Better Mobile App

[HOWTO] Bypassing confirmation dialog for 'Exit all', an in-depth look!

This tutorial is going to delve into the convoluted smali involved in handling dialogs, and ultimately bypassing them. I must warn you there will be a lot of tracing in this post, so if all you want is the patch, this may not be for you. The idea is to gain an intimate understanding of dialogs from smali! (This is based on LPD base)
Decompile jobmanager.apk, then search for 'Exit all', which leads to public.xml: <public type="string" name="kill_all" id="0x7f050005" />
Searching for '7f050005' leads us to RunningAppsListActivity.smali (referred to as RALA from now on), which we can now dissect. Start by looking at some of the variables at the top of
code. Two should stand out:
Code:
.field private mKillAll:Landroid/widget/Button;
...
.field private mOnClickListenerKillAll:Landroid/view/View$OnClickListener;
These represent the button and the code that executes when it's clicked. Let's find out what that code is by searching, which leads to:
Code:
.line 308
new-instance v0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;
invoke-direct {v0, p0}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;-><init>(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)V
iput-object v0, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mOnClickListenerKillAll:Landroid/view/View$OnClickListener;
So now we know RALA$6 is our executed code:
Code:
.method public onClick(Landroid/view/View;)V
.locals 2
.parameter "v"
.prologue
.line 311
iget-object v0, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
const/4 v1, 0x5
invoke-virtual {v0, v1}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->showDialog(I)V
.line 312
return-void
.end method
So what does this mean? When the button is clicked, it's calling back to RALA with a value of 0x5. Let's figure out what that means, look at '.method protected onCreateDialog'
Code:
packed-switch p1, :pswitch_data_0
(This is defined at the end of the method as)
:pswitch_data_0
.packed-switch 0x1
:pswitch_1
:pswitch_0
:pswitch_2
:pswitch_3
:pswitch_4
.end packed-switch
So our value when clicking the button is 0x5, which translates to pswitch_4
Code:
:pswitch_4
new-instance v3, Landroid/app/AlertDialog$Builder;
invoke-direct {v3, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V
const v4, 0x7f050005 <<<<<<<<<<<<<<<<<<<<<<<<<< Remember this #, it's our 'Exit all' string id
...
new-instance v4, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$12;
invoke-direct {v4, p0}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$12;-><init>(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)V
invoke-virtual {v3, v7, v4}, Landroid/app/AlertDialog$Builder;->setPositiveButton(ILandroid/content/DialogInterface$OnClickListener;)Landroid/app/AlertDialog$Builder;
This last line sets the code executed when you click 'Ok', so lets look at RALA$12, inside OnClick:
Code:
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mHandler:Landroid/os/Handler;
invoke-static {v0}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$300(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Landroid/os/Handler;
move-result-object v0
const/4 v1, 0x6
invoke-virtual {v0, v1}, Landroid/os/Handler;->sendEmptyMessage(I)Z
So this is sending a code (0x6) to mHandler in the main RALA module, let's see what that means. mHandler is our message handler, and is defined here:
Code:
.line 331
new-instance v0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
invoke-direct {v0, p0}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;-><init>(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)V
iput-object v0, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mHandler:Landroid/os/Handler;
So RALA$7 is our next target, specifically '.method public handleMessage(Landroid/os/MessageV':
Code:
iget v3, p1, Landroid/os/Message;->what:I
packed-switch v3, :pswitch_data_0
(which is)
.line 333
:pswitch_data_0
.packed-switch 0x1
:pswitch_0
:pswitch_1
:pswitch_2
:pswitch_3
:pswitch_4
:pswitch_5
:pswitch_6
:pswitch_7
.end packed-switch
(A side note, packed-switch 0x1 means the first entry starts with 0x1, so 0x6 is pswitch_5. Let's now look at that)
:pswitch_5
const-string v3, "RunningAppsListActivity"
const-string v4, "MSG_KILL_ALL"
invoke-static {v3, v4}, Landroid/util/Log;->v(Ljava/lang/String;Ljava/lang/String;)I
.line 410
iget-object v3, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
new-instance v4, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;
...
So finally we have reached the true code for executing KILL ALL, and it lies within RALA$7$4. If you look at '.method public run()V' in RALA$7$4, you will see the extensive code to kill all running apps. So now we that we have what we want, how do we bypass the dialog? Simple, just abort creating the dialog and execute the code instead.
Let's take a moment to review the execution entirely:
RALA assigns button -> RALA$6 which calls back RALA -> Create dlg and set OK -> RALA$12 which then calls the message handler RALA$7 with code 0x5 ->
RALA$7$4 which is the ACTUAL 'kill all' code.
So our intercept point is in RALA$6, where we can bypass the creation of the dialog and execute the code directly. Now you can't just copy/paste the code from RALA$7$4 to RALA$6, there are variables specific to each .smali. So this is the fixed code with the manual changes highlighted:
Code:
.method public onClick(Landroid/view/View;)V
.locals [COLOR="Red"]7[/COLOR]
.parameter "v"
.prologue
.line 311
iget-object v0, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
const/4 v1, 0x5
[COLOR="red"]#[/COLOR] invoke-virtual {v0, v1}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->showDialog(I)V
.line 412
[COLOR="red"]#[/COLOR] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
[COLOR="red"] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;[/COLOR]
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPackageInfoAdapter:Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$000(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
move-result-object v4
invoke-virtual {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;->getBaseAppList()Ljava/util/List;
move-result-object v1
.line 413
.local v1, items:Ljava/util/List;,"Ljava/util/List<Lcom/sec/android/app/controlpanel/PackageInfoItem;>;"
new-instance v3, Ljava/util/HashSet;
invoke-direct {v3}, Ljava/util/HashSet;-><init>()V
.line 414
.local v3, removeTarget:Ljava/util/Set;,"Ljava/util/Set<Lcom/sec/android/app/controlpanel/PackageInfoItem;>;"
invoke-interface {v1}, Ljava/util/List;->iterator()Ljava/util/Iterator;
move-result-object v0
.local v0, i$:Ljava/util/Iterator;
:cond_0
:goto_0
invoke-interface {v0}, Ljava/util/Iterator;->hasNext()Z
move-result v4
if-eqz v4, :cond_1
invoke-interface {v0}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v2
check-cast v2, Lcom/sec/android/app/controlpanel/PackageInfoItem;
.line 415
.local v2, p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
invoke-virtual {v2}, Lcom/sec/android/app/controlpanel/PackageInfoItem;->isCanKilled()Z
move-result v4
if-eqz v4, :cond_0
.line 416
const-string v4, "RunningAppsListActivity"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "Kill runningApplication! "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
invoke-virtual {v2}, Lcom/sec/android/app/controlpanel/PackageInfoItem;->getPackageName()Ljava/lang/String;
move-result-object v6
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v4, v5}, Landroid/util/Log;->v(Ljava/lang/String;Ljava/lang/String;)I
.line 417
[COLOR="red"]#[/COLOR] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
[COLOR="red"] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;[/COLOR]
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPkgInfo:Lcom/sec/android/app/controlpanel/PackageInfo;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$400(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/PackageInfo;
move-result-object v4
invoke-virtual {v2}, Lcom/sec/android/app/controlpanel/PackageInfoItem;->getPackageName()Ljava/lang/String;
move-result-object v5
const/4 v6, 0x1
invoke-virtual {v4, v5, v6}, Lcom/sec/android/app/controlpanel/PackageInfo;->killPackage(Ljava/lang/String;Z)V
.line 418
invoke-interface {v3, v2}, Ljava/util/Set;->add(Ljava/lang/Object;)Z
goto :goto_0
.line 421
.end local v2 #p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
:cond_1
invoke-interface {v3}, Ljava/util/Set;->iterator()Ljava/util/Iterator;
move-result-object v0
:goto_1
invoke-interface {v0}, Ljava/util/Iterator;->hasNext()Z
move-result v4
if-eqz v4, :cond_2
invoke-interface {v0}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v2
check-cast v2, Lcom/sec/android/app/controlpanel/PackageInfoItem;
.line 422
.restart local v2 #p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
invoke-interface {v1, v2}, Ljava/util/List;->remove(Ljava/lang/Object;)Z
goto :goto_1
.line 424
.end local v2 #p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
:cond_2
[COLOR="red"]#[/COLOR] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
[COLOR="red"] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;[/COLOR]
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPackageInfoAdapter:Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$000(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
move-result-object v4
invoke-virtual {v4, v1}, Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;->setList(Ljava/util/List;)V
.line 425
[COLOR="red"]#[/COLOR] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
[COLOR="red"] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;[/COLOR]
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPackageInfoAdapter:Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$000(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
move-result-object v4
invoke-virtual {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;->notifyDataSetChanged()V
.line 428
[COLOR="red"]#[/COLOR] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
[COLOR="red"] iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;[/COLOR]
[COLOR="red"]#[/COLOR] iget-object v5, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
[COLOR="red"] iget-object v5, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;[/COLOR]
const v6, 0x7f050028
invoke-virtual {v5, v6}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->getText(I)Ljava/lang/CharSequence;
move-result-object v5
const/4 v6, 0x0
invoke-static {v4, v5, v6}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v4
invoke-virtual {v4}, Landroid/widget/Toast;->show()V
.line 312
return-void
.end method
That is it, recompile JobManager.apk, u/l and test it out! Hope you enjoyed the tut =)

Why didn't I see this before, your holding out on us in chat.

LiLChris06 said:
Why didn't I see this before, your holding out on us in chat.
Click to expand...
Click to collapse
I finished this a few weeks back, but just got around to writing it up..I'm pretty sure you got a pastebin msg one night =)
PS - For those that just want the patch, just copy/paste that last code box into RALA$6 (replacing the existing onclick method).

Lovely piece of information, easily readable
thanks very much

Update for 4.0.4
The overall structure is still the same, but here's the updated patch based on 4.0.4 LPO. You paste this into RALA$6, replacing the existing onclick method:
Code:
.method public onClick(Landroid/view/View;)V
.locals 8
.prologue
const/4 v7, 0x0
.line 428
# iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPackageInfoAdapter:Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$000(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
move-result-object v4
invoke-virtual {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;->getBaseAppList()Ljava/util/List;
move-result-object v1
.line 429
.local v1, items:Ljava/util/List;,"Ljava/util/List<Lcom/sec/android/app/controlpanel/PackageInfoItem;>;"
new-instance v3, Ljava/util/HashSet;
invoke-direct {v3}, Ljava/util/HashSet;-><init>()V
.line 432
.local v3, removeTarget:Ljava/util/Set;,"Ljava/util/Set<Lcom/sec/android/app/controlpanel/PackageInfoItem;>;"
if-eqz v1, :cond_3
.line 433
invoke-interface {v1}, Ljava/util/List;->iterator()Ljava/util/Iterator;
move-result-object v0
.local v0, i$:Ljava/util/Iterator;
:cond_0
:goto_0
invoke-interface {v0}, Ljava/util/Iterator;->hasNext()Z
move-result v4
if-eqz v4, :cond_1
invoke-interface {v0}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v2
check-cast v2, Lcom/sec/android/app/controlpanel/PackageInfoItem;
.line 434
.local v2, p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
invoke-virtual {v2}, Lcom/sec/android/app/controlpanel/PackageInfoItem;->isCanKilled()Z
move-result v4
if-eqz v4, :cond_0
.line 437
# iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPkgInfo:Lcom/sec/android/app/controlpanel/PackageInfo;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$400(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/PackageInfo;
move-result-object v4
invoke-virtual {v2}, Lcom/sec/android/app/controlpanel/PackageInfoItem;->getPackageName()Ljava/lang/String;
move-result-object v5
const/4 v6, 0x1
invoke-virtual {v4, v5, v6}, Lcom/sec/android/app/controlpanel/PackageInfo;->killPackage(Ljava/lang/String;Z)V
.line 438
invoke-interface {v3, v2}, Ljava/util/Set;->add(Ljava/lang/Object;)Z
goto :goto_0
.line 441
.end local v2 #p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
:cond_1
invoke-interface {v3}, Ljava/util/Set;->iterator()Ljava/util/Iterator;
move-result-object v0
:goto_1
invoke-interface {v0}, Ljava/util/Iterator;->hasNext()Z
move-result v4
if-eqz v4, :cond_2
invoke-interface {v0}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v2
check-cast v2, Lcom/sec/android/app/controlpanel/PackageInfoItem;
.line 442
.restart local v2 #p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
invoke-interface {v1, v2}, Ljava/util/List;->remove(Ljava/lang/Object;)Z
goto :goto_1
.line 444
.end local v2 #p:Lcom/sec/android/app/controlpanel/PackageInfoItem;
:cond_2
# iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPackageInfoAdapter:Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$000(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
move-result-object v4
invoke-virtual {v4, v1}, Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;->setList(Ljava/util/List;)V
.line 445
# iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
#getter for: Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->mPackageInfoAdapter:Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
invoke-static {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->access$000(Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;)Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;
move-result-object v4
invoke-virtual {v4}, Lcom/sec/android/app/controlpanel/activity/RunningAppsPackageInfoAdapter;->notifyDataSetChanged()V
.line 447
const/4 v4, 0x2
const/4 v5, 0x0
:try_start_0
invoke-static {v4, v5}, Lcom/sec/android/hardware/SecHardwareInterface;->setBatteryUse(IZ)V
.line 448
const/4 v4, 0x3
const/4 v5, 0x0
invoke-static {v4, v5}, Lcom/sec/android/hardware/SecHardwareInterface;->setBatteryUse(IZ)V
.line 449
const/4 v4, 0x4
const/4 v5, 0x0
invoke-static {v4, v5}, Lcom/sec/android/hardware/SecHardwareInterface;->setBatteryUse(IZ)V
.line 450
const/4 v4, 0x5
const/4 v5, 0x0
invoke-static {v4, v5}, Lcom/sec/android/hardware/SecHardwareInterface;->setBatteryUse(IZ)V
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
.line 457
:goto_2
# iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
iget-object v4, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
# iget-object v5, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7$4;->this$1:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$7;
iget-object v5, p0, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity$6;->this$0:Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;
const v6, 0x7f050028
invoke-virtual {v5, v6}, Lcom/sec/android/app/controlpanel/activity/RunningAppsListActivity;->getText(I)Ljava/lang/CharSequence;
move-result-object v5
invoke-static {v4, v5, v7}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v4
invoke-virtual {v4}, Landroid/widget/Toast;->show()V
.line 461
.end local v0 #i$:Ljava/util/Iterator;
:cond_3
return-void
.line 451
.restart local v0 #i$:Ljava/util/Iterator;
:catch_0
move-exception v4
goto :goto_2
.end method

[TUT][LSJ] How to add quad targates in AOSP lockscreen

Hello Friends this is mine tutorial for quad targates in aosp lockscreen You can direct me here But when according to that tut when you decompile framework.jar you wont find any widget folder .
So my tut has very little change but fully wokring for XXLSJ rom
FOR WORKING quad targates you must have an AOSP lockscreen this tutorial is for adding over all quad targates to AOSP lockscreen
i m providing only smali part
Now Please start following the instuction with that tag.
Framework-res.apk Editing
[SMALI]
Decompile your framework-res.apk
Put ic_lockscreen_phone_activated.png, ic_lockscreen_phone_normal.png, ic_lockscreen_sms_activated.png, ic_lockscreen_sms_normal.png in /res/drawable-hdpi/
[SMALI]
Put ic_lockscreen_phone.xml, ic_lockscreen_sms.xml in /res/drawable/
[SMALI]
Open /res/values/arrays.xml
[SMALI]/
Replace the whole array .. with:
Code:
@drawable/ic_lockscreen_unlock
@drawable/ic_lockscreen_sms
@drawable/ic_action_assist_generic
@drawable/ic_lockscreen_phone
@drawable/ic_lockscreen_camera
@null
@null
@null
Replace the whole array .. with:
Code:
@string/description_target_unlock
@string/description_target_sms
@string/description_target_search
@string/description_target_phone
@string/description_target_camera
@null
@null
@null
[SMALI]
Open /res/values-land/arrays.xml
[SMALI]/
Replace the whole array .. with:
Code:
@null
@null
@drawable/ic_lockscreen_unlock
@drawable/ic_lockscreen_sms
@drawable/ic_action_assist_generic
@drawable/ic_lockscreen_phone
@drawable/ic_lockscreen_camera
@null
Replace the whole array .. with:
Code:
@null
@null
@string/description_target_unlock
@string/description_target_sms
@string/description_target_search
@string/description_target_phone
@string/description_target_camera
@null
[SMALI]
Open /res/values/strings.xml
[SMALI]/
Add the following entries:
Code:
Sms
Phone
Recompile your framework
framework editing:
[SMALI]
Disassemble your framework2.jar
Edit /com/android/internal/widget/multiwaveview/GlowPadView.smali and replace the whole methods ".method private getDirectionDescription(I)Ljava/lang/String;" and ".method private getTargetDescription(I)Ljava/lang/String;" with the following methods:
Code:
.method private getDirectionDescription(I)Ljava/lang/String;
.locals 4
.parameter "index"
.prologue
.line 1119
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
if-eqz v2, :cond_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->isEmpty()Z
move-result v2
if-eqz v2, :cond_1
.line 1120
:cond_0
iget v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptionsResourceId:I
invoke-direct {p0, v2}, Lcom/android/internal/widget/multiwaveview/GlowPadView;->loadDescriptions(I)Ljava/util/ArrayList;
move-result-object v2
iput-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
.line 1121
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDrawables:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v2
iget-object v3, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
invoke-virtual {v3}, Ljava/util/ArrayList;->size()I
move-result v3
if-eq v2, v3, :cond_1
.line 1122
const-string v2, "GlowPadView"
const-string v3, "The number of target drawables must be equal to the number of direction descriptions."
invoke-static {v2, v3}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 1124
const/4 v0, 0x0
.line 1133
:goto_0
return-object v0
.line 1130
:cond_1
:try_start_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2, p1}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v0
check-cast v0, Ljava/lang/String;
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
.line 1131
.local v0, directionZ:Ljava/lang/String;
goto :goto_0
.line 1132
.end local v0 #directionZ:Ljava/lang/String;
:catch_0
move-exception v1
.line 1133
.local v1, e:Ljava/lang/Exception;
const-string v0, ""
goto :goto_0
.end method
Code:
.method private getTargetDescription(I)Ljava/lang/String;
.locals 4
.parameter "index"
.prologue
.line 1099
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
if-eqz v2, :cond_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->isEmpty()Z
move-result v2
if-eqz v2, :cond_1
.line 1100
:cond_0
iget v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptionsResourceId:I
invoke-direct {p0, v2}, Lcom/android/internal/widget/multiwaveview/GlowPadView;->loadDescriptions(I)Ljava/util/ArrayList;
move-result-object v2
iput-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
.line 1101
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDrawables:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v2
iget-object v3, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
invoke-virtual {v3}, Ljava/util/ArrayList;->size()I
move-result v3
if-eq v2, v3, :cond_1
.line 1102
const-string v2, "GlowPadView"
const-string v3, "The number of target drawables must be equal to the number of target descriptions."
invoke-static {v2, v3}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 1104
const/4 v1, 0x0
.line 1114
:goto_0
return-object v1
.line 1109
:cond_1
const-string v1, ""
.line 1111
.local v1, targetZ:Ljava/lang/String;
:try_start_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2, p1}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v2
move-object v0, v2
check-cast v0, Ljava/lang/String;
move-object v1, v0
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
goto :goto_0
.line 1112
:catch_0
move-exception v2
goto :goto_0
.end method
Recompile your framework2.jar
Now we're done with the framework2.jar now we need to modify that last file android.policy.jar
[SMALI]
Disassemble your android.policy.jar
Edit /com/android/internal/policy/impl/LockScreen.smali and add the following methods:
Code:
.method static synthetic access$1400(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
.locals 1
.parameter "x0"
.prologue
.line 56
iget-object v0, p0, Lcom/android/internal/policy/impl/LockScreen;->mContext:Landroid/content/Context;
return-object v0
.end method
.method static synthetic access$1500(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
.locals 1
.parameter "x0"
.prologue
.line 56
iget-object v0, p0, Lcom/android/internal/policy/impl/LockScreen;->mContext:Landroid/content/Context;
return-object v0
.end method
Edit /com/android/internal/policy/impl/LockScreen$GlowPadViewMethods.smali.
Replace the whole method onTrigger with:
Code:
.method public onTrigger(Landroid/view/View;I)V
.locals 7
.parameter "v"
.parameter "target"
.prologue
const/high16 v6, 0x1000
.line 313
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->mGlowPadView:Lcom/android/internal/widget/multiwaveview/GlowPadView;
invoke-virtual {v4, p2}, Lcom/android/internal/widget/multiwaveview/GlowPadView;->getResourceIdForTarget(I)I
move-result v3
.line 321
.local v3, resId:I
sparse-switch v3, :sswitch_data_0
.line 367
:goto_0
return-void
.line 323
:sswitch_0
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$1200(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
move-result-object v4
invoke-static {v4}, Landroid/app/SearchManager;->getAssistIntent(Landroid/content/Context;)Landroid/content/Intent;
move-result-object v0
.line 324
.local v0, assistIntent:Landroid/content/Intent;
if-eqz v0, :cond_0
.line 325
invoke-direct {p0, v0}, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->launchActivity(Landroid/content/Intent;)V
.line 329
:goto_1
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->pokeWakelock()V
goto :goto_0
.line 327
:cond_0
const-string v4, "LockScreen"
const-string v5, "Failed to get intent for assist activity"
invoke-static {v4, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_1
.line 333
.end local v0 #assistIntent:Landroid/content/Intent;
:sswitch_1
new-instance v4, Landroid/content/Intent;
const-string v5, "android.media.action.STILL_IMAGE_CAMERA"
invoke-direct {v4, v5}, Landroid/content/Intent;->(Ljava/lang/String;)V
invoke-direct {p0, v4}, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->launchActivity(Landroid/content/Intent;)V
.line 334
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->pokeWakelock()V
goto :goto_0
.line 339
:sswitch_2
new-instance v2, Landroid/content/Intent;
const-string v4, "android.intent.action.MAIN"
invoke-direct {v2, v4}, Landroid/content/Intent;->(Ljava/lang/String;)V
.line 340
.local v2, phoneIntent:Landroid/content/Intent;
const-string v4, "com.android.contacts"
const-string v5, "com.android.contacts.activities.DialtactsActivity"
invoke-virtual {v2, v4, v5}, Landroid/content/Intent;->setClassName(Ljava/lang/String;Ljava/lang/String;)Landroid/content/Intent;
.line 341
invoke-virtual {v2, v6}, Landroid/content/Intent;->setFlags(I)Landroid/content/Intent;
.line 342
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$1300(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
move-result-object v4
invoke-virtual {v4, v2}, Landroid/content/Context;->startActivity(Landroid/content/Intent;)V
.line 343
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->goToUnlockScreen()V
goto :goto_0
.line 348
.end local v2 #phoneIntent:Landroid/content/Intent;
:sswitch_3
new-instance v1, Landroid/content/Intent;
const-string v4, "android.intent.action.MAIN"
invoke-direct {v1, v4}, Landroid/content/Intent;->(Ljava/lang/String;)V
.line 349
.local v1, mmsIntent:Landroid/content/Intent;
const-string v4, "com.android.mms"
const-string v5, "com.android.mms.ui.ConversationList"
invoke-virtual {v1, v4, v5}, Landroid/content/Intent;->setClassName(Ljava/lang/String;Ljava/lang/String;)Landroid/content/Intent;
.line 350
invoke-virtual {v1, v6}, Landroid/content/Intent;->setFlags(I)Landroid/content/Intent;
.line 351
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$1400(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
move-result-object v4
invoke-virtual {v4, v1}, Landroid/content/Context;->startActivity(Landroid/content/Intent;)V
.line 352
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->goToUnlockScreen()V
goto :goto_0
.line 357
.end local v1 #mmsIntent:Landroid/content/Intent;
:sswitch_4
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$500(Lcom/android/internal/policy/impl/LockScreen;)V
.line 358
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->pokeWakelock()V
goto/16 :goto_0
.line 364
:sswitch_5
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->goToUnlockScreen()V
goto/16 :goto_0
.line 321
:sswitch_data_0
.sparse-switch
0x010802cd -> :sswitch_0
0x01080328 -> :sswitch_1
0x01080344 -> :sswitch_4
0x0108034f -> :sswitch_5
0x01080352 -> :sswitch_5
0x01080a4d -> :sswitch_2
0x01080a50 -> :sswitch_3
.end sparse-switch
.end method
Recompile and you're good to go!
I dont work only for thanks i work for my passion toward android too but if you will press thanks it will help me
Credits
atl4ntis for base tutorial

reserved

i used this one time ago: http://forum.xda-developers.com/showthread.php?t=2011461 pretty "same"

Mirko ddd said:
i used this one time ago: http://forum.xda-developers.com/showthread.php?t=2002620 pretty "same"
Click to expand...
Click to collapse
its for adding more targates to AOSP lockscreen
there is no link between mine and the one you give bcz i m not providing how to FOR TOGGLEING AOSP N TW LOCKSCREEN

ICS_XD said:
its for adding more targates to AOSP lockscreen
there is no link between mine and the one you give bcz i m not providing how to FOR TOGGLEING AOSP N TW LOCKSCREEN
Click to expand...
Click to collapse
sorry i linked wrong thing http://forum.xda-developers.com/showthread.php?t=2011461
this one is the same

Mirko ddd said:
sorry i linked wrong thing http://forum.xda-developers.com/showthread.php?t=2011461
this one is the same
Click to expand...
Click to collapse
I dont know
But i modified one which i linked in thread
Btw when i check the thread you gave previous
It will same like you post for LSJ ?
Toggle for TW n Aosp lockscreen
Sent from my GT-I9400 using Tapatalk

ICS_XD said:
I dont know
But i modified one which i linked in thread
Btw when i check the thread you gave previous
It will same like you post for LSJ ?
Toggle for TW n Aosp lockscreen
Sent from my GT-I9400 using Tapatalk
Click to expand...
Click to collapse
for sure is not the same as u can see mine consists to reuse an existings code and made it noobproof.
as u are not even explaining what this is
Code:
.line 321
:sswitch_data_0
.sparse-switch
0x010802cd -> :sswitch_0
0x01080328 -> :sswitch_1
0x01080344 -> :sswitch_4
0x0108034f -> :sswitch_5
0x01080352 -> :sswitch_5
0x01080a4d -> :sswitch_2
0x01080a50 -> :sswitch_3
.end sparse-switch
.end method
people may have different public values leading them into bootloops

Mirko ddd said:
for sure is not the same as u can see mine consists to reuse an existings code and made it noobproof.
as u are not even explaining what this is
Code:
.line 321
:sswitch_data_0
.sparse-switch
0x010802cd -> :sswitch_0
0x01080328 -> :sswitch_1
0x01080344 -> :sswitch_4
0x0108034f -> :sswitch_5
0x01080352 -> :sswitch_5
0x01080a4d -> :sswitch_2
0x01080a50 -> :sswitch_3
.end sparse-switch
.end method
people may have different public values leading them into bootloops
Click to expand...
Click to collapse
These values are not from that thread
These values are of LSJ rom i think these values will work on any LSJ rom ?
Isin't
Sent from my GT-I9400 using Tapatalk

ICS_XD said:
These values are not from that thread
These values are of LSJ rom i think these values will work on any LSJ rom ?
Isin't
Sent from my GT-I9400 using Tapatalk
Click to expand...
Click to collapse
suppose for a while that the guys who s applying your tutorial has one more png file on his framework-res.apk, or that the one u have has it, public valus will mismatch
noobproof is well explained, not easy to copy

Mirko ddd said:
suppose for a while that the guys who s applying your tutorial has one more png file on his framework-res.apk, or that the one u have has it, public valus will mismatch
noobproof is well explained, not easy to copy
Click to expand...
Click to collapse
Oh thanks mate
I will be updating thread tomorrow
Thanks for the help
Sent from my GT-I9100G using xda premium

ICS_XD said:
Oh thanks mate
I will be updating thread tomorrow
Thanks for the help
Sent from my GT-I9100G using xda premium
Click to expand...
Click to collapse
nice target is provide safer and detailed as possible guides

收件人： [TUT][LSJ] How to add quad targates in AOSP lockscreen
have a look. thx
Sent from my HTC X515d using xda premium

Modifying NfcNci.apk so that it doesn't care about Deodex.

Just for the sake of transparency Here is a quick rundown of the process for everyone to see.
High level overview:
1. ) baksmali classes.dex from NfcNci.apk
2. ) Mod the resulting smali.
3. ) smali, and inject back into NfcNci.apk
Since this is the dev section I will focus on step 2 you can read about steps 1 and 3 elsewhere. For the sake of this example I will be working with the system dump from the original release of the gt-i9505g (S4 Google Edition) System Software.
What you are looking for is this function contained in the NfcIntegrityChecker class:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
If we track back the exception error message that comes up in the debug log ("Client module is tampered"), you will see that the text is contained in the NfcService class within the function ".method public enforceNfcIntegrity()V"
Code:
.method public enforceNfcIntegrity()V
.locals 3
.prologue
.line 470
iget-object v1, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
monitor-enter v1
.line 471
:try_start_0
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
invoke-virtual {v0}, Lcom/android/nfc/NfcIntegrityChecker;->getStatus()I
move-result v0
const/4 v2, 0x3
if-ne v0, v2, :cond_0
.line 472
new-instance v0, Ljava/lang/SecurityException;
const-string v2, "NfcIntegrityChecker is not on the proper status"
invoke-direct {v0, v2}, Ljava/lang/SecurityException;-><init>(Ljava/lang/String;)V
throw v0
.line 480
:catchall_0
move-exception v0
monitor-exit v1
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
throw v0
.line 475
:cond_0
:try_start_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
invoke-virtual {v0}, Lcom/android/nfc/NfcIntegrityChecker;->getStatus()I
move-result v0
const/4 v2, 0x2
if-eq v0, v2, :cond_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
const-string v2, "client"
invoke-virtual {v0, v2}, Lcom/android/nfc/NfcIntegrityChecker;->checkIntegrity(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
const-string v2, "clientlib"
invoke-virtual {v0, v2}, Lcom/android/nfc/NfcIntegrityChecker;->checkIntegrity(Ljava/lang/String;)Z
move-result v0
if-nez v0, :cond_2
.line 478
:cond_1
new-instance v0, Ljava/lang/SecurityException;
const-string v2, "Client module is tampered"
invoke-direct {v0, v2}, Ljava/lang/SecurityException;-><init>(Ljava/lang/String;)V
throw v0
.line 480
:cond_2
monitor-exit v1
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.line 481
return-void
.end method
If we follow the flow of the application we see that the code for this failure is only reached if the function call to
Code:
checkIntegrity(Ljava/lang/String;)Z
returns false, or the status is not properly set. (the 'Z' at the end means it returns a boolean).
There are two ways to handle this. We can either patch out the call to checkIntegrity entirely (jump over it, or literally remove the calls), or we can modify the checkIntegrity function so that it always returns true.
So, let's look at the checkIntegrity function:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 11
.parameter "type"
.prologue
const/4 v10, 0x2
const/4 v9, 0x1
const/4 v8, 0x0
.line 293
iget-object v5, p0, Lcom/android/nfc/NfcIntegrityChecker;->mModuleMap:Ljava/util/HashMap;
invoke-virtual {v5, p1}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v2
check-cast v2, Ljava/util/ArrayList;
.line 294
.local v2, modules:Ljava/util/ArrayList;,"Ljava/util/ArrayList<[Ljava/lang/String;>;"
const/4 v1, 0x0
.line 295
.local v1, module:[Ljava/lang/String;
const/4 v3, 0x1
.line 296
.local v3, ret:Z
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v4
.line 298
.local v4, size:I
const/4 v0, 0x0
.local v0, i:I
:goto_0
if-ge v0, v4, :cond_2
.line 299
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v1
.end local v1 #module:[Ljava/lang/String;
check-cast v1, [Ljava/lang/String;
.line 301
.restart local v1 #module:[Ljava/lang/String;
if-eqz v1, :cond_0
array-length v5, v1
if-eq v5, v10, :cond_4
.line 302
:cond_0
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_1
const-string v5, "NfcIntegrityChecker"
const-string v6, "checkIntegrity module format error"
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 303
:cond_1
const/4 v3, 0x0
.line 314
:cond_2
:goto_1
if-nez v3, :cond_3
iput v10, p0, Lcom/android/nfc/NfcIntegrityChecker;->mStatus:I
.line 316
:cond_3
return v3
.line 307
:cond_4
aget-object v5, v1, v8
aget-object v6, v1, v9
invoke-direct {p0, v5, v6}, Lcom/android/nfc/NfcIntegrityChecker;->checkModuleIntegrity(Ljava/lang/String;Ljava/lang/String;)Z
move-result v5
if-nez v5, :cond_6
.line 308
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_5
const-string v5, "NfcIntegrityChecker"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "checkModuleIntegrity "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v8
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
const-string v7, " tampered : "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v9
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 309
:cond_5
const/4 v3, 0x0
.line 310
goto :goto_1
.line 298
:cond_6
add-int/lit8 v0, v0, 0x1
goto :goto_0
.end method
There is only one return statement, so this should be a simple matter of setting our value, and calling return. In some cases there is code that your application needs to run in order to function, so usually a light touch is a good idea, but in this case all of the code is there to run various checks so we can skip most of it.
The easiest way would be to replace the whole function with this:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 2
.parameter "type"
.prologue
const/4 v0, 0x1
return v0
.end method
But that method never sat right with me (old school c++ cracking I guess), so I prefer something like this:
add a goto, and modify the constant here:
.line 303
:cond_1
:goto_666
const/4 v3, 0x1
then add the following line to the beginning of the function (after the .prologue)
goto :goto_666
We end up with something like this:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 11
.parameter "type"
.prologue
const/4 v10, 0x2
const/4 v9, 0x1
const/4 v8, 0x0
goto :goto_666
.line 293
iget-object v5, p0, Lcom/android/nfc/NfcIntegrityChecker;->mModuleMap:Ljava/util/HashMap;
invoke-virtual {v5, p1}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v2
check-cast v2, Ljava/util/ArrayList;
.line 294
.local v2, modules:Ljava/util/ArrayList;,"Ljava/util/ArrayList<[Ljava/lang/String;>;"
const/4 v1, 0x0
.line 295
.local v1, module:[Ljava/lang/String;
const/4 v3, 0x1
.line 296
.local v3, ret:Z
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v4
.line 298
.local v4, size:I
const/4 v0, 0x0
.local v0, i:I
:goto_0
if-ge v0, v4, :cond_2
.line 299
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v1
.end local v1 #module:[Ljava/lang/String;
check-cast v1, [Ljava/lang/String;
.line 301
.restart local v1 #module:[Ljava/lang/String;
if-eqz v1, :cond_0
array-length v5, v1
if-eq v5, v10, :cond_4
.line 302
:cond_0
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_1
const-string v5, "NfcIntegrityChecker"
const-string v6, "checkIntegrity module format error"
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 303
:cond_1
:goto_666
const/4 v3, 0x1
.line 314
:cond_2
:goto_1
if-nez v3, :cond_3
iput v10, p0, Lcom/android/nfc/NfcIntegrityChecker;->mStatus:I
.line 316
:cond_3
return v3
.line 307
:cond_4
aget-object v5, v1, v8
aget-object v6, v1, v9
invoke-direct {p0, v5, v6}, Lcom/android/nfc/NfcIntegrityChecker;->checkModuleIntegrity(Ljava/lang/String;Ljava/lang/String;)Z
move-result v5
if-nez v5, :cond_6
.line 308
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_5
const-string v5, "NfcIntegrityChecker"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "checkModuleIntegrity "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v8
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
const-string v7, " tampered : "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v9
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 309
:cond_5
const/4 v3, 0x0
.line 310
goto :goto_1
.line 298
:cond_6
add-int/lit8 v0, v0, 0x1
goto :goto_0
.end method

confirmed working
thanks again!

This is great, thanks for your contribution!
So does the integrity check call only have to do with access to the secure element? Or does it also eliminate the need to spoof device model for compatibility purposes?

CPA Poke said:
This is great, thanks for your contribution!
So does the integrity check call only have to do with access to the secure element? Or does it also eliminate the need to spoof device model for compatibility purposes?
Click to expand...
Click to collapse
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G

Fenny said:
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Click to expand...
Click to collapse
I think that's what the existing Xposed Wallet hack modules do (watch for the read prop values originating from Wallet). But for whatever reason it won't intercept the calls on initial setup, which is why you have to actually change the build.prop prior to initially setting up Wallet.

Fenny said:
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Click to expand...
Click to collapse
if you had time to add a how-to to bypass root checking, model version and carrier check, I'd update it every time. wouldn't be a problem and I'd be happy to help out.

mrvirginia said:
if you had time to add a how-to to bypass root checking, model version and carrier check, I'd update it every time. wouldn't be a problem and I'd be happy to help out.
Click to expand...
Click to collapse
Bypassing Root:
Look at the com.google.android.apps.wallet.security.EnvironmentProperty class in the constructor method.
We're looking for this segment containing SU_COMMAND_LOCATIONS:
Code:
.line 70
new-array v0, v4, [Ljava/lang/String;
const-string v1, "/system/bin/su"
aput-object v1, v0, v3
const-string v1, "/system/xbin/su"
aput-object v1, v0, v2
sput-object v0, Lcom/google/android/apps/wallet/security/EnvironmentProperty;->SU_COMMAND_LOCATIONS:[Ljava/lang/String;
Note: These variable names change (v3, v4, etc...), usually they will be the const/4 numbers defined at the beginning of the method. Just make sure you use the one that contains 0.
Change this line from v4 (which contains the number 2)
Code:
new-array v0, v4, [Ljava/lang/String;
to v3 (which contains the number 0)
Code:
new-array v0, v3, [Ljava/lang/String;
Then simply delete the following lines:
Code:
const-string v1, "/system/bin/su"
aput-object v1, v0, v3
const-string v1, "/system/xbin/su"
aput-object v1, v0, v2
This will Set the environment property SU_COMMAND_LOCATIONS as an empty string array which will cause the checkDevice function in Lcom/google/android/apps/wallet/security/EnvironmentProperty$1 to simply break out of it's for loop and return 0 (which is what we want).
Bypassing device/carrier restrictions:
Here is a quick script I whipped up to replace the build prop calls automagically.
Usage would be something like:
Baksmali the classes.dex in your apk:
java -jar baksmali.jar your.apk -o outdir
Run the script (below):
/path/to/pwnprop.sh outdir
Do whatever other changes to the outdir directory.
Then smali:
java -jar smali.jar outdir -o classes.dex
Finally, winzip, lol. (If you actually use winzip imma kill you.)
The script:
Save this as pwnprop.sh (or whatever you feel like) and chmod +x
Code:
#!/bin/bash
do_replace ()
{
case $3 in
# Replace these with whatever device you want to clone.
MODEL)
ours="Galaxy Nexus";;
BRAND)
ours="Google" ;;
BOARD)
ours=""tuna"
ID)
ours="JDQ39E" ;;
PRODUCT)
ours="yakju" ;;
DEVICE)
ours="yakju" ;;
FINGERPRINT)
ours="google/yakju/maguro:4.2.2/JDQ39/573038:user/release-keys" ;;
*)
echo "Replacement property not defined: "$3" in "$1
return ;;
esac
sed -i 's{sget-object '$2', Landroid/os/Build;->'$3':Ljava/lang/String;{const-string '$2', "'$ours'"{g' $1
echo sed -i 's{sget-object '$2', Landroid/os/Build;->'$3':Ljava/lang/String;{const-string '$2', "'$ours'"{g' $1
}
OIFS=$IFS; IFS=$'\n'
for line in `grep -ro "[v0-9]*, Landroid/os/Build;->[A-Z]*" $ | sed 's{, Landroid/os/Build;->{:{'`
do
IFS=':'
temparray=($line)
if [ ${#temparray[@]} -eq 3 ]
then
do_replace $line
fi
IFS=$OIFS
done

CPA Poke said:
I think that's what the existing Xposed Wallet hack modules do (watch for the read prop values originating from Wallet). But for whatever reason it won't intercept the calls on initial setup, which is why you have to actually change the build.prop prior to initially setting up Wallet.
Click to expand...
Click to collapse
I think it actually just replaces the function that checks, "Is this device id allowed?" But for the initial setup the strings in build prop are sent to google where they can reject them server-side.

when trying to run the script, i keep getting a syntax error
pwnprop.sh: line 2: $'\r': command not found
pwnprop.sh: line 3: syntax error near unexpected token `$'\r''
'wnprop.sh: line 3: `do_replace ()
i'm doing:
bash pwnprop.sh classes
classes is my "outdir"
edit: alright, i've converted dos2unix. now i'm just getting errors that the file doesn't exist. argh, oh linux.
edit: zip has been updated to no longer check for su binary. still needs a device/carrier bypass restriction removed...

Fenny said:
I think it actually just replaces the function that checks, "Is this device id allowed?" But for the initial setup the strings in build prop are sent to google where they can reject them server-side.
Click to expand...
Click to collapse
Gotcha, that makes perfect sense.

mrvirginia said:
when trying to run the script, i keep getting a syntax error
pwnprop.sh: line 2: $'\r': command not found
pwnprop.sh: line 3: syntax error near unexpected token `$'\r''
'wnprop.sh: line 3: `do_replace ()
i'm doing:
bash pwnprop.sh classes
classes is my "outdir"
edit: alright, i've converted dos2unix. now i'm just getting errors that the file doesn't exist. argh, oh linux.
edit: zip has been updated to no longer check for su binary. still needs a device/carrier bypass restriction removed...
Click to expand...
Click to collapse
Make sure you have the sed, echo, and grep utilities installed and in your path.
Sent from my GT-I9505G

Fenny said:
Make sure you have the sed, echo, and grep utilities installed and in your path.
Sent from my GT-I9505G
Click to expand...
Click to collapse
i finally figured out what the problem was. iirc, i was running it as root or something. had the same problem when i tried using the Kitchen again a week or two ago and got it sorted so i'll attempt to run this again [hopefully] over the weekend and give everyone a working Wallet regardless of device so they won't have to do silly tweaks anymore with build.prop etc. thank you again, sir.
oh, did you ever figure out the SIM unlock issue?

Causes NFC to FC on official 4.3 with full wipe. Oddly, it works with dirty flash. Ideas?
[Edit]
Never mind. It was just a bad signature.

@ OP: this NfcNci mod works on TW firmware MF8.

maanz said:
@ OP: this NfcNci mod works on TW firmware MF8.
Click to expand...
Click to collapse
Good to hear. Sounds like this is a new feature in Samsung firmware. Still makes me wonder if non-samsung devices suffer the same fate. The function call is the same no matter which implementation of NfcNci you are using, but I suppose that each vendor's implementation of the integrity checks by necessesity will differ.
Sent from my GT-I9505G

@Fenny looks like Superuser (unsecure) check was removed from newest Wallet release on the Google Play Store

mrvirginia said:
@Fenny looks like Superuser (unsecure) check was removed from newest Wallet release on the Google Play Store
Click to expand...
Click to collapse
That is great news. Much less work to be done on it then.

Keep up the good work! You guys are close, I can feel it! I would offer to help this weekend, but I think I would just slow you down.
Sent from my Galaxy Nexus using XDA Premium 4 mobile app

[TUTORIAL]How To Add Advance Power Menu[3/1/2014]

Happy New Year...
This is my first tutorial of 2014. Today I will teach
you how to add Reboot and Recovery option in Power Menu.
Make sure you have a basic knowledge on how to compile/decompile .apk/.jar files.
framework-res.apk
Decompile framework-res.apk
[*]Navigate to framework-res.apk\res\drawable-hdpi
[*]Extract all the files from PNG folder (Download From Attachment)
[*]Navigate to framework-res.apk\res\values
[*]Open strings.xml file in file editor
[*]Add these line at the end
Code:
<string name="reboot">Reboot</string>
<string name="reboot_progress">Rebooting…</string>
<string name="reboot_confirm">Your phone will reboot</string>
<string name="recovery">Recovery</string>
<string name="recovery_progress">Rebooting into recovery…</string>
<string name="recovery_confirm">Your phone will reboot into recovery</string>
[*]Save the file
[*]Recompile your framework-res.apk
[*]Decompile framework-res.apk which you have recompiled a moment ago
[*]Navigate to framework-res.apk\res\values
[*]Open public.xml file in file editor
framework.jar
Decompile framework.jar
[*]Navigate to framework.jar\smali\com\android\internal\app
[*]Open ShutdownThread.smali file in file editor
[*]Search for .field private static mReboot:Z and add the red line only
Code:
.field private static final TAG:Ljava/lang/String; = "ShutdownThread"
[COLOR="Red"].field public static mReboot:I[/COLOR]
.field private static mReboot:Z
[*]Search for .local v1, pd:Landroid/app/ProgressDialog; and add the red lines only
Code:
.line 184
.local v1, pd:Landroid/app/ProgressDialog;
[COLOR="Red"]sget v2, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v2, v5, :cond_1
if-nez v2, :cond_2[/COLOR]
const v2, 0x104014a
[COLOR="Red"]goto :goto_1
:cond_1
const v2, name="reboot"
goto :goto_1
:cond_2
const v2, name="recovery"
:goto_1[/COLOR]
invoke-virtual {p0, v2}, Landroid/content/Context;->getText(I)Ljava/lang/CharSequence;
move-result-object v2
[*]Search for invoke-virtual {v1, v2}, Landroid/app/ProgressDialog;->setTitle(Ljava/lang/CharSequenceV and add the red lines only
Code:
move-result-object v2
invoke-virtual {v1, v2}, Landroid/app/ProgressDialog;->setTitle(Ljava/lang/CharSequence;)V
.line 185
[COLOR="Red"]sget v2, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v2, v5, :cond_3
if-nez v2, :cond_4[/COLOR]
const v2, 0x104014e
[COLOR="Red"]goto :goto_2
:cond_3
const v2, name="reboot_progress"
goto :goto_2
:cond_4
const v2, name="recovery_progress"
:goto_2[/COLOR]
invoke-virtual {p0, v2}, Landroid/content/Context;->getText(I)Ljava/lang/CharSequence;
move-result-object v2
[*]Search for .catch Ljava/lang/SecurityException; {:try_start_1 .. :try_end_1} :catch_0 and change the blue lines only
Code:
invoke-virtual {v2}, Landroid/os/PowerManager$WakeLock;->acquire()V
:try_end_1
.catch Ljava/lang/SecurityException; {:try_start_1 .. :try_end_1} :catch_0
.line 208
[COLOR="Blue"]:goto_3[/COLOR]
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
iput-object v6, v2, Lcom/android/internal/app/ShutdownThread;->mScreenWakeLock:Landroid/os/PowerManager$WakeLock;
.line 209
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
iget-object v2, v2, Lcom/android/internal/app/ShutdownThread;->mPowerManager:Landroid/os/PowerManager;
invoke-virtual {v2}, Landroid/os/PowerManager;->isScreenOn()Z
move-result v2
[COLOR="Blue"]if-eqz v2, :cond_5[/COLOR]
.line 211
:try_start_2
[*]Search for .catch Ljava/lang/SecurityException; {:try_start_2 .. :try_end_2} :catch_1 and change the blue lines only
Code:
:try_end_2
.catch Ljava/lang/SecurityException; {:try_start_2 .. :try_end_2} :catch_1
.line 222
[COLOR="Blue"]:cond_5
:goto_4[/COLOR]
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
new-instance v3, Lcom/android/internal/app/ShutdownThread$2;
[*]Search for .end local v0 #e:Ljava/lang/SecurityException; and change the blue lines only
Code:
iput-object v6, v2, Lcom/android/internal/app/ShutdownThread;->mCpuWakeLock:Landroid/os/PowerManager$WakeLock;
[COLOR="Blue"]goto :goto_3[/COLOR]
.line 215
.end local v0 #e:Ljava/lang/SecurityException;
:catch_1
move-exception v0
.line 216
.restart local v0 #e:Ljava/lang/SecurityException;
const-string v2, "ShutdownThread"
const-string v3, "No permission to acquire wake lock"
invoke-static {v2, v3, v0}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I
.line 217
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
iput-object v6, v2, Lcom/android/internal/app/ShutdownThread;->mScreenWakeLock:Landroid/os/PowerManager$WakeLock;
[COLOR="Blue"]goto :goto_4[/COLOR]
.end method
.method public static reboot(Landroid/content/Context;Ljava/lang/String;Z)V
[*]Search for .method public static rebootOrShutdown(ZLjava/lang/StringV and change the blue line only
Code:
.end method
.method public static rebootOrShutdown(ZLjava/lang/String;)V
.locals 5
.parameter "reboot"
.parameter "reason"
.prologue
.line 403
[COLOR="Blue"]if-eqz p0, :cond_3[/COLOR]
.line 404
const-string v2, "ShutdownThread"
[*]Search for invoke-static {p1}, Landroid/os/Power;->reboot(Ljava/lang/StringV and add the red lines and change the blue lines only
Code:
:try_start_0
invoke-static {p1}, Landroid/os/Power;->reboot(Ljava/lang/String;)V
:try_end_0
[COLOR="Blue"].catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_1[/COLOR]
.line 428
:goto_0
const-string v2, "ShutdownThread"
const-string v3, "Performing low-level shutdown..."
invoke-static {v2, v3}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
[COLOR="Red"]sget v1, Lcom/android/internal/app/ShutdownThread;->mReboot:I
const/4 v2, 0x1
if-eq v1, v2, :cond_0
const/4 v2, 0x2
if-eq v1, v2, :cond_1[/COLOR]
.line 429
invoke-static {}, Landroid/os/Power;->shutdown()V
.line 430
return-void
[COLOR="Red"]:cond_0
const-string/jumbo v4, "now"
invoke-static {v4}, Landroid/os/Power;->reboot(Ljava/lang/String;)V
return-void
:cond_1
:try_start_1
new-instance v1, Ljava/io/File;
const-string v4, "/cache/recovery/boot"
invoke-direct {v1, v4}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 442
.restart local v1
invoke-virtual {v1}, Ljava/io/File;->exists()Z
move-result v4
if-nez v4, :cond_2
.line 443
invoke-virtual {v1}, Ljava/io/File;->createNewFile()Z
:try_end_1
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_0
:catch_0
:cond_2
const-string/jumbo v4, "recovery"
invoke-static {v4}, Landroid/os/Power;->reboot(Ljava/lang/String;)V
return-void[/COLOR]
.line 407
[COLOR="Blue"]:catch_1[/COLOR]
move-exception v0
.line 408
.local v0, e:Ljava/lang/Exception;
const-string v2, "ShutdownThread"
[*]Search for .end local v0 #e:Ljava/lang/Exception; and change the blue lines only
Code:
.line 412
.end local v0 #e:Ljava/lang/Exception;
[COLOR="Blue"]:cond_3[/COLOR]
new-instance v1, Landroid/os/Vibrator;
invoke-direct {v1}, Landroid/os/Vibrator;-><init>()V
.line 414
.local v1, vibrator:Landroid/os/Vibrator;
const-wide/16 v2, 0x1f4
[COLOR="Blue"]:try_start_2[/COLOR]
invoke-virtual {v1, v2, v3}, Landroid/os/Vibrator;->vibrate(J)V
[COLOR="Blue"]:try_end_2
.catch Ljava/lang/Exception; {:try_start_2 .. :try_end_2} :catch_3[/COLOR]
.line 422
:goto_1
const-wide/16 v2, 0x1f4
[COLOR="Blue"]:try_start_3[/COLOR]
invoke-static {v2, v3}, Ljava/lang/Thread;->sleep(J)V
[COLOR="Blue"]:try_end_3
.catch Ljava/lang/InterruptedException; {:try_start_3 .. :try_end_3} :catch_2[/COLOR]
goto :goto_0
.line 423
[COLOR="Blue"]:catch_2[/COLOR]
move-exception v2
goto :goto_0
.line 415
[COLOR="Blue"]:catch_3[/COLOR]
move-exception v0
.line 417
.restart local v0 #e:Ljava/lang/Exception;
[*]Search for .local v1, longPressBehavior:I and change the blue lines only
Code:
.line 106
.local v1, longPressBehavior:I
const/4 v3, 0x2
[COLOR="Blue"]if-ne v1, v3, :cond_4[/COLOR]
const v2, 0x1040150
.line 110
.local v2, resourceId:I
:goto_1
const-string v3, "ShutdownThread"
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
const-string v5, "Notifying thread to start shutdown longPressBehavior="
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4, v1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v4
invoke-static {v3, v4}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
.line 112
[COLOR="Blue"]if-eqz p1, :cond_7[/COLOR]
.line 113
new-instance v0, Lcom/android/internal/app/ShutdownThread$CloseDialogReceiver;
[*]Search for invoke-direct {v3, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/ContextV and add the red lines only
Code:
new-instance v3, Landroid/app/AlertDialog$Builder;
invoke-direct {v3, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V
[COLOR="Red"]const v5, 0x1
sget v4, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v4, v5, :cond_2
if-nez v4, :cond_3[/COLOR]
const v4, 0x104014a
[COLOR="Red"]goto :goto_2
:cond_2
const v4, name="reboot"
goto :goto_2
:cond_3
const v4, name="recovery"
:goto_2[/COLOR]
invoke-virtual {v3, v4}, Landroid/app/AlertDialog$Builder;->setTitle(I)Landroid/app/AlertDialog$Builder;
move-result-object v3
[*]Search for invoke-virtual {v3}, Landroid/app/AlertDialog;->show()V and add the red lines and change the blue lines only
Code:
sget-object v3, Lcom/android/internal/app/ShutdownThread;->sConfirmDialog:Landroid/app/AlertDialog;
invoke-virtual {v3}, Landroid/app/AlertDialog;->show()V
[COLOR="Blue"]goto/16 :goto_0[/COLOR]
.line 102
.end local v0 #closer:Lcom/android/internal/app/ShutdownThread$CloseDialogReceiver;
.end local v1 #longPressBehavior:I
.end local v2 #resourceId:I
:catchall_0
move-exception v3
:try_start_1
monitor-exit v4
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
throw v3
.line 106
.restart local v1 #longPressBehavior:I
[COLOR="Blue"]:cond_4[/COLOR]
[COLOR="Red"]const v3, 0x1
sget v2, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v2, v3, :cond_5
if-nez v2, :cond_6[/COLOR]
const v2, 0x104014f
[COLOR="Blue"]goto/16 :goto_1[/COLOR]
[COLOR="Red"]:cond_5
const v2, name="reboot_confirm"
goto/16 :goto_1
:cond_6
const v2, name="recovery_confirm"
goto/16 :goto_1[/COLOR]
.line 132
.restart local v2 #resourceId:I
[COLOR="Blue"]:cond_7[/COLOR]
invoke-static {p0}, Lcom/android/internal/app/ShutdownThread;->beginShutdownSequence(Landroid/content/Context;)V
goto/16 :goto_0
.end method
[*]Now you have to find the names below
Code:
name="reboot"
name="recovery"
name="reboot_progress"
name="recovery_progress"
name="reboot_confirm"
name="recovery_confirm"
[*]You have to replace these name with hex ids from public.xml which is already opened in file editor
[*]For example search for name="reboot" in public.xml file
[*]In my case I have got
Code:
<public type="string" name="reboot" id="[COLOR="Blue"]0x01040548[/COLOR]" />
[*]The blue marked part is hex. Copy the hex and remove the 3rd digit. So 0x01040548 will be 0x1040548
[*]Now search for name="reboot" in ShutdownThread.smali file and replace name="reboot" with 0x1040548
[*]Do the same for other names too
[*]Save the file
[*]Recompile your framework.jar
android.policy.jar
Decompile android.policy.jar
[*]Navigate to android.policy.jar\smali\com\android\internal\policy\impl
[*]Extract all the files from SMALI folder (Download From Attachment)
[*]Open GlobalActions$2.smali file in file editor
[*]Search for invoke-static {v0}, Lcom/android/internal/policy/impl/GlobalActions;->access$100(Lcom/android/internal/policy/impl/GlobalActionsLandroid/content/Context; and add the red lines only
Code:
#getter for: Lcom/android/internal/policy/impl/GlobalActions;->mContext:Landroid/content/Context;
invoke-static {v0}, Lcom/android/internal/policy/impl/GlobalActions;->access$100(Lcom/android/internal/policy/impl/GlobalActions;)Landroid/content/Context;
move-result-object v0
const/4 v1, 0x1
[COLOR="Red"]const/4 p0, 0x0
sput p0, Lcom/android/internal/app/ShutdownThread;->mReboot:I[/COLOR]
invoke-static {v0, v1}, Lcom/android/internal/app/ShutdownThread;->shutdown(Landroid/content/Context;Z)V
.line 171
return-void
.end method
[*]Save the file
[*]Open GlobalActions.smali file in file editor
[*]Search for .method private createDialog()Landroid/app/AlertDialog; and change the blue lines only
Code:
.end method
.method private createDialog()Landroid/app/AlertDialog;
[COLOR="Blue"].locals 12[/COLOR]
.prologue
const/4 v9, 0x1
[*]Search for invoke-direct {v1, p0, v2, v3}, Lcom/android/internal/policy/impl/GlobalActions$2;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V and add the red lines only
Code:
invoke-direct {v1, p0, v2, v3}, Lcom/android/internal/policy/impl/GlobalActions$2;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V
invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
[COLOR="Red"]iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mContext:Landroid/content/Context;
invoke-virtual {v0}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;
move-result-object v0
const-string v1, "reboot"
const-string v2, "string"
const-string v3, "android"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-nez v10, :cond_0
const-string v1, "reboot_system"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-eqz v10, :cond_1
:cond_0
const-string v1, "ic_lock_reboot"
const-string v2, "drawable"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v11
if-eqz v11, :cond_1
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mItems:Ljava/util/ArrayList;
new-instance v1, Lcom/android/internal/policy/impl/GlobalActions$7;
invoke-direct {v1, p0, v11, v10}, Lcom/android/internal/policy/impl/GlobalActions$7;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V
invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
:cond_1
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mContext:Landroid/content/Context;
invoke-virtual {v0}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;
move-result-object v0
const-string v1, "recovery"
const-string v2, "string"
const-string v3, "android"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-nez v10, :cond_2
const-string v1, "recovery_system"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-eqz v10, :cond_3
:cond_2
const-string v1, "ic_lock_recovery"
const-string v2, "drawable"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v11
if-eqz v11, :cond_3
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mItems:Ljava/util/ArrayList;
new-instance v1, Lcom/android/internal/policy/impl/GlobalActions$8;
invoke-direct {v1, p0, v11, v10}, Lcom/android/internal/policy/impl/GlobalActions$8;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V
invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z[/COLOR]
.line 183
[COLOR="Red"]:cond_3[/COLOR]
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mItems:Ljava/util/ArrayList;
iget-object v1, p0, Lcom/android/internal/policy/impl/GlobalActions;->mAirplaneModeOn:Lcom/android/internal/policy/impl/GlobalActions$ToggleAction;
[*]Save the file
[*]Recompile your android.policy.jar
Please Note :
Take backup before doing anything.
Use Notepad++ to edit files.
Please read the tutorial properly befor editing files.
If you found any mistake in this tutorial then please let me know.

this is the one thing our xperia community was lacking of. Now it's fulfilled thanks for this :good:

Good Job bro
Thank u

WOW, really a nice guide, perfectly explained & noob Friendly
keep it coming

Great guide, will really help many people, not just to Arc owners but to all Xperia family

saqib nazm said:
this is the one thing our xperia community was lacking of. Now it's fulfilled thanks for this :good:
Click to expand...
Click to collapse
3andala said:
Good Job bro
Thank u
Click to expand...
Click to collapse
stanlin salu said:
WOW, really a nice guide, perfectly explained & noob Friendly
keep it coming
Click to expand...
Click to collapse
Ayush Singh said:
Great guide, will really help many people, not just to Arc owners but to all Xperia family
Click to expand...
Click to collapse
Thanks for these encouraging comments. You all are cordially welcome...

Awesome Guide
This is how its done!
Understanding that smali was a pain in the a**.
You just made this simpler to copy paste
Thank you!

Wonderful work man..
You ll soon be a great themer. Thanks for keeping 2011 xperias forum alive..:thumbup:
Cheers,
Vatsal

Nice work mate.. Nice write up. Way to go. Keep it up and hoping to see more of your works
Sent from my GT-P3110 using Tapatalk

Nice tutorial @BDFreak ...
Can you tell which apktool is recommended for use in this tutorial ?

karandpr said:
Nice tutorial @BDFreak ...
Can you tell which apktool is recommended for use in this tutorial ?
Click to expand...
Click to collapse
I am using THIS one. But I think you can use old versions too...

Ayush Singh said:
Great guide, will really help many people, not just to Arc owners but to all Xperia family
Click to expand...
Click to collapse
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar

devilmaycry2020 said:
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar
Click to expand...
Click to collapse
I meant all Xperia 2011 family

devilmaycry2020 said:
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar
Click to expand...
Click to collapse
Would be the same for atleast the 2011 Xperia Line up

devilmaycry2020 said:
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar
Click to expand...
Click to collapse
It's obvious that this will be different in 2012-13 xperias. But the main idea is quite same, like if you know where you have to look for

Nice tut! Its also not very complicated

i dont understand about "change the blue lines only" .what does it mean ? if my own different change it to same as yours ?

devilmaycry2020 said:
i dont understand about "change the blue lines only" .what does it mean ? if my own different change it to same as yours ?
Click to expand...
Click to collapse
Exactly. I mean yes...

BDFreak said:
Exactly. I mean yes...
Click to expand...
Click to collapse
i dont think so because i've modded this before and it work great but the only i missed was when i choose reboot or recovery it didn't show "Reboot" or "Recovery" tittle but only Power off. could you help me. thanks
basically my mod for TX as same as your but have some different
i can send to you all relate files for modding this, could you take a look to it. thanks

devilmaycry2020 said:
i dont think so because i've modded this before and it work great but the only i missed was when i choose reboot or recovery it didn't show "Reboot" or "Recovery" tittle but only Power off. could you help me. thanks
basically my mod for TX as same as your but have some different
i can send to you all relate files for modding this, could you take a look to it. thanks
Click to expand...
Click to collapse
Actually this tutorial is for 2011 Xperia phones. I didn't try in newer phones yet. But I will give it a try in my SP when times allow me.

[Q] Executing Shell Script on Preference Change/Click

I could really use a hand here, maybe with the right help, this can turn into a nice How To thread...
Here's the situation...
NOTE: I am on a Note 3 with Touchwiz Rom
I'd like to add a customization to my Settings.apk (this part's not the problem), and have it fire off a bash script on selection (whether it's a simple tap-the-setting, checkbox, list item, etc...)
Here is what I have thus far for my smali
Code:
.class public Lcom/android/settings/ExecSH;
.super Lcom/android/settings/SettingsPreferenceFragment;
.source "ExecSH.java"
.implements Landroid/preference/Preference$OnPreferenceChangeListener;
.implements Landroid/preference/Preference$OnPreferenceClickListener;
# direct methods
.method public onPreferenceTreeClick(Landroid/preference/PreferenceScreen;Landroid/preference/Preference;)Z
:try_start_0
const-string v2, Landroid/preference/Preference;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference; # String of command to fire off
invoke-static {v2}, Lcom/android/settings/ExecSH;->execRootCmdSilent(Ljava/lang/String;)I
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
.end method
.method public static execRootCmdSilent(Ljava/lang/String;)I
.locals 6
.parameter "paramString"
.prologue
.line 40
:try_start_0
const-string v4, "RootCmd"
invoke-static {v4, p0}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
.line 41
invoke-static {}, Ljava/lang/Runtime;->getRuntime()Ljava/lang/Runtime;
move-result-object v4
const-string v5, "su"
invoke-virtual {v4, v5}, Ljava/lang/Runtime;->exec(Ljava/lang/String;)Ljava/lang/Process;
move-result-object v2
.line 42
.local v2, localProcess:Ljava/lang/Process;
new-instance v0, Ljava/io/DataOutputStream;
invoke-virtual {v2}, Ljava/lang/Process;->getOutputStream()Ljava/io/OutputStream;
move-result-object v4
invoke-direct {v0, v4}, Ljava/io/DataOutputStream;-><init>(Ljava/io/OutputStream;)V
.line 44
.local v0, localDataOutputStream:Ljava/io/DataOutputStream;
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
invoke-virtual {v4, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
const-string v5, "\n"
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
.line 45
.local v3, str:Ljava/lang/String;
invoke-virtual {v0, v3}, Ljava/io/DataOutputStream;->writeBytes(Ljava/lang/String;)V
.line 46
invoke-virtual {v0}, Ljava/io/DataOutputStream;->flush()V
.line 47
const-string v4, "exit\n"
invoke-virtual {v0, v4}, Ljava/io/DataOutputStream;->writeBytes(Ljava/lang/String;)V
.line 48
invoke-virtual {v0}, Ljava/io/DataOutputStream;->flush()V
.line 49
invoke-virtual {v2}, Ljava/lang/Process;->waitFor()I
.line 50
invoke-virtual {v2}, Ljava/lang/Process;->exitValue()I
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
move-result v4
.line 55
.end local v0 #localDataOutputStream:Ljava/io/DataOutputStream;
.end local v2 #localProcess:Ljava/lang/Process;
.end local v3 #str:Ljava/lang/String;
:goto_0
return v4
.line 52
:catch_0
move-exception v1
.line 53
.local v1, localException:Ljava/lang/Exception;
invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V
.line 55
const/4 v4, 0x1
goto :goto_0
.end method
Will this do what I think it'll do? (I think it's grab the preference key and fire it off as a root command...