I was playing around with my Z2 I have flashed Lollipop using Flashtool (All Official).
I found two interesting apk's that can be installed over the existing ones as an update (Which have a permission to write to system files I guess).
I tried to decompile them but no luck. What I had in my plan is to inject some code in the apk that will let it give permission to other application that we specify in the Manifest.xml (It is a long shot)
I will attach the apk's
/system/app/PremiumSmsUpdate
/system/priv-app/UpdateCenter
Both can be installed over and over with no failed installation.
Can anyone tell me if it is possible to inject one of the two apks with something to root?
Thanks
Safar
Just a simple yes or no from a developer would do it
No because SELinux will pick it up and kill it
Related
Modding a 2.1 Sense UI rom (Hero Based.... but more of a hybrid)
Hey, I've edited the AndroidManifest.xml of the HtcDialer.apk, repackaged, sign and first tried to adb push it to my phone - didn't work, tried adb install - parser error, so I repackaged the entire update.zip and reflashed - still didn't work.
Logcat shows this:
Package com.android.htcdialer has no signatures that match those in shared user android.uid.shared; ignoring!
Click to expand...
Click to collapse
I tried popping into recovery and running "fix apk uid errors" but it still throws the same logcat and the dialer won't open.
How do I fix this?
EDIT: I've got this problem, facebook sync and camera/video to fix, then I'll be releasing the fastest SenseUI rom you guys have EVER seen. No joke.
OK, I'm grasping at straws here - so I've also tried, through ADB, completely uninstalling it and rm'ing any traces, then I tried to adb install it and it still won't work, I get an ADB error:
INSTALL_FAILED_UPDATE_INCOMPATIBLE
But everything should be deleted! It shouldn't matter that the old and new signatures don't match, its an entirely fresh install!
I've also noticed that when I adb pu****, I get a list of the HTC apps that share that uid.shared - and at one point they all said "uid=10011" - now they all say "uid=10010". I'm trying to fix this back to he original to see if this is part of the problem, but I can't find this anywhere in the androidmanifest.xml for any off these apps (like contacts, phone, etc).
I know HTC has this shared id stuff for all of their apps, but there must be an easy way to update JUSt an androidmanifest.xml file with a single line to give it vibrate permission. Is there any way I can resign the modified .apk AS Htc?
I have a similar problem (probably the same), does anyone know anything that might help?
Take what was edited and open the original apk with 7zip just drag the edited files in the 7zip window it will ask if you want to add the files, click yes then close out 7zip now pack it up in a update.zip and sign.......Do not sign the apk leave the original signature in there.
Flash adn that should take care of it.
Hello,
I'm trying to hack an apk.
My first step was to use apk multi tool, and to just decompile and recompile it.
This is what i've done:
decompiling
recompiling (without any mod)
signing
No error appears during those steps.
But this new apk won't install on my phone !
If I check difference between the two apk:
all xml files are differents
.RSA and .SF have not the same name
classes.dex, resources.arsc and manifest.mf are differents
I don't understand those difference. can somebody help me to understand that and how to recomile a proper version ?
PS: This app is a french app that shows speed cameras on the road. However this app is now only showing a big zone and not the exact location for france. But it stills show precise location for other countries, so obfuscation is done at the apk level, and I already found where it is in the code, so i'd like to bypass it and recompile a "special' version
Thanx
Just a few quick questions. Is you phone set to install from sources than Droid market? You do know the newly compiled and signed project will be located in the "place_package _here_ for_Modding" folder and is named "Signed(yourappnamehere).apk?
Sent from my SAMSUNG-SGH-I727 using xda premium
Hi,
yes, i took the newly compiled apk in this directory, and yes my phone is set accept unknown sources.
When i install the apk, i first have the
- liste of phones serviesc that will be used
- then the install progress bar
- then the message "application not installed"
I guess there is some kind of protection in the sources...
I also noticed that the two apk - original, and resigned one - don't have same size.
The only difference is actually in the META-INF directory : the .RSA and the .SF files.
In the original application they are:
- IFOX_.RSA
- IFOX_.SF
But when recompiling, those files are:
- CERT.RSA
- CERT.SF
I'm shure the problem comes from here, but i'm too noob to analyse that...
So my proble can be sum-up by:
Why the recompilation doesn not give me the same RSA and SF file ??
Beware there are some modifications that you cant do on decs, expecially the packagename.
also beware to disable the "non-market" tag on the phone.
Yes, but for the moment i didn't make any modification:
Just decompiling, recompiling and resigning.
Maybe you want to tell that the apk name must stay the same ? (sorry my english is not perfect )
GOT IT WORKED !!!
You must first uninstall the previous application !
I was trying to install my new one over the old one, but the signatures are not the same !!!
Thanx everybody, and hope this will help somebody !
APK edit error 103
Ok im having a similar issue.
I know the file size is mismatched but ive never had this issue
as a test i only modded 1 thing but 4 files
changed a link in an html / changed an image and its name and the html included the link to the new name
when this failed i changed the manifest and the .sf to match the change i made with name but not the sha :"no clue here"
Tried...
APK multi tool ... and 7zip to make the mods
Tried... Bothsigned and unsigned.
Tried copying the sig from old apk to new with names corrected "notsha" fail still
Tried....
Origional APK installs no issue
Uninstall orig apk rebooted
Allow out side apps yes and no.both
using file manager explorer and root browser and es file manager
Copying directly to /system/app fail
copying to data/data/app/copy fail " yes it wont even copy to there"
Tried.. Multiple phones
I then tried a hex editor on the apk. And after changes install still fail.
I modded several other apk's even my framework but this is the first app that ha given me so many issues
This is an app to help elderly users access internet and the devs are AWOL and the project abandoned
Code:
https drive google com/folderview?id=0B5PggxVy7c8meDhrcjNJOGs5cFk&usp=sharing
Code:
www eldy eu/en/software/eldy-tablet/
"edited for posting "
The goal here is to make it more U.S. friendly its English base is geared to English UK and this does not help my family as we are in the U.S.
All i can get from logcat is error 103
Logcat shows package it.vegans.eldy has no certificate at entry AndroidManifest.xml ignoring
Knstallation error code 103
I tried apk multitool certify thing
i tried copying the certs from old to new apk
i tried modding the cert to correct names
So maybe im mentally challenged but i just cant figure this one out
---
Edit .
I attached a zip with original and modified apk's
All i want to do is simple html edits xml link edits and img changes since mostly the app is a series of pages.
Hello! I am trying to make the stock Samsung file manager work as a normal apk so I can use it on any ROM. Now from what I scouted around the internet I learned that I need to deodex the apk so it doesn't need the the framework dependencies anymore. I did that, but the problem is like this: I pulled the file manager from the stock 4.1.2 and I'm trying to make it work on 4.2.2. My first question is, is it possible to make it work on other Android versions (ofc higher then the one it came from). If yes can anyone point out what I'm doing wrong as I am a total noob with Android development?
I used Universal Deodexer v4 and there you can choose the Android version. I tried both 4.1 and 4.2 but theres no difference, although the app is deodexed successfully. The actual problem I stumbled across on, is that I push the apk in /system/app, fix permissions and reboot but it doesn't show up in apps manager or app drawer at all.
C'mon, really nobody tried porting that good looking and simplistic file manager?
Breaksense said:
C'mon, really nobody tried porting that good looking and simplistic file manager?
Click to expand...
Click to collapse
I'd be willing to bet that it's because the Samsung application needs Touchwiz framework to correctly function. Here is code I used to launch an app which didn't show up in my app drawer (enter it in Terminal Emulator):
Code:
am start -n com.cyanogenmod.settings.device/.DeviceSettings [enter]
Obviously you need to change the 'com.cyanogenmod.settings.device' and 'DeviceSettings' to your specific application. I still doubt it will work.
The other thing to try is to open it using Titanium Backup, although its possible that Titanium won't recognise it as being installed. Give both a go. In saying that, I doubt the app will work without Touchwiz behind it.
Hi,
I modified "SamsungCamera2" from my Note 3 and would like to install it now on my Note 3. My phone is not rooted and doing so would currently trip the knox counter (I don´t want that).
If I try to install the apk I get the message "application not installed".
Is it somehow possible to convert the apk so that I can install it as a "normal app"?
Best wishes,
Klaus
oclock said:
Hi,
I modified "SamsungCamera2" from my Note 3 and would like to install it now on my Note 3. My phone is not rooted and doing so would currently trip the knox counter (I don´t want that).
If I try to install the apk I get the message "application not installed".
Is it somehow possible to convert the apk so that I can install it as a "normal app"?
Best wishes,
Klaus
Click to expand...
Click to collapse
no root no party, however i think that its possible to root the phone over knox without count
to install system apk you can do in 3 ways
1.install normally by a file manager as normal apk but in this way you can only install ORIGINAL APK like official update NO MOD
2.copying the apk and maybe the odex in /system/app NEED ROOT
3.using clockworkmod NEED ROOT,or maybe using the stock samsung recovery need a flashable zip of your app
enjoy
AXD96 said:
no root no party, however i think that its possible to root the phone over knox without count
to install system apk you can do in 3 ways
1.install normally by a file manager as normal apk but in this way you can only install ORIGINAL APK like official update NO MOD
2.copying the apk and maybe the odex in /system/app NEED ROOT
3.using clockworkmod NEED ROOT,or maybe using the stock samsung recovery need a flashable zip of your app
enjoy
Click to expand...
Click to collapse
Thank you for your answer.
With my current firmware there is no known method to get root without knox=0x1.
If I develop my own app I can install it without problems. So, what exactly makes apps from system/app different?
How does Android know that I did not implement this App by myself?
Is there a way to further modify the app so that it looks like I implemented it by myself and install it then?
oclock said:
Thank you for your answer.
But if I develop my own app I can install it without problems.
So, what exactly makes apps from system/app different?
How does Android know that I did not implement this App by myself?
Is there a way to further modify the app so that it looks like I implemented it by myself and install it then?
Click to expand...
Click to collapse
Android expects applications installed by opening the APK to be signed.
It's quite easy to sign them with a generic certificate: but when apps are updated both the old (in /system) and the new version must be signed with the same one.
(Extreme problems lead to extreme solutions: if you need Samsung service, flash a bad bootloader so that's permanently bricked and doesn't even get to Odin...)
Ryccardo said:
Android expects applications installed by opening the APK to be signed.
It's quite easy to sign them with a generic certificate: but when apps are updated both the old (in /system) and the new version must be signed with the same one.
Click to expand...
Click to collapse
Thank you for the explanation and thank you for the hint
But how does Android know that I am trying to Update an already existing app? Is it just because of the class names of the MainActivity? Is it possible to refactor the app, so that it looks like a brand new app?
oclock said:
Thank you for the explanation and thank you for the hint
But how does Android know that I am trying to Update an already existing app? Is it just because of the class names of the MainActivity? Is it possible to refactor the app, so that it looks like a brand new app?
Click to expand...
Click to collapse
I believe, but have never tried, that it goes by the package ID
Ryccardo said:
I believe, but have never tried, that it goes by the package ID
Click to expand...
Click to collapse
It seems to be the correct way. However, something seems to be odd:
I the log I get the following:
12-29 23:47:03.981: E/AndroidRuntime(27444): java.lang.RuntimeException: Unable to resume activity {com.sec.android.app.cameraoc/com.sec.android.app.camera.Camera}: java.lang.SecurityException: Requires SET_ANIMATION_SCALE permission
However, this permission is set in the AndroidManifest.xml file:
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.sec.android.app.cameraoc">
<uses-permission android:name="android.permission.CAMERA"/>
[...]
<uses-permission android:name="android.permission.SET_ANIMATION_SCALE"/>
[...]
Do you have any ideas why this permission isn´t recognized?
oclock said:
Thank you for your answer.
With my current firmware there is no known method to get root without knox=0x1.
If I develop my own app I can install it without problems. So, what exactly makes apps from system/app different?
How does Android know that I did not implement this App by myself?
Is there a way to further modify the app so that it looks like I implemented it by myself and install it then?
Click to expand...
Click to collapse
dont said me thanks, just click the thanks button on the left of message
no you can't
every APK has got a signature when you modify an apk or the mali code the signature became invalid so you cant install that apk anymore until you sign again the apk
if the signature is different you cant install system apk when you has already installed an app with the same packace address
else if the signature is the same (only the author of the app has got the original key of signature) you can install it
there is a critical bug in android until 4.2.2 version, the MASTERKEY BUG
google fix it in android 4.3
i got root with this bug using cydia impactor
with this bug/exploit you was able to modify system partition bypassing signature protection and then get root so you was able to have full access to your phone
---------- Post added at 01:16 PM ---------- Previous post was at 01:12 PM ----------
oclock said:
It seems to be the correct way. However, something seems to be odd:
I the log I get the following:
12-29 23:47:03.981: E/AndroidRuntime(27444): java.lang.RuntimeException: Unable to resume activity {com.sec.android.app.cameraoc/com.sec.android.app.camera.Camera}: java.lang.SecurityException: Requires SET_ANIMATION_SCALE permission
However, this permission is set in the AndroidManifest.xml file:
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.sec.android.app.cameraoc">
<uses-permission android:name="android.permission.CAMERA"/>
[...]
<uses-permission android:name="android.permission.SET_ANIMATION_SCALE"/>
[...]
Click to expand...
Click to collapse
where did you find the log?
AXD96 said:
dont said me thanks, just click the thanks button on the left of message
no you can't
every APK has got a signature when you modify an apk or the mali code the signature became invalid so you cant install that apk anymore until you sign again the apk
if the signature is different you cant install system apk when you has already installed an app with the same packace address
else if the signature is the same (only the author of the app has got the original key of signature) you can install it
Click to expand...
Click to collapse
OK. This was already made clear some posts above. My new question was: Can I change the signature to install it as a "new" app.
I tried it out by myself. I modified the manifest file to change the android package name from "com.sec.android.app.camera" to "com.sec.android.app.cameraoc". The java package is unchanged.
With this modification i could install the app without any problems, but I get a permission exception, when I try to execute the App:
12-29 23:47:03.981: E/AndroidRuntime(27444): java.lang.RuntimeException: Unable to resume activity {com.sec.android.app.cameraoc/com.sec.android.app.camera.Camera}: java.lang.SecurityException: Requires SET_ANIMATION_SCALE permission
However, this permission is set in the AndroidManifest.xml file:
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.sec.android.app.cameraoc">
<uses-permission android:name="android.permission.CAMERA"/>
[...]
<uses-permission android:name="android.permission.SET_ANIMATION_SCA LE"/>
[...]
So, i do not understand why I get this Exception. Do you have any ideas?
Klaus
I got the exact same issue when modding the S5's camera apk. The trick is to open your original apk with an archive manager and only replace the classes.dex and resources.arsc. I then copied the apk to /system/app/ and after a reboot I could successfully launch the camera.
More details about hacking system apk's can be found here: https://code.google.com/p/android-apktool/wiki/FAQ (My recompiled apk Force Closes (FCs). What gives?)
Hi,
Has anyone managed to implement XPOSED framework into a ROM including the library?
The steps I've done so far.
1. Include Xposed Installer as a 'preinstall app in custom ROM
Add to /system/app or /system/preinstall(but also need to add service preinstall to init.rc in boot.img if the device don't already have a script like that).
2. Replace /system/bin/app_process with the one in the Xposed Installer.apk file and change the user right correctly on the file to what it was.
3. Xposed gets installed to /data/data/*de*xposed*/ and you need to either replace that whole folder or add XposedBrige.jar from Xposed Installer.apk to /data/data/*de*xposed*/bin
Unfortunately all the files need certain permisions and ownerships like user/group u8_a57 like that and in Linux you can't give ownership rights like that to a file.
Then you need to create a boot script in your ROM to chown u8_a57:u8_a57 / data/data/*de*xposed*/bin/XposedBridge.jar or for all the other files.
Unfortunately when you open Xposed Installer app it still show the XposedBridge.jar file is not active, the app_process file shows active.
This is where I get stuck and noone seems to be able to help.
The creator of Xposed framework also can't be contacted on XDA forum.
Maybe someone will read this and be able to help further.