, since the .odex files were supposed to quickly build the dalvik cache, removing them would mean longer initial boot times. However, this is true only for the first ever boot after deodexing, since the cache would still get built over time as applications are used. Longer boot times may only be seen again if the dalvik cache is wiped for some reason.
Note:Themes for android come in APKs too, and if you want to modify any of those, you should always choose a dedoexed custom ROM.
What is Zipalign?
Zipalign is an archive alignment tool introduced first time with 1.6 Android SDK (Software Development Kit). It optimizes the way an Android application package (APK) is packaged. Doing so enables the Android operating system to interact with the application more efficiently, and hence has the potential to make the application and overall the whole system much faster. Execution time is minimized for zipaligned applications, resulting is lesser amount of RAM consumption when running the APK.
How does it exact work?
In an Android operating environment, data files stored in each application package are accessed by multiple processes, for example, the installer will read the data manifest to determine the associated permissions; the system server can read these resources for multiple reasons, like displaying notifications; the Home application, for example, will read resources to get the application’s name and icon. Since Android is based on a a true multi-tasking operating infrastructure, these files are continually and repeatedly accessed. Finally, but not least, the application itself reads the manifest data.
As Android is Linux-based, memory-mapping plays a key role in efficient handling of processes. Essentially, the optimal alignment for the Android OS’ resource-handling code is 4-byte boundaries. What this means is that, if APKs are memory-mapped to 4-byte boundaries, and aligned accordingly, the OS will not need to ‘read through’ the whole application package to get to the desired data manifest. Every system process will know in advance where to look for it’s desired resources, and hence will execute much smoother and faster.
Summing it up, zipaligning an APK results in all uncompressed data within the package to be aligned on 4-byte boundaries, allowing all portions to be accessed directly with the memory-map. RAM consumption is lowered while execution because the querying code doesn’t have to read through the entire application package.
Disavantages of unaligned APKs
Quite understandably, situation would be reserved for unaligned application packages. Resource reading would be slow and memory usage would be on the higher end of the spectrum. It would also depend on how many unaligned applications are present. For example, if less number of applications with an unaligned home application, you’d see slower application launch times. This is the best case scenario. For a worst case scenario, having a number of unaligned applications will result in the system repeatedly starting and killing processes, struggling with lags and huge battery drain.
How to make APKs zipaligned?
As mentioned earlier, the zipalign tool became a part of Android SDK from 1.6 onwards. It can be found under the ‘tools’ folder of the SDK. To use it, simply run the command:
zipalign [-f] [-v] <alignment> infile.apk outfile.apk
Click to expand...
Click to collapse
...where infile.apk is the source file, and outfile.apk is the output file.
You can also verify the alignment of an APK file using the following command:
zipalign -c -v <alignment> existing.apk
Click to expand...
Click to collapse
...where existing.apk can be any application package that you need to get verified. Also, the <alignment> tag in both the commands needs to be an integral value (otherwise the command will return invalid). This value, although can be any integer, MUST always be 4, which would provide 32-bit alignment. Any other value and it will effectively do nothing.
Finally, for the flags used in these commands,
-f - overwrites existing outfile.zip
-v - will give verbose output
-c - will confirm the alignment of a given file
Click to expand...
Click to collapse
CAUTION: Zipalign operation must only be performed after you have signed the APK file with your private key. If zipaligned before signing, the signing procedure will disturb the alignment. Same holds true for any other alteration, addition or removal to the APK file. Any change after running zipalign will undo the alignment.
Source: addictivetips
Reserved.

Janus Vulnerability Allows Attackers to Modify Apps without Affecting their Signature

In various thread scattered around the Fire and Kindle forums here on XDA, I talked about the possibility of decompiling an Amazon system APK, modifying the contents such as settings for the framework or changing permissions in an attempt to escalate privileges to some degree, maybe even root. I ran into several issues when attempting such a thing:
1) Using a PC, I found it almost impossible to successfully recompile a modified APK. Many of the tools like APKtool are just too complicated and missing even the slightest step will cause it to fail.
2) Surprisingly, I've had the opposite outcome using two apps. Using APK Export, I was able to export an APK from the system and use APK Editor Pro to modify permissions. I have been able to, on a consistent basis, use APK Editor Pro to decompile the Android Live Wallpaper system APKs to add or remove any permission from the APKs manifest. Installing the APKs did not result in getting them into /system/priv-app on my HD 8, but all modifications held over and over. But every time the signature is ruined, and installing as a system app fails again.
Janus can help escalating permissions even further when using the above method and maybe others, to modify system APKs. The question is: Can we use Janus to modify an APK in some form, to install an update to an Amazon system app, which would on install, execute code that would install SU binaries? What about any other known exploit patched or not? Could we fake the system into thinking a one-click-root app is a system app and install it? Link to XDA article.
Janus takes advantage of the fact that extra bytes go unnoticed in APK files and DEX files. The GuardSquare report explains that an APK file is a ZIP archive which can contain arbitrary bytes at the start, before and between its ZIP entries. The JAR signature scheme only takes into account the ZIP entries, ignoring any extra bytes when computing or verifying the application’s signature.
It goes on to explain that a DEX file, on the other hand, can contain arbitrary bytes at the end – after the regular sections of strings, classes, method definitions, etc. Therefore, a file can be a valid APK file and a valid DEX file at the same time.
GuardSquare also mentions that a key element of the vulnerability is a “harmless” feature of the Dalvik/ART virtual machine. The report states that in theory, the Android runtime loads the APK file, extracts its DEX file and then runs its code. However, in practice, the virtual machine (VM) can load and execute both APK files and DEX files. The issue is that when the VM gets an APK file, it still looks at the magic bytes in the header to decide which type of file it is: DEX or APK. On finding a DEX header, it loads the file as a DEX file. If it doesn’t find a header, it loads the file as an APK file containing a zip entry with a DEX file. Thus, it can misinterpret dual DEX/APK files.
GuardSquare says that an attacker can leverage this duality feature of the VM to add a malicious DEX file to a normal APK file without affecting its signature. The Android runtime will accept the APK file as a valid update to a legitimate earlier app version, but the Dalvik VM will load the code from the DEX file, which has been injected with malicious code.
Click to expand...
Click to collapse
This is a good point. I brought up something similar a few months ago in another thread.
With all the exploits discovered this year where's someone trying these exploits on this hw sw combo we have with FireOS.
Where's the fuzzer for all the system calls while trying the known exploits?
Where is the systematic approach to testing these from the pedants on the forum?
Sure you can reply with the usual comebacks, but try a different approach instead of more of the same.
With
Sent from my iPhone using Tapatalk
Robius said:
Where is the systematic approach to testing these from the pedants on the forum?
Click to expand...
Click to collapse
Totally agree! Those selfish tech elitists who put real life above the desires of strangers. They should dedicate themselves (without compensation) and their community resources to methodically crack this very important nut. Ya know, because exploiting a $50 entertainment gizmo should rise to the top of THEIR priority list. Sorry sweetie, daddy won't becoming to any of your soccer games this year; he has important work to do.
My point exactly.
You spent enough energy to respond to this in a sarcastic manner. Thank you
Sent from my iPhone using Tapatalk
Robius said:
My point exactly.
You spent enough energy to respond to this in a sarcastic manner. Thank you
Click to expand...
Click to collapse
Time well spent; appreciate the opportunity to respond in kind.
I have seen a bunch of hashes running through the terminal last time. Amazon may compare the hashes of the apks against a whitelist.
All right, I am ready to take this exploit on my 5th Gen. What I have to do??
Adyatan said:
All right, I am ready to take this exploit on my 5th Gen. What I have to do??
Click to expand...
Click to collapse
I haven't sat down and looked into this too much so I'm not sure how to execute the exploit yet.
The idea I had been working on months ago was to somehow insert SU binaries into an Amazon system APK, and get it to install the modified APK as an update to an existing system app. The issue back then was the signature getting destroyed. If we can modify an Amazon system APK to contain a script to execute installation of SU binaries, the exploit might allow the APK to install as an update to an existing Amazon app and in theory install the SU binaries. Based on what little I've read, we would have to either 1) modify the existing DEX file of an Amazon system APK to contain code/script to install SU binaries or 2) create a new DEX file with the code and replace it with the original. My opinion is a better chance at the first method.
Now how to do all that using the Janus exploit? I do not yet know.
"An attacker exploiting the flaw could replace a trusted application that already has high privileges, such as a system app, with one of their updates to abuse the permissions that have already been granted. This could enable the attack to access sensitive information stored in the devices or enable the attacker to seize control over the device completely."
https://www.scmagazine.com/janus-vu...-android-50-devices-and-newer/article/713449/
So how would one go about updating a DEX file to contain 1) SU binaries that install upon 'updating' the app on installation? Or 2) clone a system app and edit or change the DEX file? 3) add an exploit script to a DEX file that would gain root (then you would install SU binaries and app)?
It seems the editing of the DEX file itself doesn't damage the signature and that's the nature of the exploit?
Hey is it possible to modify the permissions ota updater and remove the internet permissions so it can't update
I just found this https://github.com/odensc/janus don't have a computer anymore or would try it
Asadullah said:
Hey is it possible to modify the permissions ota updater and remove the internet permissions so it can't update
Click to expand...
Click to collapse
I cannot recall if I've ever tried with that APK. I have tried with others, unsuccessfully. Either the APK will fail to recompile into a proper installation file, or it would 'install', but with none of the modifications holding.
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
While installing an Android app or its update, your device checks APK header information to determine if the archive contains code in the compressed DEX files. If header says APK archive contains DEX files, the process virtual machine decompiles the code accordingly and executes it; otherwise, it runs the code as a regular APK file.
It turns out that an APK archive can contain DEX files as well as regular application code simultaneously, without affecting its validity and signatures.
Researchers find that this ability to add extra bytes of code due to lack of file integrity checking could allow attackers to prepend malicious code compiled in DEX format into an APK archive containing legitimate code with valid signatures, eventually tricking app installation process to execute both code on the targeted device without being detected.
In other words, the hack doesn't require attackers to modify the code of legitimate applications (that makes signatures invalid)—instead, the vulnerability allows malware authors to merely add some extra malicious lines of code to the original app.
Click to expand...
Click to collapse
So we would need to write a script or other code that would be placed into a Amazon System APK. Now would we be able to add SU binaries to an APK? What about a root script like DirtyCow. Although DC is patched, would that be different if the exploit was installed into the /system-priv-app and then executed? I really don't want to sound dumb here so please help me pout guys. Any feedback, negative or not is appreciated.
Maybe this tool can help https://forum.xda-developers.com/android/software/tool-dex-manager-v1-0-designed-to-play-t2988532
Robius said:
Maybe this tool can help https://forum.xda-developers.com/android/software/tool-dex-manager-v1-0-designed-to-play-t2988532
Click to expand...
Click to collapse
I can't find a working download link. Apparently it has been discontinued and i was directed to this: Uret Android Reverser Toolkit v1.6. I downloaded it.
I did find the other one but it says it's for a Galaxy Note. Not sure if that's really the case though.
DragonFire1024 said:
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
So we would need to write a script or other code that would be placed into a Amazon System APK. Now would we be able to add SU binaries to an APK? What about a root script like DirtyCow. Although DC is patched, would that be different if the exploit was installed into the /system-priv-app and then executed? I really don't want to sound dumb here so please help me pout guys. Any feedback, negative or not is appreciated.
Click to expand...
Click to collapse
It's beyond my knowledge but if you were to maybe add a script to the dex giving it the permisions I gotta look more into this
---------- Post added at 04:13 PM ---------- Previous post was at 03:54 PM ----------
DragonFire1024 said:
I can't find a working download link.
Click to expand...
Click to collapse
here's smali baksmali for editing dex files https://github.com/JesusFreke/smali I havent used it in a while but used to work good
Asadullah said:
It's beyond my knowledge but if you were to maybe add a script to the dex giving it the permisions I gotta look more into this
---------- Post added at 04:13 PM ---------- Previous post was at 03:54 PM ----------
here's smali baksmali for editing dex files https://github.com/JesusFreke/smali I havent used it in a while but used to work good
Click to expand...
Click to collapse
Editing DEX is pretty much out of my league too. I wouldn't know where to start. I don't even know how to install or use the tool you posted.
DragonFire1024 said:
Editing DEX is pretty much out of my league too. I wouldn't know where to start. I don't even know how to install or use the tool you posted.
Click to expand...
Click to collapse
https://github.com/JesusFreke/smali/wiki/DeodexInstructions
It's really pretty simple used to use it take out the ads from angry birds and what not when it first came out. But it's easier said than done. If you do try first thing I would suggest is that you decompile then recompile to see if it works right the dependencies sometimes will get you or we can try and beg another developer to make us a modified apk..... Please pretty please with sugar on topwe'll like all your posts???
Check this thread for root possibility:
https://forum.xda-developers.com/hd8-hd10/general/complete-guide-root-hd7-8-106th-gen-t3545411
Robius said:
Check this thread for root possibility:
https://forum.xda-developers.com/hd8-hd10/general/complete-guide-root-hd7-8-106th-gen-t3545411
Click to expand...
Click to collapse
FYI - nothing new in that thread. Same familiar tools/techniques targeting a different gen/suite of Amazon devices. Similar outcomes too. Vulnerability patched in FireOS 5.3.2.x as so far proven impenetrable by generic rooting tools of common origin (KingRoot, KingORoot, etc).
Davey126 said:
FYI - nothing new in that thread. Same familiar tools/techniques targeting a different gen/suite of Amazon devices. Similar outcomes too. Vulnerability patched in FireOS 5.3.2.x as so far proven impenetrable by generic rooting tools of common origin (KingRoot, KingORoot, etc).
Click to expand...
Click to collapse
Not sure if the following report is true: (HD10 7th Gen on 5.6.0.0)
https://forum.xda-developers.com/hd8-hd10/general/rooted-fire-hd-10-7th-generation-t3718629

[TOOL] [Windows] Batch APK Zipalign Tool v 2.0 (23/05/2022)

What's ziplign ?
Read,Android Developers site.https://developer.android.com/studio/command-line/zipalign
zipalign is an archive alignment tool that provides important optimization to Android application (APK) files. The purpose is to ensure that all uncompressed data starts with a particular alignment relative to the start of the file. Specifically, it causes all uncompressed data within the APK, such as images or raw files, to be aligned on 4-byte boundaries. This allows all portions to be accessed directly with mmap() even if they contain binary data with alignment restrictions. The benefit is a reduction in the amount of RAM consumed when running the application.
This tool should always be used to align your APK file before distributing it to end-users. The Android build tools can handle this for you. Android Studio automatically aligns your APK.
Click to expand...
Click to collapse
Why this tool is needed ?
There are a lot of APK modifications on XDA, most of which are done through APKTOOL (Thanks @iBotPeaches for this great tool)
But after apktool compilation, apks needs to be zipalign manually -> which is missing from some these Modded/Distributed Apks found in the forum.
So, I decided to go ahead and make simple tool for this task.
This tool will help end-users/devs in such cases.
How to Use ?
It's One-Click tool, As simple as it gets !
Download & Extract Zip file from attachment.
Put All apks in "Input" folder
Do not leave "SPACES" in file name of APKs For example, Use "AppName_v1.apk" instead of "AppName v171.apk"
Double Click the Batch file (.bat)
You can find zipaliged APKs in "Output" folder after it's done.
That's It !!
PS : (Devs only) Use this tool **AFTER** signing APKs
Users don't need to worry about this because APKs you have/download are already signed.
FAQs
# How to know whether APKs are zipaligned or not after using this tool ?
Check file size of APK Before & After (In Input & Output folders). You will see the differnce in file size on bytes level So, you need to open full property of file via right click.
If file size if exactly the same, means APK was already zipaligned
# How to know whether APKs i have are already zipaligned or not ?
As of now there's no method to my knowledge. So, you need to go through above process.
In general, APKs directly from PlayStore (you backup/apkmirror) are zipaligned so you don't need to zipalign them unless there's some modifications performed on it.
Change log
v1.0 Release 2017
Initial Release
Latest available zipalign binary
v2.0 Release 2022
Based on Android SDK Build-Tools 30.1.0 and should be compatible with latest Android versions (A9-A12+)
Tried this. Nothing in the output folder
Serpentinefire76 said:
Tried this. Nothing in the output folder
Click to expand...
Click to collapse
I'm not actively maintaining this tool due to personal commitments. Theoretically it should still work even with older binaries but if you are looking for specific support I suggest search for other/newer threads.
jineshpatel30 said:
I'm not actively maintaining this tool due to personal commitments. Theoretically it should still work even with older binaries but if you are looking for specific support I suggest search for other/newer threads.
Click to expand...
Click to collapse
I tried it again. It works like a charm. Awesome. Thank you!
Update after a long time.​
v2 is based on Android SDK Build-Tools 30.1.0 and should be compatible with latest Android versions (A9-A12+)
Happy Modding!
i get this error a mod apk
Code:
Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed collecting certificates for /data/app/vmdl262490375.tmp/base.apk: Failed to collect certificates from /data/app/vmdl262490375.tmp/base.apk: META-INF/APKEASYT.SF indicates /data/app/vmdl262490375.tmp/base.apk is signed using APK Signature Scheme v2, but no such signature was found. Signature stripped?]
Command file current zipalign.bat:
for %%X in (.\Input\*.apk) do (
echo Zipaligning - %%~nX.apk
.\Tools\zipalign -cv 4 %%X
.\Tools\zipalign -fv 4 %%X .\Output\%%~nX.apk
)
Maybe it should be reversed like this:
for %%X in (.\Input\*.apk) do (
echo Zipaligning - %%~nX.apk
rem To align infile.apk and save it as outfile.apk
.\Tools\zipalign -fv 4 %%X .\Output\%%~nX.apk
rem check alignment outfile.apk only after having zipalign (does not modify file)
.\Tools\zipalign -cv 4 %%X
)

Categories

Resources