Developing - Galaxy S III Q&A, Help & Troubleshooting

I am slowly getting through the basics of apk decompiling, Editing, Debugging & recompiling.
Using tools like Apk Tool, Winrar, Notepad++ Winmerge, Adb .
first time I have touched an android or even done any kind of stuff like this was Early August 2012. So not long at all, now i have a question to the more experienced Devs. Eg; Lets just say I dont want increasing ringtone How do you pin point where in the apk to start editing i mean there are heaps of files its like looking for a needle in a haystack. One way I came close and pin pointed it is using a previous made mod and then used Winmerge to compare the differences, Problem is the differences in these to Apks is not just the Increasing ringtone, so when I winmerged them it picked out out the other differences Now this deffinatley narrowed it down. I have a feeling it has something to do with the Callnotifier.xml is this the only Xml?
Also Lets just say you dont have another apk to compare it to , how to you find out this stuff..
Another thing is I want to cook up a rom, but the way I want to do it is modding my own rom untill I am happy with it and then creating something like a nandroid without my personal data. then making it flashable for people. What tools is best used for this? I was thinking editing my nandroid and adding it to a cwm flash. but I think there is an easier way.
Thanks for you help

btemtd said:
I am slowly getting through the basics of apk decompiling, Editing, Debugging & recompiling.
Using tools like Apk Tool, Winrar, Notepad++ Winmerge, Adb .
first time I have touched an android or even done any kind of stuff like this was Early August 2012. So not long at all, now i have a question to the more experienced Devs. Eg; Lets just say I dont want increasing ringtone How do you pin point where in the apk to start editing i mean there are heaps of files its like looking for a needle in a haystack. One way I came close and pin pointed it is using a previous made mod and then used Winmerge to compare the differences, Problem is the differences in these to Apks is not just the Increasing ringtone, so when I winmerged them it picked out out the other differences Now this deffinatley narrowed it down. I have a feeling it has something to do with the Callnotifier.xml is this the only Xml?
Also Lets just say you dont have another apk to compare it to , how to you find out this stuff..
Another thing is I want to cook up a rom, but the way I want to do it is modding my own rom untill I am happy with it and then creating something like a nandroid without my personal data. then making it flashable for people. What tools is best used for this? I was thinking editing my nandroid and adding it to a cwm flash. but I think there is an easier way.
Thanks for you help
Click to expand...
Click to collapse
In my point of view,this is no shortcut,this is experience have been modified in the way
correct me,maybe i'm wrong!
Disable Increasing ringtone @secphone.apk\com\android\phone\Ringer$1.smali
delete every this code
Code:
setstreamvolume

thanks for your input.....It would now be good to have someone that has done this mod, to give us the 100% answer and maybe some extra advise/tips/tricks from their personal book of knowledge

Try the Android hacking forum on XDA
http://forum.xda-developers.com/
jje

I search, search and search the net for info on the mod i want. Some can be difficult to find the guides for.
If searching fails ill ask a dev for some info.
When it comes to comparing apks I will only do that if I know where the change needs to be then trial and error
Sent from my GT-I9305 using XDA Premium HD app

btemtd said:
thanks for your input.....It would now be good to have someone that has done this mod, to give us the 100% answer and maybe some extra advise/tips/tricks from their personal book of knowledge
Click to expand...
Click to collapse
I've 100% done this mod
disable increasing ringtone
http://www.mediafire.com/?72la46qi95j1d7b

leamoor said:
I've 100% done this mod
disable increasing ringtone
http://www.mediafire.com/?72la46qi95j1d7b
Click to expand...
Click to collapse
is this Disable Increasing ONLY mod?
And could you let me know what files inside the Secphone.apk you edited just for curiosty? was it the one file you stated above? Or did you port this mod?

btemtd said:
is this Disable Increasing ONLY mod?
And could you let me know what files inside the Secphone.apk you edited just for curiosty? Or did you port this mod?
Click to expand...
Click to collapse
yes,only disable Increasing ringtone!
this is exactly what i said @#2
decompile secphone/smali/com/android/phone/Ringer$1
delete red sentences
Code:
#setter for: Lcom/android/phone/Ringer;->mOriginRingtoneVolume:I
invoke-static {v1, v2}, Lcom/android/phone/Ringer;->access$702(Lcom/android/phone/Ringer;I)I
.line 571
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
iget-object v1, v1, Lcom/android/phone/Ringer;->mAudioManager:Landroid/media/AudioManager;
[COLOR="Red"]invoke-virtual {v1, v6, v4, v5}, Landroid/media/AudioManager;->setStreamVolume(III)V[/COLOR]
.line 573
const/4 v1, 0x7
const-wide/16 v2, 0x7d0
invoke-virtual {p0, v1, v2, v3}, Lcom/android/phone/Ringer$1;->sendEmptyMessageDelayed(IJ)Z
.line 578
:cond_4
:goto_2
invoke-virtual {v0}, Landroid/media/Ringtone;->play()V
.line 579
iget-object v2, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
monitor-enter v2
.line 580
:try_start_1
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mFirstRingStartTime:J
invoke-static {v1}, Lcom/android/phone/Ringer;->access$900(Lcom/android/phone/Ringer;)J
move-result-wide v3
const-wide/16 v5, 0x0
cmp-long v1, v3, v5
if-gez v1, :cond_5
.line 581
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J
move-result-wide v3
#setter for: Lcom/android/phone/Ringer;->mFirstRingStartTime:J
invoke-static {v1, v3, v4}, Lcom/android/phone/Ringer;->access$902(Lcom/android/phone/Ringer;J)J
.line 583
:cond_5
monitor-exit v2
goto/16 :goto_0
:catchall_0
move-exception v1
monitor-exit v2
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
throw v1
.line 546
:catchall_1
move-exception v1
:try_start_2
monitor-exit v2
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_1
throw v1
.line 563
:cond_6
invoke-virtual {v0, v5}, Landroid/media/Ringtone;->setRepeat(Z)V
goto :goto_1
.line 574
:cond_7
const-string v1, "extra_ringer"
invoke-static {v1}, Lcom/android/phone/PhoneFeature;->hasFeature(Ljava/lang/String;)Z
move-result v1
if-eqz v1, :cond_4
.line 575
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mExtraRinger:Lcom/android/phone/ExtraRinger;
invoke-static {v1}, Lcom/android/phone/Ringer;->access$800(Lcom/android/phone/Ringer;)Lcom/android/phone/ExtraRinger;
move-result-object v1
invoke-virtual {v1}, Lcom/android/phone/ExtraRinger;->startExtraRinger()V
goto :goto_2
.line 589
:pswitch_2
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
const-string v2, "mRingHandler: PLAY_TTS..."
#calls: Lcom/android/phone/Ringer;->log(Ljava/lang/String;Z)V
invoke-static {v1, v2, v4}, Lcom/android/phone/Ringer;->access$400(Lcom/android/phone/Ringer;Ljava/lang/String;Z)V
.line 591
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
iget-object v2, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
iget-object v2, v2, Lcom/android/phone/Ringer;->mContext:Landroid/content/Context;
invoke-static {v2, v4}, Lcom/android/phone/CallTextToSpeech;->getInstance(Landroid/content/Context;I)Lcom/android/phone/CallTextToSpeech;
move-result-object v2
#setter for: Lcom/android/phone/Ringer;->mCallTextToSpeech:Lcom/android/phone/CallTextToSpeech;
invoke-static {v1, v2}, Lcom/android/phone/Ringer;->access$1002(Lcom/android/phone/Ringer;Lcom/android/phone/CallTextToSpeech;)Lcom/android/phone/CallTextToSpeech;
.line 592
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mRingHandler:Landroid/os/Handler;
invoke-static {v1}, Lcom/android/phone/Ringer;->access$1100(Lcom/android/phone/Ringer;)Landroid/os/Handler;
move-result-object v1
if-eqz v1, :cond_0
.line 593
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mRingHandler:Landroid/os/Handler;
invoke-static {v1}, Lcom/android/phone/Ringer;->access$1100(Lcom/android/phone/Ringer;)Landroid/os/Handler;
move-result-object v1
const/4 v2, 0x5
invoke-virtual {v1, v2}, Landroid/os/Handler;->removeMessages(I)V
goto/16 :goto_0
.line 598
:pswitch_3
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
const-string v2, "mRingHandler: STOP_RING..."
#calls: Lcom/android/phone/Ringer;->log(Ljava/lang/String;Z)V
invoke-static {v1, v2, v4}, Lcom/android/phone/Ringer;->access$400(Lcom/android/phone/Ringer;Ljava/lang/String;Z)V
.line 599
iget-object v0, p1, Landroid/os/Message;->obj:Ljava/lang/Object;
.end local v0 #r:Landroid/media/Ringtone;
check-cast v0, Landroid/media/Ringtone;
.line 600
.restart local v0 #r:Landroid/media/Ringtone;
if-eqz v0, :cond_9
.line 602
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mCallTextToSpeech:Lcom/android/phone/CallTextToSpeech;
invoke-static {v1}, Lcom/android/phone/Ringer;->access$1000(Lcom/android/phone/Ringer;)Lcom/android/phone/CallTextToSpeech;
move-result-object v1
if-eqz v1, :cond_8
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mCallTextToSpeech:Lcom/android/phone/CallTextToSpeech;
invoke-static {v1}, Lcom/android/phone/Ringer;->access$1000(Lcom/android/phone/Ringer;)Lcom/android/phone/CallTextToSpeech;
move-result-object v1
invoke-virtual {v1}, Lcom/android/phone/CallTextToSpeech;->IsSpeakingTts()Z
move-result v1
if-eqz v1, :cond_8
.line 603
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mCallTextToSpeech:Lcom/android/phone/CallTextToSpeech;
invoke-static {v1}, Lcom/android/phone/Ringer;->access$1000(Lcom/android/phone/Ringer;)Lcom/android/phone/CallTextToSpeech;
move-result-object v1
invoke-virtual {v1}, Lcom/android/phone/CallTextToSpeech;->stopTts()V
.line 604
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#setter for: Lcom/android/phone/Ringer;->mCallTextToSpeech:Lcom/android/phone/CallTextToSpeech;
invoke-static {v1, v8}, Lcom/android/phone/Ringer;->access$1002(Lcom/android/phone/Ringer;Lcom/android/phone/CallTextToSpeech;)Lcom/android/phone/CallTextToSpeech;
.line 606
:cond_8
invoke-virtual {v0}, Landroid/media/Ringtone;->stop()V
.line 610
:goto_3
invoke-virtual {p0}, Lcom/android/phone/Ringer$1;->getLooper()Landroid/os/Looper;
move-result-object v1
invoke-virtual {v1}, Landroid/os/Looper;->quit()V
goto/16 :goto_0
.line 608
:cond_9
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
new-instance v2, Ljava/lang/StringBuilder;
invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V
const-string v3, "- STOP_RING with null ringtone! msg = "
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v2
invoke-virtual {v2, p1}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v2
#calls: Lcom/android/phone/Ringer;->log(Ljava/lang/String;Z)V
invoke-static {v1, v2, v4}, Lcom/android/phone/Ringer;->access$400(Lcom/android/phone/Ringer;Ljava/lang/String;Z)V
goto :goto_3
.line 614
:pswitch_4
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
new-instance v2, Ljava/lang/StringBuilder;
invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V
const-string v3, "RETURN_ORIGIN_VOLUME: "
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v2
iget-object v3, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mOriginRingtoneVolume:I
invoke-static {v3}, Lcom/android/phone/Ringer;->access$700(Lcom/android/phone/Ringer;)I
move-result v3
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v2
#calls: Lcom/android/phone/Ringer;->log(Ljava/lang/String;Z)V
invoke-static {v1, v2, v4}, Lcom/android/phone/Ringer;->access$400(Lcom/android/phone/Ringer;Ljava/lang/String;Z)V
.line 615
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
iget-object v1, v1, Lcom/android/phone/Ringer;->mAudioManager:Landroid/media/AudioManager;
iget-object v2, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mOriginRingtoneVolume:I
invoke-static {v2}, Lcom/android/phone/Ringer;->access$700(Lcom/android/phone/Ringer;)I
move-result v2
[COLOR="Red"] invoke-virtual {v1, v6, v2, v5}, Landroid/media/AudioManager;->setStreamVolume(III)V[/COLOR]
.line 616
const-string v1, "extra_ringer"
invoke-static {v1}, Lcom/android/phone/PhoneFeature;->hasFeature(Ljava/lang/String;)Z
move-result v1
if-eqz v1, :cond_0
.line 617
iget-object v1, p0, Lcom/android/phone/Ringer$1;->this$0:Lcom/android/phone/Ringer;
#getter for: Lcom/android/phone/Ringer;->mExtraRinger:Lcom/android/phone/ExtraRinger;
invoke-static {v1}, Lcom/android/phone/Ringer;->access$800(Lcom/android/phone/Ringer;)Lcom/android/phone/ExtraRinger;

I am so confused now as i just tried to decompile the same secphone.apk as i did before which worked, it also worked now but it gave this message
with your apk and my own something like could not decode replacing by false value: drawable *****bla bla/calll video icon.png
My apk said could not find 9patch chunk in file and all of a sudden it is doing this i did nothing!! each apk repeated this message with a few differnet files. Now how and why would it do this for no reason. it has always decompiled flawlessly. now it seems like there are missing files weirddd.
PS how did you locate that line, It would be almost in possible to search for that with no leads

btemtd said:
I am so confused now as i just tried to decompile the same secphone.apk as i did before which worked, it also worked now but it gave this message
with your apk and my own something like could not decode replacing by false value: drawable *****bla bla/calll video icon.png
My apk said could not find 9patch chunk in file and all of a sudden it is doing this i did nothing!! each apk repeated this message with a few differnet files. Now how and why
Click to expand...
Click to collapse
This is the method i from i9000 alreay know(i decompile some devs mod and fround it)
What version apktool are you used?Modifed code apk some apktool can not compile and decompile them
maybe for this reason,i used two sets of apktool to compile and decompile jelly bean apk
i'm use apktool 1.4.3 to decomplie,apktool 1.4.2 to compile,hope this can help.

but the funny thing this only just happened now it showing these weird errors, but the file is decompiled , but before it nevr showed these errors. They are more like files or certain things not found... not really errors. thanks anyways

here is the screen shot of these weird messages i have NEVER seen them before when decompiing does anyone know what they are, and why is it saying that

OK I removed that line that you said setstreamvolume etc,,,,,, now check out what happened wen i tried to compile it. I really dont get it now this would of happened if i didnt remove the line as it already happened even when i decompiled
has anyone seen this

btemtd said:
OK I removed that line that you said setstreamvolume etc,,,,,, now check out what happened wen i tried to compile it. I really dont get it now this would of happened if i didnt remove the line as it already happened even when i decompiled
has anyone seen this
Click to expand...
Click to collapse
Because your apktool can not compile modified apk
try use another apktool compile them
upload your apk here,for test compile and decompile

leamoor said:
Because your apktool can not compile modified apk
try use another apktool compile them
upload your apk here,for test compile and decompile
Click to expand...
Click to collapse
but this seems too strange i already made a mod 5x6 touchwiz layout... and it compiled perfectt.
Do you think i hould get the latest apktool?

btemtd said:
but this seems too strange i already made a mod 5x6 touchwiz layout... and it compiled perfectt.
Do you think i hould get the latest apktool?
Click to expand...
Click to collapse
Yes,this is strange,but sometimes happen ,
apktool I will suggestion you get the latest one!

Related

[TUT][LSJ] How to add quad targates in AOSP lockscreen

Hello Friends this is mine tutorial for quad targates in aosp lockscreen You can direct me here But when according to that tut when you decompile framework.jar you wont find any widget folder .
So my tut has very little change but fully wokring for XXLSJ rom
FOR WORKING quad targates you must have an AOSP lockscreen this tutorial is for adding over all quad targates to AOSP lockscreen
i m providing only smali part
Now Please start following the instuction with that tag.
Framework-res.apk Editing
[SMALI]
Decompile your framework-res.apk
Put ic_lockscreen_phone_activated.png, ic_lockscreen_phone_normal.png, ic_lockscreen_sms_activated.png, ic_lockscreen_sms_normal.png in /res/drawable-hdpi/
[SMALI]
Put ic_lockscreen_phone.xml, ic_lockscreen_sms.xml in /res/drawable/
[SMALI]
Open /res/values/arrays.xml
[SMALI]/
Replace the whole array .. with:
Code:
@drawable/ic_lockscreen_unlock
@drawable/ic_lockscreen_sms
@drawable/ic_action_assist_generic
@drawable/ic_lockscreen_phone
@drawable/ic_lockscreen_camera
@null
@null
@null
Replace the whole array .. with:
Code:
@string/description_target_unlock
@string/description_target_sms
@string/description_target_search
@string/description_target_phone
@string/description_target_camera
@null
@null
@null
[SMALI]
Open /res/values-land/arrays.xml
[SMALI]/
Replace the whole array .. with:
Code:
@null
@null
@drawable/ic_lockscreen_unlock
@drawable/ic_lockscreen_sms
@drawable/ic_action_assist_generic
@drawable/ic_lockscreen_phone
@drawable/ic_lockscreen_camera
@null
Replace the whole array .. with:
Code:
@null
@null
@string/description_target_unlock
@string/description_target_sms
@string/description_target_search
@string/description_target_phone
@string/description_target_camera
@null
[SMALI]
Open /res/values/strings.xml
[SMALI]/
Add the following entries:
Code:
Sms
Phone
Recompile your framework
framework editing:
[SMALI]
Disassemble your framework2.jar
Edit /com/android/internal/widget/multiwaveview/GlowPadView.smali and replace the whole methods ".method private getDirectionDescription(I)Ljava/lang/String;" and ".method private getTargetDescription(I)Ljava/lang/String;" with the following methods:
Code:
.method private getDirectionDescription(I)Ljava/lang/String;
.locals 4
.parameter "index"
.prologue
.line 1119
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
if-eqz v2, :cond_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->isEmpty()Z
move-result v2
if-eqz v2, :cond_1
.line 1120
:cond_0
iget v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptionsResourceId:I
invoke-direct {p0, v2}, Lcom/android/internal/widget/multiwaveview/GlowPadView;->loadDescriptions(I)Ljava/util/ArrayList;
move-result-object v2
iput-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
.line 1121
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDrawables:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v2
iget-object v3, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
invoke-virtual {v3}, Ljava/util/ArrayList;->size()I
move-result v3
if-eq v2, v3, :cond_1
.line 1122
const-string v2, "GlowPadView"
const-string v3, "The number of target drawables must be equal to the number of direction descriptions."
invoke-static {v2, v3}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 1124
const/4 v0, 0x0
.line 1133
:goto_0
return-object v0
.line 1130
:cond_1
:try_start_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mDirectionDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2, p1}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v0
check-cast v0, Ljava/lang/String;
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
.line 1131
.local v0, directionZ:Ljava/lang/String;
goto :goto_0
.line 1132
.end local v0 #directionZ:Ljava/lang/String;
:catch_0
move-exception v1
.line 1133
.local v1, e:Ljava/lang/Exception;
const-string v0, ""
goto :goto_0
.end method
Code:
.method private getTargetDescription(I)Ljava/lang/String;
.locals 4
.parameter "index"
.prologue
.line 1099
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
if-eqz v2, :cond_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->isEmpty()Z
move-result v2
if-eqz v2, :cond_1
.line 1100
:cond_0
iget v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptionsResourceId:I
invoke-direct {p0, v2}, Lcom/android/internal/widget/multiwaveview/GlowPadView;->loadDescriptions(I)Ljava/util/ArrayList;
move-result-object v2
iput-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
.line 1101
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDrawables:Ljava/util/ArrayList;
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v2
iget-object v3, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
invoke-virtual {v3}, Ljava/util/ArrayList;->size()I
move-result v3
if-eq v2, v3, :cond_1
.line 1102
const-string v2, "GlowPadView"
const-string v3, "The number of target drawables must be equal to the number of target descriptions."
invoke-static {v2, v3}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 1104
const/4 v1, 0x0
.line 1114
:goto_0
return-object v1
.line 1109
:cond_1
const-string v1, ""
.line 1111
.local v1, targetZ:Ljava/lang/String;
:try_start_0
iget-object v2, p0, Lcom/android/internal/widget/multiwaveview/GlowPadView;->mTargetDescriptions:Ljava/util/ArrayList;
invoke-virtual {v2, p1}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v2
move-object v0, v2
check-cast v0, Ljava/lang/String;
move-object v1, v0
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
goto :goto_0
.line 1112
:catch_0
move-exception v2
goto :goto_0
.end method
Recompile your framework2.jar
Now we're done with the framework2.jar now we need to modify that last file android.policy.jar
[SMALI]
Disassemble your android.policy.jar
Edit /com/android/internal/policy/impl/LockScreen.smali and add the following methods:
Code:
.method static synthetic access$1400(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
.locals 1
.parameter "x0"
.prologue
.line 56
iget-object v0, p0, Lcom/android/internal/policy/impl/LockScreen;->mContext:Landroid/content/Context;
return-object v0
.end method
.method static synthetic access$1500(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
.locals 1
.parameter "x0"
.prologue
.line 56
iget-object v0, p0, Lcom/android/internal/policy/impl/LockScreen;->mContext:Landroid/content/Context;
return-object v0
.end method
Edit /com/android/internal/policy/impl/LockScreen$GlowPadViewMethods.smali.
Replace the whole method onTrigger with:
Code:
.method public onTrigger(Landroid/view/View;I)V
.locals 7
.parameter "v"
.parameter "target"
.prologue
const/high16 v6, 0x1000
.line 313
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->mGlowPadView:Lcom/android/internal/widget/multiwaveview/GlowPadView;
invoke-virtual {v4, p2}, Lcom/android/internal/widget/multiwaveview/GlowPadView;->getResourceIdForTarget(I)I
move-result v3
.line 321
.local v3, resId:I
sparse-switch v3, :sswitch_data_0
.line 367
:goto_0
return-void
.line 323
:sswitch_0
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$1200(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
move-result-object v4
invoke-static {v4}, Landroid/app/SearchManager;->getAssistIntent(Landroid/content/Context;)Landroid/content/Intent;
move-result-object v0
.line 324
.local v0, assistIntent:Landroid/content/Intent;
if-eqz v0, :cond_0
.line 325
invoke-direct {p0, v0}, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->launchActivity(Landroid/content/Intent;)V
.line 329
:goto_1
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->pokeWakelock()V
goto :goto_0
.line 327
:cond_0
const-string v4, "LockScreen"
const-string v5, "Failed to get intent for assist activity"
invoke-static {v4, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_1
.line 333
.end local v0 #assistIntent:Landroid/content/Intent;
:sswitch_1
new-instance v4, Landroid/content/Intent;
const-string v5, "android.media.action.STILL_IMAGE_CAMERA"
invoke-direct {v4, v5}, Landroid/content/Intent;->(Ljava/lang/String;)V
invoke-direct {p0, v4}, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->launchActivity(Landroid/content/Intent;)V
.line 334
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->pokeWakelock()V
goto :goto_0
.line 339
:sswitch_2
new-instance v2, Landroid/content/Intent;
const-string v4, "android.intent.action.MAIN"
invoke-direct {v2, v4}, Landroid/content/Intent;->(Ljava/lang/String;)V
.line 340
.local v2, phoneIntent:Landroid/content/Intent;
const-string v4, "com.android.contacts"
const-string v5, "com.android.contacts.activities.DialtactsActivity"
invoke-virtual {v2, v4, v5}, Landroid/content/Intent;->setClassName(Ljava/lang/String;Ljava/lang/String;)Landroid/content/Intent;
.line 341
invoke-virtual {v2, v6}, Landroid/content/Intent;->setFlags(I)Landroid/content/Intent;
.line 342
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$1300(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
move-result-object v4
invoke-virtual {v4, v2}, Landroid/content/Context;->startActivity(Landroid/content/Intent;)V
.line 343
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->goToUnlockScreen()V
goto :goto_0
.line 348
.end local v2 #phoneIntent:Landroid/content/Intent;
:sswitch_3
new-instance v1, Landroid/content/Intent;
const-string v4, "android.intent.action.MAIN"
invoke-direct {v1, v4}, Landroid/content/Intent;->(Ljava/lang/String;)V
.line 349
.local v1, mmsIntent:Landroid/content/Intent;
const-string v4, "com.android.mms"
const-string v5, "com.android.mms.ui.ConversationList"
invoke-virtual {v1, v4, v5}, Landroid/content/Intent;->setClassName(Ljava/lang/String;Ljava/lang/String;)Landroid/content/Intent;
.line 350
invoke-virtual {v1, v6}, Landroid/content/Intent;->setFlags(I)Landroid/content/Intent;
.line 351
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$1400(Lcom/android/internal/policy/impl/LockScreen;)Landroid/content/Context;
move-result-object v4
invoke-virtual {v4, v1}, Landroid/content/Context;->startActivity(Landroid/content/Intent;)V
.line 352
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->goToUnlockScreen()V
goto :goto_0
.line 357
.end local v1 #mmsIntent:Landroid/content/Intent;
:sswitch_4
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$500(Lcom/android/internal/policy/impl/LockScreen;)V
.line 358
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->pokeWakelock()V
goto/16 :goto_0
.line 364
:sswitch_5
iget-object v4, p0, Lcom/android/internal/policy/impl/LockScreen$GlowPadViewMethods;->this$0:Lcom/android/internal/policy/impl/LockScreen;
invoke-static {v4}, Lcom/android/internal/policy/impl/LockScreen;->access$400(Lcom/android/internal/policy/impl/LockScreen;)Lcom/android/internal/policy/impl/KeyguardScreenCallback;
move-result-object v4
invoke-interface {v4}, Lcom/android/internal/policy/impl/KeyguardScreenCallback;->goToUnlockScreen()V
goto/16 :goto_0
.line 321
:sswitch_data_0
.sparse-switch
0x010802cd -> :sswitch_0
0x01080328 -> :sswitch_1
0x01080344 -> :sswitch_4
0x0108034f -> :sswitch_5
0x01080352 -> :sswitch_5
0x01080a4d -> :sswitch_2
0x01080a50 -> :sswitch_3
.end sparse-switch
.end method
Recompile and you're good to go!
I dont work only for thanks i work for my passion toward android too but if you will press thanks it will help me
Credits
atl4ntis for base tutorial
reserved
i used this one time ago: http://forum.xda-developers.com/showthread.php?t=2011461 pretty "same"
Mirko ddd said:
i used this one time ago: http://forum.xda-developers.com/showthread.php?t=2002620 pretty "same"
Click to expand...
Click to collapse
its for adding more targates to AOSP lockscreen
there is no link between mine and the one you give bcz i m not providing how to FOR TOGGLEING AOSP N TW LOCKSCREEN
ICS_XD said:
its for adding more targates to AOSP lockscreen
there is no link between mine and the one you give bcz i m not providing how to FOR TOGGLEING AOSP N TW LOCKSCREEN
Click to expand...
Click to collapse
sorry i linked wrong thing http://forum.xda-developers.com/showthread.php?t=2011461
this one is the same
Mirko ddd said:
sorry i linked wrong thing http://forum.xda-developers.com/showthread.php?t=2011461
this one is the same
Click to expand...
Click to collapse
I dont know
But i modified one which i linked in thread
Btw when i check the thread you gave previous
It will same like you post for LSJ ?
Toggle for TW n Aosp lockscreen
Sent from my GT-I9400 using Tapatalk
ICS_XD said:
I dont know
But i modified one which i linked in thread
Btw when i check the thread you gave previous
It will same like you post for LSJ ?
Toggle for TW n Aosp lockscreen
Sent from my GT-I9400 using Tapatalk
Click to expand...
Click to collapse
for sure is not the same as u can see mine consists to reuse an existings code and made it noobproof.
as u are not even explaining what this is
Code:
.line 321
:sswitch_data_0
.sparse-switch
0x010802cd -> :sswitch_0
0x01080328 -> :sswitch_1
0x01080344 -> :sswitch_4
0x0108034f -> :sswitch_5
0x01080352 -> :sswitch_5
0x01080a4d -> :sswitch_2
0x01080a50 -> :sswitch_3
.end sparse-switch
.end method
people may have different public values leading them into bootloops
Mirko ddd said:
for sure is not the same as u can see mine consists to reuse an existings code and made it noobproof.
as u are not even explaining what this is
Code:
.line 321
:sswitch_data_0
.sparse-switch
0x010802cd -> :sswitch_0
0x01080328 -> :sswitch_1
0x01080344 -> :sswitch_4
0x0108034f -> :sswitch_5
0x01080352 -> :sswitch_5
0x01080a4d -> :sswitch_2
0x01080a50 -> :sswitch_3
.end sparse-switch
.end method
people may have different public values leading them into bootloops
Click to expand...
Click to collapse
These values are not from that thread
These values are of LSJ rom i think these values will work on any LSJ rom ?
Isin't
Sent from my GT-I9400 using Tapatalk
ICS_XD said:
These values are not from that thread
These values are of LSJ rom i think these values will work on any LSJ rom ?
Isin't
Sent from my GT-I9400 using Tapatalk
Click to expand...
Click to collapse
suppose for a while that the guys who s applying your tutorial has one more png file on his framework-res.apk, or that the one u have has it, public valus will mismatch
noobproof is well explained, not easy to copy
Mirko ddd said:
suppose for a while that the guys who s applying your tutorial has one more png file on his framework-res.apk, or that the one u have has it, public valus will mismatch
noobproof is well explained, not easy to copy
Click to expand...
Click to collapse
Oh thanks mate
I will be updating thread tomorrow
Thanks for the help
Sent from my GT-I9100G using xda premium
ICS_XD said:
Oh thanks mate
I will be updating thread tomorrow
Thanks for the help
Sent from my GT-I9100G using xda premium
Click to expand...
Click to collapse
nice target is provide safer and detailed as possible guides
收件人: [TUT][LSJ] How to add quad targates in AOSP lockscreen
have a look. thx
Sent from my HTC X515d using xda premium

Modifying NfcNci.apk so that it doesn't care about Deodex.

Just for the sake of transparency Here is a quick rundown of the process for everyone to see.
High level overview:
1. ) baksmali classes.dex from NfcNci.apk
2. ) Mod the resulting smali.
3. ) smali, and inject back into NfcNci.apk
Since this is the dev section I will focus on step 2 you can read about steps 1 and 3 elsewhere. For the sake of this example I will be working with the system dump from the original release of the gt-i9505g (S4 Google Edition) System Software.
What you are looking for is this function contained in the NfcIntegrityChecker class:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
If we track back the exception error message that comes up in the debug log ("Client module is tampered"), you will see that the text is contained in the NfcService class within the function ".method public enforceNfcIntegrity()V"
Code:
.method public enforceNfcIntegrity()V
.locals 3
.prologue
.line 470
iget-object v1, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
monitor-enter v1
.line 471
:try_start_0
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
invoke-virtual {v0}, Lcom/android/nfc/NfcIntegrityChecker;->getStatus()I
move-result v0
const/4 v2, 0x3
if-ne v0, v2, :cond_0
.line 472
new-instance v0, Ljava/lang/SecurityException;
const-string v2, "NfcIntegrityChecker is not on the proper status"
invoke-direct {v0, v2}, Ljava/lang/SecurityException;-><init>(Ljava/lang/String;)V
throw v0
.line 480
:catchall_0
move-exception v0
monitor-exit v1
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
throw v0
.line 475
:cond_0
:try_start_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
invoke-virtual {v0}, Lcom/android/nfc/NfcIntegrityChecker;->getStatus()I
move-result v0
const/4 v2, 0x2
if-eq v0, v2, :cond_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
const-string v2, "client"
invoke-virtual {v0, v2}, Lcom/android/nfc/NfcIntegrityChecker;->checkIntegrity(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
const-string v2, "clientlib"
invoke-virtual {v0, v2}, Lcom/android/nfc/NfcIntegrityChecker;->checkIntegrity(Ljava/lang/String;)Z
move-result v0
if-nez v0, :cond_2
.line 478
:cond_1
new-instance v0, Ljava/lang/SecurityException;
const-string v2, "Client module is tampered"
invoke-direct {v0, v2}, Ljava/lang/SecurityException;-><init>(Ljava/lang/String;)V
throw v0
.line 480
:cond_2
monitor-exit v1
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.line 481
return-void
.end method
If we follow the flow of the application we see that the code for this failure is only reached if the function call to
Code:
checkIntegrity(Ljava/lang/String;)Z
returns false, or the status is not properly set. (the 'Z' at the end means it returns a boolean).
There are two ways to handle this. We can either patch out the call to checkIntegrity entirely (jump over it, or literally remove the calls), or we can modify the checkIntegrity function so that it always returns true.
So, let's look at the checkIntegrity function:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 11
.parameter "type"
.prologue
const/4 v10, 0x2
const/4 v9, 0x1
const/4 v8, 0x0
.line 293
iget-object v5, p0, Lcom/android/nfc/NfcIntegrityChecker;->mModuleMap:Ljava/util/HashMap;
invoke-virtual {v5, p1}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v2
check-cast v2, Ljava/util/ArrayList;
.line 294
.local v2, modules:Ljava/util/ArrayList;,"Ljava/util/ArrayList<[Ljava/lang/String;>;"
const/4 v1, 0x0
.line 295
.local v1, module:[Ljava/lang/String;
const/4 v3, 0x1
.line 296
.local v3, ret:Z
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v4
.line 298
.local v4, size:I
const/4 v0, 0x0
.local v0, i:I
:goto_0
if-ge v0, v4, :cond_2
.line 299
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v1
.end local v1 #module:[Ljava/lang/String;
check-cast v1, [Ljava/lang/String;
.line 301
.restart local v1 #module:[Ljava/lang/String;
if-eqz v1, :cond_0
array-length v5, v1
if-eq v5, v10, :cond_4
.line 302
:cond_0
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_1
const-string v5, "NfcIntegrityChecker"
const-string v6, "checkIntegrity module format error"
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 303
:cond_1
const/4 v3, 0x0
.line 314
:cond_2
:goto_1
if-nez v3, :cond_3
iput v10, p0, Lcom/android/nfc/NfcIntegrityChecker;->mStatus:I
.line 316
:cond_3
return v3
.line 307
:cond_4
aget-object v5, v1, v8
aget-object v6, v1, v9
invoke-direct {p0, v5, v6}, Lcom/android/nfc/NfcIntegrityChecker;->checkModuleIntegrity(Ljava/lang/String;Ljava/lang/String;)Z
move-result v5
if-nez v5, :cond_6
.line 308
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_5
const-string v5, "NfcIntegrityChecker"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "checkModuleIntegrity "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v8
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
const-string v7, " tampered : "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v9
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 309
:cond_5
const/4 v3, 0x0
.line 310
goto :goto_1
.line 298
:cond_6
add-int/lit8 v0, v0, 0x1
goto :goto_0
.end method
There is only one return statement, so this should be a simple matter of setting our value, and calling return. In some cases there is code that your application needs to run in order to function, so usually a light touch is a good idea, but in this case all of the code is there to run various checks so we can skip most of it.
The easiest way would be to replace the whole function with this:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 2
.parameter "type"
.prologue
const/4 v0, 0x1
return v0
.end method
But that method never sat right with me (old school c++ cracking I guess), so I prefer something like this:
add a goto, and modify the constant here:
.line 303
:cond_1
:goto_666
const/4 v3, 0x1
then add the following line to the beginning of the function (after the .prologue)
goto :goto_666
We end up with something like this:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 11
.parameter "type"
.prologue
const/4 v10, 0x2
const/4 v9, 0x1
const/4 v8, 0x0
goto :goto_666
.line 293
iget-object v5, p0, Lcom/android/nfc/NfcIntegrityChecker;->mModuleMap:Ljava/util/HashMap;
invoke-virtual {v5, p1}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v2
check-cast v2, Ljava/util/ArrayList;
.line 294
.local v2, modules:Ljava/util/ArrayList;,"Ljava/util/ArrayList<[Ljava/lang/String;>;"
const/4 v1, 0x0
.line 295
.local v1, module:[Ljava/lang/String;
const/4 v3, 0x1
.line 296
.local v3, ret:Z
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v4
.line 298
.local v4, size:I
const/4 v0, 0x0
.local v0, i:I
:goto_0
if-ge v0, v4, :cond_2
.line 299
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v1
.end local v1 #module:[Ljava/lang/String;
check-cast v1, [Ljava/lang/String;
.line 301
.restart local v1 #module:[Ljava/lang/String;
if-eqz v1, :cond_0
array-length v5, v1
if-eq v5, v10, :cond_4
.line 302
:cond_0
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_1
const-string v5, "NfcIntegrityChecker"
const-string v6, "checkIntegrity module format error"
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 303
:cond_1
:goto_666
const/4 v3, 0x1
.line 314
:cond_2
:goto_1
if-nez v3, :cond_3
iput v10, p0, Lcom/android/nfc/NfcIntegrityChecker;->mStatus:I
.line 316
:cond_3
return v3
.line 307
:cond_4
aget-object v5, v1, v8
aget-object v6, v1, v9
invoke-direct {p0, v5, v6}, Lcom/android/nfc/NfcIntegrityChecker;->checkModuleIntegrity(Ljava/lang/String;Ljava/lang/String;)Z
move-result v5
if-nez v5, :cond_6
.line 308
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_5
const-string v5, "NfcIntegrityChecker"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "checkModuleIntegrity "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v8
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
const-string v7, " tampered : "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v9
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 309
:cond_5
const/4 v3, 0x0
.line 310
goto :goto_1
.line 298
:cond_6
add-int/lit8 v0, v0, 0x1
goto :goto_0
.end method
confirmed working
thanks again!
This is great, thanks for your contribution!
So does the integrity check call only have to do with access to the secure element? Or does it also eliminate the need to spoof device model for compatibility purposes?
CPA Poke said:
This is great, thanks for your contribution!
So does the integrity check call only have to do with access to the secure element? Or does it also eliminate the need to spoof device model for compatibility purposes?
Click to expand...
Click to collapse
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Fenny said:
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Click to expand...
Click to collapse
I think that's what the existing Xposed Wallet hack modules do (watch for the read prop values originating from Wallet). But for whatever reason it won't intercept the calls on initial setup, which is why you have to actually change the build.prop prior to initially setting up Wallet.
Fenny said:
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Click to expand...
Click to collapse
if you had time to add a how-to to bypass root checking, model version and carrier check, I'd update it every time. wouldn't be a problem and I'd be happy to help out.
mrvirginia said:
if you had time to add a how-to to bypass root checking, model version and carrier check, I'd update it every time. wouldn't be a problem and I'd be happy to help out.
Click to expand...
Click to collapse
Bypassing Root:
Look at the com.google.android.apps.wallet.security.EnvironmentProperty class in the constructor method.
We're looking for this segment containing SU_COMMAND_LOCATIONS:
Code:
.line 70
new-array v0, v4, [Ljava/lang/String;
const-string v1, "/system/bin/su"
aput-object v1, v0, v3
const-string v1, "/system/xbin/su"
aput-object v1, v0, v2
sput-object v0, Lcom/google/android/apps/wallet/security/EnvironmentProperty;->SU_COMMAND_LOCATIONS:[Ljava/lang/String;
Note: These variable names change (v3, v4, etc...), usually they will be the const/4 numbers defined at the beginning of the method. Just make sure you use the one that contains 0.
Change this line from v4 (which contains the number 2)
Code:
new-array v0, v4, [Ljava/lang/String;
to v3 (which contains the number 0)
Code:
new-array v0, v3, [Ljava/lang/String;
Then simply delete the following lines:
Code:
const-string v1, "/system/bin/su"
aput-object v1, v0, v3
const-string v1, "/system/xbin/su"
aput-object v1, v0, v2
This will Set the environment property SU_COMMAND_LOCATIONS as an empty string array which will cause the checkDevice function in Lcom/google/android/apps/wallet/security/EnvironmentProperty$1 to simply break out of it's for loop and return 0 (which is what we want).
Bypassing device/carrier restrictions:
Here is a quick script I whipped up to replace the build prop calls automagically.
Usage would be something like:
Baksmali the classes.dex in your apk:
java -jar baksmali.jar your.apk -o outdir
Run the script (below):
/path/to/pwnprop.sh outdir
Do whatever other changes to the outdir directory.
Then smali:
java -jar smali.jar outdir -o classes.dex
Finally, winzip, lol. (If you actually use winzip imma kill you.)
The script:
Save this as pwnprop.sh (or whatever you feel like) and chmod +x
Code:
#!/bin/bash
do_replace ()
{
case $3 in
# Replace these with whatever device you want to clone.
MODEL)
ours="Galaxy Nexus";;
BRAND)
ours="Google" ;;
BOARD)
ours=""tuna"
ID)
ours="JDQ39E" ;;
PRODUCT)
ours="yakju" ;;
DEVICE)
ours="yakju" ;;
FINGERPRINT)
ours="google/yakju/maguro:4.2.2/JDQ39/573038:user/release-keys" ;;
*)
echo "Replacement property not defined: "$3" in "$1
return ;;
esac
sed -i 's{sget-object '$2', Landroid/os/Build;->'$3':Ljava/lang/String;{const-string '$2', "'$ours'"{g' $1
echo sed -i 's{sget-object '$2', Landroid/os/Build;->'$3':Ljava/lang/String;{const-string '$2', "'$ours'"{g' $1
}
OIFS=$IFS; IFS=$'\n'
for line in `grep -ro "[v0-9]*, Landroid/os/Build;->[A-Z]*" $ | sed 's{, Landroid/os/Build;->{:{'`
do
IFS=':'
temparray=($line)
if [ ${#temparray[@]} -eq 3 ]
then
do_replace $line
fi
IFS=$OIFS
done
CPA Poke said:
I think that's what the existing Xposed Wallet hack modules do (watch for the read prop values originating from Wallet). But for whatever reason it won't intercept the calls on initial setup, which is why you have to actually change the build.prop prior to initially setting up Wallet.
Click to expand...
Click to collapse
I think it actually just replaces the function that checks, "Is this device id allowed?" But for the initial setup the strings in build prop are sent to google where they can reject them server-side.
when trying to run the script, i keep getting a syntax error
pwnprop.sh: line 2: $'\r': command not found
pwnprop.sh: line 3: syntax error near unexpected token `$'\r''
'wnprop.sh: line 3: `do_replace ()
i'm doing:
bash pwnprop.sh classes
classes is my "outdir"
edit: alright, i've converted dos2unix. now i'm just getting errors that the file doesn't exist. argh, oh linux.
edit: zip has been updated to no longer check for su binary. still needs a device/carrier bypass restriction removed...
Fenny said:
I think it actually just replaces the function that checks, "Is this device id allowed?" But for the initial setup the strings in build prop are sent to google where they can reject them server-side.
Click to expand...
Click to collapse
Gotcha, that makes perfect sense.
mrvirginia said:
when trying to run the script, i keep getting a syntax error
pwnprop.sh: line 2: $'\r': command not found
pwnprop.sh: line 3: syntax error near unexpected token `$'\r''
'wnprop.sh: line 3: `do_replace ()
i'm doing:
bash pwnprop.sh classes
classes is my "outdir"
edit: alright, i've converted dos2unix. now i'm just getting errors that the file doesn't exist. argh, oh linux.
edit: zip has been updated to no longer check for su binary. still needs a device/carrier bypass restriction removed...
Click to expand...
Click to collapse
Make sure you have the sed, echo, and grep utilities installed and in your path.
Sent from my GT-I9505G
Fenny said:
Make sure you have the sed, echo, and grep utilities installed and in your path.
Sent from my GT-I9505G
Click to expand...
Click to collapse
i finally figured out what the problem was. iirc, i was running it as root or something. had the same problem when i tried using the Kitchen again a week or two ago and got it sorted so i'll attempt to run this again [hopefully] over the weekend and give everyone a working Wallet regardless of device so they won't have to do silly tweaks anymore with build.prop etc. thank you again, sir.
oh, did you ever figure out the SIM unlock issue?
Causes NFC to FC on official 4.3 with full wipe. Oddly, it works with dirty flash. Ideas?
[Edit]
Never mind. It was just a bad signature.
@ OP: this NfcNci mod works on TW firmware MF8.
maanz said:
@ OP: this NfcNci mod works on TW firmware MF8.
Click to expand...
Click to collapse
Good to hear. Sounds like this is a new feature in Samsung firmware. Still makes me wonder if non-samsung devices suffer the same fate. The function call is the same no matter which implementation of NfcNci you are using, but I suppose that each vendor's implementation of the integrity checks by necessesity will differ.
Sent from my GT-I9505G
@Fenny looks like Superuser (unsecure) check was removed from newest Wallet release on the Google Play Store
mrvirginia said:
@Fenny looks like Superuser (unsecure) check was removed from newest Wallet release on the Google Play Store
Click to expand...
Click to collapse
That is great news. Much less work to be done on it then.
Keep up the good work! You guys are close, I can feel it! I would offer to help this weekend, but I think I would just slow you down.
Sent from my Galaxy Nexus using XDA Premium 4 mobile app

[TUTORIAL]How To Add Advance Power Menu[3/1/2014]

Happy New Year...
This is my first tutorial of 2014. Today I will teach
you how to add Reboot and Recovery option in Power Menu.
Make sure you have a basic knowledge on how to compile/decompile .apk/.jar files.
framework-res.apk
Decompile framework-res.apk
[*]Navigate to framework-res.apk\res\drawable-hdpi
[*]Extract all the files from PNG folder (Download From Attachment)
[*]Navigate to framework-res.apk\res\values
[*]Open strings.xml file in file editor
[*]Add these line at the end
Code:
<string name="reboot">Reboot</string>
<string name="reboot_progress">Rebooting…</string>
<string name="reboot_confirm">Your phone will reboot</string>
<string name="recovery">Recovery</string>
<string name="recovery_progress">Rebooting into recovery…</string>
<string name="recovery_confirm">Your phone will reboot into recovery</string>
[*]Save the file
[*]Recompile your framework-res.apk
[*]Decompile framework-res.apk which you have recompiled a moment ago
[*]Navigate to framework-res.apk\res\values
[*]Open public.xml file in file editor
framework.jar
Decompile framework.jar
[*]Navigate to framework.jar\smali\com\android\internal\app
[*]Open ShutdownThread.smali file in file editor
[*]Search for .field private static mReboot:Z and add the red line only
Code:
.field private static final TAG:Ljava/lang/String; = "ShutdownThread"
[COLOR="Red"].field public static mReboot:I[/COLOR]
.field private static mReboot:Z
[*]Search for .local v1, pd:Landroid/app/ProgressDialog; and add the red lines only
Code:
.line 184
.local v1, pd:Landroid/app/ProgressDialog;
[COLOR="Red"]sget v2, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v2, v5, :cond_1
if-nez v2, :cond_2[/COLOR]
const v2, 0x104014a
[COLOR="Red"]goto :goto_1
:cond_1
const v2, name="reboot"
goto :goto_1
:cond_2
const v2, name="recovery"
:goto_1[/COLOR]
invoke-virtual {p0, v2}, Landroid/content/Context;->getText(I)Ljava/lang/CharSequence;
move-result-object v2
[*]Search for invoke-virtual {v1, v2}, Landroid/app/ProgressDialog;->setTitle(Ljava/lang/CharSequenceV and add the red lines only
Code:
move-result-object v2
invoke-virtual {v1, v2}, Landroid/app/ProgressDialog;->setTitle(Ljava/lang/CharSequence;)V
.line 185
[COLOR="Red"]sget v2, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v2, v5, :cond_3
if-nez v2, :cond_4[/COLOR]
const v2, 0x104014e
[COLOR="Red"]goto :goto_2
:cond_3
const v2, name="reboot_progress"
goto :goto_2
:cond_4
const v2, name="recovery_progress"
:goto_2[/COLOR]
invoke-virtual {p0, v2}, Landroid/content/Context;->getText(I)Ljava/lang/CharSequence;
move-result-object v2
[*]Search for .catch Ljava/lang/SecurityException; {:try_start_1 .. :try_end_1} :catch_0 and change the blue lines only
Code:
invoke-virtual {v2}, Landroid/os/PowerManager$WakeLock;->acquire()V
:try_end_1
.catch Ljava/lang/SecurityException; {:try_start_1 .. :try_end_1} :catch_0
.line 208
[COLOR="Blue"]:goto_3[/COLOR]
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
iput-object v6, v2, Lcom/android/internal/app/ShutdownThread;->mScreenWakeLock:Landroid/os/PowerManager$WakeLock;
.line 209
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
iget-object v2, v2, Lcom/android/internal/app/ShutdownThread;->mPowerManager:Landroid/os/PowerManager;
invoke-virtual {v2}, Landroid/os/PowerManager;->isScreenOn()Z
move-result v2
[COLOR="Blue"]if-eqz v2, :cond_5[/COLOR]
.line 211
:try_start_2
[*]Search for .catch Ljava/lang/SecurityException; {:try_start_2 .. :try_end_2} :catch_1 and change the blue lines only
Code:
:try_end_2
.catch Ljava/lang/SecurityException; {:try_start_2 .. :try_end_2} :catch_1
.line 222
[COLOR="Blue"]:cond_5
:goto_4[/COLOR]
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
new-instance v3, Lcom/android/internal/app/ShutdownThread$2;
[*]Search for .end local v0 #e:Ljava/lang/SecurityException; and change the blue lines only
Code:
iput-object v6, v2, Lcom/android/internal/app/ShutdownThread;->mCpuWakeLock:Landroid/os/PowerManager$WakeLock;
[COLOR="Blue"]goto :goto_3[/COLOR]
.line 215
.end local v0 #e:Ljava/lang/SecurityException;
:catch_1
move-exception v0
.line 216
.restart local v0 #e:Ljava/lang/SecurityException;
const-string v2, "ShutdownThread"
const-string v3, "No permission to acquire wake lock"
invoke-static {v2, v3, v0}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I
.line 217
sget-object v2, Lcom/android/internal/app/ShutdownThread;->sInstance:Lcom/android/internal/app/ShutdownThread;
iput-object v6, v2, Lcom/android/internal/app/ShutdownThread;->mScreenWakeLock:Landroid/os/PowerManager$WakeLock;
[COLOR="Blue"]goto :goto_4[/COLOR]
.end method
.method public static reboot(Landroid/content/Context;Ljava/lang/String;Z)V
[*]Search for .method public static rebootOrShutdown(ZLjava/lang/StringV and change the blue line only
Code:
.end method
.method public static rebootOrShutdown(ZLjava/lang/String;)V
.locals 5
.parameter "reboot"
.parameter "reason"
.prologue
.line 403
[COLOR="Blue"]if-eqz p0, :cond_3[/COLOR]
.line 404
const-string v2, "ShutdownThread"
[*]Search for invoke-static {p1}, Landroid/os/Power;->reboot(Ljava/lang/StringV and add the red lines and change the blue lines only
Code:
:try_start_0
invoke-static {p1}, Landroid/os/Power;->reboot(Ljava/lang/String;)V
:try_end_0
[COLOR="Blue"].catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_1[/COLOR]
.line 428
:goto_0
const-string v2, "ShutdownThread"
const-string v3, "Performing low-level shutdown..."
invoke-static {v2, v3}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
[COLOR="Red"]sget v1, Lcom/android/internal/app/ShutdownThread;->mReboot:I
const/4 v2, 0x1
if-eq v1, v2, :cond_0
const/4 v2, 0x2
if-eq v1, v2, :cond_1[/COLOR]
.line 429
invoke-static {}, Landroid/os/Power;->shutdown()V
.line 430
return-void
[COLOR="Red"]:cond_0
const-string/jumbo v4, "now"
invoke-static {v4}, Landroid/os/Power;->reboot(Ljava/lang/String;)V
return-void
:cond_1
:try_start_1
new-instance v1, Ljava/io/File;
const-string v4, "/cache/recovery/boot"
invoke-direct {v1, v4}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 442
.restart local v1
invoke-virtual {v1}, Ljava/io/File;->exists()Z
move-result v4
if-nez v4, :cond_2
.line 443
invoke-virtual {v1}, Ljava/io/File;->createNewFile()Z
:try_end_1
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_0
:catch_0
:cond_2
const-string/jumbo v4, "recovery"
invoke-static {v4}, Landroid/os/Power;->reboot(Ljava/lang/String;)V
return-void[/COLOR]
.line 407
[COLOR="Blue"]:catch_1[/COLOR]
move-exception v0
.line 408
.local v0, e:Ljava/lang/Exception;
const-string v2, "ShutdownThread"
[*]Search for .end local v0 #e:Ljava/lang/Exception; and change the blue lines only
Code:
.line 412
.end local v0 #e:Ljava/lang/Exception;
[COLOR="Blue"]:cond_3[/COLOR]
new-instance v1, Landroid/os/Vibrator;
invoke-direct {v1}, Landroid/os/Vibrator;-><init>()V
.line 414
.local v1, vibrator:Landroid/os/Vibrator;
const-wide/16 v2, 0x1f4
[COLOR="Blue"]:try_start_2[/COLOR]
invoke-virtual {v1, v2, v3}, Landroid/os/Vibrator;->vibrate(J)V
[COLOR="Blue"]:try_end_2
.catch Ljava/lang/Exception; {:try_start_2 .. :try_end_2} :catch_3[/COLOR]
.line 422
:goto_1
const-wide/16 v2, 0x1f4
[COLOR="Blue"]:try_start_3[/COLOR]
invoke-static {v2, v3}, Ljava/lang/Thread;->sleep(J)V
[COLOR="Blue"]:try_end_3
.catch Ljava/lang/InterruptedException; {:try_start_3 .. :try_end_3} :catch_2[/COLOR]
goto :goto_0
.line 423
[COLOR="Blue"]:catch_2[/COLOR]
move-exception v2
goto :goto_0
.line 415
[COLOR="Blue"]:catch_3[/COLOR]
move-exception v0
.line 417
.restart local v0 #e:Ljava/lang/Exception;
[*]Search for .local v1, longPressBehavior:I and change the blue lines only
Code:
.line 106
.local v1, longPressBehavior:I
const/4 v3, 0x2
[COLOR="Blue"]if-ne v1, v3, :cond_4[/COLOR]
const v2, 0x1040150
.line 110
.local v2, resourceId:I
:goto_1
const-string v3, "ShutdownThread"
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
const-string v5, "Notifying thread to start shutdown longPressBehavior="
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4, v1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v4
invoke-static {v3, v4}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
.line 112
[COLOR="Blue"]if-eqz p1, :cond_7[/COLOR]
.line 113
new-instance v0, Lcom/android/internal/app/ShutdownThread$CloseDialogReceiver;
[*]Search for invoke-direct {v3, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/ContextV and add the red lines only
Code:
new-instance v3, Landroid/app/AlertDialog$Builder;
invoke-direct {v3, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V
[COLOR="Red"]const v5, 0x1
sget v4, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v4, v5, :cond_2
if-nez v4, :cond_3[/COLOR]
const v4, 0x104014a
[COLOR="Red"]goto :goto_2
:cond_2
const v4, name="reboot"
goto :goto_2
:cond_3
const v4, name="recovery"
:goto_2[/COLOR]
invoke-virtual {v3, v4}, Landroid/app/AlertDialog$Builder;->setTitle(I)Landroid/app/AlertDialog$Builder;
move-result-object v3
[*]Search for invoke-virtual {v3}, Landroid/app/AlertDialog;->show()V and add the red lines and change the blue lines only
Code:
sget-object v3, Lcom/android/internal/app/ShutdownThread;->sConfirmDialog:Landroid/app/AlertDialog;
invoke-virtual {v3}, Landroid/app/AlertDialog;->show()V
[COLOR="Blue"]goto/16 :goto_0[/COLOR]
.line 102
.end local v0 #closer:Lcom/android/internal/app/ShutdownThread$CloseDialogReceiver;
.end local v1 #longPressBehavior:I
.end local v2 #resourceId:I
:catchall_0
move-exception v3
:try_start_1
monitor-exit v4
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
throw v3
.line 106
.restart local v1 #longPressBehavior:I
[COLOR="Blue"]:cond_4[/COLOR]
[COLOR="Red"]const v3, 0x1
sget v2, Lcom/android/internal/app/ShutdownThread;->mReboot:I
if-eq v2, v3, :cond_5
if-nez v2, :cond_6[/COLOR]
const v2, 0x104014f
[COLOR="Blue"]goto/16 :goto_1[/COLOR]
[COLOR="Red"]:cond_5
const v2, name="reboot_confirm"
goto/16 :goto_1
:cond_6
const v2, name="recovery_confirm"
goto/16 :goto_1[/COLOR]
.line 132
.restart local v2 #resourceId:I
[COLOR="Blue"]:cond_7[/COLOR]
invoke-static {p0}, Lcom/android/internal/app/ShutdownThread;->beginShutdownSequence(Landroid/content/Context;)V
goto/16 :goto_0
.end method
[*]Now you have to find the names below
Code:
name="reboot"
name="recovery"
name="reboot_progress"
name="recovery_progress"
name="reboot_confirm"
name="recovery_confirm"
[*]You have to replace these name with hex ids from public.xml which is already opened in file editor
[*]For example search for name="reboot" in public.xml file
[*]In my case I have got
Code:
<public type="string" name="reboot" id="[COLOR="Blue"]0x01040548[/COLOR]" />
[*]The blue marked part is hex. Copy the hex and remove the 3rd digit. So 0x01040548 will be 0x1040548
[*]Now search for name="reboot" in ShutdownThread.smali file and replace name="reboot" with 0x1040548
[*]Do the same for other names too
[*]Save the file
[*]Recompile your framework.jar
android.policy.jar
Decompile android.policy.jar
[*]Navigate to android.policy.jar\smali\com\android\internal\policy\impl
[*]Extract all the files from SMALI folder (Download From Attachment)
[*]Open GlobalActions$2.smali file in file editor
[*]Search for invoke-static {v0}, Lcom/android/internal/policy/impl/GlobalActions;->access$100(Lcom/android/internal/policy/impl/GlobalActionsLandroid/content/Context; and add the red lines only
Code:
#getter for: Lcom/android/internal/policy/impl/GlobalActions;->mContext:Landroid/content/Context;
invoke-static {v0}, Lcom/android/internal/policy/impl/GlobalActions;->access$100(Lcom/android/internal/policy/impl/GlobalActions;)Landroid/content/Context;
move-result-object v0
const/4 v1, 0x1
[COLOR="Red"]const/4 p0, 0x0
sput p0, Lcom/android/internal/app/ShutdownThread;->mReboot:I[/COLOR]
invoke-static {v0, v1}, Lcom/android/internal/app/ShutdownThread;->shutdown(Landroid/content/Context;Z)V
.line 171
return-void
.end method
[*]Save the file
[*]Open GlobalActions.smali file in file editor
[*]Search for .method private createDialog()Landroid/app/AlertDialog; and change the blue lines only
Code:
.end method
.method private createDialog()Landroid/app/AlertDialog;
[COLOR="Blue"].locals 12[/COLOR]
.prologue
const/4 v9, 0x1
[*]Search for invoke-direct {v1, p0, v2, v3}, Lcom/android/internal/policy/impl/GlobalActions$2;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V and add the red lines only
Code:
invoke-direct {v1, p0, v2, v3}, Lcom/android/internal/policy/impl/GlobalActions$2;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V
invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
[COLOR="Red"]iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mContext:Landroid/content/Context;
invoke-virtual {v0}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;
move-result-object v0
const-string v1, "reboot"
const-string v2, "string"
const-string v3, "android"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-nez v10, :cond_0
const-string v1, "reboot_system"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-eqz v10, :cond_1
:cond_0
const-string v1, "ic_lock_reboot"
const-string v2, "drawable"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v11
if-eqz v11, :cond_1
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mItems:Ljava/util/ArrayList;
new-instance v1, Lcom/android/internal/policy/impl/GlobalActions$7;
invoke-direct {v1, p0, v11, v10}, Lcom/android/internal/policy/impl/GlobalActions$7;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V
invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
:cond_1
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mContext:Landroid/content/Context;
invoke-virtual {v0}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;
move-result-object v0
const-string v1, "recovery"
const-string v2, "string"
const-string v3, "android"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-nez v10, :cond_2
const-string v1, "recovery_system"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v10
if-eqz v10, :cond_3
:cond_2
const-string v1, "ic_lock_recovery"
const-string v2, "drawable"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v11
if-eqz v11, :cond_3
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mItems:Ljava/util/ArrayList;
new-instance v1, Lcom/android/internal/policy/impl/GlobalActions$8;
invoke-direct {v1, p0, v11, v10}, Lcom/android/internal/policy/impl/GlobalActions$8;-><init>(Lcom/android/internal/policy/impl/GlobalActions;II)V
invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z[/COLOR]
.line 183
[COLOR="Red"]:cond_3[/COLOR]
iget-object v0, p0, Lcom/android/internal/policy/impl/GlobalActions;->mItems:Ljava/util/ArrayList;
iget-object v1, p0, Lcom/android/internal/policy/impl/GlobalActions;->mAirplaneModeOn:Lcom/android/internal/policy/impl/GlobalActions$ToggleAction;
[*]Save the file
[*]Recompile your android.policy.jar
Please Note :
Take backup before doing anything.
Use Notepad++ to edit files.
Please read the tutorial properly befor editing files.
If you found any mistake in this tutorial then please let me know.
this is the one thing our xperia community was lacking of. Now it's fulfilled thanks for this :good:
Good Job bro
Thank u
WOW, really a nice guide, perfectly explained & noob Friendly
keep it coming
Great guide, will really help many people, not just to Arc owners but to all Xperia family
saqib nazm said:
this is the one thing our xperia community was lacking of. Now it's fulfilled thanks for this :good:
Click to expand...
Click to collapse
3andala said:
Good Job bro
Thank u
Click to expand...
Click to collapse
stanlin salu said:
WOW, really a nice guide, perfectly explained & noob Friendly
keep it coming
Click to expand...
Click to collapse
Ayush Singh said:
Great guide, will really help many people, not just to Arc owners but to all Xperia family
Click to expand...
Click to collapse
Thanks for these encouraging comments. You all are cordially welcome...
Awesome Guide
This is how its done!
Understanding that smali was a pain in the a**.
You just made this simpler to copy paste
Thank you!
Wonderful work man..
You ll soon be a great themer. Thanks for keeping 2011 xperias forum alive..:thumbup:
Cheers,
Vatsal
Nice work mate.. Nice write up. Way to go. Keep it up and hoping to see more of your works
Sent from my GT-P3110 using Tapatalk
Nice tutorial @BDFreak ...
Can you tell which apktool is recommended for use in this tutorial ?
karandpr said:
Nice tutorial @BDFreak ...
Can you tell which apktool is recommended for use in this tutorial ?
Click to expand...
Click to collapse
I am using THIS one. But I think you can use old versions too...
Ayush Singh said:
Great guide, will really help many people, not just to Arc owners but to all Xperia family
Click to expand...
Click to collapse
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar
devilmaycry2020 said:
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar
Click to expand...
Click to collapse
I meant all Xperia 2011 family
devilmaycry2020 said:
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar
Click to expand...
Click to collapse
Would be the same for atleast the 2011 Xperia Line up
devilmaycry2020 said:
this is for Arc only, another xperia phone will be different .
in my TX, framework.jar dont have ShutdownThread.smali but it in services.jar
Click to expand...
Click to collapse
It's obvious that this will be different in 2012-13 xperias. But the main idea is quite same, like if you know where you have to look for
Nice tut! Its also not very complicated
i dont understand about "change the blue lines only" .what does it mean ? if my own different change it to same as yours ?
devilmaycry2020 said:
i dont understand about "change the blue lines only" .what does it mean ? if my own different change it to same as yours ?
Click to expand...
Click to collapse
Exactly. I mean yes...
BDFreak said:
Exactly. I mean yes...
Click to expand...
Click to collapse
i dont think so because i've modded this before and it work great but the only i missed was when i choose reboot or recovery it didn't show "Reboot" or "Recovery" tittle but only Power off. could you help me. thanks
basically my mod for TX as same as your but have some different
i can send to you all relate files for modding this, could you take a look to it. thanks
devilmaycry2020 said:
i dont think so because i've modded this before and it work great but the only i missed was when i choose reboot or recovery it didn't show "Reboot" or "Recovery" tittle but only Power off. could you help me. thanks
basically my mod for TX as same as your but have some different
i can send to you all relate files for modding this, could you take a look to it. thanks
Click to expand...
Click to collapse
Actually this tutorial is for 2011 Xperia phones. I didn't try in newer phones yet. But I will give it a try in my SP when times allow me.

[Devs][Guide] Add Reboot Safestrap Recovery to power menu with toggle

Credits goes to @sagitt67 and @daxgirl .
Credits for toggle goes to @tdunham main guide is here and @asc1977 for the guide here big thanks to them.
In this Guide we'll modify framework-res.apk and services.jar
framework-res.apk:
Download framework-res.zip that is attached below, extract and copy it in your decompiled framework-res.apk folder
now open res/values/arrays.xml
find <string-array name="config_globalActionsList"> and add blue
Code:
<string-array name="config_globalActionsList">
<item>power</item>
<item>datamode</item>
<item>airplane</item>
<item>restart</item>
<item>lockdown</item>
<item>bugreport</item>
<item>users</item>
[COLOR="blue"]<item>rebootsafestrap</item>[/COLOR]
<item>emergencymode</item>
<item>subscreen</item>
</string-array>
now go to res/values/strings.xml at very end and add blue
Code:
<string name="wifi_extender_notification_title">Wi-Fi extender on</string>
<string name="wifi_extender_notification_message">Tap here to set up.</string>
<string name="config_tspstate_threshold" />
[COLOR="blue"]<string name="tw_ic_do_restart_safestrap">Reboot Safestrap</string>[/COLOR]
</resources>
done with framework-res.apk recompile
Services.jar:
download services.zip that is attached below, extract and copy it in your decompiled services.jar folder
open smali/com/android/server/policy/GlobalActions.smali
add blue line in # instance fields
Code:
.field private mRestart:Lcom/android/server/policy/GlobalActions$SinglePressAction;
[COLOR="blue"].field private mRebootRecovery:Lcom/android/server/policy/GlobalActions$SinglePressAction;
[/COLOR]
.field mRestartIconResId:I
find .method private createDialog()Lcom/android/server/policy/GlobalActions$GlobalActionsDialog;
add blue
Code:
if-eqz v4, :cond_27b
const v4, 0x1080a58
.line 1642
:goto_11c
const v6, 0x104070e
.line 1639
move-object/from16 v0, p0
invoke-direct {v5, v0, v4, v6}, Lcom/android/server/policy/GlobalActions$21;-><init>(Lcom/android/server/policy/GlobalActions;II)V
move-object/from16 v0, p0
iput-object v5, v0, Lcom/android/server/policy/GlobalActions;->mRestart:Lcom/android/server/policy/GlobalActions$SinglePressAction;
[COLOR="Blue"]new-instance v4, Lcom/android/server/policy/GlobalActions$99;
move-object/from16 v0, p0
iget-object v0, v0, Lcom/android/server/policy/GlobalActions;->mContext:Landroid/content/Context;
invoke-virtual {v0}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;
move-result-object v0
const-string v1, "tw_ic_do_restart_safestrap"
const-string v2, "drawable"
const-string v3, "android"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v5
move-object/from16 v0, p0
iget-object v0, v0, Lcom/android/server/policy/GlobalActions;->mContext:Landroid/content/Context;
invoke-virtual {v0}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;
move-result-object v0
const-string v1, "tw_ic_do_restart_safestrap"
const-string v2, "string"
const-string v3, "android"
invoke-virtual {v0, v1, v2, v3}, Landroid/content/res/Resources;->getIdentifier(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
move-result v6
move-object/from16 v0, p0
invoke-direct {v4, v0, v5, v6}, Lcom/android/server/policy/GlobalActions$99;-><init>(Lcom/android/server/policy/GlobalActions;II)V
move-object/from16 v0, p0
iput-object v4, v0, Lcom/android/server/policy/GlobalActions;->mRebootRecovery:Lcom/android/server/policy/GlobalActions$SinglePressAction;[/COLOR]
.line 1688
invoke-static {}, Lcom/samsung/android/feature/SemCscFeature;->getInstance()Lcom/samsung/android/feature/SemCscFeature;
move-result-object v4
const-string/jumbo v5, "CscFeature_Common_ConfigBikeMode"
invoke-virtual {v4, v5}, Lcom/samsung/android/feature/SemCscFeature;->getString(Ljava/lang/String;)Ljava/lang/String;
Now next part is tricky, add lines in blue and changes in green
Code:
const/4 v7, 0x1
move-object/from16 v0, p0
invoke-direct {v0, v6, v4, v5, v7}, Lcom/android/server/policy/GlobalActions;->addDialogItemsIfEnabled(ILcom/android/server/policy/GlobalActions$Action;Ljava/util/ArrayList;Z)Z
.line 1767
new-instance v4, Lcom/android/server/policy/GlobalActions$BugReportAction;
move-object/from16 v0, p0
invoke-direct {v4, v0}, Lcom/android/server/policy/GlobalActions$BugReportAction;-><init>(Lcom/android/server/policy/GlobalActions;)V
move-object/from16 v0, p0
iget-object v5, v0, Lcom/android/server/policy/GlobalActions;->mItems:Ljava/util/ArrayList;
[COLOR="blue"]const/16 v6, 0x100
const/4 v7, 0x1
move-object/from16 v0, p0
invoke-direct {v0, v6, v4, v5, v7}, Lcom/android/server/policy/GlobalActions;->addDialogItemsIfEnabled(ILcom/android/server/policy/GlobalActions$Action;Ljava/util/ArrayList;Z)Z
move-object/from16 v0, p0
iget-object v4, v0, Lcom/android/server/policy/GlobalActions;->mRebootRecovery:Lcom/android/server/policy/GlobalActions$SinglePressAction;
move-object/from16 v0, p0
iget-object v5, v0, Lcom/android/server/policy/GlobalActions;->mItems:Ljava/util/ArrayList;[/COLOR]
const/16 v6, [COLOR="Green"]0x200[/COLOR] [COLOR="Red"]#before was 0x100[/COLOR]
const/4 v7, 0x1
move-object/from16 v0, p0
invoke-direct {v0, v6, v4, v5, v7}, Lcom/android/server/policy/GlobalActions;->addDialogItemsIfEnabled(ILcom/android/server/policy/GlobalActions$Action;Ljava/util/ArrayList;Z)Z
now search for const-string/jumbo v4, "silent" and add blue line above it and green parts must match orange part
Code:
const-string/jumbo v4, "emergencymode"
invoke-virtual {v4, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v4
if-eqz v4, :cond_381
.line 1835
move-object/from16 v0, p0
iget-object v4, v0, Lcom/android/server/policy/GlobalActions;->mItems:Ljava/util/ArrayList;
move-object/from16 v0, p0
iget-object v5, v0, Lcom/android/server/policy/GlobalActions;->mEmergency:Lcom/android/server/policy/GlobalActions$ToggleAction;
invoke-virtual {v4, v5}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
goto/16 :[COLOR="orange"]goto_2d9[/COLOR] #look that green part match this
.line 1836
:cond_381
[COLOR="Blue"]const-string/jumbo v4, "rebootsafestrap"
invoke-virtual {v4, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v4
if-eqz v4, :cond_3da
move-object/from16 v0, p0
iget-object v4, v0, Lcom/android/server/policy/GlobalActions;->mItems:Ljava/util/ArrayList;
move-object/from16 v0, p0
iget-object v5, v0, Lcom/android/server/policy/GlobalActions;->mRebootRecovery:Lcom/android/server/policy/GlobalActions$SinglePressAction;
invoke-virtual {v4, v5}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
goto/16 :[COLOR="Green"]goto_2d9 [/COLOR]
:cond_3da[/COLOR]
const-string/jumbo v4, "silent"
next part is missing in Android 7 services.jar so we need to readd it for mod
find .method private addCustomDialogItems(Landroid/graphics/drawable/BitmapDrawable;Ljava/lang/String;Landroid/content/Intent;ILjava/util/ArrayListZ
add this above method
Code:
[COLOR="Blue"].method static synthetic access$500(Lcom/android/server/policy/GlobalActions;)Landroid/content/Context;
.locals 1
iget-object v0, p0, Lcom/android/server/policy/GlobalActions;->mContext:Landroid/content/Context;
return-object v0
.end method[/COLOR]
thats it, recompile and push to phone
Note: For me one time i get after reboot a loop of phone restarts, only one time happens. If it happen i solved it with wipe dalvik-cache and cache
Credits goes to @TheDriller for this part in this guide
Note: no need to change the code in GlobalActions$99.smali already done
GlobalActions$99.smali:
find .method public onPress()V and replace blue lines with red one
Code:
move-result-object v0
check-cast v0, Landroid/os/PowerManager;
[COLOR="Red"]const-string v1, "recovery"
invoke-virtual {v0, v1}, Landroid/os/PowerManager;->reboot(Ljava/lang/String;)V[/COLOR]
to
Code:
move-result-object v0
check-cast v0, Landroid/os/PowerManager;
[COLOR="Blue"]const-string v1, "su -c echo 1 > /data/.recovery_mode && su -c reboot now"
invoke-static {}, Ljava/lang/Runtime;->getRuntime()Ljava/lang/Runtime;
move-result-object v2
invoke-virtual {v2, v1}, Ljava/lang/Runtime;->exec(Ljava/lang/String;)Ljava/lang/Process;[/COLOR]
Wow thia makes things so much easier
Sent from my SM-G950U using Tapatalk
This is different on the Note 8 isn't it? I got as far as the services jar .method private createDialog()Lcom/android/server/policy/GlobalActions$GlobalActionsDialog; I input the blue text that was mentioned but I'm curious why in your sample does it not have .method private createDialog()Lcom/android/server/policy/GlobalActions$GlobalActionsDialog; before the blue text?
The Second batch of code with the green changes I had no idea where to input that and I couldn't find const/16 v6, 0x100 to change to 200 either
The step after that I was genuinely lost nothing matched what you had in your sample I felt like I was so close to getting it.
Thanks
SM-N950W
dillweedinc said:
This is different on the Note 8 isn't it? I got as far as the services jar .method private createDialog()Lcom/android/server/policy/GlobalActions$GlobalActionsDialog; I input the blue text that was mentioned but I'm curious why in your sample does it not have .method private createDialog()Lcom/android/server/policy/GlobalActions$GlobalActionsDialog; before the blue text?
The Second batch of code with the green changes I had no idea where to input that and I couldn't find const/16 v6, 0x100 to change to 200 either
The step after that I was genuinely lost nothing matched what you had in your sample I felt like I was so close to getting it.
Thanks
Click to expand...
Click to collapse
I will check them soon.
Maybe @JavixKGD can help you as he asked for the mod and he got it working on Note 8.
It is important to specify that this mod only applies to Nougat, it needs to be updated for Oreo.
I am using Nougat 7.1.1 on a note 8 sm-n950w with me's samfail firmware bl1 - I sent him a message thanks! I see it built into another firmware that is available but id rather build it into me's samfail firmy since there is some issues to be wrinkled out in the other custom firmwares.
This thread is more currently active than the Safestrap one. I'm just here looking for more information on how to flash ROMS while keeping your others. Like do I activate that slot then start flashing and do you know if it's possible to use Slick ROM as one of the slots? I'm rooted with Partcyborg on bootloader v2
xSl33p said:
This thread is more currently active than the Safestrap one. I'm just here looking for more information on how to flash ROMS while keeping your others. Like do I activate that slot then start flashing and do you know if it's possible to use Slick ROM as one of the slots? I'm rooted with Partcyborg on bootloader v2
Click to expand...
Click to collapse
Dont quote me on this but im pretty sure the slots arent 100% functional yet you can do backups and restore your system flash zips ect. , I know this thread is more active but you should really stick with the topic of the thread, your question would get answered there.
I got an answer from the guy you recommended afaneh92 thanks, it looks like I need to place the smalis in a different folder as they go over the limit, I dont have time right now but he also sent me his services .jar so I can see what the difference is I got some learning to do.
Thanks
Canadian Dilly.
dillweedinc said:
Dont quote me on this but im pretty sure the slots arent 100% functional yet you can do backups and restore your system flash zips ect. , I know this thread is more active but you should really stick with the topic of the thread, your question would get answered there.
I got an answer from the guy you recommended afaneh92 thanks, it looks like I need to place the smalis in a different folder as they go over the limit, I dont have time right now but he also sent me his services .jar so I can see what the difference is I got some learning to do.
Thanks
Canadian Dilly.
Click to expand...
Click to collapse
Im working on update and some fixes for the mod, then will rewrite this guide in the Note 8 section.

Secure Folder Patch for Custom ROM

Hello XDA again,
Maybe many of you knew me before, especially my work on secure folder for rooted note 5.
I currently own Note 8 rooted.
Many devs said that Samsung introduced TEE and because of that we can not use secure folder again.
After spending a lot of time on investigating, patching both old and new lib, apk, framework, services I figured that actually Secure Folder is currently not related to TEE. Samsung just patched by code then we can bypass their patch to use Secure Folder in custom rooted rom.
How:
A. FOR PIE ROM
I. Include all Knox related things in your rom.
II. Patch build.prop:
change ro.config.iccc_version=3.0 to
ro.config.iccc_version=iccc_disabled
De-compile new SecureFolder.apk show that it uses Iccc (IntegrityControlCheckCenter) to check system integrity status (device_status). If it's ok, SecureFolder.apk will create container. Old SecureFolder.apk did not use that check.
Patch libtz_iccc.so is difficult so that just bypass this check by above patch.
III. Patch services.jar
Lcom/samsung/android/knox/SemPersonaManager is personal manager for knox related things. If device is compromised then Lcom/samsung/android/knox/SemPersonaManager will set persona's attribute to 0x4 and securefolder container will be uninstalled.
Check this code in Lcom/android/server/pm/PersonaManagerService:
Code:
iget-object v11, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
if-nez v11, :cond_2
.line 1345
const-string v11, "PersonaManagerService"
const-string v12, "Device compromise detected !"
invoke-static {v11, v12}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1346
[COLOR="DarkOrange"] invoke-static {v10, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v10
if-nez v10, :cond_3
.line 1347
const-string v10, "PersonaManagerService"
const-string/jumbo v11, "setting compromise attribute failed !"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_2
.line 1349
:cond_2
invoke-virtual {v8}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v10
if-eqz v10, :cond_3
.line 1350
const-string v10, "PersonaManagerService"
const-string v11, "Device is super locked - start lock screen"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1354
.end local v8 # "ui":Landroid/content/pm/UserInfo;
:cond_3
:goto_2
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/samsung/android/knox/SemPersonaManager;->isKioskModeEnabled(Landroid/content/Context;)Z
move-result v8
if-eqz v8, :cond_4
.line 1355
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v8
const/4 v8, 0x1
if-nez v8, :cond_4
.line 1356
invoke-direct {p0}, Lcom/android/server/pm/PersonaManagerService;->getPersonaManager()Lcom/samsung/android/knox/SemPersonaManager;
move-result-object v8
invoke-virtual {v8}, Lcom/samsung/android/knox/SemPersonaManager;->getKioskId()I
move-result v8
[COLOR="darkorange"] invoke-static {v8, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v8
if-nez v8, :cond_4
.line 1357
const-string v8, "PersonaManagerService"
const-string/jumbo v9, "setting compromise attribute failed !!"
invoke-static {v8, v9}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1362
:cond_4
return-void
and this code in Lcom/android/server/pm/PersonaServiceHelper
Code:
.method public static shouldBlockUserStart(Landroid/content/Context;I)Z
.locals 7
.param p0, "c" # Landroid/content/Context;
.param p1, "userId" # I
.line 934
invoke-static {}, Landroid/os/Binder;->clearCallingIdentity()J
move-result-wide v0
.line 936
.local v0, "token":J
:try_start_0
const-string v2, "PersonaServiceHelper"
new-instance v3, Ljava/lang/StringBuilder;
invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
const-string/jumbo v4, "shouldBlockUserStart() "
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v3, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
.line 937
invoke-static {}, Lcom/android/server/pm/PersonaServiceHelper;->getUserManager()Lcom/android/server/pm/UserManagerService;
move-result-object v2
invoke-virtual {v2, p1}, Lcom/android/server/pm/UserManagerService;->getUserInfo(I)Landroid/content/pm/UserInfo;
move-result-object v2
.line 938
.local v2, "uinfo":Landroid/content/pm/UserInfo;
if-eqz v2, :cond_2
.line 939
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
const/4 v4, 0x1
if-eqz v3, :cond_0
.line 940
invoke-static {p0}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v3
if-nez v3, :cond_0
.line 941
[COLOR="darkorange"] const/4 v3, 0x4
invoke-static {p1, v3}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
.line 942
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "Device compromise attribute set for user : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 943
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_0
.line 944
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.line 945
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 945
return v4
.line 950
:cond_0
:try_start_1
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isDeviceCompromised()Z
move-result v3
if-eqz v3, :cond_1
.line 951
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.line 952
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 952
return v4
.line 955
:cond_1
:try_start_2
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v3
if-eqz v3, :cond_2
invoke-static {p1}, Lcom/samsung/android/knox/SemPersonaManager;->isLegacyClId(I)Z
move-result v3
if-eqz v3, :cond_2
.line 956
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking non-BYOD super locked user "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.line 957
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 957
return v4
.line 961
:cond_2
const/4 v3, 0x0
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 961
return v3
.line 963
.end local v2 # "uinfo":Landroid/content/pm/UserInfo;
:catchall_0
move-exception v2
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
throw v2
.end method
Then we can bypass those things by several way:
1. Delete those Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z lines
2. Patch Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ so that it returns true. But this way may cause other issues related to tima.
3. Just add simple code like below:
Code:
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
[COLOR="DarkOrange"] const/4 v11, 0x1[/COLOR]
if-nez v11, :cond_2
Better use the third way.
IV. Patch method isUnifiedKeyStoreSupported in Lcom/android/server/locksettings/SyntheticPasswordManager so that it return true, by two way:
1. Simply add that line (from S10 firmware to system/etc/floating_features.xml:
<SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>TRUE</SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>
2. Modify smali file.
V. If your rom is a ported rom. You should replace services\smali_classes3\com\android\server\enterpr ise\ccm from stock services.jar.
VI. Recompile services.jar and enjoy secure folder.
B. FOR OREO ROM
I. Include all Knox related things in your rom.
II. Patch build.prop:
change ro.config.iccc_version=3.0 to
ro.config.iccc_version=iccc_disabled
De-compile new SecureFolder.apk show that it uses Iccc (IntegrityControlCheckCenter) to check system integrity status (device_status). If it's ok, SecureFolder.apk will create container. Old SecureFolder.apk did not use that check.
Patch libtz_iccc.so is difficult so that just bypass this check by above patch.
III. Patch services.jar
Lcom/samsung/android/knox/SemPersonaManager is personal manager for knox related things. If device is compromised then Lcom/samsung/android/knox/SemPersonaManager will set persona's attribute to 0x4 and securefolder container will be uninstalled.
Check this code in Lcom/android/server/pm/PersonaManagerService:
Code:
iget-object v11, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
if-nez v11, :cond_2
.line 1345
const-string v11, "PersonaManagerService"
const-string v12, "Device compromise detected !"
invoke-static {v11, v12}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1346
[COLOR="DarkOrange"] invoke-static {v10, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v10
if-nez v10, :cond_3
.line 1347
const-string v10, "PersonaManagerService"
const-string/jumbo v11, "setting compromise attribute failed !"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_2
.line 1349
:cond_2
invoke-virtual {v8}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v10
if-eqz v10, :cond_3
.line 1350
const-string v10, "PersonaManagerService"
const-string v11, "Device is super locked - start lock screen"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1354
.end local v8 # "ui":Landroid/content/pm/UserInfo;
:cond_3
:goto_2
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/samsung/android/knox/SemPersonaManager;->isKioskModeEnabled(Landroid/content/Context;)Z
move-result v8
if-eqz v8, :cond_4
.line 1355
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v8
const/4 v8, 0x1
if-nez v8, :cond_4
.line 1356
invoke-direct {p0}, Lcom/android/server/pm/PersonaManagerService;->getPersonaManager()Lcom/samsung/android/knox/SemPersonaManager;
move-result-object v8
invoke-virtual {v8}, Lcom/samsung/android/knox/SemPersonaManager;->getKioskId()I
move-result v8
[COLOR="darkorange"] invoke-static {v8, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v8
if-nez v8, :cond_4
.line 1357
const-string v8, "PersonaManagerService"
const-string/jumbo v9, "setting compromise attribute failed !!"
invoke-static {v8, v9}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1362
:cond_4
return-void
and this code in Lcom/android/server/pm/PersonaServiceHelper
Code:
.method public static shouldBlockUserStart(Landroid/content/Context;I)Z
.locals 7
.param p0, "c" # Landroid/content/Context;
.param p1, "userId" # I
.line 934
invoke-static {}, Landroid/os/Binder;->clearCallingIdentity()J
move-result-wide v0
.line 936
.local v0, "token":J
:try_start_0
const-string v2, "PersonaServiceHelper"
new-instance v3, Ljava/lang/StringBuilder;
invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
const-string/jumbo v4, "shouldBlockUserStart() "
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v3, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
.line 937
invoke-static {}, Lcom/android/server/pm/PersonaServiceHelper;->getUserManager()Lcom/android/server/pm/UserManagerService;
move-result-object v2
invoke-virtual {v2, p1}, Lcom/android/server/pm/UserManagerService;->getUserInfo(I)Landroid/content/pm/UserInfo;
move-result-object v2
.line 938
.local v2, "uinfo":Landroid/content/pm/UserInfo;
if-eqz v2, :cond_2
.line 939
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
const/4 v4, 0x1
if-eqz v3, :cond_0
.line 940
invoke-static {p0}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v3
if-nez v3, :cond_0
.line 941
[COLOR="darkorange"] const/4 v3, 0x4
invoke-static {p1, v3}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
.line 942
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "Device compromise attribute set for user : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 943
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_0
.line 944
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.line 945
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 945
return v4
.line 950
:cond_0
:try_start_1
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isDeviceCompromised()Z
move-result v3
if-eqz v3, :cond_1
.line 951
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.line 952
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 952
return v4
.line 955
:cond_1
:try_start_2
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v3
if-eqz v3, :cond_2
invoke-static {p1}, Lcom/samsung/android/knox/SemPersonaManager;->isLegacyClId(I)Z
move-result v3
if-eqz v3, :cond_2
.line 956
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking non-BYOD super locked user "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.line 957
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 957
return v4
.line 961
:cond_2
const/4 v3, 0x0
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 961
return v3
.line 963
.end local v2 # "uinfo":Landroid/content/pm/UserInfo;
:catchall_0
move-exception v2
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
throw v2
.end method
Check this code in KnoxMUMContainerPolicy
Code:
invoke-static {v5}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ
move-result v5
if-nez v5, :cond_0
Then we can bypass those things by several way:
1. Delete those Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z lines
2. Patch Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ so that it returns true. But this way may cause other issues related to tima.
3. Just add simple code like below:
Code:
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
[COLOR="DarkOrange"] const/4 v11, 0x1[/COLOR]
if-nez v11, :cond_2
Code:
invoke-static {v5}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ
move-result v5
[COLOR="DarkOrange"] const/4 v5, 0x1[/COLOR]
if-nez v5, :cond_0
Better use the third way.
IV. Patch method isUnifiedKeyStoreSupported in Lcom/android/server/locksettings/SyntheticPasswordManager so that it return true, by two way:
1. Simply add that line (from S10 firmware to system/etc/floating_features.xml:
<SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>TRUE</SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>
2. Modify smali file.
V. Mod KnoxFileHandler
In Oreo Samsung forced using tima to store, retrive and delete encryptkey. But in Pie they changed to use KeyProtector. So that we will mod KnoxFileHandler. Compare modded one to stock one in attached to find out what need to be changed.
VI. If your rom is a ported rom. You should replace services\smali_classes3\com\android\server\enterpr ise\ccm from stock services.jar.
VII. Recompile services.jar and enjoy secure folder.
PS:
VII. SamsungPay and SamsungPass still use TEE, their own trustlets and use samsung server to check, store hash code. I will try to investigate deeper on those apk if I have time.
This is great to see, ive been curious on how you fixed SS back on Note 5 nougat for a while now, ill give it a go on my N5 running pie.
Thanks for sharing :good: god bless
Nice find mate,Keep it up
Nice finding mate, can i try the implement this method on @ananjaser1211 's Refined Nougat for N4? ?
Is great, but I don't know how to do it ?
nice !Good job!!!
Massive thanks mate!
Great! @khongloi113 welcome back!
Nicee
Great job mate, working perfect... View attachment 4794516
Sent from my SM-N950F using Tapatalk
Can someone just post the edited secure folder because i dont know how to even decompile it?
SHKOMAGDID said:
Can someone just post the edited secure folder because i dont know how to even decompile it
Click to expand...
Click to collapse
Secure Folder doesn't needs to be edited...
AbrahamGC said:
Secure Folder doesn't needs to be edited...
Click to expand...
Click to collapse
So why it didnt work i just edited the build.prop then what should i do?
SHKOMAGDID said:
So why it didnt work i just edited the build.prop then what should i do?
Click to expand...
Click to collapse
There is only 2 files to edit on the guide, build.prop and services.jar, is not much long to read...
Add back knox files you debloated (idk exactly which are required and which not, for testing I just added all knox stuff), edit prop, edit services, and done :good:
AbrahamGC said:
There is only 2 files to edit on the guide, build.prop and services.jar, is not much long to read...
Add back knox files you debloated (idk exactly which are required and which not, for testing I just added all knox stuff), edit prop, edit services, and done :good:
Click to expand...
Click to collapse
And heres the problem i dont know how to edit it maybe any guides?
What's tools you use decompile service.jar?
sazuke0703 said:
What's tools you use decompile service.jar?
Click to expand...
Click to collapse
Apktool
khongloi113 said:
Apktool
Click to expand...
Click to collapse
Link apk tool please I decompile has eror.
Can anyone please share their edited Service.jar?
AbrahamGC said:
Great job mate, working perfect...
Click to expand...
Click to collapse
Did you patch via option III.? I.e. just adding the line, or which way?

Categories

Resources