Is there a Brick Function In GingerBread - Thunderbolt Q&A, Help & Troubleshooting

There is a function I found in gingerbread that allows an app to "disable the entire phone permanently". I found this when searching through the framework.apk.
My questions are:
First am I right about this being a feature, because the text is definitely there?
Is this an enable feature that is accessible to apps with root access?
Is this a feature that would allow the MFG to disable the phone remotely?
Can this feature be removed?

In before "this should be in Q&A".
OP - Highly doubt it...

Code:
<string name="permlab_brick">permanently disable phone</string>
<string name="permdesc_brick">Allows the application to disable the entire phone permanently. This is very dangerous.</string>
These are the lines in the framework-res.apk
/res/values/strings.xml

Who knew Doctor Doom was on the HTC development team?

Could this be related to the lost or stolen phone service?
Could potentially be useful if you stayed logged in to PayPal or other banking institutions web sites.
Report the device,
Device becomes bricked.
No more stolen phones being sold and flashed to cricket or the likes.
sent from a sweet paper weight.

So, can we find out what this actually does?

g00s3y said:
In before "this should be in Q&A".
OP - Highly doubt it...
Click to expand...
Click to collapse
damn your just hittin all the threads with the "this should be in the Q&A department" today. thank god your here to police!

Since this thread is about weird applications, I decided to mess around with the build prop a little one day and test my limits with the dalvik heap and the density sizes
I set the dalvik heap to a insane size to see what it would do, Rosie went for a loop and some random application called "multiple packages " requested su... I denied it because I have no idea what iit was but what the hell was it?
>--The Game--<

superchilpil said:
Since this thread is about weird applications, I decided to mess around with the build prop a little one day and test my limits with the dalvik heap and the density sizes
I set the dalvik heap to a insane size to see what it would do, Rosie went for a loop and some random application called "multiple packages " requested su... I denied it because I have no idea what iit was but what the hell was it?
>--The Game--<
Click to expand...
Click to collapse
Multiple packages would be like the bamf tool kit and such. Any kind of native app that requests su permissions.
Sent from my ThunderBolt using XDA Premium App

just something amuzing to add to that if you get into the classes.dex in services check this out
theres a file called "brick reciever"
Code:
.class public Lcom/android/server/BrickReceiver;
.super Landroid/content/BroadcastReceiver;
.source "BrickReceiver.java"
# direct methods
.method public constructor <init>()V
.registers 1
.prologue
.line 25
invoke-direct {p0}, Landroid/content/BroadcastReceiver;-><init>()V
return-void
.end method
# virtual methods
.method public onReceive(Landroid/content/Context;Landroid/content/Intent;)V
.registers 5
.parameter "context"
.parameter "intent"
.prologue
.line 28
const-string v0, "BrickReceiver"
const-string v1, "!!! BRICKING DEVICE !!!"
invoke-static {v0, v1}, Landroid/util/Slog;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 29
const-string v0, "brick"
invoke-static {v0}, Landroid/os/SystemService;->start(Ljava/lang/String;)V
.line 30
return-void
.end method

These probably all have to do with the "lock phone" and "erase phone" features of htcsense.com
I'm pretty sure the thunderbolt wasn't officially htcsense.com supported until GB.. could be wrong just trying to not fear monger

Where can I find the tin foil hats ya'll wearing?

imneveral0ne said:
damn your just hittin all the threads with the "this should be in the Q&A department" today. thank god your here to police!
Click to expand...
Click to collapse
Wow, do you really follow my posts that much, that's kind of creepy. Considering there were only 2 threads that I did it in, and they were both posted around the exact time I signed on, well things happen. But still, you are kind of creepy, please stay away, thanks.

The brick command is several android versions. I know at least back to Froyo had it, maybe even Eclair. But yea, an app would have to declare that it wants rights to that permission. There are also apps that can detect which apps have access to it and block the rights. Check out privacy blocker in the market from Stericson I think? But you guys are right, its used for admins to be able to brick a lost or stolen phone remotely, its part of the enterprise android features say if the phone had sensitive data.
This is stuff I have read a few times, and I'm pretty sure it's accurate, I may not be dead on though.

mjones1052 said:
The brick command is several android versions. I know at least back to Froyo had it, maybe even Eclair. But yea, an app would have to declare that it wants rights to that permission. There are also apps that can detect which apps have access to it and block the rights. Check out privacy blocker in the market from Stericson I think? But you guys are right, its used for admins to be able to brick a lost or stolen phone remotely, its part of the enterprise android features say if the phone had sensitive data.
This is stuff I have read a few times, and I'm pretty sure it's accurate, I may not be dead on though.
Click to expand...
Click to collapse
I'm a system administrator and for kicks I did a remote kill from one of our exchange servers to my phone (after a nandroid backup) and all it does is a factory reset. It literally just pops up with the factory reset screen and then reboots after a second and it is back to stock. No bricking.
dwizzy130

Why are people always thinking cell phone companies will or even can kill you phone?

dalrym05 said:
Why are people always thinking cell phone companies will or even can kill you phone?
Click to expand...
Click to collapse
Its the radiation that emits from the cell phone signals finally getting into their brains.

dalrym05 said:
Why are people always thinking cell phone companies will or even can kill you phone?
Click to expand...
Click to collapse
Because big brother is watching, he is always watching. Man. (<--sarcasm)
Sent from my super duper deluxe rooted re-romed Thunderbolt. ( and yes, it can also wash my car AND do the dishes)

I Just found it interesting
Sent from my ADR6400L using XDA App

ThunderStick said:
There is a function I found in gingerbread that allows an app to "disable the entire phone permanently". I found this when searching through the framework.apk.
My questions are:
First am I right about this being a feature, because the text is definitely there?
Is this an enable feature that is accessible to apps with root access?
Is this a feature that would allow the MFG to disable the phone remotely?
Can this feature be removed?
Click to expand...
Click to collapse
Brick permission is even in aosp, nothing new.
Any app with root access can disable the phone (brick) without using the brick api
just wipe out hboot, and the phone wont ever boot again.

Related

com.google.android.hardware.nexus_one

The latest update added one file that seemed interesting:
/system/framework/com.google.android.hardware.nexus_one(.odex/.jar)
I was curious about what this did so i deodexed it and was baffled. It just contains one class which in turn has one static metod called isPhoneOn. It always returns true (duh, you really mean the phone is on if it's able to execute code?).
Any thoughts about what this possibly can be good for? Google seems a little to professional to ship this class/lib by accident. The only thing I can think of is that it could be used by other apps to ensure they run on stock Nexus One firmware. One trivial example:
Code:
try {
Class<?> c = Class.forName("com.google.android.hardware.nexus_one.NexusOneLibrary");
// Got here? Nexus One it is.
}
catch (ClassNotFoundException ex) {
// Some other device
}
If porting stuff from Nexus One stock to other ROMs in the future gives weird errors, it might be wise to remember this class. Your thoughts?
The code for the entire "library":
Code:
.class public final Lcom/google/android/hardware/nexus_one/NexusOneLibrary;
.super Ljava/lang/Object;
.source "NexusOneLibrary.java"
# direct methods
.method private constructor <init>()V
.registers 1
.prologue
.line 20
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
.method public static isPhoneOn()Z
.registers 1
.prologue
.line 26
const/4 v0, 0x1
return v0
.end method
Tracking N1 usage perhaps
Maybe something with the 3G fix? Maybe the radio was falling asleep and this is kind of like a wake up call that it refers to prior to shutting down (so in essence, it never shuts down). Dunno. Just guessing really.
its a kill switch that google can throw to disable the phone.....
hahahaha j/k, but u know some apple fanboi would say it
Definatly looks like the things you described.
It's probably there to provide HW checks to make device specific stuff for normal apps.
It will likely see a Droid version of this once they get the 2.1 update.

HBO Go app fc's

Anybody else have a problem with hbo go force closing when you press the sign in button?
probably because its not made for a tablet
It is actually in the market for the Sprint View 4G. I downloaded it but have the same FC issue. I works well on my Gtab though.
I saw an update for the HBO Go app in the market on my View. I installed it but it didn't fix the fc when trying to login.
Same for me. This app worked great on my Gtab. Not sure what the issue is.
I have this problem, both on a Flyer and a View. Also, similar issue trying to run Sirius XM App on both devices.
I read in another forum that Sprint has a proxy system in place by default on the Evo phones - perhaps this is what is causing our issues? This proxy setting does not allow streaming media of a certain kind (I can stream Pandora and Slacker). For the Evo phone, the instructions to bypass involve dialing a string of numbers to get into "god" mode, and disabling the proxy setting. I have no idea how to get into same mode on the View or Flyer - no dialing.
If this is the issue would streaming over WiFi work? HBO Go works on my Evo with no issues.
I have been doing some digging but I am not a programmer, the device is failing the deviceID check. I can decomplile the DEX file but don't know where to edit the program so it does not check the deviceID. This may be similar to issue with early versions of NetFlix. Here are the crash specifics:
Exception class name: java.lang.NullPointer Exception
Source file: LoginUtils.java
Source class: com.support.utils.LoginUtils
Source method: getDeviceID
Line: 494
Update from HBOGO:
Thank you for the email. Our team is aware of this issue and is working on a fix, however at this time we don’t have an estimate as to when that fix will be deployed. We apologize for this inconvenience.
Thanks,
The HBO GO Team
*HBO GO Mobile (HBO) <[email protected]>
Have you tried editing the build.prop in /system and changing it to a compatible phone model? I think you change the line product.device=flyer
This is one of the steps to get tegra games to play on non tegra devices and to access the tegra zone and I guess since it is not a hardware limitation in using the app it might work
Just tried that. If it doesn't require a reboot, it didn't help.
Sent from my DROID BIONIC using Tapatalk
Dod anyone get the hbo app to work on the view?
IMEI
Hello,
I believe that HBO Go reqiures an IMEI in order to work. If you are rooted you could try this http://forum.xda-developers.com/showthread.php?t=1103766. Not sure if it will work for the Flyer, but it's what is used for the Nook.
To do the Smali edits manually you could do try this:
Extract Classes.dex from framework.jar
Run Baksmali
In file out\android\telephony\TelephonyManager.smali
Change entire .method public getDeviceId with code below
Code:
method public getDeviceId()Ljava/lang/String;
.registers 4
.prologue
new-instance v1, Ljava/lang/StringBuilder;
const-string v2, "XX-XXXXX-XXXXX-XX"
invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v1
const-string v0, "Tag"
invoke-static {v0, v1}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
move-result v0
return-object v1
.end method
Replace The XX-XXXXX-XXXXX-XX with a number of your choice.
Rsotbiemrptson
Update: I have gotten HBO Go to work using the IMEI method. There was another instance of "method public getDeviceId" that had to be replaced. I will update when I can find the lines of code again.
Great work. I will try it on the View (which has an IMEI). I tried editing the build prop to mimic a Samsung Gtab without success.
Did you edit the HBO apk or the framework on the Flyer?
geebee1932 said:
Great work. I will try it on the View (which has an IMEI). I tried editing the build prop to mimic a Samsung Gtab without success.
Did you edit the HBO apk or the framework on the Flyer?
Click to expand...
Click to collapse
Hello,
I didn't edit the HBO app or the framework.apk, however I did edit the frameworj.jar file to spoof the IMEI.
There are two sections you need to replace.
The first is
.method public getDeviceId()Ljava/lang/String;
and the second is
.method public getDeviceId(Ljava/lang/StringLjava/lang/String;
Replace these whole sections with this.
Code:
method public getDeviceId()Ljava/lang/String;
.registers 4
.prologue
new-instance v1, Ljava/lang/StringBuilder;
const-string v2, "XX-XXXXX-XXXXX-XX"
invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v1
const-string v0, "Tag"
invoke-static {v0, v1}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
move-result v0
return-object v1
.end method
Replace The XX-XXXXX-XXXXX-XX with a number of your choice.
Rsotbiemrptson
Hate to sound stupid, but how did you edit the .jar file? I extracted it to my computer to work on. Thanks for your help.
Mike
geebee1932 said:
Hate to sound stupid, but how did you edit the .jar file? I extracted it to my computer to work on. Thanks for your help.
Mike
Click to expand...
Click to collapse
Hello,
You need to extract the classes.dex file from the jar file and use Baksmali/Smali to do the edits.
Rsotbiemrptson
It looks like the Evo View 4G may be different. In the framework.jar file there is no classes.dex file. There is a preloaded classes file. Maybe I am looking in the wrong spot when I decompile.
geebee1932 said:
It looks like the Evo View 4G may be different. In the framework.jar file there is no classes.dex file. There is a preloaded classes file. Maybe I am looking in the wrong spot when I decompile.
Click to expand...
Click to collapse
Hello,
It sounds like your rom isn't deodexed. In the framework folder there should be a framework.dex file, and that needs the edits done to it.
Rsotbiemrptson
There was an update in the market today that fixed the force closing when trying to sign in. Everything seems to be working on my wifi flyer
Sent from my HTC Flyer P512 using xda premium

[SUGGESTIONS][CHEFS] To chefs offering adblock for /etc/hosts

I was debugging on the phone, and all of a sudden I saw something that caught my eye:
Code:
D/FlurryAgent( 5172): Sending report to: http://data.flurry.com/aar.do
D/FlurryAgent( 5172): Report successful
I've checked the list of applications that I have installed (rename .apk to .zip and then use Total Commander to search for FlurryAgent within the archives) and I was almost shocked to see how many are containing a reference to the agent (within their classes.dex file).
I suspect that it wasn't put there for nothing ...
User britoso has provided a workaround here: you need to add three lines to /etc/hosts.
Chefs, please make sure your updates are including those three lines
PS: None of the applications asked if its ok to send usage data to analytics company flurry.com ...
sounds like the iphone scandal
andrewddickey said:
sounds like the iphone scandal
Click to expand...
Click to collapse
It seems so... we should be ready for valpurgis...
Ferrum Master said:
It seems so... we should be ready for valpurgis...
Click to expand...
Click to collapse
I'm not sure I get the connection...
There are *.flurry entries in the Adfree hosts file.
Ok, they said Flurry Analytics is to improve their apps. But, location? Is that really necessary? Glad I have Adfree installed.
Yea BC someone trying to steal/gain malicious information from u would go through the effort/be stupid enough to put evidence of it on logcat lol... come on ppl think. I mean I understand why this posted n more power to u. But if your THAT worried u need to be watching the traffic that doesn't broadcast it to yourself, not the traffic that does lol.
My 2 cents, take it for w/e its worth lol.
Sent from my Xoom using Tapatalk
blakwhite said:
There are *.flurry entries in the Adfree hosts file.
Click to expand...
Click to collapse
In my Adblock list I only found www.flurry.com, I'm still using V3.6 from wolf.
I guess I need a kernel with droid wall - and I will only allow certain applications to pass through.
And if some app requires internet connection and it doesn't tell me why beforehand, tough luck.
viulian said:
In my Adblock list I only found www.flurry.com, I'm still using V3.6 from wolf.
I guess I need a kernel with droid wall - and I will only allow certain applications to pass through.
And if some app requires internet connection and it doesn't tell me why beforehand, tough luck.
Click to expand...
Click to collapse
i recommend LBE Privacy Guard as well. It needs ONLY root and it allows you to totally take control over your apps' permissions
zmod already has these entries on hosts
Adolf1994 said:
i recommend LBE Privacy Guard as well. It needs ONLY root and it allows you to totally take control over your apps' permissions
Click to expand...
Click to collapse
Thanked, this is a very good app.

[DEV|APPv14] CIQ / HTC & Google Checkin / HTC loggers / Tell HTC Info & Removal

[DEV|APPv14] CIQ / HTC & Google Checkin / HTC loggers / Tell HTC Info & Removal
********LOGGING REVEAL***********
Over the past few weeks there has been alot about these "spyware" services running on our phones. I'm looking for dev input/a single place to document this all. I would also love for HTC to show us the real off switches for everything as they seem to make a big point about "opting out" lately - http://www.xda-developers.com/android/htcs-statement-regarding-ciq-data-collection/ This is all obviously more than just tell HTC crash reporting.
The only way I have found to "opt-out" is to make changes below. HARDLY an on/off switch. You can see my analysis of stock logs getting written and processes running even though i "opted out" of everything officially possible here, here , and here
Other devs, please chime in with your findings I also have a more non technical writeup, a poll and visio diagram up in general if you just want a quick and dirty picture of whats going on here
3 reasons I think this is important:
1- Where did I "opt-in" to this? It would be entirely one thing if it was like location, where an agree message pops up, but as for most of these I havent seen anything of the sorts. I would not care in the least if it was apparent.
2- Why does htc/sprint/google whoever need to waste my mobile data (goes through my airave, so its my bandwidth) and CPU cycles/battery logging?
3- Who the hell is getting my data?
Click to expand...
Click to collapse
Below are the services, and i believe what goes to what.
Google Checkin - /system/app/GoogleServicesFramework.apk. reports to https://android.clients.google.com/checkin see analysis here
-Dropbox Services- I had 500+ files in it including full logcat/dmesg etc. Synced on google checkin.
-App Usage Stats- what apps you use, install, uninstall time used uploaded with dropbox
CIQ
HTC/Sprint, not sure whose responsible for this. User Behavior Logging Service may be related
-You can see what info the app seems capable of sending here hidden test functions detailed here
Tell HTC - Tell HTC reports App crashes to HTC automatically. Even if you shut this off in htcstetupwizard it still runs and logs data.
HTC Loggers - Seems to log certain kernel events. Has a hidden UI See http://forum.xda-developers.com/showpost.php?p=17270348&postcount=44
HTC Checkin - sends recovery logs (real cute), app usage stats, dmesg, mobile data usage etc. See here
-HTC App Usage Stats. I believe these get get sent out when you "checkin"
HTC App Usage Stats is triggered on the following:
Code:
1 = ("com.htc.feedback", "feedback_usageOpt")
2 = ("com.android.browser", "user_action")
3 = ("com.android.htccontacts", "contact_type")
4 = ("com.android.htccontacts", "group_info")
5 = ("com.android.mms", "message_send")
6 = ("com.android.mms", "message_receive")
7 = ("com.android.mms", "message_count")
8 = ("com.android.phone", "user_action")
9 = ("com.android.phone", "settings_quietRing")
10 = ("com.android.phone", "settings_pocketMode")
11 = ("com.android.phone", "settings_flipForSpeaker")
12 = ("com.android.phone", "edit_b4_call")
13 = ("com.futuredial", "transfer_data")
14 = ("com.htc.album", "storage")
15 = ("com.htc.android.htcime", "press_duration")
16 = ("com.htc.android.htcime", "UDB_words")
17 = ("com.htc.android.htcime", "special_correction")
18 = ("com.htc.android.htcime", "WCL_cnt")
19 = ("com.htc.android.htcime", "duration_SIP")
20 = ("com.htc.android.htcime", "lang_key")
21 = ("com.htc.android.htcime", "voice_key")
22 = ("com.htc.android.htcime", "set_CIME")
23 = ("com.htc.android.htcime", "duration_SIP")
24 = ("com.htc.android.htcime", "user_action")
25 = ("com.htc.android.htcime", "waiting_time")
26 = ("com.htc.android.htcime", "fuzzy_pinYin")
27 = ("com.htc.android.htcsetupwizard", "is_sysTimeChanged")
28 = ("com.htc.android.htcsetupwizard", "feedback_usageOpt")
29 = ("com.htc.android.mail", "mail_count")
30 = ("com.htc.android.mail", "update_schedule")
31 = ("com.htc.android.mail", "default_mailsize")
32 = ("com.htc.android.mail", "widget_clickcount")
33 = ("com.htc.android.mail", "EAS_success")
34 = ("com.htc.launcher", "layout")
35 = ("com.htc.launcher", "scene")
36 = ("com.htc.launcher", "user_action")
37 = ("com.htc.launcher", "app_launch")
38 = ("com.htc.launcher", "leap_view")
39 = ("com.htc.launcher", "skin_picker")
40 = ("com.htc.music", "storage")
41 = ("device_status", "battery")
42 = ("device_status", "battery_low")
43 = ("device_status", "bluetooth")
44 = ("download_manager", "download")
45 = ("system_server", "application_launch")
46 = ("system_server", "activity_launch_history")
47 = ("system_server", "MRU_click")
48 = ("system_server", "activity_tabCount")
49 = ("system_server", "tab_index")
50 = ("system_server", "app_uninstalled")
51 = ("system_server", "launcher_downloaded")
Testing / Removal App​
Click to expand...
Click to collapse
I have also written an app to check these services easily. See all details for that here - http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
Manual Removal​
Click to expand...
Click to collapse
Part 1 - Framework.jar
Part 2 - Services.jar
Part 3 - Ramdisk/Kernel Source Misc Files
Click to expand...
Click to collapse
Framework.jar
Framework.jar -
Click to expand...
Click to collapse
/com/htc/utils/ulog/ULog.smali- this stops logging services from starting (removing init lines)
.method public static log(Lcom/htc/utils/ulog/ULogDataV
Code:
sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
if-nez v1, :cond_2
[B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
[B]MODDED LINE- [/B] goto :goto_0
.method private static log(Ljava/lang/StringV
Code:
:cond_1
sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
if-nez v1, :cond_2
[B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
[B]MODDED LINE- [/B] goto :goto_0
.method public static logStat(Lcom/htc/utils/ulog/ULogStatV
Code:
sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
if-nez v1, :cond_2
[B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
[B]MODDED LINE- [/B] goto :goto_0
/com/htc/profileflag/TellHtcController.smali - disables auto reporting to HTC
.method static constructor <clinit>()V
Code:
.locals 11
const/16 v9, 0xc
const/16 v6, -0x6b
[B]original line[/B] const/4 v8, 0x1
[B]modded line [/B] const/4 v8, 0x0
Code:
sget-object v5, Lcom/htc/profileflag/TellHtcController;->EnabledTellHtcDevice:[B
aget-byte v5, v5, v3
if-ne v5, v6, :cond_4
[B]original line[/B] const/4 v0, 0x1
[B]modded line[/B] const/4 v0, 0x0
.method public static isDisableErrorRport()Z
Code:
.locals 1
[B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_error_report:Z
[B]modded line[/B] const/4 v0, 0x1
return v0
.end method
.method public static isDisableUlog()Z
Code:
.locals 1
[B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_ulog:Z
[B]modded line[/B] const/4 v0, 0x1
return v0
.end method
.method public static isEnableAutoSend()Z
Code:
.locals 1
[B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->setting_enable_auto_send:Z
[B]modded line[/B] const/4 v0, 0x0
return v0
.end method
/com/htc/profileflag/HtcBuildFlag.smali Tells framework it was built without CIQ support
Code:
.field public static final HtcCIQFlag:Z = true [B]change to false[/B]
/com/android/internal/app/IHtcAppUsageStatsService$Stub.smali - Disables HTC app usagestats service
.method public static asInterface(Landroid/os/IBinderLcom/android/internal/app/IHtcAppUsageStatsService;
Code:
[B]replace WHOLE old method with just following[/B]
.locals 1
const/4 p0, 0x0
return-object p0
/com/android/internal/app/IUsageStats$Stub
.method public static asInterface(Landroid/os/IBinderLcom/android/internal/app/IUsageStats;
Code:
[B]replace WHOLE old method with just following[/B]
.locals 1
const/4 p0, 0x0
return-object p0
/android/provider/htcCheckin.smali htc/google checkin disable
Code:
[B]original[/B]
sput-boolean v0, Landroid/provider/htcCheckin;->bCHECKIN:Z
sput-boolean v0, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z
[B]modded[/B]
sput-boolean v1, Landroid/provider/htcCheckin;->bCHECKIN:Z
sput-boolean v1, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z
/android/net/http/htchttpiqagent.smali - IQ agent uploader (i think)
Code:
.field public static final CIQVersion:Ljava/lang/String; = "1.1.1" [B]change to "6.6.6" (anything > 3)[/B]
.field static final enableCIQ:Z = true [B]change to false[/B]
Code:
.locals 8
[B]original[/B] const/4 v2, 0x1
[B]modded[/B] const/4 v2, 0x0
const-wide/16 v4, 0x0
const/4 v3, 0x0
const-string v7, "EVDO"
const-string v6, "1.1.1" [B]anything > 3.0.0[/B]
const-string v0, "1.1.1" [B]anything > 3.0.0[/B]
const-string v0, "1.1.1" [B]anything > 3.0.0[/B]
Code:
.method public static getCIQFlag()Z
.locals 1
[B]original[/B] const/4 v0, 0x1
[B]modded[/B] const/4 v0, 0x0
return v0
.end method
/android/media/MediaCIQ
.method public static enableCIQ(Ljava/lang/StringZ
Code:
:cond_0
[B]original line[/B] const/4 v1, 0x1
[B]modded line[/B] const/4 v1, 0x0
:goto_0
return v1
:cond_1
const/4 v1, 0x0
goto :goto_0
/com/android/internal/telephony/SMSDispatcher.smali
Code:
.field public static final COMPILE_OPTION_CIQ_SUPPORT:Z = true [B]change to false[/B]
Services.jar -
Click to expand...
Click to collapse
/com/android/server/ulog:
Utils.smali-
.method static isTellHtcEnableAutoSend(Landroid/content/ContextZ
Code:
.locals 4
[B]original:[/B] const/4 v3, 0x1
[B]modded:[/B] const/4 v3, 0x0
.method static isUserProfilingSettingEnabled(Landroid/content/ContextZ
Code:
.locals 4
[B]original:[/B] const/4 v3, 0x1
[B]modded:[/B] const/4 v3, 0x0
UserBehaviorLoggingService.Smali
Code:
[B]original:[/B] const/4 v0, 0x1
[B]modded:[/B] const/4 v0, 0x0
iput-boolean v0, p0, Lcom/android/server/ulog/UserBehaviorLoggingService;->mEnableHTCUBLog:Z
PolicyStore$DefaultPolicyLoader.smali- Defaults for database on what to log.
There are 10000s of changes I made, just search for "1" and change to "0" (for the most part) These are the trigger actions
There are also 2 IPs, change to 127.0.0.1
Code:
const-string v2, "policy"
const-string v3, "url"
const-string v5, "175.41.155.212:2021"
Code:
const-string v2, "log"
const-string v3, "url"
const-string v5, "175.41.164.137:8000"
/com/android/server/ServerThread.smali- Dropbox/Userbehavior Disable
Code:
invoke-direct {v9, v6, v10}, Lcom/android/server/DropBoxManagerService;-><init>(Landroid/content/Context;Ljava/io/File;)V
[B]original:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
[B]modded:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V
Code:
invoke-direct {v9, v6}, Lcom/android/server/ulog/UserBehaviorLoggingService;-><init>(Landroid/content/Context;)V
[B]original:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
[B]Modded:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V
/com/android/server/am/HtcAppUsageStatsService.smali - this is the dreaded HTC logging that has no off switch. This is the only way I could disable by replacing full methods with nulls.
Code:
[B]remove all old junk and make these methods look exactly like this:[/B]
.method public notePackageRemoved(Ljava/lang/String;Ljava/lang/String;)V
.locals 0
return-void
.end method
.method public notePauseActivity(ILjava/lang/String;)V
.locals 0
return-void
.end method
.method public noteRecentTaskChange(Lcom/android/server/am/TaskRecord;)V
.locals 0
return-void
.end method
.method public noteResumeActivity(ILjava/lang/String;ZZ)V
.locals 1
return-void
.end method
.method public noteResumeActivity_pkg(ILjava/lang/String;Ljava/lang/String;ZZ)V
.locals 1
return-void
.end method
.method public publish(Landroid/content/Context;)V
.locals 0
return-void
.end method
.method public registerAppLaunchObserver(Lcom/android/internal/os/IHtcAppLaunchObserverV
Code:
.locals 5
.annotation system Ldalvik/annotation/Throws;
value = {
Landroid/os/RemoteException;
}
.end annotation
[B]original line:[/B] if-nez p1, :cond_0
[B]modded line:[/B] if-eqz p1, :cond_0
Apps/Libs/Services:
Click to expand...
Click to collapse
Code:
[B]/system/app/MyReportAgent.apk[/B] - tell htc
[B]/system/app/HtcLoggers.apk[/B] - writes to /data/data/com.htc.loggers/. Has a checksu function. [URL="http://forum.xda-developers.com/showpost.php?p=17270348&postcount=44"]Analysis here[/URL]
[B]/system/app/HTCIQAgent.apk[/B] - IQ agent app. Analysis [URL="http://forum.xda-developers.com/showpost.php?p=17316913&postcount=61"]here[/URL]
[B]/system/app/CheckinProvider.apk[/B] - HTC Checkin. [URL="http://forum.xda-developers.com/showpost.php?p=17332445&postcount=73"]Analysis here[/URL]
[B]/system/bin/htcipcd[/B] - HTC IPC server. [URL="http://forum.xda-developers.com/showpost.php?p=17366102&postcount=94"]Analysis here[/URL]
[B]/system/bin/iqfd[/B] - CIQ frontend daemon. [URL="http://forum.xda-developers.com/showpost.php?p=17365547&postcount=93"]Analysis here [/URL]
[B]/system/bin/iqd[/B] - CIQ backend daemon. [URL="http://forum.xda-developers.com/showpost.php?p=17365391&postcount=92"]Analysis here[/URL]
[B]/system/bin/androidvncserver[/B] - VNC remote screen display
[B]/system/bin/usbnet[/B] - config for local vnc
[B]/system/lib/libciq_client.so[/B] - ciq client lib
[B]/system/lib/libciq_htc.so[/B] - ciq lib
[B]/system/lib/libhtciqagent.so[/B] - ciq agent lib
[B]/system/etc/iqprofile.pro[/B] - has a url for [url]https://collector.iota.spcsdns.net:10003/collector/c[/url]
GSM/OTHER ROMS(For now)
[B]/system/app/RamdumpEnabler.apk"[/B]
[B]/sys/lib/libhtc_ramdump.so[/B]
[B]/system/app/NetLogger.apk[/B]
[B]/sys/lib/libhtc_netlogger.so[/B] - writes to /data/data/com.htc.android.netlogger/. Uses TCPDUMP!??!?!?!??!?!?! (SEE WIRESHARK)
Build.prop
Code:
[B]ril.iq.quickboot=1[/B] - IQ start
# Disable checkin/profiling services
ro.config.htc.nocheckin=1
ro.config.nocheckin=1
profiler.force_disable_err_rpt=1
profiler.force_disable_ulog=1
[B]ALL OF THESE MIGHT NOT NEED TO BE REMOVED[/B]
id guess at crash/checkin being bad. replace url with http://127.0.0.1 so you dont go to defaults.
# For FOTA setting (leave empty value to use default)
ro.htc.checkin.url = http://andchin.htc.com/android/checkin
ro.htc.checkin.crashurl = http://andchin.htc.com/android/crash
ro.htc.checkin.url_CN = http://andchin.htccomm.com.cn/android/checkin
ro.htc.checkin.crashurl_CN = http://andchin.htccomm.com.cn/android/crash
ro.htc.checkin.exmsg.url = http://fotamsg.htc.com/android/extra/
ro.htc.checkin.exmsg.url_CN = http://fotamsg.htccomm.com.cn/android/extra/
ro.htc.appupdate.url = http://apu-chin.htc.com/check-in/rws/and-app/update
ro.htc.appupdate.url_CN = http://apu-chin.htccomm.com.cn/check-in/rws/and-app/update
ro.htc.appupdate.exmsg.url = http://apu-msg.htc.com/extra-msg/rws/and-app/msg
ro.htc.appupdate.exmsg.url_CN = http://apu-msg.htccomm.com.cn/extra-msg/rws/and-app/msg
PLACES IN KERNEL/RAMDISK
Click to expand...
Click to collapse
PLEASE HAVE YOUR KERNEL DEV DISABLE STUFF IN THIS POST - http://forum.xda-developers.com/showpost.php?p=17327620&postcount=68
In ramdisk remove the following
Code:
#for CIQ ipc
mkdir /app-cache/ciq 0711 root system
mkdir /app-cache/ciq/socket 0777 root system
# HTC IPC server
service htcipcd /system/bin/htcipcd
user root
group root system
# CIQ backend daemon
service iqd /system/bin/iqd
user root
group root system
# CIQ frontend daemon
service iqfd /system/bin/iqfd
user root
group root system
service htc_ebdlogd /system/bin/htc_ebdlogd -s -k -P 7
user root
disabled
oneshot
ioprio idle 0
service htc_ebdlogd_rel /system/bin/htc_ebdlogd -s -k
user root
disabled
oneshot
ioprio idle 0
on property:ril.iq.quickboot=1
start iqfd
start iqd
# for vnc
service androidvncserver /system/bin/androidvncserver -a
disabled
oneshot
service usbnet /system/bin/usbnet on
disabled
oneshot
While your in ramdisk, you will want to change default.prop. Here we can hide our bootloader and unlock state from being reported to htc/sprint/google/whoever else. See - http://forum.xda-developers.com/showpost.php?p=18754843&postcount=279 The following two should be set in default.prop:
Code:
ro.lb=unknown
ro.bootloader=unknown
DIRECTORIES/ FILES USED:
Click to expand...
Click to collapse
After making all above changes, remove anything in the below directories than reboot. Make sure nothing new is being added
Code:
/data/anr/
/data/data/com.android.htcprofile/
/cache/recovery/
/data/wimax/log/
/devlog
/data/system/usagestats
/data/system/appusagestats
/data/system/dropbox
/data/system/userbehavior.db
/data/system/userbehavior.xml
/app-cache/ciq/
/app-cache/iqserver
/data/misc/agent_htc/
/data/data/com.htc.loggers/
For safety you can chmod 400 or 000. Doing this alone without above framework changes will result in errors on write
How to tell Services running on phone
Click to expand...
Click to collapse
Code:
adb reboot
adb shell
logcat | grep Service
also make sure you dont see iq stuff here
Code:
adb shell
getprop | grep svc
Well may grab a spot in case I find some too.....
Sent from my PG86100 using Tapatalk
Thank you all for the work you have done already and for future works to come.
Awesome work! Thanks!
Great work man
Thanks guys, im passing out for now ill update more later. Im pretty sure everything to disable all the services are there now, ill get into the places its in ramdisk/etc later.
Hopefully it gets my point across to HTC how freeking hard it is to shut this off, and that we need a real optout? This stuff is hardcoded everywhere, especially Htc App Usage crap, its really not ment to be shut off. It was alot of work tracing these methods all through framework.
My main goal was trying to find that off switch to completely shut it down, that way it wouldn't be running in the background wasting CPU time. I haven't had a chance to look at the kernel yet but framework wise it looks like there are multiple flags that can disable portions of it. A lot of the stuff I found was already covered by TrevE so I'll do my best not to post anything redundant.
This is mainly for cIQ
Files Involved(incomplete)
Code:
[I]Apks:[/I]
Browser.apk
Calculator.apk -- Front end?
HtcContacts.apk
HtcDialer.apk
HtcIQAgent.apk
IQRD.apk
SprintZoneNC.apk
[I]
Framework:[/I]
android.policy.jar
com.htc.framework.jar
framework.jar
services.jar
[I]Binaries:[/I]
htcipcd
htc_inittest
htc_timezonetest
iqd
iqfd
[I]
Libraries:[/I]
libciq_client.so
libcig_htc.so
libhtciq_agent.so
To prevent metrics data from being sent (still logs though) getCIQFlag()z in framework.jar -> HTChttpIQagent.java needs to return False
Im no dev like you guys in anyway so I may be completely wrong here as I also haven't looked at it much either.
I took the article as saying that on a crash report you will then have the option to opt-in and send a log of the event to HTC, or you could opt-out to not send one of that event. Their response I didn't take as the phone was constantly sending data/info to HTC from our phone, and more so that only on a crash would it poll up and send give you the option ot report or not.
could it be that we are seeing the phone log everything and not actually sending it to HTC till a crash happens and you get a pop up message? so in this case its not as harmful as first thought??
just an early east coast thought here. dissregard if im completely wrong guys.
sgt. slaughter said:
Im no dev like you guys in anyway so I may be completely wrong here as I also haven't looked at it much either.
I took the article as saying that on a crash report you will then have the option to opt-in and send a log of the event to HTC, or you could opt-out to not send one of that event. Their response I didn't take as the phone was constantly sending data/info to HTC from our phone, and more so that only on a crash would it poll up and send give you the option ot report or not.
could it be that we are seeing the phone log everything and not actually sending it to HTC till a crash happens and you get a pop up message? so in this case its not as harmful as first thought??
just an early east coast thought here. dissregard if im completely wrong guys.
Click to expand...
Click to collapse
Wether or not you opt in is decided when the phone is first setup. However, it looks like HTC's error logging is separate from the cIQ spyware that does the logging of your usage, what apps you use, websites, etc. That is always recording information and saving statistics about you regardless.
Edit: I did find a function that I believe will disable it but it appears to have been removed, I'm guessing during optimization.
Sent from my PG86100 using XDA Premium App
xHausx said:
Wether or not you opt in is decided when the phone is first setup. However, it looks like HTC's error logging is separate from the cIQ spyware that does the logging of your usage, what apps you use, websites, etc. That is always recording information and saving statistics about you regardless.
Edit: I did find a function that I believe will disable it but it appears to have been removed, I'm guessing during optimization.
Sent from my PG86100 using XDA Premium App
Click to expand...
Click to collapse
Im currently back on pure stock just rooted and s-off and went through setup again to see but only saw the google location reporting. Nothing on htc less its included as "other services" when it asks if you want to automatically sync data like gmail, calander, contacts,and other services.
So optimization wouldnt be when it was removed since im on stock here and dont see it.
My 2cents on it. I think its a attempt to be faster at fixing things and for regular users the reporting will help speed the process up as they wont have to email them over and over. That is l ok ng as it only sends data out after user says okay fir each instance.
For us here though it might not be needed at all since you guys are creeme of the crop and usually fix htc's stuff anyway.
Same with the ciq stuff. Just an attempt to know more about usage and help more in future hopefully. It coyld be used for bad things too but its def not a 100% sure neg thing for the reg user. Long as sprint uses the info un right way.
Sent from my PG86100 using XDA App
Thanks for the info bro, i was wondering how many things were involved.
sgt. slaughter said:
Im currently back on pure stock just rooted and s-off and went through setup again to see but only saw the google location reporting. Nothing on htc less its included as "other services" when it asks if you want to automatically sync data like gmail, calander, contacts,and other services.
So optimization wouldnt be when it was removed since im on stock here and dont see it.
My 2cents on it. I think its a attempt to be faster at fixing things and for regular users the reporting will help speed the process up as they wont have to email them over and over. That is l ok ng as it only sends data out after user says okay fir each instance.
For us here though it might not be needed at all since you guys are creeme of the crop and usually fix htc's stuff anyway.
Same with the ciq stuff. Just an attempt to know more about usage and help more in future hopefully. It coyld be used for bad things too but its def not a 100% sure neg thing for the reg user. Long as sprint uses the info un right way.
Sent from my PG86100 using XDA App
Click to expand...
Click to collapse
The point is not whether it's ultimately helpful. The point is that it's being done without the knowledge of the end user. The only opt-in stuff is strictly about telling HTC about force-closed apps. The stuff it's sending by and large isn't useful for that anyhow.
And there is not now, nor has there ever been ANY opt-in for CiQ. (Unless it's buried super deep in a licensing agreement or something). Bottom line here is that while I'm not OPPOSED to sending metrics to make things better in the future, I want the CHOICE of whether I do it or not. Since they didn't give me that choice I feel no moral qualms about having all of it completely disabled.
a little info
i have been having horrible network issues over the past week and have been on the phone with sprint more than i would like to admit trying to resolve them.. however i did get some "cool" information yesterday from the advanced tech that i was talking to.. he was trying to determine my data flow or something like that on my phones, so he was polling each phone independently, to pull the information from them (he actually was explaining it to me as he did).. he could pull information from each phone on my account except for mine (which obviously has had ciq and other spy stuff removed).. be he was baffled by it, and said that he didnt quite understand how my data from my phone was so sporatic, and he gave a timeline, of when it showed they could get data and when they couldnt, and it was almost completely in tune with when i either flashed back to stock, or a rom that didnt have the spy stuff in it.. but he said it was almost as if my phone were invisible to their network in that respect.. so removing this stuff is having an affect, at least seems to make so sprint cant just poll your phone at request.
i personally dont care one way or the other about the spyware, i understand the point for it, and the points against it.. i am just indifferent.. but keep up the amazing work, all of the devs here deserve all the respect and donations we can give..
pstevep said:
i have been having horrible network issues over the past week and have been on the phone with sprint more than i would like to admit trying to resolve them.. however i did get some "cool" information yesterday from the advanced tech that i was talking to.. he was trying to determine my data flow or something like that on my phones, so he was polling each phone independently, to pull the information from them (he actually was explaining it to me as he did).. he could pull information from each phone on my account except for mine (which obviously has had ciq and other spy stuff removed).. be he was baffled by it, and said that he didnt quite understand how my data from my phone was so sporatic, and he gave a timeline, of when it showed they could get data and when they couldnt, and it was almost completely in tune with when i either flashed back to stock, or a rom that didnt have the spy stuff in it.. but he said it was almost as if my phone were invisible to their network in that respect.. so removing this stuff is having an affect, at least seems to make so sprint cant just poll your phone at request.
i personally dont care one way or the other about the spyware, i understand the point for it, and the points against it.. i am just indifferent.. but keep up the amazing work, all of the devs here deserve all the respect and donations we can give..
Click to expand...
Click to collapse
Sorry for the quick OT post:
If you're having network issues the past week, check your PRL number. If it's not 21081 and is a 50 number, that's the issue. Downgrade PRL and your network problems should go away. I doubt it has anything to do with the spyware removal.
As for the 'not being seen on the network' that's common right after a phone is rooted, too, which is why you get an error 16 (most people do, anyhow) and have to have sprint refresh your phone on their network.
smw6180 said:
Sorry for the quick OT post:
If you're having network issues the past week, check your PRL number. If it's not 21081 and is a 50 number, that's the issue. Downgrade PRL and your network problems should go away. I doubt it has anything to do with the spyware removal.
As for the 'not being seen on the network' that's common right after a phone is rooted, too, which is why you get an error 16 (most people do, anyhow) and have to have sprint refresh your phone on their network.
Click to expand...
Click to collapse
yeah my prl is up to date with 21081, and has been rooted since the first day that revolutionary was released.. the network issues started a week or so ago and are affecting all the lines on my account, and they are all rooted.. which is why its a problem.. i appreciate the insight though..
pstevep said:
yeah my prl is up to date with 21081, and has been rooted since the first day that revolutionary was released.. the network issues started a week or so ago and are affecting all the lines on my account, and they are all rooted.. which is why its a problem.. i appreciate the insight though..
Click to expand...
Click to collapse
Weird. I still don't think it's because it's rooted....maybe a problem in your area. I have 3 rooted evo3ds in my house and another 5 (2 evo3d's) at my brother's 5 minutes from me and no issues, other than the PRL one. Hope you got it all straightened out.
Ok, sorry, I won't OT anymore.
smw6180 said:
The point is not whether it's ultimately helpful. The point is that it's being done without the knowledge of the end user. The only opt-in stuff is strictly about telling HTC about force-closed apps. The stuff it's sending by and large isn't useful for that anyhow.
And there is not now, nor has there ever been ANY opt-in for CiQ. (Unless it's buried super deep in a licensing agreement or something). Bottom line here is that while I'm not OPPOSED to sending metrics to make things better in the future, I want the CHOICE of whether I do it or not. Since they didn't give me that choice I feel no moral qualms about having all of it completely disabled.
Click to expand...
Click to collapse
This is _exactly_ my problem. HTCAppUsageStats is NOT ment to be disabled, from what ive seen it does NOT have an off switch. I dont know for sure this s CIQ, it could be its whole own animal for what i know. All i know is i can tell ya i dont remember clicking I AGREE, so i "opted out"
If you look in any HTC app (say rosie.apk) the service is attempted to be restarted every time you run the app, with no break for checking an off switch or something. see below:
Gets called on app start, bring to front:
Code:
boolean loadApplications(boolean flag, Launcher launcher, boolean flag1)
{
this;
JVM INSTR monitorenter ;
refreshUsageStatCache(launcher);
-----clipped
Code:
private static void refreshUsageStatCache(Context context)
{
HtcAppUsageStats ahtcappusagestats1[];
int i;
int j;
if(sUsageStatsService == null)
sUsageStatsService = new HtcUsageStats(context);
You can see when rosie gets brought to the front, stats gets started if its stopped. There is no check if (sUsageDisabled == true THEN blahbalh) it just runs.
Also notePackage* from /com/android/server/am/HtcAppUsageStatsService.smali needed the same stuff ripped from it , it will start itself if its not running and an app triggers something.(why i return void on everything)
Long story short, i dont see how an official off switch is possible for AppUsageStats in current code.
*edit* let me make this clear too, this appears to be writing in the same folders dumped to amazon cloud ips, this does not appear to have anything to do with the recent programs list. You can see when its _suppose_ to be triggered in default policy loader

[Q] Why would this Smali have so many random getClass() calls?

I've been poking around the Service Mode app from my T-Mobile Note 4. Most of it's pretty straightforward, but I've found a bunch of places that have seemingly useless chunks of getClass() calls. Here's an example: https://gist.github.com/mitchellmebane/1412c913a9d372555da6.
It's a call that should always succeed, that should have no side effects (since the class will already have been loaded), and whose return value is being ignored. Oh, and is being called 5 times at the start of a line, if the debug info is to be trusted. I don't see any check-cast ops, and I can't think of any reason you'd want to try casting constant integers to a class, anyway.
Am I missing something here? Did Samsung write some really weird code? Or is this a side effect of something gone wrong with the deodexing or baksmali process?

Categories

Resources