Related
When I disassemble standard Windows executables with IDA pro, it seems to recognise the compiler and therefore much more code, such as subroutine parameters and standard functions.
However when I disassemble Windows Mobile DLLs it doesn't seem to be as effective, the compiler is set to unkown and absolutely everything is in straight assembler.
Is there something I can do about this? Are there any library addins for IDA which will help it recognise code compiled for ARMs and Windows Mobile?
You can try to open the sub-view Type Libraries.. and in that view, right-click and load a library type.. i have 4 different type libraries there, and i've used both the armv12 and wince library... mostly the latter...
They migth be incomplete, but will help you slightly more that using no type library
SaSHje
the initial pass is just an initial analysis. you can select part or all of the assembly and then hit C to convert the block to code. you can also click on a section and then in the edit menu there are options for forcing conversion and for making code. it can be used for data sections too which is helpful for structures. hope this helps
PS the version of ida you run also determines how much is converted on the initial pass. I have pretty much every version of ida including the newest versions of ida 5 but i've had the best luck with 4.8.
Hmm, personally I found 5 and 5.1 to be best. Especially now I've managed to get the CE debugger going.
IDA Pro 6.1+ comes with the bin file android_server and you simply execute that file on the phone, like this:
adb push android_server /data/local/android_server
adb shell chmod 777 /data/local/android_server
adb shell ./data/local/android_server
Then you set up IDA pro to listen to that port, on your phones IP address (wifi)
On IDA go to Debugger > Attach > Remote ARM Linux
For IP you have to put your phones IP address, and the shell commands you ran should have given you a port to listen to.
IDAPro + Android = ALL YOUR BASE ARE BELONG TO US
android_server (to be executed via adb shell) download:
hxxp://benjamincomputerrepair.com/adminuploads/android_server
EDIT: I wanted to make this a new thread, but alas I only have 2 posts. I'm far from a n00b but I guess that makes no difference....
New: SANE (USB Scanner backend and drivers) - OTG equipped device needed to work for this - YES, Scanner Access Now possible and Easy with your phone
This can (in combination with tesseract-ocr) be very useful to recognize text from scanned images.
For pictures see also http://forum.xda-developers.com/showpost.php?p=23046120&postcount=187
Update 01/30/2012: Now with a small android app (ScriptStarter) to start services and other shell scripts easily from the GUI. See bottom of the post.
WHAT'S POSSIBLE WITH THIS SCRIPT:
With this bash script your are able to build relatively easy from source a lot of native software (over 90 at the moment) from the GNU/Linux community for your Android phone and you will have
the good experience with free software.
All these tools and programs are not "apps for the GUI" for Android but native running command line tools "under the surface" of your Android GUI like the kernel and other services.
Don't ask me if it makes any sense to install program xy (like MySQL) on a phone. This is your decision. It's possible, so try it and see what you can do with it.
Note: I tested most of the compiled software on a Samsung Galaxy S2 (my phone). I cannot test it on a variety of phones because I have no mobile phone shop...
Currently buildable with this scripts (abstract, see the full list in package_selection.conf):
PHP 5.3.10 (with almost all extensions and XCache)
MySQL 5.5.19 (if you want a full database server on your phone...)
lighttpd 1.4.30
OpenSSH 5.9p1
OpenSSL 1.0.0f
Samba 3.6.3
cURL 7.23.1
bash 4.2
BusyBox 1.19.3
ImageMagick 6.7.4-10
OpenVPN 2.2.2
Python 2.7.2
Node.js 0.6.7
git 1.7.9
Wget 1.13.4
Rsync 3.0.9
TCPDUMP 4.2.0
Midnight Commander 4.8.1
Pure-FTPd 1.0.35
screen 4.0.3
iptables 1.4.10 (without bionic bug "getnetbyaddr()" and with iptables-save/restore!)
BIND 9.8.1-P1
Lua 5.2.0
Ruby 1.9.3-p0
usbutils 004
MTDUtils latest git
GCC 4.6.2 (c, c++)
GNU Coreutils 8.14, Binutils 2.22, Findutils 4.4.2, Inetutils 1.8
QEMU 0.15.1
SANE 1.0.22
tesseract-ocr 3.01
...
a lot of libraries, development tools and other useful programs
...
FEATURES:
automatic download and untar the cross-compilers (if not already done) for cross compiling
automatic download and untar the source packages (if not already done), that you have selected
solve dependences and reserves additional needed packages
apply patches to the sources if necessary
build them, "install" them in a folder for later "ready to transfer" to your phone and stripes the binaries and libraries to reduce the filesize if selected
autogenerate a tar file and adb push the file to device if selected
allows you to use well-known software like PHP, MySQL, OpenSSL, OpenSSH, OpenVPN, bash and lighttpd on your phone (see the full list in file package_selection.conf, see attachement)
scripting and development on your phone
no limits with BusyBox (without want to be derogative, BusyBox is a wonderful tool), full featured tools like Coreutils, Binutils etc.
build scripts are expandable with other or newer packages you eventual want to have
QUESTIONS AND ANSWERS:
Q: Do I need native GNU/Linux programs and what is that?
A: If you do not know what native Linux applications are, then stop here - you don't need them.
Q: What can I do with these tools?
A: Many things. As a developer you can use the libraries to include them in Android GUI apps, as user you can start for example a webserver on your phone and write some HTML or PHP pages
just for fun or replace BusyBox with full featured tools (or only some commands).
Some tools are also very useful to find network errors, check the network traffic and many more.
Q: What do I need?
A: A Linux installation (VM or real), some Linux knowledge and a little bit time to read all instructions carefully. A rooted Android device with enouth free memory (ext2/3/4 formatted)
See README for details.
Q: Costs?
A: Nothing. The scripts are Open Source (GPL v3), the packages are GPL licensed or under a similar license. The cross-compilers are Open Source or free to use for non-profit purposes.
But I would be pleased if I get a donation and/or a press on the "Thanks button", if the scripts are useful for you. It was a long and hard work...
Note: The attachement scriptset-x.yy.zip is double packed (inside .bz2), because I want preserve the right settings of the scripts.
STEPS:
Selected the desired packages in the config file
Adjust the compiler settings for your phone
Run the build script to download and compile the software
Copy the generated TAR files to your phone or let "adb" this do for you and unpack them in the prepared sysroot folder
For more information please read the instructions in "README"
Please let me also know if you have any problems or if you have questions or further suggestions.
Thanks go to the Open Source community and a lot of people/webpages with hints about cross-compiling software.
Thanks
smitna
CHANGELOG:
01/14/2012 First public release v0.9
01/14/2012 Update: Removed unneeded big patch for ncurses
01/15/2012 Release of v1.0
Update: Fixed build of gcc. Note: the header files are not copied automatically with the script.
If you want to compile on your phone, set TAR_HEADERS=1 in configuraton.conf
Typos: some translations corrected in build.sh
01/16/2012 Release of v1.1
Update: Removed building of fsck from util-linux-ng, it's in e2fsprogs
Update: ISC Cron / vixie cron: set correct paths in pathnames.h before compiling
Enhancement: More detailed explanation of device specific compiler settings with list of possible values
Update: Removed dependence e2fsprogs libs from e2fsprogs
01/17/2012 Release of v1.2
Update: Build of zip, zipcloak, zipnote, zipsplit, unzip, unzipsfx and funzip now possible without errors
01/17/2012 Release of v1.3
Update: Added Node.js
Typos: some translations and language errors corrected in build.sh and README (sorry, I'm not a native English speaker...)
01/18/2012 Release of v1.4
Fixed TMP_PATH in PHP extension XCache (mmap.c) to prevent startup warning
Fixed BusyBox problems with static build against glibc ("__getpagesize" segfault with ping, traceroute and other networking parts)
and added some BusyBox patches.
BusyBox is now dynamic linked, so don't replace the system BusyBox with this build, because of missing mount/paths to libraries at phone startup
01/20/2012 Release of v1.5
Update: Cleanup in scripts and separation of configuration and code. Now it's only necessary to edit configuration.conf and package_selection.conf
Update: Added gzip
Update: Added experimental adb push to device if the device is connected and permissions are ok
Update: Check for installed programs. Script now exists on check failure to minimize errors while compiling.
01/21/2012 Release of v1.6
Bugfix: MySQL build could fail if gen_lex_hash could not generate the file sql/lex_hash.h in pass 2
Update: adb push should now work, check for connected device (and possible multiple devices) and check for right permissions to use the device
Enhancement: Even more explanation of device specific compiler flags and some hints to find the right settings.
01/21/2012 Release of v1.7
Enhancement: To eliminate sure a failing MySQL build, with every new run the source folder will be removed before completely
Enhancement: file version is now strictly checked (the host version must be the same as the cross version)
Some minor changes and filechecks (e.g. autoconf)
01/23/2012 Release of v1.8
Bugfix: Python has SQLite dependencies and SQLite must be ready before Python configure/make
Bugfix: In certain circumstances the optimizer settings get lost
Bugfix: Removed --enable-multibyte from bash, no chance to use it with NDK
01/24/2012 Release of v1.9
Update: Added ngIRCd (Please read the comment for this server, because of running as root)
Update: Sorted the links and package names in the config a little bit...
01/26/2012 Release of v2.0
Bugfix: OpenSSH wants to touch /var/empty while compiling, should be fixed --with-privsep-path now set (thanks to member dateno1 for his reports of such warnings/errors)
Bugfix: Removed a wrong CFLAG -I path from NDK config (only useful for me, really useless for others...)
Enhancement: Example for a user db for Pure-FTPd virtual user database in README (please use virtual users, it's the best and easiest solution)
Update: OpenSSH build need ssh-keygen for the generation of the default keys, added this info to README and the package selection
Bugfix: Not really a bugfix, but some installers don't set the right permissions of libraries in the sysroot folder, so set them global in the final task
Bugfix: Removed --with-lastlog=$TARGET_SYSROOT/var/log/lastlog from OpenSSH and added --with-lastlog=no, I don't know why this is not working and throws a warning, but we can live without it...
Enhancement: Added option to choose the sysroot variant from the CodeSourcery libs: v5TE (default), v4T (old), thumb2 (v7, fastest if supported by the phone)
Enhancement: Added option to tar the headers for development on the device with CodeSourcery (hint: always set rpath in LDFLAGS to make use of the CodeSourcery libs)
01/26/2012 Release of v2.1
Update: Added getcap/setcap and libraries from wishlist, needs libtoolize. Note: This is in a testing stage, kernel and filesystem support needed!
01/30/2012 Added a ScriptStarter app
09/02/2012 Release of v2.2
Update: Local compilation of static "tic" from ncurses for buildhost, if ncurses installation is missing
Enhancement: "downloading only" mode without compiling the packages (and force download)
Enhancement: some parameters for starting the script with additional functions (show with ./build.sh help)
Enhancement: more logging and outputs
Enhancement: language specs, all outputs can be changed to other languages in build.sh
Update: Added dosfstools
Update: Added Ruby
Update: Added example configs and starter scripts for Samba and OpenSSH
Update: Use of http-URLs if possible and update of some broken external links since last release
Bugfix: util-linux-ng needs gettext, added dependence
Bugfix: Added parameter to Samba to solve user/group settings and socket_wrapper support to set path vars at runtime
Update: Changed PHP version to 5.3.10, Samba to 3.6.3 and git to 1.7.9
02/11/2012 internal Release v2.3
Bugfix: openVPN patch for /dev/tun and links to ip/netstat/ifconfig/route, see hints for symlinks
02/16/2012 internal Release v2.4
02/25/2012 Release of v2.5
Update: Added LAME
Update: Added experimental CUPS
Update: Changed PNG version to 1.5.9
Update: Added Net-SNMP
Update: Added Netpbm
Update: Added PNG 1.2.47 for Netpbm and phpSANE
Update: Added LibTIFF
Update: Added SANE (USB Scanner backend and drivers) - OTG equipped device needed to work for this - YES, Scanner Access Now possible and Easy with your phone
Update: Split patches for bash (4.1 and 4.2) for better and easier (automatic) inclusion of original patches
02/28/2012 Release of v2.6
Update: Added Cuneiform OCR
Update: Added tesseract-ocr (see hints for more details howto use it)
ScriptStarter
02/03/2012 Added a small ScriptStarter for the GUI. With this app, written with JQuery, PhoneGap and Java (wrapper to execute the shell scripts) it's possible to start for example the lighttpd web server, Pure-FTPd or MySQL from within the Android GUI without a terminal and read the output. If a script needs root access, there is a checkbox to allow this. For this to work, copy the script sush in the script folder. All scripts ending with .sh can be started (please choose after the first start your script folder on the device to add the scripts to the selection, normally your [SYSROOT]/sbin folder).
Three buttons (start, stop and status) are predefined for start-stop-status scripts, there is also a parameter input field for more start values.
Free GPL v3 source code also included (Eclipse project). Please don't expect too much eye-candy. The GUI could be much better, but my CSS skills are very limited...
I added a few example scripts in the zip file, for example a battery stats reader. Before starting these scripts, have a look in the source code to be sure that they are compatible with your device.
Update 0.97 02/03/2012: Now the stderr is also printed in the output window
Update 0.99 02/10/2012: Replaced scrolling api with a much better solution (jScrollPane) for the output window. Not the real Android scroll feeling, but it's usable.
Thanks! I would hit the Thanks button, but I am on my mobile atm.
Sent from MIUI powered phone
Someone tried it? Problems?
Please, I need your feedback...
Sounds interesting, I'll try once I get back home and share feedback here
now i try to all packages for test
i will test on cortex a8 (motolora xt720)
TARGET_MARCH="armv7-a" (not work on armv7 )
TARGET_MTUNE="cortex-a8"
TARGET_MFPU="neon"
TARGET_MFLOAT="softfp"
it make dynamic binarys but i don't want dymanic type (because it difficult to divide one thing and maybe not work on android's libs)
how can i make static type?
ps : oh...it has so many comile error (even can't read or count all)
dateno1 said:
i will test on cortex a8 (motolora xt720)
TARGET_MARCH="armv7-a" (not work on armv7 )
TARGET_MTUNE="cortex-a8"
TARGET_MFPU="neon"
TARGET_MFLOAT="softfp"
it make dynamic binarys but i don't want dymanic type (because it difficult to divide one thing and maybe not work on android's libs)
Click to expand...
Click to collapse
I hope I understand your question. Why not dynamic?
Yes, you have to set the parameters for your mobile phone. For TARGET_MARCH try "armv7", for TARGET_MFLOAT "softfp" and for TARGET_MFPU "vfp" but check this last setting carefully for this phone.
It's very hard to build a full static binary (and sometimes nearly impossible) and it's also hard to build against bionic (with NDK). I had no good experience with it . A lot of compiler runs wasn't sucessful. Edit: I also had for example massive problems with openssl. I couldn't find a way to build it with NDK or static and then build other programs like cURL with openssl support.
Static binaries are also too big and not necessary. For this we have a sysroot environment to be independent from bionic and without the restrictions. The compiled libs and binaries are linked to the CodeSourcery glibc and have set the custom "rpath" for the dynamic loader. That's no problem I think.
that's simple
if someone want to make some binary for all version of android (even same cpu) it will not work well (defend on basic lib(ex : libc) is ok but complex things will not work)
i know make static type binary is very difficult but it valable
dateno1 said:
that's simple
if someone want to make some binary for all version of android (even same cpu) it will not work well (defend on basic lib(ex : libc) is ok but complex things will not work)
i know make static type binary is very difficult but it valable
Click to expand...
Click to collapse
You are right, if you want to build a "portable" binary, you have to set very safe settings, like TARGET_MARCH="armv5", the full list is in the "README". But it's not my main target to offer a solution that is easy portable to other phones, instead you can build the software with optimizations for your phone to "get the best" for it
smitna said:
You are right, if you want to build a "portable" binary, you have to set very safe settings, like TARGET_MARCH="armv5", the full list is in the "README". But it's not my main target to offer a solution that is easy portable to other phones, instead you can build the software with optimizations for your phone to "get the best" for it
Click to expand...
Click to collapse
just i want to add some more function on the phone
thanks for patch files
I want to try this, to install some apps(most interested fro mc), but I don' t wanna change my sd card.
Can I use phone' s /data partition as mysysroot directory? I have 1.5GB space available on data partition, it is 2GB all.
And If yes, I must create the dir: /data/mysyroot? And where to create this dir on pc? On root directory of my linux system?
dancer_69 said:
I want to try this, to install some apps(most interested fro mc), but I don' t wanna change my sd card.
Can I use phone' s /data partition as mysysroot directory? I have 1.5GB space available on data partition, it is 2GB all.
And If yes, I must create the dir: /data/mysyroot? And where to create this dir on pc? On root directory of my linux system?
Click to expand...
Click to collapse
You can use the /data partition. Just create a new folder, for example /data/sysroot. On your PC you have to create the same temporary with full user rights. This is not your working dir for building. Create a new dir in /home/user and unpack the files there. In settings insert the /data/sysroot as TARGET_SYSROOT and change the other settings for your phone and choose mc=yes. Then start the ./build.sh
Thanks for your quick answer.
Just to make clear because my english understanding is not in a high level
I must create the /data/sysroot dir under "/"(root directory) on linux pc with superuser rights?
dancer_69 said:
Thanks for your quick answer.
Just to make clear because my english understanding is not in a high level
I must create the /data/sysroot dir under "/"(root directory) on linux pc with superuser rights?
Click to expand...
Click to collapse
Yes, that is right. But this is the only step you need to do as root or better with root rights. After this work as usual as user.
oh it can't make mysql
package selection : mysql only
target directory (prefix) : /sddata/mysql (on sdext on my system)
armv7-a
cortex-a8
neon
softfp
then run ./build.sh 2> error.txt
it is my error messages
http://pastebin.com/g7Yi4bGz
sorry you can see this link only today (my mistake)
this setting can make some binary and lib run on my phone but fail to make gcc or mysql (when i try gcc it just fail to making gcc only (other things were made) )
dateno1 said:
package selection : mysql only
target directory (prefix) : /sddata/mysql (on sdext on my system)
armv7-a
cortex-a8
neon
softfp
then run ./build.sh 2> error.txt
it is my error messages
http://pastebin.com/g7Yi4bGz
sorry you can see this link only today (my mistake)
this setting can make some binary and lib run on my phone but fail to make gcc or mysql (when i try gcc it just fail to making gcc only (other things were made) )
Click to expand...
Click to collapse
Please notice first, that you should not run this script as root!!
Then there is something wrong with the build of the first needed packages:
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
- The script cannot find the readline sources. Do you have a subfolder readline-6.2 in folder sources in your builddir? Same for the other source folders. The script first downloads the packages to folder packages, extract the tars in folder sources, repeated for all selections.
(look at line 67 in your log: ./build.sh: 1402: cd: Python-2.7.2: No such file or directory)
- You have no "xz", install it first and make sure, that the other necessary packages are installed. MySQL and gcc are "two pass" compilations and this builds generating temporary binaries, runable on your linux pc. So you need all for a successful compilation of such binaries like gcc, make, python etc. on your linux machine. If you are using Ubuntu, then install the "meta-package" build-essential, look in the README.
Do you have the other unpacking tools like gunzip etc. Please install also "bison"
You should do following steps:
1. First select only the necessary packages (see above), all others to no.
2. If zlib, python, readline an the others are cross-compiled (without errors) and the libraries are in ./sysroot/lib, then deselect them (=no) and select mysql=yes and start a second run with ./build.sh
smitna said:
Please notice first, that you should not run this script as root!!
Then there is something wrong with the build of the first needed packages:
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
- The script cannot find the readline sources. Do you have a subfolder readline-6.2 in folder sources in your builddir? Same for the other source folders. The script first downloads the packages to folder packages, extract the tars in folder sources, repeated for all selections.
(look at line 67 in your log: ./build.sh: 1402: cd: Python-2.7.2: No such file or directory)
- You have no "xz", install it first and make sure, that the other necessary packages are installed. MySQL and gcc are "two pass" compilations and this builds generating temporary binaries, runable on your linux pc. So you need all for a successful compilation of such binaries like gcc, make, python etc. on your linux machine. If you are using Ubuntu, then install the "meta-package" build-essential, look in the README.
Do you have the other unpacking tools like gunzip etc. Please install also "bison"
You should do following steps:
1. First select only the necessary packages (see above), all others to no.
2. If zlib, python, readline an the others are cross-compiled (without errors) and the libraries are in ./sysroot/lib, then deselect them (=no) and select mysql=yes and start a second run with ./build.sh
Click to expand...
Click to collapse
i'm not edit necessary part
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
i just edit mysql=no => mysql=yes
ok try to install packages and run as not root
dateno1 said:
i'm not edit necessary part
ZLIB=yes
OPENSSL=yes
CURL=yes
GETTEXT=yes
LIBXML2=yes
READLINE=yes
NCURSES=yes
i just edit mysql=no => mysql=yes
ok try to install packages and run as not root
Click to expand...
Click to collapse
Good luck!
If you can wait a little bit:
In a short time I release a new version with better error and program checks and some small bug fixes. With this version it's not longer necessary to edit the build.sh, it's now all in only two separated configuration files (configuration and package selection).
hmm...fail to compile mysql again
with this error
note: the mangling of 'va_list' has changed in GCC 4.4
full error log on http://pastebin.com/jd1Pw9Xw
dateno1 said:
with this error
note: the mangling of 'va_list' has changed in GCC 4.4
full error log on http://pastebin.com/jd1Pw9Xw
Click to expand...
Click to collapse
Hello dateno1,
first: you have *NOT* changed to a user account as promised
The va_list is only a note, not an error, no problem (but ask the MySQL devs why they haven't adapted the code to gcc 4.6.1).
Your Python cross binaries and libraries are not ok (from you broken first build?). Please start from a "fresh state" (delete the folder sources/Python-2.7.2 and sysroot) or start from a total clean state.
Please use the latest 1.5 version of the script because of the xargs warnings at the end
Delete the complete sysroot folder, there are some folders not in place (data and docs). There is a script remove_all_files.sh
Start this script in your buildroot with ./remove_all_files.sh to remove all files and symlinks in subfolder sysroot.
Edit: delete the sysroot folder complete, there are some other missing folders from your first build!
Start again with ./build.sh and activated packages (the "ALWAYS NEEDED" one and MySQL)
smitna said:
Hello dateno1,
first: you have *NOT* changed to a user account as promised
The va_list is only a note, not an error, no problem (but ask the MySQL devs why they haven't adapted the code to gcc 4.6.1).
Your Python cross binaries and libraries are not ok (from you broken first build?). Please start from a "fresh state" (delete the folder sources/Python-2.7.2 and sysroot) or start from a total clean state.
Please use the latest 1.5 version of the script because of the xargs warnings at the end
Delete the complete sysroot folder, there are some folders not in place (data and docs). There is a script remove_all_files.sh
Start this script in your buildroot with ./remove_all_files.sh to remove all files and symlinks in subfolder sysroot.
Edit: delete the sysroot folder complete, there are some other missing folders from your first build!
Start again with ./build.sh and activated packages (the "ALWAYS NEEDED" one and MySQL)
Click to expand...
Click to collapse
make new account (compile.compile) and use su -c "./build.sh" compile
i think it work (compiled file's owner is changed to compile.compile)
now i delete almost files and folders (exclude android-ndk, readline-6.2, toolchains) and retrying...oh failed (attach new log (full) )
'를 위해 할 일이 없습니다' mean 'no job for~'
'오류' mean 'error'
Greetings, and welcome to the home of a little set of utilities I'm calling "DroidShell".
What it is:
DroidShell is my attempt at bridging the gap between the various android utilities used for ROM modification and the Windows explorer system. It is a series of scripts that are automatically associated with .apk, .jar, and .iso files so that they are automatically decompiled on double-click or enter. Additionally, when a file is decompiled, a corresponding .dcp, dcf, or dci (decompiled package, decompiled framework, decompiled image) file is created, which allows for automatic recompiling, as well as optional cleanup, or resigning.
The goal of this project is pretty simple...to have all the tools needed for ROM work in one place, and have them easily accessible without having to have eighty command windows open or to have to go through a chain of commands to create a usable apk/jarfile.
Features:
One-shot setup. Extract the files, run install/installer.bat, and all of the necessary file associations and paths are created.
Batch terminal integration - provides integration for adb, fastboot, apktool, 7zip, zipalign, oat2dex, unpackbootimg, repackbootimg, baksmali and smali in windows command-line interface from path.
Automagic association with common android filetypes for decompilation.
Custom placeholder files - dcp, dcf, and dci - for packages, framework, and image files. Allows for automatic recompiling, and optional signing and cleanup of decompiled files.
Recompiled apks and jars are automatically repacked with modified files while excluding androidmanifest.xml, meaning signatures are unaffected.
For modifications requiring androidmanifest be changed, you can right-click a .dcp file to recompile with signature.
Auto-detection of framework-res file with prompting to install.
Popup dialogue boxes for errors and alerts.
(NEW) Right-click to decompile to java code. This cannot be recompiled, but is great for researching more complex mods. (Can also be invoked by using the command dj filename.apk)
(NEW) Support for sparse image system -> .img conversion.
(NEW) za command for zipaligning apk's.
(NEW)
Download:
https://github.com/d8ahazard/DroidShell/archive/master.zip
Source:
https://github.com/d8ahazard/DroidShell
Instructions...
You need the Java Runtime Environment (RE). Get it here.
Extract to a folder somewhere. Spaces in the path are probably not good. I put it in C:\DroidShell
Browse to the folder. Go into the install folder. Run installer.bat. (Installer needs admin priveleges. It will prompt for them, but in some cases, you may have to automatically run as admin)
Reboot.
You should now have shell integration. APKs, Jars, and .img files will automagically decompile.
It's late, I've been working on this all weekend...but it should be good to go. Please let me know if you have any thoughts.
CHANGELOG:
Code:
02.02.16 - v2.0
Update smali, baksmal to v. 2.1.1.
Add shell script for oat2dex (not implemented in context menus, just avaialable for now)
Update APKTool to latest version
Add dx.jar - for converting java classfiles to .dex (just available for now)
Add ext4 and ext2 tools - For manually unpacking images if needed. These are GUI based, not my work.
Add rimg2sdat - For converting .img to sparse (Not implemented yet)
Update sdat2img to latest version by xspirit, added python to installer as required.
Add zipalign function (Not implemented, can be called via "za filename.apk"
Add decompile to pure Java:
This utilizes a few tools to take apk's and jarfiles and decompile them to as close of an android package as we can get without having the actual source code. While we cannot at this time recompile these into apk's, it is very useful for analysis when trying to implement other mods. Like...really helpful. This one can be accessed by right-clicking a decompileable package and picking "decompile to java".
01.31.15 - v1.8
Added windows progress bar for file copies in system.img extraction.
Fixed some script errors.
01.29.15 - v1.7
Cleaned up installer, added more verbosity.
Better error checking in image extractor.
Add support for .list files, allowing double-click extraction of system.transfer.list and cm12-style image files.
Added custom language files for notepad++, allows syntax highlighting of .smali and logcat files.
01.27.15 -v1.6
Added support for system images. Requires installation of included OSFMount.
Added file associations for common plaintext android files to notepad++ if installed.
Converted several .bat files to .exe, allows for icons, inclusion of required files, and UAC prompting when needed.
01.26.15 - v1.5
Fixed fatfinger in APKtool detection causing error.
01.26.15 - v1.4
Added zipaligning
Added check to make sure apktool is present
Updated test-keys to latest AOSP version
Compiled batches to .exe with required files for AIO-packages
Fixed: Installer not always associating with files correctly.
Thanks a million
Version 1.5 uploaded.
Added Zipaligning
Check to make sure apktool.jar is found in %DROIDROOT% directory.
Updated signing keys.
Switch from .bat to .exe, allows modularization of functions, cleaner.
Modifications to installer to try and fix some issues with file associations.
Fixed issue between 1.4 and v 1.5 where I fatfingered a check.
Hell yes!
digitalhigh said:
Greetings, and welcome to the home of a little set of utilities I'm calling "DroidShell".
What it is:...
Click to expand...
Click to collapse
So many thanks for this! I'm going to use it like hell!
Excellent Job!
I'm bookmarking this, gona read it thuroughly at breakfas
So I'm curious - has anybody had a chance to give this a try yet?
Testing file association stuff is tricky, because Windows likes to keep track of the "user selected" association too. So, I had to add some extra commands to the installer script to clean up everything appropriately first.
Either way, I've ran it on like three different computers "clean" and had it work like a charm on all of them. I'd like to know how it works with WIndows 7 or XP.
I could be doing something wrong (windows is not my OS of choice, I use kubuntu 14.10 as my daily driver, and as such am mostly illiterate in dos/batch, I'm a sh/bash guy), but the installer bombed out (hung up without confirmation of success) on my windows 7 pro install (on a dell latitude e6400, with a dual core core2 @2.8ghz, quattro 160m graphics, 4gb of ddr2 @800mhz, booting off a 120gb Samsung evo ssd. Wouldn't think its relevant, but just in case).
Steps:
First I decompressed the .zip in the root of my C:\ drive, with 7zip (did not change file name, kept as "DroidShell_1.5").
Next I ran the installer script.
I then granted it admin privileges.
It killed my desktop, explorer.exe. I assume this is normal due to the terminal output:
Code:
SUCCESS: The process "explorer.exe" with PID 3260 has been terminated
Then I got:
Code:
file type 'apk_auto_file' not found or no open command associated with it.
Followed by 4 more identical errors, just replace "apk" with dfc, dcp, dci, img.
A bunch of successful operations.
Then:
Code:
ERROR: Invalid syntax.
Type "REG ADD /?" for usage
A bunch of successful operations.
Then:
Code:
ERROR: The system was unable to find the specified registry key or value.
The above output repeats 17 times.
Then 4 more operation success messages and it hangs, with my desktop killed.
Ctrl+alt+del, logout, log in, and I'm back in business. No noticeable increase in disk space, no newly installed programs (as expected).
I read the op, and from my understanding it doesn't require any dependencies? (Apktool, android SDK, android studio, etc). All the necessary dependencies are built in, right? It's a fresh install of windows 7 pro, with all available updates taken.
EDIT:
It worked perfectly regardless of the errors, see my post on page 2.
thisguysayswht said:
I could be doing something wrong (windows is not my OS of choice, I use kubuntu 14.10 as my daily driver, and as such am mostly illiterate in dos/batch, I'm a sh/bash guy), but the installer bombed out on my windows 7 pro install (on a dell latitude e6400, with a dual core core2 @2.8ghz, quattro 160m graphics, 4gb of ddr2 @800mhz, booting off a 120gb Samsung evo ssd. Wouldn't think its relevant, but just in case).
Steps:
First I decompressed the .zip in the root of my C:\ drive, with 7zip (did not change file name, kept as "DroidShell_1.5").
Next I ran the installer script.
I then granted it admin privileges.
It killed my desktop, explorer.exe. I assume this is normal due to the terminal output:
Code:
SUCCESS: The process "explorer.exe" with PID 3260 has been terminated
Then I got:
Code:
file type 'apk_auto_file' not found or no open command associated with it.
Followed by 4 more identical errors, just replace "apk" with dfc, dcp, dci, img.
A bunch of successful operations.
Then:
Code:
ERROR: Invalid syntax.
Type "REG ADD /?" for usage
A bunch of successful operations.
Then:
Code:
ERROR: The system was unable to find the specified registry key or value.
The above output repeats 17 times.
Then 4 more operation success messages and it hangs, with my desktop killed.
Ctrl+alt+del, logout, log in, and I'm back in business. No noticeable increase in disk space, no newly installed programs (as expected).
I read the op, and from my understanding it doesn't require any dependencies? (Apktool, android SDK, android studio, etc). All the necessary dependencies are built in, right? It's a fresh install of windows 7 pro, with all available updates taken.
Click to expand...
Click to collapse
Bombed out is a rough term. The installer is just writing a bunch of registry keys, and deleting some other ones to make sure other associations don't mess it up. So, some registry operations don't always work - there just there to be sure. I've actually worked on cleaning that up in the next iteration I'm cooking.
And yes, there shouldn't be any more size increase past extracting the original zip. All the files used are enclosed. "Installer" is just telling Windows that "droid shell is at location %CD%" and "use app xxx in %CD% to open file XX". A few extras for the right-click context menus and icons...so forth.
So, to know if it is working is really just a matter of finding an apk or .jar and double-clicking it. You should get a terminal window showing the process and a box confirming success or failure, plus a reason why if failure.
The only dependency is the Java Runtime environment, which is the same common necessity as for any other Apktool environment. You can get it here, and I'll throw that link in the OP in a second.
The next iteration of the installer is going to be a lot cleaner, plus be more verbose so you actually know what it's doing. My first thought in putting it out was just to see how well the decompile/recompile stuff worked.
Bombed out is a rough term. The installer is just writing a bunch of registry keys, and deleting some other ones to make sure other associations don't mess it up. So, some registry operations don't always work - there just there to be sure. I've actually worked on cleaning that up in the next iteration I'm cooking.
And yes, there shouldn't be any more size increase past extracting the original zip. All the files used are enclosed. "Installer" is just telling Windows that "droid shell is at location %CD%" and "use app xxx in %CD% to open file XX". A few extras for the right-click context menus and icons...so forth.
So, to know if it is working is really just a matter of finding an apk or .jar and double-clicking it. You should get a terminal window showing the process and a box confirming success or failure, plus a reason why if failure.
The only dependency is the Java Runtime environment, which is the same common necessity as for any other Apktool environment. You can get it here, and I'll throw that link in the OP in a second.
The next iteration of the installer is going to be a lot cleaner, plus be more verbose so you actually know what it's doing. My first thought in putting it out was just to see how well the decompile/recompile stuff worked.
Click to expand...
Click to collapse
I didn't mean to offend with the term "bombed out", it may have been a bit of a rough term. I just meant the script terminated my desktop and hung up.
It actually succeed regardless of the errors, and is working like a charm. I apologize, I should have actually tested it before posting. I shouldn't have assumed that it didn't work based off of the terminal output/behavior.
Also, I would like to say that I greatly appreciate the work that you put into this, and all your other projects here on xda. I'm running your 4.4.4 gpe port for the verizon m8 as my primary rom, and it is by far the most stable port I have ever had the pleasure of flashing.
Attached are screenshots of DroidShell successfully decompiling and recompiling an apk with a simple right click selection on windows 7 pro. Good stuff.
Thanks! tons
Thanks for the work. very useful.
The compiling and decompiling of apk is perfect on Win 7 pro.
From the OP, i also got the impression it would unpack / pack images, so i tried it with a system.img copied to the droidshell directory.
With the command c:\droidshell\unpackimg system.img, I got the error as shown in screenshot
Am I doing something wrong, or is this not supported yet?
arbit12 said:
Thanks for the work. very useful.
The compiling and decompiling of apk is perfect on Win 7 pro.
From the OP, i also got the impression it would unpack / pack images, so i tried it with a system.img copied to the droidshell directory.
With the command c:\droidshell\unpackimg system.img, I got the error as shown in screenshot
Am I doing something wrong, or is this not supported yet?
Click to expand...
Click to collapse
It only works for boot images at the moment. System images are a different beast.
Sent from my HTC6525LVW using XDA Free mobile app
digitalhigh said:
It only works for boot images at the moment. System images are a different beast.
Sent from my HTC6525LVW using XDA Free mobile app
Click to expand...
Click to collapse
Okay. Thanks for the info.
thisguysayswht said:
I didn't mean to offend with the term "bombed out", it may have been a bit of a rough term. I just meant the script terminated my desktop and hung up.
It actually succeed regardless of the errors, and is working like a charm. I apologize, I should have actually tested it before posting. I shouldn't have assumed that it didn't work based off of the terminal output/behavior.
Also, I would like to say that I greatly appreciate the work that you put into this, and all your other projects here on xda. I'm running your 4.4.4 gpe port for the verizon m8 as my primary rom, and it is by far the most stable port I have ever had the pleasure of flashing.
Attached are screenshots of DroidShell successfully decompiling and recompiling an apk with a simple right click selection on windows 7 pro. Good stuff.
Click to expand...
Click to collapse
Oh, no offense taken.
I came at this project, as I do with most, with the mindset of "OOOH, SHINY THING. I MUST SHOW EVERYONE." So, first thought was putting out the app, despite some of the install stuff being a bit dirty.
However, the next iteration is shaping up to be quite lovely. See below.
arbit12 said:
Okay. Thanks for the info.
Click to expand...
Click to collapse
So, it appears that this question has motivated me to try making that function a reality sooner than later.
However, as far as I can see, the *ONLY* application for windows that currently deals with system images right now is Ext2Explore, which is a bit old and doesn't have command-line support.
Fortunately, there's source code for it, so I'm currently downloading Visual Studio and will see if I can add command line functionality, as well as make it launch with UAC prompting.
If I can make this work, my plan is to make one handler for .img files that works like so:
1. Look at the file passed to it and see if it's a boot image. If it is, extract and exit.
2. If it's not a boot image, try to extract it as a system image. If it is, extract and exit.
3. If it's not a boot or system image - pass it to explorer and mount as usual.
I can do # 1 and #3 already...it's just getting #2 to go.
Also, I've added a check in the installer that looks for the installation of notepad++. If it finds it, it will create additional associations for .xml, .prop, conf, config, .smali, and whatever else I can think of that I could possibly need to edit in a ROM.
Then, lastly, with all these additions, I'd like to make the installer a bit more verbose. Give some options so it's not just an all or nothing install, make it prettier, etc.
digitalhigh said:
Oh, no offense taken.
I came at this project, as I do with most, with the mindset of "OOOH, SHINY THING. I MUST SHOW EVERYONE." So, first thought was putting out the app, despite some of the install stuff being a bit dirty.
However, the next iteration is shaping up to be quite lovely. See below.
So, it appears that this question has motivated me to try making that function a reality sooner than later.
However, as far as I can see, the *ONLY* application for windows that currently deals with system images right now is Ext2Explore, which is a bit old and doesn't have command-line support.
Fortunately, there's source code for it, so I'm currently downloading Visual Studio and will see if I can add command line functionality, as well as make it launch with UAC prompting.
If I can make this work, my plan is to make one handler for .img files that works like so:
1. Look at the file passed to it and see if it's a boot image. If it is, extract and exit.
2. If it's not a boot image, try to extract it as a system image. If it is, extract and exit.
3. If it's not a boot or system image - pass it to explorer and mount as usual.
I can do # 1 and #3 already...it's just getting #2 to go.
Also, I've added a check in the installer that looks for the installation of notepad++. If it finds it, it will create additional associations for .xml, .prop, conf, config, .smali, and whatever else I can think of that I could possibly need to edit in a ROM.
Then, lastly, with all these additions, I'd like to make the installer a bit more verbose. Give some options so it's not just an all or nothing install, make it prettier, etc.
Click to expand...
Click to collapse
Captain_Throwback said:
Click to expand...
Click to collapse
Don't get too excited. I've never touched C++ before, and ext2Explore was done in VisualStudio.net and a WYSIWYG editor called QT. I found updated source for the program from 2012 and have gotten it to import into QT, however, it needs MingW and some other dependencies. I'll be lucky if I can even get it to compile again, let alone work, let alone work with added command-line stuff.
However, that's still the goal.
Also, I want to add wget (windows equivalent) stuff to auto grab and install java and notepad++ while we're at it.
So, I think Ext2Explore is more work than it's worth.
OSFMount, on the other hand, just let me mount a system.img as a removable disk with read-write access. I'm going to go down this road...
Good to hear that. Extracting system.img on windows can be a real pain at times - this would be great.
DexPatcher
A toolchain for modifying Android APK files at source-level using Java, graphical resource editors, and the full power of Android Studio in all major platforms.
Fully integrated with Android Studio and the Gradle build system.
Includes support for coding assistance and on-demand class decompilation.
Patch Java code in Java using declarative syntax provided by the DexPatcher tool.
Manifest merging enables piece-wise changes to the original app manifest.
Modify existing resources or create new ones using Android Studio's standard resource editors.
Use Android Studio's code template wizards for creating activities, etc.
Pull in Android libraries (a.k.a. '.aar' Android archives) and have their manifests, code and resources automatically merged into the patched app.
And enjoy debugging support.
All in your favorite platform: Linux, Windows or macOS.
DexPatcher tool (Dalvik bytecode patcher)
Release notes: https://github.com/DexPatcher/dexpatcher-tool/releases
Sources: https://github.com/DexPatcher/dexpatcher-tool
DexPatcher Gradle plugins (Android build system and Android Studio integration)
Release notes: https://github.com/DexPatcher/dexpatcher-gradle/releases
Artifacts: https://plugins.gradle.org/search?term=dexpatcher
Sources: https://github.com/DexPatcher/dexpatcher-gradle
Samples: https://github.com/DexPatcher/dexpatcher-gradle-samples
Deprecated tools
Release notes for DexPatcher Gradle v1 plugins: https://github.com/DexPatcher/dexpatcher-gradle/releases?after=v2.0.0-alpha1
Support tools for DexPatcher Gradle v1 plugins: https://github.com/DexPatcher/dexpatcher-gradle-tools
Workflow automation scripts (Linux-only): https://github.com/DexPatcher/dexpatcher-tool-scripts
License
GPL v3 (or later)
THANK YOU ! - The DexPatcher tool uses JesusFreke's dexlib2 (part of smali) to read and write dex files. Many thanks to him for repeatedly helping me in #smali on freenode. When creating apk libraries, the DexPatcher Gradle plugin uses iBotPeaches' Apktool to decode compiled resources and pxb1988's dex2jar to translate Dalvik bytecode. DexPatcher could not exist without the invaluable work of these guys.
Documentation
PATCHING JAVA CODE IN JAVA
The DexPatcher tool uses declarative semantics based on Java annotations to patch the bytecode of the source application. There is no formal definition but hopefully you will find everything you need in this sample:
The sample code being patched.
The patch itself with explanatory comments.
The output of DexPatcher and test runs of the original and patched code.
START HERE !
With the new DexPatcher Gradle v2 plugins
Get the sample code working, here is how:
Clone the samples.
Start with the 'patched-app' sample: open the project with Android Studio, disable instant run, and run or debug your patched app!
Please review the release notes of recent versions of the Gradle plugins for more information on tool compatibility and environment setup.
In the 'patched-app' sample, browse the two 'build.gradle' files (main and app) to get an idea of what is happening. The plugins used are briefly described here. Next get inside the 'app' subproject and take a look at its manifest and resource files. These files are merged with the ones coming from the source app, which is located in the 'apk' directory. Finally look into the 'MainActivity.java' file to see how the compiled code of the app is patched using Java. This is handled by the DexPatcher tool, a key piece of the DexPatcher toolchain. See the section 'Patching Java code in Java' above for more details on this tool, and please review its recent release notes.
The DexPatcher Gradle plugins use Apktool to decode applications and optionally create APK libraries. They optionally use dex2jar to display decompiled application code and to import application code symbols into patch projects. They use the DexPatcher tool to patch the Dalvik bytecode of applications. And finally they use the Andoird build system to merge manifests, code, resources, assets, and extra files, and to repackage applications.
With the old DexPatcher Gradle v1 plugins
To get the old sample code working:
Install the support tools by cloning the repo anywhere you like.
Clone the 'v1' branch of the samples.
Set the 'dexpatcher.dir=<support-tool-dir>' property in identical files named 'local.properties' in the root directory of each sample so that it points to your local clone of the support tools. Create the files if necessary, or have Android Studio create them for you by opening the samples.
Start with the 'patched-app' sample: open the project with Android Studio, disable instant run, and run or debug your patched app!
Please review the old release notes of the Gradle v1 plugins for more information on tool compatibility and environment setup.
OLD NEWS: DexPatcher Featured On XDA Portal !
GermainZ wrote an excellent introductory article for XDA that walks you though the complete process of modding an app using the old deprecated Linux-only workflow automation scripts. This only covers the DexPatcher tool itself, ie: only patching of code, not resources. The workflow is deprecated, but the Java patch code and accompanying explanations are very valuable and continue to be current. I am grateful to him for having taken the time to do this. Please make sure you give it a read:
DexPatcher: Patch Android APKs Using Java.
Also available: [WARNING: Deprecated, Linux-only]
A how-to that will help you get started with the workflow automation scripts.
LICENSING UPDATE:
tl;dr: DexPatcher patches are no longer forcefully covered by the GPL.
Recent versions of DexPatcher no longer require that users bundle the DexPatcher annotations with every patch (although continuing to do so has no ill effects). The DexPatcher licensing terms no longer impose licensing restrictions on patches, as long as users refrain from bundling the DexPatcher annotations with them. In particular, DexPatcher patches are no longer considered to be derivative works of DexPatcher and thus are no longer automatically covered by the GPL. Legals aside, the DexPatcher project urges you not to use copyright laws to introduce artificial scarcity in the world. Please give back to the community: share your work.
XDA:DevDB Information
DexPatcher, Tool/Utility for all devices (see above for details)
Contributors
Lanchon
Source Code: https://github.com/DexPatcher
Version Information
Status: Stable
Created 2015-03-21
Last Updated 2019-11-09
DEPRECATED: Workflow Automation Scripts HOW-TO
DEPRECATED: Workflow Automation Scripts HOW-TO
These scripts bundle several tools (including DexPatcher) and automate boilerplate actions that are part of a typical workflow. They are available only for Linux. Take the leap today, get yourself free, get Linux Mint Cinnamon 64-bit.
Installation
Code:
# cd to a suitable install dir such as '~/opt' or '~/android/tools'.
git clone [url]https://github.com/Lanchon/DexPatcher-scripts.git[/url] dexpatcher
cd dexpatcher
chmod +x dxp-*
# edit 'dxp.config':
# -set the path to android sdk (defaults to '~/android/sdk').
# -disable bundled tools to use the ones in $PATH if desired.
# add 'dxp-*' scripts to $PATH:
# -symlink the 'dxp-*' scripts in a suitable dir in the $PATH such as '~/bin'.
# -or add the 'dexpatcher' dir to $PATH.
Sample Workflow
Code:
# cd to a suitable workspace dir.
dxp-setup-for-apk path/to/TheApk.apk
cd TheApk
dxp-create-keystore
# in 'src-cfr' you will find decompilation of the app to Java (with errors).
# you can use these files to plan your changes.
# in 'src-cfr-nocode' you will find decompilation of empty method stubs.
# you can use selected files as a basis for your patch.
# create your patch as Java files in 'src'.
# the symbols of the original app will be accessible to your patch code.
dxp-make
adb install -r patched.apk
The Big TO-DO List
The Big TO-DO List
...of things I would like done in this project, but that I will probably not have the time to implement myself.
DexPatcher-tool
Moved here: https://github.com/Lanchon/DexPatcher-tool/issues
DexPatcher-gadle
Moved here: https://github.com/Lanchon/DexPatcher-gradle/issues
DexPatcher and javac
Modify javac so that all source symbols -even those defined inside edited classes- are available during compilation. This could produce a patched javac executable, or the standard javac could be patched in-memory using java agents, or its in-memory data structures hacked from an annotation processor (a la Project Lombok).
Decide if dex2jar and jar2dex/dx are transparent and mature enough to move DexPatcher 2.0 to the java bytecode realm, and stop operating at the dalvik bytecode level. [UPDATE: It is not.] Or a VM abstraction could be implemented as a backend to DexPatcher so that the same font end could be used for both dex and class files.
If the project is moved to the java bytecode realm, decide if the new DexPatcher should be a standalone tool like it is today, or a java agent/annotation processor that modifies javac to do the patching during compile time. This would make the tool very easy to integrate into most build systems.
just added the documentation section
I checked docs and wow, massive Maybe you can make some easier examples how to use it (some small patches).
there is a lot of docs missing, especially regarding the workflow, how to extract and use symbols from the source apk, etc. for now im working on 0.2
UPDATE: version 0.2.0 released!
UPDATE: version 0.3.0 released!
Looks good
I will look at it more deeply when I found time.
I'm surprised there isn't so much feedback… May be could you add some examples / details in the OP?
PerfectSlayer said:
Looks good
I will look at it more deeply when I found time.
I'm surprised there isn't so much feedback… May be could you add some examples / details in the OP?
Click to expand...
Click to collapse
i still need to evolve the tool a little with respect to handling of fields, and then it's mostly done. but i need to document a full workflow, including obtaining symbols against which to build the patch (you want your patch code to be able to use all of the source app's code).
Very interested in seeing how this tool progresses. :good:
I still have no idea how to use this tool
UPDATE: version 0.4.0 released!
laura almeida said:
I still have no idea how to use this tool
Click to expand...
Click to collapse
take a look a the test run and samples. docs are very incomplete, but i guess you should understand them if you have experience patching apks in smali.
Lanchon said:
UPDATE: version 0.4.0 released!
Click to expand...
Click to collapse
Sorry for the small change; this beaks patches and so I wanted to push it out ASAP.
Click to expand...
Click to collapse
Don't worry for breaking patches.. Focus on making the better API / usage you can while you are in development. We will thanks you later
UPDATE: version 1.0.0-beta1 released!
An explanation of the workflow and some helper scripts should follow soon.
UPDATE: added Workflow Automation Scripts and HOW-TO
Lanchon said:
UPDATE: added Workflow Automation Scripts and HOW-TO
Click to expand...
Click to collapse
Tips: you could use the 2nd argument of git clone instead of running mv command
Lanchon said:
UPDATE: added Workflow Automation Scripts and HOW-TO
Click to expand...
Click to collapse
The speed of development is atonishing...
Keep up the good work!
UPDATE: DexPatcher featured on XDA portal !
includes full sample, please see the OP for details.
Hello Folks,
We are introducing a way to apply @Myrianchan's WindowsRT "Test Mode" hack to Windows Phone 8/8.1 and Windows 10 Mobile Preview builds before 10572.
Yeah,Actually this not my complete hack but @Myriachan discovered wonderful hack I've ever seen. So the FULL credits goes to her of course.
Probably to Enable test Mode for Phone you have to Full Registry Access to configure the BCD objects "Boot Configuration Data".
Yeah, we have vcReg editor base upon this for Lumia Devices.
This is NOT specific about the LUMIA device but for now we have only lumia device with FULL Registry Access.
**********
CAUTIONS.
please, DON'T BE STUPID. IT'S UEFI Hacking. Bricking chances is maximum and potentially too Dangerous.
It can be a permanent damage to the Device and no one will recover your device. like[Nokia/Microsoft Care. ATF Box]
So the, I'm/Any other XDA Member not responsible for any damage to your device. Use it on your own risk.
**********
Introduction to Test-Signing.
Test-signing refers to using a test certificate to sign a pre-release version of a driver package for use on test computers. In particular, this allows developers to sign kernel-mode binaries by using self-signed certificates, such as those the MakeCert tool generates. Starting with Windows Vista, this capability allows developers to test kernel-mode binaries on Windows with driver signature verification enabled.
More details are here.
Introduction to Test-Signing Hack for Windows Phone.
Specifically, the "Trusted Boot Security Feature Bypass Vulnerability – CVE-2015-2552" is Myriachan's jailbreak exploit.
The exploit itself is simple. Run an administrator PowerShell (can't be cmd), and execute the following command, then reboot:
bcdedit /set '{current}' loadoptions '/TŅSTSIGNING'
(The Ņ character is Unicode character U+0145, which you can find in Character Map if you need it.)
Your system will come up in "test signing" mode, along with a watermark on the desktop indicating this. While in test-signing mode, applications still have to be signed, but they can be signed by anyone, including your own self-signed certificates.
How to sign executables for this is mostly beyond the scope of what I'm posting. Use makecert and signtool. Your certificate must be at least 2048-bit RSA. When using signtool, be sure to timestamp your executable (/t option), use page hashing mode (/ph) and SHA-256 (/fd SHA256).
More Details of why this works:
http://pastebin.com/w5U2qTR0
Source
How to Enable Test-Sign on Windows Phone.
Yeah, It is also Simple.
Not Got much time to write simple tool for it. (I'll attached xap here later)
You have to write this Registry Key and Value.
1. Deploy and RUN VcReg Editor.
2. Select "HKEY_LOCAL_MACHINE"
3. Select "String"
Enter Without Quote.
Path:
Code:
"BCD00000001\objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\12000030"
(your guid may vary)
Key:
Code:
"Element"
Value:
Code:
"/TŅSTSIGNING"
*** NOTE THAT, "Ņ" character is Unicode character U+0145. So don't mess with it. Probably Copy and Paste it. ***
4. HIT WRITE BUTTON !!!
5. REBOOT DEVICE.
That's It.
To verify Test Mode is Actually Enabled or Not
Read the below registry key and value.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]
"SystemStartOptions"
It should have Included a value of "TESTSIGNING"(theres other strings too,forget them) . If not that mean it didn't work.
*** This is permanent TEST-SING mode. After the Hard reset it will stay "ENABLED". if you want to disable simply flash the Stock ROM***
Thanks,
Credits.
Special thanks to @vcfan, Without his RPC Code really unreachable registry access.
@Myriachan For this wonderful discovery.
Reserved Post for Official Test packages.
Microsoft.MS_TSHELL.MSN.MainOS.spkg
(Remove ".zip" extension)
Reserved for Custom Packages.
Also You can post your custom package in this thread, I'll attach here to this post.
How are we supposed to find our GUID in case it's different?
I got code execution as SYSTEM through this.
See http://forum.xda-developers.com/windows-phone-8/general/code-execution-test-mode-t3239066
Do not works on my lumia 1020 with this GUID how can i find GUID?
titi66200 said:
Do not works on my lumia 1020 with this GUID how can i find GUID?
Click to expand...
Click to collapse
I think the easiest way would be to grab the BCD from one of your phone's FFUs (convert it to VHD, open it with winimage, go to the first partition (FAT32), it'll be in \efi\microsoft\boot), then run the exploit in PowerShell in the directory you extracted the BCD to like:
bcdedit /store BCD /set '{default}' loadoptions '/TŅSTSIGNING'
then load the BCD as a registry hive in regedit and search it for "STSIGNING", find the GUID as the result.
Works on Lumia 830 Windows Phone 8.1 Version 8.10.15148.160 but not on Lumia 1020 Windows Mobile 10 Version 10.0.10581.0.
titi66200 said:
Works on Lumia 830 Windows Phone 8.1 Version 8.10.15148.160 but not on Lumia 1020 Windows Mobile 10 Version 10.0.10581.0.
Click to expand...
Click to collapse
This patched on 10581 do the thing I did .
flash back your 1020 to 8.1 and get Insider Slow ring update (it's build 10166)
do Interop Unlock using VCReg v2.2 . in build 10166 this bug is still presents .
??? 520, 640xl
Get 10166 before they close the entrance!!
⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙⚙
need help on iball I701
djamol said:
Reserved Post for Official Test packages.
Microsoft.MS_TSHELL.MSN.MainOS.spkg
(Remove ".zip" extension)
Click to expand...
Click to collapse
Hello sir i have Iball I701 windows * tablet n i want to make it android can it be possible n can u plz guide me how i can make this possible plz thank you
madycoot said:
Hello sir i have Iball I701 windows * tablet n i want to make it android can it be possible n can u plz guide me how i can make this possible plz thank you
Click to expand...
Click to collapse
Though my vision isn't possible if then thumbs up ?
Is there any way to do this on Win10 10.0.586.29?
titi66200 said:
Is there any way to do this on Win10 10.0.586.29?
Click to expand...
Click to collapse
No. Not Possible.
It has been patch in build 572.
So it will not work on later builds untill secured boot if OFF.
My bootloader is unlocked with Windows Phone Internals.
I can deploy testsigning packages?
titi66200 said:
Is there any way to do this on Win10 10.0.586.29?
Click to expand...
Click to collapse
titi66200 said:
My bootloader is unlocked with Windows Phone Internals.
I can deploy testsigning packages?
Click to expand...
Click to collapse
Yes.
Put device into MassStorage Mode.
Bcdedit.exe /store D:\xyz -set TESTSIGNING ON
Or through reg edit.
Refers official msdn page.
bcdedit /store H:\EFIESP\efi\Microsoft\Boot\BCD -set TESTSIGNING ON
But error
An error occurred while trying referencing the specified entry.
The specified file can not be found.
titi66200 said:
bcdedit /store H:\EFIESP\efi\Microsoft\Boot\BCD -set TESTSIGNING ON
But error
An error occurred while trying referencing the specified entry.
The specified file can not be found.
Click to expand...
Click to collapse
Hmm, then edit BCD entries through vcRegEditor.
Grab BCD (Its hive file) from FFU or your device.
"C:\EFIESP\efi\Microsoft\Boot\BCD"
run whatever commands. (like dual boot)
Observe objects and elements.
Write same Object Elements using vcreg Editor.
while writing to the BCD use this "BCD00000001" instead of "BCD".
Cheers...
Here is some test entries from Engineering Device.
GlobalSettings
Code:
[HKEY_LOCAL_MACHINE\BCD\Objects\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\Elements\16000049]
"Element"=hex:01
Boot Manager.
Code:
[HKEY_LOCAL_MACHINE\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\16000049]
"Element"=hex:01
Found "Microsoft.BaseOS.EnableTestSigning_BCDStore_0.reg" in EFIESP.bin from RM825_1232.2101.1239.3001_PROD_developer_265_01_86530.ffu
Code:
[HKEY_LOCAL_MACHINE\BCD]
[HKEY_LOCAL_MACHINE\BCD\Objects]
[HKEY_LOCAL_MACHINE\BCD\Objects\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\Elements]
[HKEY_LOCAL_MACHINE\BCD\Objects\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\Elements\16000049]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements]
[HKEY_LOCAL_MACHINE\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\16000049]
"Element"=hex:00
titi66200 said:
Found "Microsoft.BaseOS.EnableTestSigning_BCDStore_0.reg" in EFIESP.bin from RM825_1232.2101.1239.3001_PROD_developer_265_01_86530.ffu
Code:
[HKEY_LOCAL_MACHINE\BCD]
[HKEY_LOCAL_MACHINE\BCD\Objects]
[HKEY_LOCAL_MACHINE\BCD\Objects\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\Elements]
[HKEY_LOCAL_MACHINE\BCD\Objects\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\Elements\16000049]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements]
[HKEY_LOCAL_MACHINE\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\16000049]
"Element"=hex:00
Click to expand...
Click to collapse
Yes. Exactly.