Please take some time to read patiently everything. As always i`m not responsable for any damage that you do to your device.
Hello guys, i want to share some info with you. As recognised devs say from time to time, we just need to think outside the box, everything is there for us to read/learn. I`m gonna debate in this post 3 issues that i had and the workaround for them:
1. OMC code changing wants to wipe data..
But who will agree to that without a fair fight? I investigated the frameworks and found out that samsung sets country code to use from the mcc/mnc of the sim card inserted. Inside efs/imei should be a country code file named mps_code.dat, which it contains some code. Usually at the first boot framework is creating a new file in there named omcnw_code.dat containing sim card code.. After booting, it compares both files mps_code.dat and omcnw_code.dat and if the string inside doesn`t match, it prompts for a reboot to apply the country or reboot to factory reset to use new sim. Now, if you don`t have stock recovery to securely perform the wipe, you`ll probably end in bootloop. First time i ended in bootloop because of twrp, second time i mounted efs from twrp and manually changed the mps_code.dat according to sim country. Booted up and all just was ok, without the wipe that samsung added.
Therefore i tried to make a method inside SystemServer.smali (services.jar/smali/com/android/servers) that loads at boot, looks for the omcnw and if it`s found, it will delete mps_code.dat and rename omcnw_code.dat to mps_code.dat, so you won`t feel the change but also no more wipe prompt.
Under the # direct methods, anywhere after .method public constructor <init>()V i added this method:
Code:
.method private static deleteOmcnw()V
.locals 5
const-string/jumbo v2, "/efs/imei/omcnw_code.dat"
const-string/jumbo v3, "/efs/imei/mps_code.dat"
new-instance v0, Ljava/io/File;
invoke-direct {v0, v2}, Ljava/io/File;-><init>(Ljava/lang/String;)V
if-eqz v0, :cond_0
invoke-virtual {v0}, Ljava/io/File;->exists()Z
move-result v1
if-eqz v1, :cond_0
new-instance v1, Ljava/io/File;
invoke-direct {v1, v3}, Ljava/io/File;-><init>(Ljava/lang/String;)V
if-eqz v1, :cond_0
invoke-virtual {v1}, Ljava/io/File;->exists()Z
move-result v4
if-eqz v4, :cond_0
invoke-virtual {v1}, Ljava/io/File;->delete()Z
invoke-virtual {v0, v1}, Ljava/io/File;->renameTo(Ljava/io/File;)Z
:goto_0
return-void
:cond_0
const-string/jumbo v0, [COLOR="Blue"]"omcnw"[/COLOR]
const-string/jumbo v1, [COLOR="Blue"]"Some log lines, blah blah blah"[/COLOR]
invoke-static {v0, v1}, Lcom/android/server/utils/sysfwutil/Slog;->e(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_0
.end method
And ofc now we need an invoke for this method.
I added it in .method private run()V after loading libandroid_servers
Code:
invoke-static {v0}, Landroid/os/Process;->setCanSelfBackground(Z)V
invoke-static {}, Landroid/os/Looper;->prepareMainLooper()V
const-string/jumbo v0, "android_servers"
invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
[COLOR="Blue"]invoke-static {}, Lcom/android/server/SystemServer;->deleteOmcnw()V[/COLOR]
invoke-direct {p0}, Lcom/android/server/SystemServer;->performPendingShutdown()V
invoke-direct {p0}, Lcom/android/server/SystemServer;->createSystemContext()V
new-instance v0, Lcom/android/server/SystemServiceManager;
After this, no more prompt about wipe to use the sim.
2. OMC is a pain when it comes to add features..
I wanted to add csc features but either omc was encrypted (which has a solution now), or either way too many xmls to edit.. Investigated a bit SemCscFeature.smali (framework.jar/smali_classes3/samsung/android/feature) and gave me an idea that actually worked.
The point was to duplicate loadNetworkFeatureFile method, rename it, point it to certain location where we will add a single xml file containing all the features we want and add the invoke right after loadNetworkFeatureFile invoke. By doing this, doesn`t matter what csc is loaded, the system will load our custom xml too. Less time to add features, cleaner way to load, and it doesn`t even need to decrypt omc. And by using a duplicate of loadNetworkFeatureFile we can encrypt our xml too .
I`m gonna post my methods too, might be a bit sloppy code, i lost myself inside of it, but as long as it does what it`s supposed, doesn`t matter anymore :laugh:
Gonna hide the method as it is a long one
Code:
.method private loadHadesFeatureFile(ZLjava/lang/String;)V
.locals 24
const/16 v16, 0x0
const/4 v12, 0x0
const/4 v14, 0x0
const/4 v7, -0x1
const/4 v2, 0x0
const/4 v3, 0x0
const/4 v10, 0x0
[COLOR="Blue"]const-string/jumbo v10, "/system/etc" # custom xml path here[/COLOR]
:try_start_0
new-instance v11, Ljava/io/File;
new-instance v20, Ljava/lang/StringBuilder;
invoke-direct/range {v20 .. v20}, Ljava/lang/StringBuilder;-><init>()V
move-object/from16 v0, v20
invoke-virtual {v0, v10}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v20
[COLOR="Blue"]const-string/jumbo v21, "/hades.xml" # custom xml name here[/COLOR]
invoke-virtual/range {v20 .. v21}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v20
invoke-virtual/range {v20 .. v20}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v20
move-object/from16 v0, v20
invoke-direct {v11, v0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
invoke-virtual {v11}, Ljava/io/File;->exists()Z
move-result v20
if-eqz v20, :cond_0
invoke-virtual {v11}, Ljava/io/File;->length()J
move-result-wide v20
const-wide/16 v22, 0x0
cmp-long v20, v20, v22
if-gtz v20, :cond_1
:cond_0
return-void
:cond_1
invoke-static {}, Lorg/xmlpull/v1/XmlPullParserFactory;->newInstance()Lorg/xmlpull/v1/XmlPullParserFactory;
move-result-object v9
const/16 v20, 0x1
move/from16 v0, v20
invoke-virtual {v9, v0}, Lorg/xmlpull/v1/XmlPullParserFactory;->setNamespaceAware(Z)V
invoke-virtual {v9}, Lorg/xmlpull/v1/XmlPullParserFactory;->newPullParser()Lorg/xmlpull/v1/XmlPullParser;
move-result-object v16
new-instance v13, Ljava/io/FileInputStream;
invoke-direct {v13, v11}, Ljava/io/FileInputStream;-><init>(Ljava/io/File;)V
:try_end_0
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_0 .. :try_end_0} :catch_b
.catch Ljava/io/FileNotFoundException; {:try_start_0 .. :try_end_0} :catch_d
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_f
.catchall {:try_start_0 .. :try_end_0} :catchall_1
:try_start_1
move-object/from16 v0, p0
invoke-direct {v0, v11}, Lcom/samsung/android/feature/SemCscFeature;->isXmlEncoded(Ljava/io/File;)Z
move-result v20
if-eqz v20, :cond_3
invoke-virtual {v13}, Ljava/io/FileInputStream;->available()I
move-result v18
move/from16 v0, v18
new-array v0, v0, [B
move-object/from16 v19, v0
move-object/from16 v0, v19
invoke-virtual {v13, v0}, Ljava/io/FileInputStream;->read([B)I
invoke-virtual {v13}, Ljava/io/FileInputStream;->close()V
move-object/from16 v0, p0
move-object/from16 v1, v19
invoke-direct {v0, v1}, Lcom/samsung/android/feature/SemCscFeature;->decode([B)[B
move-result-object v17
new-instance v15, Ljava/io/ByteArrayInputStream;
move-object/from16 v0, v17
invoke-direct {v15, v0}, Ljava/io/ByteArrayInputStream;-><init>([B)V
:try_end_1
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_1 .. :try_end_1} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_1 .. :try_end_1} :catch_2
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_5
.catchall {:try_start_1 .. :try_end_1} :catchall_0
const/16 v20, 0x0
:try_start_2
move-object/from16 v0, v16
move-object/from16 v1, v20
invoke-interface {v0, v15, v1}, Lorg/xmlpull/v1/XmlPullParser;->setInput(Ljava/io/InputStream;Ljava/lang/String;)V
:try_end_2
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_2 .. :try_end_2} :catch_c
.catch Ljava/io/FileNotFoundException; {:try_start_2 .. :try_end_2} :catch_e
.catch Ljava/io/IOException; {:try_start_2 .. :try_end_2} :catch_10
.catchall {:try_start_2 .. :try_end_2} :catchall_2
move-object v14, v15
:goto_0
:try_start_3
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->getEventType()I
move-result v7
:goto_1
const/16 v20, 0x1
move/from16 v0, v20
if-eq v7, v0, :cond_c
const/16 v20, 0x2
move/from16 v0, v20
if-ne v7, v0, :cond_6
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->getName()Ljava/lang/String;
:try_end_3
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_3 .. :try_end_3} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_3 .. :try_end_3} :catch_2
.catch Ljava/io/IOException; {:try_start_3 .. :try_end_3} :catch_5
.catchall {:try_start_3 .. :try_end_3} :catchall_0
move-result-object v2
:cond_2
:goto_2
:try_start_4
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->next()I
:try_end_4
.catch Ljava/io/IOException; {:try_start_4 .. :try_end_4} :catch_7
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_4 .. :try_end_4} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_4 .. :try_end_4} :catch_2
.catchall {:try_start_4 .. :try_end_4} :catchall_0
move-result v7
goto :goto_1
:cond_3
const/16 v20, 0x0
:try_start_5
move-object/from16 v0, v16
move-object/from16 v1, v20
invoke-interface {v0, v13, v1}, Lorg/xmlpull/v1/XmlPullParser;->setInput(Ljava/io/InputStream;Ljava/lang/String;)V
:try_end_5
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_5 .. :try_end_5} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_5 .. :try_end_5} :catch_2
.catch Ljava/io/IOException; {:try_start_5 .. :try_end_5} :catch_5
.catchall {:try_start_5 .. :try_end_5} :catchall_0
goto :goto_0
:catch_0
move-exception v6
move-object v12, v13
:goto_3
:try_start_6
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v6}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_6
.catchall {:try_start_6 .. :try_end_6} :catchall_1
if-eqz v12, :cond_4
:try_start_7
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_4
if-eqz v14, :cond_5
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_7
.catch Ljava/io/IOException; {:try_start_7 .. :try_end_7} :catch_9
:goto_4
const/4 v14, 0x0
:cond_5
:goto_5
return-void
:cond_6
const/16 v20, 0x4
move/from16 v0, v20
if-ne v7, v0, :cond_2
:try_start_8
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->getText()Ljava/lang/String;
move-result-object v3
if-eqz v2, :cond_2
if-eqz v3, :cond_2
move-object/from16 v0, p0
iget-object v0, v0, Lcom/samsung/android/feature/SemCscFeature;->mFeatureList:Ljava/util/Hashtable;
move-object/from16 v20, v0
move-object/from16 v0, v20
invoke-virtual {v0, v2}, Ljava/util/Hashtable;->containsKey(Ljava/lang/Object;)Z
:try_end_8
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_8 .. :try_end_8} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_8 .. :try_end_8} :catch_2
.catch Ljava/io/IOException; {:try_start_8 .. :try_end_8} :catch_5
.catchall {:try_start_8 .. :try_end_8} :catchall_0
move-result v20
if-eqz v20, :cond_8
:try_start_9
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->next()I
:try_end_9
.catch Ljava/io/IOException; {:try_start_9 .. :try_end_9} :catch_1
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_9 .. :try_end_9} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_9 .. :try_end_9} :catch_2
.catchall {:try_start_9 .. :try_end_9} :catchall_0
move-result v7
goto :goto_1
:catch_1
move-exception v5
:try_start_a
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_a
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_a .. :try_end_a} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_a .. :try_end_a} :catch_2
.catch Ljava/io/IOException; {:try_start_a .. :try_end_a} :catch_5
.catchall {:try_start_a .. :try_end_a} :catchall_0
goto :goto_1
:catch_2
move-exception v4
move-object v12, v13
:goto_6
:try_start_b
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v4}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_b
.catchall {:try_start_b .. :try_end_b} :catchall_1
if-eqz v12, :cond_7
:try_start_c
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_7
if-eqz v14, :cond_5
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_c
.catch Ljava/io/IOException; {:try_start_c .. :try_end_c} :catch_3
goto :goto_4
:catch_3
move-exception v5
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_5
:cond_8
:try_start_d
invoke-virtual {v3}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v3
move-object/from16 v0, p0
iget-object v0, v0, Lcom/samsung/android/feature/SemCscFeature;->mFeatureList:Ljava/util/Hashtable;
move-object/from16 v20, v0
move-object/from16 v0, v20
invoke-virtual {v0, v2, v3}, Ljava/util/Hashtable;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
:try_end_d
.catch Ljava/lang/Exception; {:try_start_d .. :try_end_d} :catch_4
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_d .. :try_end_d} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_d .. :try_end_d} :catch_2
.catch Ljava/io/IOException; {:try_start_d .. :try_end_d} :catch_5
.catchall {:try_start_d .. :try_end_d} :catchall_0
goto/16 :goto_2
:catch_4
move-exception v8
:try_start_e
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v8}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_e
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_e .. :try_end_e} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_e .. :try_end_e} :catch_2
.catch Ljava/io/IOException; {:try_start_e .. :try_end_e} :catch_5
.catchall {:try_start_e .. :try_end_e} :catchall_0
goto/16 :goto_2
:catch_5
move-exception v5
move-object v12, v13
:goto_7
:try_start_f
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_f
.catchall {:try_start_f .. :try_end_f} :catchall_1
if-eqz v12, :cond_9
:try_start_10
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_9
if-eqz v14, :cond_5
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_10
.catch Ljava/io/IOException; {:try_start_10 .. :try_end_10} :catch_6
goto/16 :goto_4
:catch_6
move-exception v5
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto/16 :goto_5
:catch_7
move-exception v5
:try_start_11
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_11
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_11 .. :try_end_11} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_11 .. :try_end_11} :catch_2
.catch Ljava/io/IOException; {:try_start_11 .. :try_end_11} :catch_5
.catchall {:try_start_11 .. :try_end_11} :catchall_0
goto/16 :goto_1
:catchall_0
move-exception v20
move-object v12, v13
:goto_8
if-eqz v12, :cond_a
:try_start_12
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_a
if-eqz v14, :cond_b
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_12
.catch Ljava/io/IOException; {:try_start_12 .. :try_end_12} :catch_a
const/4 v14, 0x0
:cond_b
:goto_9
throw v20
:cond_c
if-eqz v13, :cond_d
:try_start_13
invoke-virtual {v13}, Ljava/io/FileInputStream;->close()V
:try_end_13
.catch Ljava/io/IOException; {:try_start_13 .. :try_end_13} :catch_11
const/4 v12, 0x0
:goto_a
if-eqz v14, :cond_5
:try_start_14
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_14
.catch Ljava/io/IOException; {:try_start_14 .. :try_end_14} :catch_8
goto/16 :goto_4
:catch_8
move-exception v5
:goto_b
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto/16 :goto_5
:catch_9
move-exception v5
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto/16 :goto_5
:catch_a
move-exception v5
const-string/jumbo v21, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v22
invoke-static/range {v21 .. v22}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_9
:catchall_1
move-exception v20
goto :goto_8
:catchall_2
move-exception v20
move-object v14, v15
move-object v12, v13
goto :goto_8
:catch_b
move-exception v6
goto/16 :goto_3
:catch_c
move-exception v6
move-object v14, v15
move-object v12, v13
goto/16 :goto_3
:catch_d
move-exception v4
goto/16 :goto_6
:catch_e
move-exception v4
move-object v14, v15
move-object v12, v13
goto/16 :goto_6
:catch_f
move-exception v5
goto/16 :goto_7
:catch_10
move-exception v5
move-object v14, v15
move-object v12, v13
goto/16 :goto_7
:catch_11
move-exception v5
move-object v12, v13
goto :goto_b
:cond_d
move-object v12, v13
goto :goto_a
.end method
And the invoke:
Code:
...
invoke-direct {p0, v2, v4}, Lcom/samsung/android/feature/SemCscFeature;->loadFeatureFile(ZLjava/lang/String;)Z
move-result v5
if-eqz v5, :cond_1
invoke-direct {p0, v2, v3}, Lcom/samsung/android/feature/SemCscFeature;->loadNetworkFeatureFile(ZLjava/lang/String;)V
[COLOR="Blue"]invoke-direct {p0, v2, v3}, Lcom/samsung/android/feature/SemCscFeature;->loadHadesFeatureFile(ZLjava/lang/String;)V[/COLOR]
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
...
The code can be simplified, i didn`t bothered to do that, feel free to manipulate it in which way you want.
3. Use ODM instead of OMC/CSC in Oreo
From S9 Samsung introduced a new kind of omc, ODM, which needs its own partition and needs to be loaded from fstab/dts. We can add it to non ODM devices with a pretty simple and clean workaround.
Inside ramdisk, in init.rc file (all the devices should have that), i found this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
Following this we can make it work just like this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
[color="Blue"] symlink /system/odm /odm[/color]
By unpacking odm partition content inside a folder from system and creating the symlink from above at boot, rom will load odm as it has the partition.
Hope these tips will help someone in the future of custom roms with more features.
I will attach to this thread my modified smalis from one of my roms, i tried these methods on 7.1.1, but the idea is the same for oreo too, code might be slighlty different.
All the best :fingers-crossed:
Nice you decided to share this. Hope csc mod for devs will be easier now
Nice work, but I prefer to use xposed to hook these methods.
Interesting thoughts :good: Thanks
I am not an opponent of your method - I just wanted to show another possibility which does not require "touching" framework to achieve goal, maybe it will be helpful for someone
Personally I prefer to do the job by the installer. My installer matches all entries in files in /efs/imei automatically during install. Also - it matches last 3 characters in prodcode.dat to current or new (forced) CSC
Example from my DevBase (where $1 - CSC to set or match, $2 (optional - temporary location with new omc content extracted from sec_omc.zip or only just unencrypted XMLs to replace)
Code:
set_csc() {
local NV_MPS=
local NV_OMC=
local NV_OMC2=
local UMOUNT=false
local OMC=/odm/omc
if [ -z "$1" ] ; then return ; fi
if [ ! -d $OMC ] ; then OMC=/system/omc ; fi
if [ -d $2$OMC ] ; then
# modify /efs only if there is no other way
if (! is_mounted /efs) ; then
mkdir -p /efs
mount -t ext4 $EFS /efs
UMOUNT=true
elif (! is_mounted /efs rw) ; then
mount -o rw,remount /efs
fi
NV_MPS=$(cat /efs/imei/mps_code.dat)
NV_OMC=$(cat /efs/imei/omcnw_code.dat)
NV_OMC2=$(cat /efs/imei/omcnw_code2.dat)
if [ ! -z "$NV_MPS" ] && [ "$NV_MPS" != "$1" ] ; then
sed -i "s/$NV_MPS/$1/g" /efs/imei/mps_code.dat
cat /efs/imei/prodcode.dat 2>/dev/null | grep "$NV_MPS$" >/dev/null && sed -i "s/$NV_MPS$/$1/g" /efs/imei/prodcode.dat
fi
if [ ! -z "$NV_OMC" ] && [ "$NV_OMC" != "$1" ] ; then
sed -i "s/$NV_OMC/$1/g" /efs/imei/omcnw_code.dat
cat /efs/imei/prodcode.dat 2>/dev/null | grep "$NV_OMC$" >/dev/null && sed -i "s/$NV_OMC$/$1/g" /efs/imei/prodcode.dat
fi
if [ ! -z "$NV_OMC2" ] && [ "$NV_OMC2" != "$1" ] ; then
sed -i "s/$NV_OMC2/$1/g" /efs/imei/omcnw_code2.dat
cat /efs/imei/prodcode.dat 2>/dev/null | grep "$NV_OMC2$" >/dev/null && sed -i "s/$NV_OMC2$/$1/g" /efs/imei/prodcode.dat
fi
sync
($UMOUNT) && umount /efs
if [ ! -z "$2" ] ; then
find $2/odm -type f ! -name cscfeature*.xml -delete # replace only encrypted XMLs in /odm/omc
mkdir $OMC && set_perm 0 0 751 $OMC
set_perm_rec 0 0 755 644 $2$OMC
cp -af $2$OMC/* $OMC
rm -Rf $2
fi
# cosmetic action, the file below does not really matter
echo $1 > $OMC/sales_code.dat
set_perm 0 0 644 $OMC/sales_code.dat
elif [ -d $2/system/csc ] ; then
if [ ! -z "$2" ] ; then
set_perm_rec 0 0 755 644 $2/system
cp -af $2/system/* /system
rm -Rf $2
fi
cp -af /system/csc/common/system/* /system
cp -af /system/csc/$1/system/* /system
ln -sf /system/csc/$1/csc_contents /system/csc_contents
else
return 1
fi
return 0
}
Above works in N8 and also in S9(+) where CSC path has been changed to /odm/omc
corsicanu said:
[...]
2. OMC is a pain when it comes to add features..
I wanted to add csc features but either omc was encrypted (which has a solution now), or either way too many xmls to edit.. [...]
Click to expand...
Click to collapse
In point 2 you showed really interesting alternative of editing cscfeature.xml, but I do not agree that it is a pain because we need to edit "many xmls".
It is enough to edit only one file on the fly by the installer, depending on device it is /system/omc/{current_csc}/cscfeature.xml or /odm/omc/{current_csc}/conf/cscfeature.xml
Anyway, the advantage of your method is that we do not need to touch original CSC content at all, so I think many Devs will prefer your way :good:
Well done mate!
3. Use ODM instead of OMC/CSC in Oreo
From S9 Samsung introduced a new kind of omc, ODM, which needs its own partition and needs to be loaded from fstab/dts. We can add it to non ODM devices with a pretty simple and clean workaround.
Inside ramdisk, in init.rc file (all the devices should have that), i found this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
Following this we can make it work just like this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
[color="Blue"] symlink /system/odm /odm[/color]
By unpacking odm partition content inside a folder from system and creating the symlink from above at boot, rom will load odm as it has the partition.
Updated first post as well :fingers-crossed:
corsicanu said:
Please take some time to read patiently everything. As always i`m not responsable for any damage that you do to your device.
Hello guys, i want to share some info with you. As recognised devs say from time to time, we just need to think outside the box, everything is there for us to read/learn. I`m gonna debate in this post 3 issues that i had and the workaround for them:
1. OMC code changing wants to wipe data..
But who will agree to that without a fair fight? I investigated the frameworks and found out that samsung sets country code to use from the mcc/mnc of the sim card inserted. Inside efs/imei should be a country code file named mps_code.dat, which it contains some code. Usually at the first boot framework is creating a new file in there named omcnw_code.dat containing sim card code.. After booting, it compares both files mps_code.dat and omcnw_code.dat and if the string inside doesn`t match, it prompts for a reboot to apply the country or reboot to factory reset to use new sim. Now, if you don`t have stock recovery to securely perform the wipe, you`ll probably end in bootloop. First time i ended in bootloop because of twrp, second time i mounted efs from twrp and manually changed the mps_code.dat according to sim country. Booted up and all just was ok, without the wipe that samsung added.
Therefore i tried to make a method inside SystemServer.smali (services.jar/smali/com/android/servers) that loads at boot, looks for the omcnw and if it`s found, it will delete mps_code.dat and rename omcnw_code.dat to mps_code.dat, so you won`t feel the change but also no more wipe prompt.
Under the # direct methods, anywhere after .method public constructor <init>()V i added this method:
Code:
.method private static deleteOmcnw()V
.locals 5
const-string/jumbo v2, "/efs/imei/omcnw_code.dat"
const-string/jumbo v3, "/efs/imei/mps_code.dat"
new-instance v0, Ljava/io/File;
invoke-direct {v0, v2}, Ljava/io/File;-><init>(Ljava/lang/String;)V
if-eqz v0, :cond_0
invoke-virtual {v0}, Ljava/io/File;->exists()Z
move-result v1
if-eqz v1, :cond_0
new-instance v1, Ljava/io/File;
invoke-direct {v1, v3}, Ljava/io/File;-><init>(Ljava/lang/String;)V
if-eqz v1, :cond_0
invoke-virtual {v1}, Ljava/io/File;->exists()Z
move-result v4
if-eqz v4, :cond_0
invoke-virtual {v1}, Ljava/io/File;->delete()Z
invoke-virtual {v0, v1}, Ljava/io/File;->renameTo(Ljava/io/File;)Z
:goto_0
return-void
:cond_0
const-string/jumbo v0, [COLOR="Blue"]"omcnw"[/COLOR]
const-string/jumbo v1, [COLOR="Blue"]"Some log lines, blah blah blah"[/COLOR]
invoke-static {v0, v1}, Lcom/android/server/utils/sysfwutil/Slog;->e(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_0
.end method
And ofc now we need an invoke for this method.
I added it in .method private run()V after loading libandroid_servers
Code:
invoke-static {v0}, Landroid/os/Process;->setCanSelfBackground(Z)V
invoke-static {}, Landroid/os/Looper;->prepareMainLooper()V
const-string/jumbo v0, "android_servers"
invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
[COLOR="Blue"]invoke-static {}, Lcom/android/server/SystemServer;->deleteOmcnw()V[/COLOR]
invoke-direct {p0}, Lcom/android/server/SystemServer;->performPendingShutdown()V
invoke-direct {p0}, Lcom/android/server/SystemServer;->createSystemContext()V
new-instance v0, Lcom/android/server/SystemServiceManager;
After this, no more prompt about wipe to use the sim.
2. OMC is a pain when it comes to add features..
I wanted to add csc features but either omc was encrypted (which has a solution now), or either way too many xmls to edit.. Investigated a bit SemCscFeature.smali (framework.jar/smali_classes3/samsung/android/feature) and gave me an idea that actually worked.
The point was to duplicate loadNetworkFeatureFile method, rename it, point it to certain location where we will add a single xml file containing all the features we want and add the invoke right after loadNetworkFeatureFile invoke. By doing this, doesn`t matter what csc is loaded, the system will load our custom xml too. Less time to add features, cleaner way to load, and it doesn`t even need to decrypt omc. And by using a duplicate of loadNetworkFeatureFile we can encrypt our xml too .
I`m gonna post my methods too, might be a bit sloppy code, i lost myself inside of it, but as long as it does what it`s supposed, doesn`t matter anymore :laugh:
Gonna hide the method as it is a long one
Code:
.method private loadHadesFeatureFile(ZLjava/lang/String;)V
.locals 24
const/16 v16, 0x0
const/4 v12, 0x0
const/4 v14, 0x0
const/4 v7, -0x1
const/4 v2, 0x0
const/4 v3, 0x0
const/4 v10, 0x0
[COLOR="Blue"]const-string/jumbo v10, "/system/etc" # custom xml path here[/COLOR]
:try_start_0
new-instance v11, Ljava/io/File;
new-instance v20, Ljava/lang/StringBuilder;
invoke-direct/range {v20 .. v20}, Ljava/lang/StringBuilder;-><init>()V
move-object/from16 v0, v20
invoke-virtual {v0, v10}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v20
[COLOR="Blue"]const-string/jumbo v21, "/hades.xml" # custom xml name here[/COLOR]
invoke-virtual/range {v20 .. v21}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v20
invoke-virtual/range {v20 .. v20}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v20
move-object/from16 v0, v20
invoke-direct {v11, v0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
invoke-virtual {v11}, Ljava/io/File;->exists()Z
move-result v20
if-eqz v20, :cond_0
invoke-virtual {v11}, Ljava/io/File;->length()J
move-result-wide v20
const-wide/16 v22, 0x0
cmp-long v20, v20, v22
if-gtz v20, :cond_1
:cond_0
return-void
:cond_1
invoke-static {}, Lorg/xmlpull/v1/XmlPullParserFactory;->newInstance()Lorg/xmlpull/v1/XmlPullParserFactory;
move-result-object v9
const/16 v20, 0x1
move/from16 v0, v20
invoke-virtual {v9, v0}, Lorg/xmlpull/v1/XmlPullParserFactory;->setNamespaceAware(Z)V
invoke-virtual {v9}, Lorg/xmlpull/v1/XmlPullParserFactory;->newPullParser()Lorg/xmlpull/v1/XmlPullParser;
move-result-object v16
new-instance v13, Ljava/io/FileInputStream;
invoke-direct {v13, v11}, Ljava/io/FileInputStream;-><init>(Ljava/io/File;)V
:try_end_0
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_0 .. :try_end_0} :catch_b
.catch Ljava/io/FileNotFoundException; {:try_start_0 .. :try_end_0} :catch_d
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_f
.catchall {:try_start_0 .. :try_end_0} :catchall_1
:try_start_1
move-object/from16 v0, p0
invoke-direct {v0, v11}, Lcom/samsung/android/feature/SemCscFeature;->isXmlEncoded(Ljava/io/File;)Z
move-result v20
if-eqz v20, :cond_3
invoke-virtual {v13}, Ljava/io/FileInputStream;->available()I
move-result v18
move/from16 v0, v18
new-array v0, v0, [B
move-object/from16 v19, v0
move-object/from16 v0, v19
invoke-virtual {v13, v0}, Ljava/io/FileInputStream;->read([B)I
invoke-virtual {v13}, Ljava/io/FileInputStream;->close()V
move-object/from16 v0, p0
move-object/from16 v1, v19
invoke-direct {v0, v1}, Lcom/samsung/android/feature/SemCscFeature;->decode([B)[B
move-result-object v17
new-instance v15, Ljava/io/ByteArrayInputStream;
move-object/from16 v0, v17
invoke-direct {v15, v0}, Ljava/io/ByteArrayInputStream;-><init>([B)V
:try_end_1
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_1 .. :try_end_1} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_1 .. :try_end_1} :catch_2
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_5
.catchall {:try_start_1 .. :try_end_1} :catchall_0
const/16 v20, 0x0
:try_start_2
move-object/from16 v0, v16
move-object/from16 v1, v20
invoke-interface {v0, v15, v1}, Lorg/xmlpull/v1/XmlPullParser;->setInput(Ljava/io/InputStream;Ljava/lang/String;)V
:try_end_2
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_2 .. :try_end_2} :catch_c
.catch Ljava/io/FileNotFoundException; {:try_start_2 .. :try_end_2} :catch_e
.catch Ljava/io/IOException; {:try_start_2 .. :try_end_2} :catch_10
.catchall {:try_start_2 .. :try_end_2} :catchall_2
move-object v14, v15
:goto_0
:try_start_3
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->getEventType()I
move-result v7
:goto_1
const/16 v20, 0x1
move/from16 v0, v20
if-eq v7, v0, :cond_c
const/16 v20, 0x2
move/from16 v0, v20
if-ne v7, v0, :cond_6
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->getName()Ljava/lang/String;
:try_end_3
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_3 .. :try_end_3} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_3 .. :try_end_3} :catch_2
.catch Ljava/io/IOException; {:try_start_3 .. :try_end_3} :catch_5
.catchall {:try_start_3 .. :try_end_3} :catchall_0
move-result-object v2
:cond_2
:goto_2
:try_start_4
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->next()I
:try_end_4
.catch Ljava/io/IOException; {:try_start_4 .. :try_end_4} :catch_7
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_4 .. :try_end_4} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_4 .. :try_end_4} :catch_2
.catchall {:try_start_4 .. :try_end_4} :catchall_0
move-result v7
goto :goto_1
:cond_3
const/16 v20, 0x0
:try_start_5
move-object/from16 v0, v16
move-object/from16 v1, v20
invoke-interface {v0, v13, v1}, Lorg/xmlpull/v1/XmlPullParser;->setInput(Ljava/io/InputStream;Ljava/lang/String;)V
:try_end_5
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_5 .. :try_end_5} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_5 .. :try_end_5} :catch_2
.catch Ljava/io/IOException; {:try_start_5 .. :try_end_5} :catch_5
.catchall {:try_start_5 .. :try_end_5} :catchall_0
goto :goto_0
:catch_0
move-exception v6
move-object v12, v13
:goto_3
:try_start_6
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v6}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_6
.catchall {:try_start_6 .. :try_end_6} :catchall_1
if-eqz v12, :cond_4
:try_start_7
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_4
if-eqz v14, :cond_5
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_7
.catch Ljava/io/IOException; {:try_start_7 .. :try_end_7} :catch_9
:goto_4
const/4 v14, 0x0
:cond_5
:goto_5
return-void
:cond_6
const/16 v20, 0x4
move/from16 v0, v20
if-ne v7, v0, :cond_2
:try_start_8
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->getText()Ljava/lang/String;
move-result-object v3
if-eqz v2, :cond_2
if-eqz v3, :cond_2
move-object/from16 v0, p0
iget-object v0, v0, Lcom/samsung/android/feature/SemCscFeature;->mFeatureList:Ljava/util/Hashtable;
move-object/from16 v20, v0
move-object/from16 v0, v20
invoke-virtual {v0, v2}, Ljava/util/Hashtable;->containsKey(Ljava/lang/Object;)Z
:try_end_8
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_8 .. :try_end_8} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_8 .. :try_end_8} :catch_2
.catch Ljava/io/IOException; {:try_start_8 .. :try_end_8} :catch_5
.catchall {:try_start_8 .. :try_end_8} :catchall_0
move-result v20
if-eqz v20, :cond_8
:try_start_9
invoke-interface/range {v16 .. v16}, Lorg/xmlpull/v1/XmlPullParser;->next()I
:try_end_9
.catch Ljava/io/IOException; {:try_start_9 .. :try_end_9} :catch_1
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_9 .. :try_end_9} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_9 .. :try_end_9} :catch_2
.catchall {:try_start_9 .. :try_end_9} :catchall_0
move-result v7
goto :goto_1
:catch_1
move-exception v5
:try_start_a
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_a
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_a .. :try_end_a} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_a .. :try_end_a} :catch_2
.catch Ljava/io/IOException; {:try_start_a .. :try_end_a} :catch_5
.catchall {:try_start_a .. :try_end_a} :catchall_0
goto :goto_1
:catch_2
move-exception v4
move-object v12, v13
:goto_6
:try_start_b
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v4}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_b
.catchall {:try_start_b .. :try_end_b} :catchall_1
if-eqz v12, :cond_7
:try_start_c
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_7
if-eqz v14, :cond_5
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_c
.catch Ljava/io/IOException; {:try_start_c .. :try_end_c} :catch_3
goto :goto_4
:catch_3
move-exception v5
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_5
:cond_8
:try_start_d
invoke-virtual {v3}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v3
move-object/from16 v0, p0
iget-object v0, v0, Lcom/samsung/android/feature/SemCscFeature;->mFeatureList:Ljava/util/Hashtable;
move-object/from16 v20, v0
move-object/from16 v0, v20
invoke-virtual {v0, v2, v3}, Ljava/util/Hashtable;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
:try_end_d
.catch Ljava/lang/Exception; {:try_start_d .. :try_end_d} :catch_4
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_d .. :try_end_d} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_d .. :try_end_d} :catch_2
.catch Ljava/io/IOException; {:try_start_d .. :try_end_d} :catch_5
.catchall {:try_start_d .. :try_end_d} :catchall_0
goto/16 :goto_2
:catch_4
move-exception v8
:try_start_e
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v8}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_e
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_e .. :try_end_e} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_e .. :try_end_e} :catch_2
.catch Ljava/io/IOException; {:try_start_e .. :try_end_e} :catch_5
.catchall {:try_start_e .. :try_end_e} :catchall_0
goto/16 :goto_2
:catch_5
move-exception v5
move-object v12, v13
:goto_7
:try_start_f
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_f
.catchall {:try_start_f .. :try_end_f} :catchall_1
if-eqz v12, :cond_9
:try_start_10
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_9
if-eqz v14, :cond_5
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_10
.catch Ljava/io/IOException; {:try_start_10 .. :try_end_10} :catch_6
goto/16 :goto_4
:catch_6
move-exception v5
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto/16 :goto_5
:catch_7
move-exception v5
:try_start_11
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_11
.catch Lorg/xmlpull/v1/XmlPullParserException; {:try_start_11 .. :try_end_11} :catch_0
.catch Ljava/io/FileNotFoundException; {:try_start_11 .. :try_end_11} :catch_2
.catch Ljava/io/IOException; {:try_start_11 .. :try_end_11} :catch_5
.catchall {:try_start_11 .. :try_end_11} :catchall_0
goto/16 :goto_1
:catchall_0
move-exception v20
move-object v12, v13
:goto_8
if-eqz v12, :cond_a
:try_start_12
invoke-virtual {v12}, Ljava/io/FileInputStream;->close()V
const/4 v12, 0x0
:cond_a
if-eqz v14, :cond_b
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_12
.catch Ljava/io/IOException; {:try_start_12 .. :try_end_12} :catch_a
const/4 v14, 0x0
:cond_b
:goto_9
throw v20
:cond_c
if-eqz v13, :cond_d
:try_start_13
invoke-virtual {v13}, Ljava/io/FileInputStream;->close()V
:try_end_13
.catch Ljava/io/IOException; {:try_start_13 .. :try_end_13} :catch_11
const/4 v12, 0x0
:goto_a
if-eqz v14, :cond_5
:try_start_14
invoke-virtual {v14}, Ljava/io/ByteArrayInputStream;->close()V
:try_end_14
.catch Ljava/io/IOException; {:try_start_14 .. :try_end_14} :catch_8
goto/16 :goto_4
:catch_8
move-exception v5
:goto_b
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto/16 :goto_5
:catch_9
move-exception v5
const-string/jumbo v20, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v21
invoke-static/range {v20 .. v21}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto/16 :goto_5
:catch_a
move-exception v5
const-string/jumbo v21, "SemCscFeature"
invoke-virtual {v5}, Ljava/lang/Throwable;->toString()Ljava/lang/String;
move-result-object v22
invoke-static/range {v21 .. v22}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_9
:catchall_1
move-exception v20
goto :goto_8
:catchall_2
move-exception v20
move-object v14, v15
move-object v12, v13
goto :goto_8
:catch_b
move-exception v6
goto/16 :goto_3
:catch_c
move-exception v6
move-object v14, v15
move-object v12, v13
goto/16 :goto_3
:catch_d
move-exception v4
goto/16 :goto_6
:catch_e
move-exception v4
move-object v14, v15
move-object v12, v13
goto/16 :goto_6
:catch_f
move-exception v5
goto/16 :goto_7
:catch_10
move-exception v5
move-object v14, v15
move-object v12, v13
goto/16 :goto_7
:catch_11
move-exception v5
move-object v12, v13
goto :goto_b
:cond_d
move-object v12, v13
goto :goto_a
.end method
And the invoke:
Code:
...
invoke-direct {p0, v2, v4}, Lcom/samsung/android/feature/SemCscFeature;->loadFeatureFile(ZLjava/lang/String;)Z
move-result v5
if-eqz v5, :cond_1
invoke-direct {p0, v2, v3}, Lcom/samsung/android/feature/SemCscFeature;->loadNetworkFeatureFile(ZLjava/lang/String;)V
[COLOR="Blue"]invoke-direct {p0, v2, v3}, Lcom/samsung/android/feature/SemCscFeature;->loadHadesFeatureFile(ZLjava/lang/String;)V[/COLOR]
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
...
The code can be simplified, i didn`t bothered to do that, feel free to manipulate it in which way you want.
3. Use ODM instead of OMC/CSC in Oreo
From S9 Samsung introduced a new kind of omc, ODM, which needs its own partition and needs to be loaded from fstab/dts. We can add it to non ODM devices with a pretty simple and clean workaround.
Inside ramdisk, in init.rc file (all the devices should have that), i found this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
Following this we can make it work just like this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
[color="Blue"] symlink /system/odm /odm[/color]
By unpacking odm partition content inside a folder from system and creating the symlink from above at boot, rom will load odm as it has the partition.
Hope these tips will help someone in the future of custom roms with more features.
I will attach to this thread my modified smalis from one of my roms, i tried these methods on 7.1.1, but the idea is the same for oreo too, code might be slighlty different.
All the best :fingers-crossed:
Click to expand...
Click to collapse
I believe this thread needs to be updated...????i followed your guide in oreo and i try to find the second smali SemCscFeature.smali (framework.jar/smali_classes3/samsung/android/feature)*but i dont seem to find it in framework.jar and smali_classes3/.....path you mentioned above.?
Giorgatzelos said:
I believe this thread needs to be updated...????i followed your guide in oreo and i try to find the second smali SemCscFeature.smali (framework.jar/smali_classes3/samsung/android/feature)*but i dont seem to find it in framework.jar and smali_classes3/.....path you mentioned above.?
Click to expand...
Click to collapse
Lol, I think your post needs to be updated!!
You quoted the OP......wow, scrolling for days.
Sent from my God Mode 8
louforgiveno said:
Lol, I think your post needs to be updated!!
You quoted the OP......wow, scrolling for days.
Sent from my God Mode 8
Click to expand...
Click to collapse
Thanx...
I still didnt find an answer to my question though..
Giorgatzelos said:
Thanx...
I still didnt find an answer to my question though..
Click to expand...
Click to collapse
Sorry, i'm still on Nougat....but in the past when i've followed guides and not found entry in the said path, i've sometimes found it in other paths.
Sent from my God Mode 8
i cant use it if u cant make a video please ?
3. Use ODM instead of OMC/CSC in Oreo
From S9 Samsung introduced a new kind of omc, ODM, which needs its own partition and needs to be loaded from fstab/dts. We can add it to non ODM devices with a pretty simple and clean workaround.
Inside ramdisk, in init.rc file (all the devices should have that), i found this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
Following this we can make it work just like this:
Code:
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
[color="Blue"] symlink /system/odm /odm[/color]
By unpacking odm partition content inside a folder from system and creating the symlink from above at boot, rom will load odm as it has the partition.[/QUOTE]
Hi,
How I'm a noob and having a problem flashing stock rom or custom rom using Odin... I'm getting the error Failed to mount /odm (invalid argument). Will this help the problem? if yes, can you give me a step by step instruction on how to fix the odm. How do you unpack the odm partition content?
I'm sorry... I didn't read the header. Just ignore my message. I'm just so desperarate on fixing the "failed to mount /odm (inavlid argument). I'm really sorry!
Thank you nwei.
Related
Decompiled the APK using Brut.alll APK tool and just thought I would share for anyone wants to shift through the codes and commands.
They basically flag the system and kick into recovery to start the unlock process but have a look yourself.
Brut.alll APK Tool: http://code.google.com/p/android-apktool/
Not sure if this will be useful for the original Transformer as Asus stated that this works with ICS only, being the original transformer does not have ICS the bootloader may not be able to handle the steps should someone figure it out.
For anyone who would prefer to look at the code as java, here is a .jar created from the .dex with .class files. This would be in place of the .smali files.
Is it worth waiting for something to come of this? Like could this be reverse engineered to exclude the communication to asus about your serials?
What is different with this app and the asus app ???
Nothing is different, it's just the apk reverse engineered so it is "viewable" (read modifiable) by our devs. Hopefully the devs can come up with something to unlock the bootloader and prevent your warranty from being voided (or come up with a way to relock the bootloader should warranty issues come up).
thanks, but no need to post this... people who needed this allready done that...
also this should not be under development.
also you misunderstood what it does... but keep reading im sure you will find out what it does exactly some day
there is a big process before it even does anything to your phone except of reading and transferring info/data
sparkym3 said:
For anyone who would prefer to look at the code as java, here is a .jar created from the .dex with .class files. This would be in place of the .smali files.
Click to expand...
Click to collapse
Perfect thanks saved me an extra step, I was going to do this anyhow.
Hawkysoft said:
also this should not be under development.
also you misunderstood what it does... but keep reading im sure you will find out what it does exactly some day
there is a big process before it even does anything to your phone except of reading and transferring info/data
Click to expand...
Click to collapse
Sorry about the wrong section and if anyone needs this moved please do so. I understand the process is more then just the flag but I haven't been able to read through all of the code yet (damn work) but it is good practice.
But if you have any great information to share from your end please do so, it always great to spread knowledge (even is some of the info is repeatable info more advanced users) because it help inspire other great minds.
But i understand where your coming from as well. Cheers!
**Update**
It think I see the area you are talking about now, looks like your tablet goes through a registration process with Asus before the flag is kicked on. Still looking if they hand off a code but they probably flag your device in their system as unlocked for warranty reasons as well.
The magic happens in: UnLockFlagAndReboot.smali
Code:
.class public Lcom/asus/unlock/UnLockFlagAndReboot;
.super Ljava/lang/Object;
.source "UnLockFlagAndReboot.java"
# static fields
.field private static final MISC_PATH:Ljava/lang/String; = "/dev/block/mmcblk0p3"
.field private static final TAG:Ljava/lang/String; = "UnLockFlagAndReboot"
.field private static final USB_PATH:Ljava/lang/String; = "/dev/block/mmcblk0p4"
# instance fields
.field private mBufferReaderSize:I
.field private mContentStr:Ljava/lang/String;
.field private mContext:Landroid/content/Context;
# direct methods
.method public constructor <init>(Landroid/content/Context;)V
.locals 1
.parameter "context"
.prologue
.line 25
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
.line 20
const/16 v0, 0x1f4
iput v0, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mBufferReaderSize:I
.line 21
const-string v0, ""
iput-object v0, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
.line 26
iput-object p1, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContext:Landroid/content/Context;
.line 27
return-void
.end method
.method public static fromHexString(Ljava/lang/String;)[B
.locals 2
.parameter "in"
.prologue
.line 81
new-instance v0, Ljava/math/BigInteger;
const/16 v1, 0x10
invoke-direct {v0, p0, v1}, Ljava/math/BigInteger;-><init>(Ljava/lang/String;I)V
.line 82
.local v0, temp:Ljava/math/BigInteger;
invoke-virtual {v0}, Ljava/math/BigInteger;->toByteArray()[B
move-result-object v1
return-object v1
.end method
.method private writeRecoveryCmd(Ljava/lang/String;)V
.locals 10
.parameter "encodeCpuId"
.annotation system Ldalvik/annotation/Throws;
value = {
Ljava/io/IOException;
}
.end annotation
.prologue
.line 43
const/16 v8, 0x440
new-array v0, v8, [B
.line 44
.local v0, bary:[B
invoke-static {p1}, Lcom/asus/unlock/UnLockFlagAndReboot;->fromHexString(Ljava/lang/String;)[B
move-result-object v1
.line 46
.local v1, bary2:[B
const/16 v8, 0xb
new-array v2, v8, [B
fill-array-data v2, :array_0
.line 47
.local v2, cmd1:[B
const/16 v8, 0x9
new-array v3, v8, [B
fill-array-data v3, :array_1
.line 49
.local v3, cmd2:[B
const/4 v7, 0x0
.local v7, idx:I
:goto_0
array-length v8, v2
if-ge v7, v8, :cond_0
.line 50
const/4 v8, 0x0
aput-byte v8, v0, v7
.line 49
add-int/lit8 v7, v7, 0x1
goto :goto_0
.line 52
:cond_0
const/4 v7, 0x0
:goto_1
array-length v8, v2
if-ge v7, v8, :cond_1
.line 53
add-int/lit8 v8, v7, 0x0
aget-byte v9, v2, v7
aput-byte v9, v0, v8
.line 52
add-int/lit8 v7, v7, 0x1
goto :goto_1
.line 55
:cond_1
const/4 v7, 0x0
:goto_2
array-length v8, v3
if-ge v7, v8, :cond_2
.line 56
add-int/lit8 v8, v7, 0x40
aget-byte v9, v3, v7
aput-byte v9, v0, v8
.line 55
add-int/lit8 v7, v7, 0x1
goto :goto_2
.line 59
:cond_2
const/4 v5, 0x0
.line 61
.local v5, fos:Ljava/io/FileOutputStream;
:try_start_0
new-instance v6, Ljava/io/FileOutputStream;
const-string v8, "/dev/block/mmcblk0p3"
invoke-direct {v6, v8}, Ljava/io/FileOutputStream;-><init>(Ljava/lang/String;)V
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.catch Ljava/io/FileNotFoundException; {:try_start_0 .. :try_end_0} :catch_0
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_1
.line 62
.end local v5 #fos:Ljava/io/FileOutputStream;
.local v6, fos:Ljava/io/FileOutputStream;
:try_start_1
invoke-virtual {v6, v0}, Ljava/io/FileOutputStream;->write([B)V
.line 66
new-instance v5, Ljava/io/FileOutputStream;
const-string v8, "/dev/block/mmcblk0p4"
invoke-direct {v5, v8}, Ljava/io/FileOutputStream;-><init>(Ljava/lang/String;)V
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_1
.catch Ljava/io/FileNotFoundException; {:try_start_1 .. :try_end_1} :catch_3
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_2
.line 67
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
:try_start_2
invoke-virtual {v5, v1}, Ljava/io/FileOutputStream;->write([B)V
.line 68
const-string v8, "UnLockFlagAndReboot"
const-string v9, "============= writeRecoveryCmd success ======================="
invoke-static {v8, v9}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.catch Ljava/io/FileNotFoundException; {:try_start_2 .. :try_end_2} :catch_0
.catch Ljava/io/IOException; {:try_start_2 .. :try_end_2} :catch_1
.line 74
if-eqz v5, :cond_3
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
.line 78
:cond_3
:goto_3
return-void
.line 69
:catch_0
move-exception v4
.line 70
.local v4, e:Ljava/io/FileNotFoundException;
:goto_4
:try_start_3
invoke-virtual {v4}, Ljava/io/FileNotFoundException;->printStackTrace()V
:try_end_3
.catchall {:try_start_3 .. :try_end_3} :catchall_0
.line 74
if-eqz v5, :cond_3
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
goto :goto_3
.line 71
.end local v4 #e:Ljava/io/FileNotFoundException;
:catch_1
move-exception v4
.line 72
.local v4, e:Ljava/io/IOException;
:goto_5
:try_start_4
invoke-virtual {v4}, Ljava/io/IOException;->printStackTrace()V
:try_end_4
.catchall {:try_start_4 .. :try_end_4} :catchall_0
.line 74
if-eqz v5, :cond_3
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
goto :goto_3
.line 74
.end local v4 #e:Ljava/io/IOException;
:catchall_0
move-exception v8
:goto_6
if-eqz v5, :cond_4
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
:cond_4
throw v8
.line 74
.end local v5 #fos:Ljava/io/FileOutputStream;
.restart local v6 #fos:Ljava/io/FileOutputStream;
:catchall_1
move-exception v8
move-object v5, v6
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
goto :goto_6
.line 71
.end local v5 #fos:Ljava/io/FileOutputStream;
.restart local v6 #fos:Ljava/io/FileOutputStream;
:catch_2
move-exception v4
move-object v5, v6
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
goto :goto_5
.line 69
.end local v5 #fos:Ljava/io/FileOutputStream;
.restart local v6 #fos:Ljava/io/FileOutputStream;
:catch_3
move-exception v4
move-object v5, v6
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
goto :goto_4
.line 46
:array_0
.array-data 0x1
0x62t
0x6ft
0x6ft
0x74t
0x2dt
0x75t
0x6et
0x6ct
0x6ft
0x63t
0x6bt
.end array-data
.line 47
:array_1
.array-data 0x1
0x72t
0x65t
0x63t
0x6ft
0x76t
0x65t
0x72t
0x79t
0xat
.end array-data
.end method
# virtual methods
.method public readFileContent()V
.locals 8
.prologue
.line 86
const/4 v1, 0x0
.line 88
.local v1, fr:Ljava/io/FileReader;
:try_start_0
new-instance v2, Ljava/io/FileReader;
const-string v5, "/dev/block/mmcblk0p3"
invoke-direct {v2, v5}, Ljava/io/FileReader;-><init>(Ljava/lang/String;)V
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.catch Ljava/io/FileNotFoundException; {:try_start_0 .. :try_end_0} :catch_7
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_3
.line 89
.end local v1 #fr:Ljava/io/FileReader;
.local v2, fr:Ljava/io/FileReader;
:try_start_1
new-instance v3, Ljava/io/BufferedReader;
iget v5, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mBufferReaderSize:I
invoke-direct {v3, v2, v5}, Ljava/io/BufferedReader;-><init>(Ljava/io/Reader;I)V
.line 90
.local v3, in:Ljava/io/BufferedReader;
const-string v4, ""
.line 91
.local v4, line:Ljava/lang/String;
:goto_0
invoke-virtual {v3}, Ljava/io/BufferedReader;->readLine()Ljava/lang/String;
move-result-object v4
if-eqz v4, :cond_1
.line 92
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
iget-object v6, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
invoke-virtual {v5, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
iput-object v5, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_1
.catch Ljava/io/FileNotFoundException; {:try_start_1 .. :try_end_1} :catch_0
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_6
goto :goto_0
.line 95
.end local v3 #in:Ljava/io/BufferedReader;
.end local v4 #line:Ljava/lang/String;
:catch_0
move-exception v0
move-object v1, v2
.line 96
.end local v2 #fr:Ljava/io/FileReader;
.local v0, e:Ljava/io/FileNotFoundException;
.restart local v1 #fr:Ljava/io/FileReader;
:goto_1
:try_start_2
invoke-virtual {v0}, Ljava/io/FileNotFoundException;->printStackTrace()V
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.line 101
if-eqz v1, :cond_0
.line 103
:try_start_3
invoke-virtual {v1}, Ljava/io/FileReader;->close()V
:try_end_3
.catch Ljava/io/IOException; {:try_start_3 .. :try_end_3} :catch_2
.line 110
.end local v0 #e:Ljava/io/FileNotFoundException;
:cond_0
:goto_2
return-void
.line 94
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
.restart local v3 #in:Ljava/io/BufferedReader;
.restart local v4 #line:Ljava/lang/String;
:cond_1
:try_start_4
const-string v5, "UnLockFlagAndReboot"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "content of Unlock Flag: "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
iget-object v7, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
:try_end_4
.catchall {:try_start_4 .. :try_end_4} :catchall_1
.catch Ljava/io/FileNotFoundException; {:try_start_4 .. :try_end_4} :catch_0
.catch Ljava/io/IOException; {:try_start_4 .. :try_end_4} :catch_6
.line 101
if-eqz v2, :cond_3
.line 103
:try_start_5
invoke-virtual {v2}, Ljava/io/FileReader;->close()V
:try_end_5
.catch Ljava/io/IOException; {:try_start_5 .. :try_end_5} :catch_1
move-object v1, v2
.line 107
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_2
.line 104
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
:catch_1
move-exception v0
.line 106
.local v0, e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
move-object v1, v2
.line 107
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_2
.line 104
.end local v3 #in:Ljava/io/BufferedReader;
.end local v4 #line:Ljava/lang/String;
.local v0, e:Ljava/io/FileNotFoundException;
:catch_2
move-exception v0
.line 106
.local v0, e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_2
.line 97
.end local v0 #e:Ljava/io/IOException;
:catch_3
move-exception v0
.line 99
.restart local v0 #e:Ljava/io/IOException;
:goto_3
:try_start_6
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
:try_end_6
.catchall {:try_start_6 .. :try_end_6} :catchall_0
.line 101
if-eqz v1, :cond_0
.line 103
:try_start_7
invoke-virtual {v1}, Ljava/io/FileReader;->close()V
:try_end_7
.catch Ljava/io/IOException; {:try_start_7 .. :try_end_7} :catch_4
goto :goto_2
.line 104
:catch_4
move-exception v0
.line 106
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_2
.line 101
.end local v0 #e:Ljava/io/IOException;
:catchall_0
move-exception v5
:goto_4
if-eqz v1, :cond_2
.line 103
:try_start_8
invoke-virtual {v1}, Ljava/io/FileReader;->close()V
:try_end_8
.catch Ljava/io/IOException; {:try_start_8 .. :try_end_8} :catch_5
.line 107
:cond_2
:goto_5
throw v5
.line 104
:catch_5
move-exception v0
.line 106
.restart local v0 #e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_5
.line 101
.end local v0 #e:Ljava/io/IOException;
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
:catchall_1
move-exception v5
move-object v1, v2
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_4
.line 97
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
:catch_6
move-exception v0
move-object v1, v2
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_3
.line 95
:catch_7
move-exception v0
goto :goto_1
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
.restart local v3 #in:Ljava/io/BufferedReader;
.restart local v4 #line:Ljava/lang/String;
:cond_3
move-object v1, v2
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_2
.end method
.method public reboot()V
.locals 3
.prologue
.line 38
iget-object v1, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContext:Landroid/content/Context;
const-string v2, "power"
invoke-virtual {v1, v2}, Landroid/content/Context;->getSystemService(Ljava/lang/String;)Ljava/lang/Object;
move-result-object v0
check-cast v0, Landroid/os/PowerManager;
.line 39
.local v0, pm:Landroid/os/PowerManager;
const/4 v1, 0x0
invoke-virtual {v0, v1}, Landroid/os/PowerManager;->reboot(Ljava/lang/String;)V
.line 40
return-void
.end method
.method public writeUnlockFlag(Ljava/lang/String;)V
.locals 1
.parameter "encodeCpuId"
.prologue
.line 31
:try_start_0
invoke-direct {p0, p1}, Lcom/asus/unlock/UnLockFlagAndReboot;->writeRecoveryCmd(Ljava/lang/String;)V
:try_end_0
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_0
.line 35
:goto_0
return-void
.line 32
:catch_0
move-exception v0
.line 33
.local v0, e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_0
.end method
I think the real magic comes in where the argument to writeUnlockFlag is obtained. That class looks pretty simple.
your both wrong.. the real magic will come when someone can make a method or version that does not talk to Asus and giveaway who you are and that you unlocked
^^^ Yes, but let me expand a bit on unlock or lock.
NotifyDMServer seems to be the important part. I think it's getting an unlock key (secretCpuId) back from Asus, so it may not be possible to hack out the phoning home. I haven't looked too closely at that class, though. We need to see if this is actually from Asus, derived from data sent back from Asus, same for all users, etc.
Does the app support relocking? I haven't actually tried it.
Lock-N-Load said:
your both wrong.. the real magic will come when someone can make a method or version that does not talk to Asus and giveaway who you are and that you unlocked
Click to expand...
Click to collapse
Yea after I got a few minutes from work, I thought about what Hawkysoft said earlier and its clear as day this phones home to get the unlock code and I am sure your blacklisted from warranty support at the same time.
Predseda3D said:
^^^ Yes, but let me expand a bit on unlock or lock.
Click to expand...
Click to collapse
Are you saying this phones home details where locked or unlocked? If so do you know what it shares?
Noxious Ninja said:
NotifyDMServer seems to be the important part. I think it's getting an unlock key (secretCpuId) back from Asus, so it may not be possible to hack out the phoning home. I haven't looked too closely at that class, though. We need to see if this is actually from Asus, derived from data sent back from Asus, same for all users, etc.
Does the app support relocking? I haven't actually tried it.
Click to expand...
Click to collapse
Have not seen anything yet about the re-locking but agreed on the the lock key
Noxious Ninja said:
NotifyDMServer seems to be the important part. I think it's getting an unlock key (secretCpuId) back from Asus, so it may not be possible to hack out the phoning home. I haven't looked too closely at that class, though. We need to see if this is actually from Asus, derived from data sent back from Asus, same for all users, etc.
Does the app support relocking? I haven't actually tried it.
Click to expand...
Click to collapse
I must be missing something here, so someone correct me where I went wrong...
First off, I do see it phoning home, however, I don't see us ever using anything that is returned from that call to write the recovery partition.
1) The recovery image is written in writeRecoveryCmd (in UnLockFlagAndReboot). This procedure takes in one argument.
2) The writeRecoveryCmd is called from writeUnlockFlag (same class) which just passes in what it receives.
3) This writeUnlockFlag procedure is called from the writeUnlockFlag in the UnLockActivity which passes in this.mNotifyDMServer.getSecretCpuID()
4) the getSecretCpuID() method inside NotifyDMServer returns the local class variable mSecretCpuId.
5) I only ever see mSecretCpuId being initialized to 0.
Now someone find where this is being set to something other than 0. If it doesn't, and my logic is correct, we would all be able to simply use a program that passes in 0 to the writeRecoveryCmd procedure inside UnLockFlagAndReboot.
skaforey said:
I must be missing something here, so someone correct me where I went wrong...
First off, I do see it phoning home, however, I don't see us ever using anything that is returned from that call to write the recovery partition.
1) The recovery image is written in writeRecoveryCmd (in UnLockFlagAndReboot). This procedure takes in one argument.
2) The writeRecoveryCmd is called from writeUnlockFlag (same class) which just passes in what it receives.
3) This writeUnlockFlag procedure is called from the writeUnlockFlag in the UnLockActivity which passes in this.mNotifyDMServer.getSecretCpuID()
4) the getSecretCpuID() method inside NotifyDMServer returns the local class variable mSecretCpuId.
5) I only ever see mSecretCpuId being initialized to 0.
Now someone find where this is being set to something other than 0. If it doesn't, and my logic is correct, we would all be able to simply use a program that passes in 0 to the writeRecoveryCmd procedure inside UnLockFlagAndReboot.
Click to expand...
Click to collapse
Ok for the layman does that man their is hope of POSSIBLY making a tool that would not phone home and void us?
Sent from my Transformer Prime TF201 using xda premium
skaforey said:
I must be missing something here, so someone correct me where I went wrong...
First off, I do see it phoning home, however, I don't see us ever using anything that is returned from that call to write the recovery partition.
1) The recovery image is written in writeRecoveryCmd (in UnLockFlagAndReboot). This procedure takes in one argument.
2) The writeRecoveryCmd is called from writeUnlockFlag (same class) which just passes in what it receives.
3) This writeUnlockFlag procedure is called from the writeUnlockFlag in the UnLockActivity which passes in this.mNotifyDMServer.getSecretCpuID()
4) the getSecretCpuID() method inside NotifyDMServer returns the local class variable mSecretCpuId.
5) I only ever see mSecretCpuId being initialized to 0.
Now someone find where this is being set to something other than 0. If it doesn't, and my logic is correct, we would all be able to simply use a program that passes in 0 to the writeRecoveryCmd procedure inside UnLockFlagAndReboot.
Click to expand...
Click to collapse
Look at NotifyDMServer$CredCpuIdReceiver.smali. onReceive seems to be a callback invoked via a C2DM message. I.e., the app phones home, then waits for a push notification with the unlock key.
Of course I would prefer to be proven wrong.
Noxious Ninja said:
Look at NotifyDMServer$CredCpuIdReceiver.smali. onReceive seems to be a callback invoked via a C2DM message. I.e., the app phones home, then waits for a push notification with the unlock key.
Of course I would prefer to be proven wrong.
Click to expand...
Click to collapse
Dam.
Sent from my Transformer Prime TF201 using xda premium
Noxious Ninja said:
Look at NotifyDMServer$CredCpuIdReceiver.smali. onReceive seems to be a callback invoked via a C2DM message. I.e., the app phones home, then waits for a push notification with the unlock key.
Of course I would prefer to be proven wrong.
Click to expand...
Click to collapse
Right, I see that...but...starting from the write recovery process and working backwards, it doesn't appear that the variable gets set anywhere. It wouldn't be that difficult to at least modify the app to log additional info add it is ruining to verify if it is using a call back key or not
Sent from my Galaxy Nexus
Noxious Ninja said:
Look at NotifyDMServer$CredCpuIdReceiver.smali. onReceive seems to be a callback invoked via a C2DM message. I.e., the app phones home, then waits for a push notification with the unlock key.
Of course I would prefer to be proven wrong.
Click to expand...
Click to collapse
This is the same conclusion I came to when I took a look. I followed the same trace mentioned by the previous poster but also ended up with the C2DM message. It looks like ASUS is computing the secret cpu ID on their end.
As you all know a lot of people have a media scanner wakelock. It's a well known issue across all Google JB Phones. Google has implemented a fix for 4.2 which seems to fix it but there are still things that should be done by users.
Googles FIX: https://android.googlesource.com/platform/frameworks/base/+/8ab2dc2f9680307febe997631c2148729f714e3d
Seems the issue stems from corrupt thumbnail or other files. Also the issue is expanded by SQL Wildcard such as underscore [ _ ] in the file name.
Also note that .nomedia in the folders don't seem to work anymore as posted by Koushik Dutta (Koush) CWM: https://plus.google.com/u/0/103583939320326217147/posts/Ntgmq2oniA5
So while looking at the fix it seems that the CM team has implemented Google's fix in there source here: http://review.cyanogenmod.org/#/c/27862/
So we decide to try this in our ROM and it seems from my test users with the issue that it has fixed it so we want to share what needs to be changed so you can mod your ROM yourself or Devs to add this to their ROM.
First up is to Decompile Framework.jar
Go to:
\framework\smali\android\media\MediaScanner.smali
Click to expand...
Click to collapse
and find:
Code:
.method makeEntryFor(Ljava/lang/String;)Landroid/media/MediaScanner$FileEntry;
Replace the whole method with this:
Code:
.method makeEntryFor(Ljava/lang/String;)Landroid/media/MediaScanner$FileEntry;
.locals 14
.parameter "path"
.prologue
.line 1470
const/4 v12, 0x0
.line 1472
.local v12, c:Landroid/database/Cursor;
:try_start_0
const-string v0, "_"
invoke-virtual {p1, v0}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z
move-result v0
if-nez v0, :cond_0
const-string v0, "%"
invoke-virtual {p1, v0}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z
move-result v0
if-eqz v0, :cond_4
:cond_0
const/4 v13, 0x1
.line 1474
.local v13, hasWildCards:Z
:goto_0
if-nez v13, :cond_1
iget-boolean v0, p0, Landroid/media/MediaScanner;->mCaseInsensitivePaths:Z
if-nez v0, :cond_5
.line 1479
:cond_1
const-string v3, "_data=?"
.line 1480
.local v3, where:Ljava/lang/String;
const/4 v0, 0x1
new-array v4, v0, [Ljava/lang/String;
const/4 v0, 0x0
aput-object p1, v4, v0
.line 1487
.local v4, selectionArgs:[Ljava/lang/String;
:goto_1
iget-object v0, p0, Landroid/media/MediaScanner;->mMediaProvider:Landroid/content/IContentProvider;
iget-object v1, p0, Landroid/media/MediaScanner;->mFilesUri:Landroid/net/Uri;
sget-object v2, Landroid/media/MediaScanner;->FILES_PRESCAN_PROJECTION:[Ljava/lang/String;
const/4 v5, 0x0
const/4 v6, 0x0
invoke-interface/range {v0 .. v6}, Landroid/content/IContentProvider;->query(Landroid/net/Uri;[Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;Landroid/os/ICancellationSignal;)Landroid/database/Cursor;
move-result-object v12
.line 1489
invoke-interface {v12}, Landroid/database/Cursor;->moveToFirst()Z
move-result v0
if-nez v0, :cond_2
if-eqz v13, :cond_2
iget-boolean v0, p0, Landroid/media/MediaScanner;->mCaseInsensitivePaths:Z
if-eqz v0, :cond_2
.line 1494
const-string v3, "_data LIKE ?1 AND lower(_data)=lower(?1)"
.line 1495
const/4 v0, 0x1
new-array v4, v0, [Ljava/lang/String;
.end local v4 #selectionArgs:[Ljava/lang/String;
const/4 v0, 0x0
aput-object p1, v4, v0
.line 1496
.restart local v4 #selectionArgs:[Ljava/lang/String;
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1497
iget-object v0, p0, Landroid/media/MediaScanner;->mMediaProvider:Landroid/content/IContentProvider;
iget-object v1, p0, Landroid/media/MediaScanner;->mFilesUri:Landroid/net/Uri;
sget-object v2, Landroid/media/MediaScanner;->FILES_PRESCAN_PROJECTION:[Ljava/lang/String;
const/4 v5, 0x0
const/4 v6, 0x0
invoke-interface/range {v0 .. v6}, Landroid/content/IContentProvider;->query(Landroid/net/Uri;[Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;Landroid/os/ICancellationSignal;)Landroid/database/Cursor;
move-result-object v12
.line 1502
:cond_2
invoke-interface {v12}, Landroid/database/Cursor;->moveToFirst()Z
move-result v0
if-eqz v0, :cond_8
.line 1503
const/4 v0, 0x0
invoke-interface {v12, v0}, Landroid/database/Cursor;->getLong(I)J
move-result-wide v6
.line 1504
.local v6, rowId:J
const/4 v0, 0x2
invoke-interface {v12, v0}, Landroid/database/Cursor;->getInt(I)I
move-result v11
.line 1505
.local v11, format:I
const/4 v0, 0x3
invoke-interface {v12, v0}, Landroid/database/Cursor;->getLong(I)J
move-result-wide v9
.line 1506
.local v9, lastModified:J
new-instance v5, Landroid/media/MediaScanner$FileEntry;
move-object v8, p1
invoke-direct/range {v5 .. v11}, Landroid/media/MediaScanner$FileEntry;-><init>(JLjava/lang/String;JI)V
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.catch Landroid/os/RemoteException; {:try_start_0 .. :try_end_0} :catch_0
.line 1510
if-eqz v12, :cond_3
.line 1511
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1514
.end local v3 #where:Ljava/lang/String;
.end local v4 #selectionArgs:[Ljava/lang/String;
.end local v6 #rowId:J
.end local v9 #lastModified:J
.end local v11 #format:I
.end local v13 #hasWildCards:Z
:cond_3
:goto_2
return-object v5
.line 1472
:cond_4
const/4 v13, 0x0
goto :goto_0
.line 1484
.restart local v13 #hasWildCards:Z
:cond_5
:try_start_1
const-string v3, "_data LIKE ?1 AND lower(_data)=lower(?1)"
.line 1485
.restart local v3 #where:Ljava/lang/String;
const/4 v0, 0x1
new-array v4, v0, [Ljava/lang/String;
const/4 v0, 0x0
aput-object p1, v4, v0
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.catch Landroid/os/RemoteException; {:try_start_1 .. :try_end_1} :catch_0
.restart local v4 #selectionArgs:[Ljava/lang/String;
goto :goto_1
.line 1510
.end local v3 #where:Ljava/lang/String;
.end local v4 #selectionArgs:[Ljava/lang/String;
.end local v13 #hasWildCards:Z
:catchall_0
move-exception v0
if-eqz v12, :cond_6
.line 1511
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1510
:cond_6
throw v0
.line 1508
:catch_0
move-exception v0
.line 1510
if-eqz v12, :cond_7
.line 1511
:goto_3
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1514
:cond_7
const/4 v5, 0x0
goto :goto_2
.line 1510
.restart local v3 #where:Ljava/lang/String;
.restart local v4 #selectionArgs:[Ljava/lang/String;
.restart local v13 #hasWildCards:Z
:cond_8
if-eqz v12, :cond_7
goto :goto_3
.end method
Recompile and you're good to go.
Hope this helps.
Thanks to:
jeboo
Google
cyanogenmod
Click to expand...
Click to collapse
Thanks Sir for sharing with us This wakelock is really anoying.
Mr.Greg said:
Thanks Sir for sharing with us This wakelock is really anoying.
Click to expand...
Click to collapse
Thanks I hope it works for you!
shoman94 said:
First up is to Decompile Framework.jar
Go to:
and find:
Code:
.method makeEntryFor(Ljava/lang/String;)Landroid/media/MediaScanner$FileEntry;
Replace the whole method with this:
Code:
.method makeEntryFor(Ljava/lang/String;)Landroid/media/MediaScanner$FileEntry;
.locals 14
.parameter "path"
.prologue
.line 1470
const/4 v12, 0x0
.line 1472
.local v12, c:Landroid/database/Cursor;
:try_start_0
const-string v0, "_"
invoke-virtual {p1, v0}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z
move-result v0
if-nez v0, :cond_0
const-string v0, "%"
invoke-virtual {p1, v0}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z
move-result v0
if-eqz v0, :cond_4
:cond_0
const/4 v13, 0x1
.line 1474
.local v13, hasWildCards:Z
:goto_0
if-nez v13, :cond_1
iget-boolean v0, p0, Landroid/media/MediaScanner;->mCaseInsensitivePaths:Z
if-nez v0, :cond_5
.line 1479
:cond_1
const-string v3, "_data=?"
.line 1480
.local v3, where:Ljava/lang/String;
const/4 v0, 0x1
new-array v4, v0, [Ljava/lang/String;
const/4 v0, 0x0
aput-object p1, v4, v0
.line 1487
.local v4, selectionArgs:[Ljava/lang/String;
:goto_1
iget-object v0, p0, Landroid/media/MediaScanner;->mMediaProvider:Landroid/content/IContentProvider;
iget-object v1, p0, Landroid/media/MediaScanner;->mFilesUri:Landroid/net/Uri;
sget-object v2, Landroid/media/MediaScanner;->FILES_PRESCAN_PROJECTION:[Ljava/lang/String;
const/4 v5, 0x0
const/4 v6, 0x0
invoke-interface/range {v0 .. v6}, Landroid/content/IContentProvider;->query(Landroid/net/Uri;[Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;Landroid/os/ICancellationSignal;)Landroid/database/Cursor;
move-result-object v12
.line 1489
invoke-interface {v12}, Landroid/database/Cursor;->moveToFirst()Z
move-result v0
if-nez v0, :cond_2
if-eqz v13, :cond_2
iget-boolean v0, p0, Landroid/media/MediaScanner;->mCaseInsensitivePaths:Z
if-eqz v0, :cond_2
.line 1494
const-string v3, "_data LIKE ?1 AND lower(_data)=lower(?1)"
.line 1495
const/4 v0, 0x1
new-array v4, v0, [Ljava/lang/String;
.end local v4 #selectionArgs:[Ljava/lang/String;
const/4 v0, 0x0
aput-object p1, v4, v0
.line 1496
.restart local v4 #selectionArgs:[Ljava/lang/String;
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1497
iget-object v0, p0, Landroid/media/MediaScanner;->mMediaProvider:Landroid/content/IContentProvider;
iget-object v1, p0, Landroid/media/MediaScanner;->mFilesUri:Landroid/net/Uri;
sget-object v2, Landroid/media/MediaScanner;->FILES_PRESCAN_PROJECTION:[Ljava/lang/String;
const/4 v5, 0x0
const/4 v6, 0x0
invoke-interface/range {v0 .. v6}, Landroid/content/IContentProvider;->query(Landroid/net/Uri;[Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;Landroid/os/ICancellationSignal;)Landroid/database/Cursor;
move-result-object v12
.line 1502
:cond_2
invoke-interface {v12}, Landroid/database/Cursor;->moveToFirst()Z
move-result v0
if-eqz v0, :cond_8
.line 1503
const/4 v0, 0x0
invoke-interface {v12, v0}, Landroid/database/Cursor;->getLong(I)J
move-result-wide v6
.line 1504
.local v6, rowId:J
const/4 v0, 0x2
invoke-interface {v12, v0}, Landroid/database/Cursor;->getInt(I)I
move-result v11
.line 1505
.local v11, format:I
const/4 v0, 0x3
invoke-interface {v12, v0}, Landroid/database/Cursor;->getLong(I)J
move-result-wide v9
.line 1506
.local v9, lastModified:J
new-instance v5, Landroid/media/MediaScanner$FileEntry;
move-object v8, p1
invoke-direct/range {v5 .. v11}, Landroid/media/MediaScanner$FileEntry;-><init>(JLjava/lang/String;JI)V
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.catch Landroid/os/RemoteException; {:try_start_0 .. :try_end_0} :catch_0
.line 1510
if-eqz v12, :cond_3
.line 1511
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1514
.end local v3 #where:Ljava/lang/String;
.end local v4 #selectionArgs:[Ljava/lang/String;
.end local v6 #rowId:J
.end local v9 #lastModified:J
.end local v11 #format:I
.end local v13 #hasWildCards:Z
:cond_3
:goto_2
return-object v5
.line 1472
:cond_4
const/4 v13, 0x0
goto :goto_0
.line 1484
.restart local v13 #hasWildCards:Z
:cond_5
:try_start_1
const-string v3, "_data LIKE ?1 AND lower(_data)=lower(?1)"
.line 1485
.restart local v3 #where:Ljava/lang/String;
const/4 v0, 0x1
new-array v4, v0, [Ljava/lang/String;
const/4 v0, 0x0
aput-object p1, v4, v0
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.catch Landroid/os/RemoteException; {:try_start_1 .. :try_end_1} :catch_0
.restart local v4 #selectionArgs:[Ljava/lang/String;
goto :goto_1
.line 1510
.end local v3 #where:Ljava/lang/String;
.end local v4 #selectionArgs:[Ljava/lang/String;
.end local v13 #hasWildCards:Z
:catchall_0
move-exception v0
if-eqz v12, :cond_6
.line 1511
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1510
:cond_6
throw v0
.line 1508
:catch_0
move-exception v0
.line 1510
if-eqz v12, :cond_7
.line 1511
:goto_3
invoke-interface {v12}, Landroid/database/Cursor;->close()V
.line 1514
:cond_7
const/4 v5, 0x0
goto :goto_2
.line 1510
.restart local v3 #where:Ljava/lang/String;
.restart local v4 #selectionArgs:[Ljava/lang/String;
.restart local v13 #hasWildCards:Z
:cond_8
if-eqz v12, :cond_7
goto :goto_3
.end method
Recompile and Your good to go.
Hope this helps.
Click to expand...
Click to collapse
will try to implement this on my project. thanks Sir..
Thanks. Include in AIO-X-TremEXD Mod
Hopefully they fix the .nomedia bug soon..Hard to imagine such an enormous oversight.
Nice guys
Sent from my GT-N7000
Folks, I tried this method, but when recompile I have a Warning:could not find resources but building was successful. Anyone know?
Mr.Greg said:
Folks, I tried this method, but when recompile I have a Warning:could not find resources but building was successful. Anyone know?
Click to expand...
Click to collapse
even a slight character mis place here and there might lead to that issue, try recompiling once again with atmost care and see
Sun90 said:
even a slight character mis place here and there might lead to that issue, try recompiling once again with atmost care and see
Click to expand...
Click to collapse
I tried already and same thing.
Mr.Greg said:
Folks, I tried this method, but when recompile I have a Warning:could not find resources but building was successful. Anyone know?
Click to expand...
Click to collapse
what tool are u using mate?
Mirko ddd said:
what tool are u using mate?
Click to expand...
Click to collapse
I'm using Sasha's apktool, but I solved, seem like nothing to worry about that warning, coz was build successful and with no error. I just replaced and see how is. Thanks Mirko.
Mr.Greg said:
I'm using Sasha's apktool, but I solved, seem like nothing to worry about that warning, coz was build successful and with no error. I just replaced and see how is. Thanks Mirko.
Click to expand...
Click to collapse
ok mate
Ok, seem like after modify code in framework.jar, after reboot photos and picture in gallery loading slowly then before, but this it's not a problem. I'll test today and see how is. Thanks guys for tip.
Mr.Greg said:
Folks, I tried this method, but when recompile I have a Warning:could not find resources but building was successful. Anyone know?
Click to expand...
Click to collapse
Edit; I guess I was a page behind...Lol
shoman94 said:
As you all know a lot of people have a media scanner wakelock. It's a well known issue across all Google JB Phones. Google has implemented a fix for 4.2 which seems to fix it but there are still things that should be done by users.
Googles FIX: https://android.googlesource.com/platform/frameworks/base/+/8ab2dc2f9680307febe997631c2148729f714e3d
Seems the issue stems from corrupt thumbnail or other files. Also the issue is expanded by SQL Wildcard such as underscore [ _ ] in the file name.
Also note that .nomedia in the folders don't seem to work anymore as posted by Koushik Dutta (Koush) CWM: https://plus.google.com/u/0/103583939320326217147/posts/Ntgmq2oniA5
So while looking at the fix it seems that the CM team has implemented Google's fix in there source here: http://review.cyanogenmod.org/#/c/27862/
So we decide to try this in our ROM and it seems from my test users with the issue that it has fixed it so we want to share what needs to be changed so you can mod your ROM yourself or Devs to add this to their ROM.
First up is to Decompile Framework.jar
CODE .......... CODE
Recompile and you're good to go.
Hope this helps.
Click to expand...
Click to collapse
Recompiled on XXLSJ but not working. Got SOOO many FCs...
BSDgeek_Jake said:
Recompiled on XXLSJ but not working. Got SOOO many FCs...
Click to expand...
Click to collapse
You obviously didn't do it right.
Sent from my SGH-I777 using Tapatalk 2
Ok guys. After compiled framework.jar with this code, no media scanning issue. Did a test;rebooted phone and checked battery in settings, seems like media scanning running 7-10 min then stops. After a few hours checked again and no media scanning. Great:fingers-crossed:
KNTXTremE said:
Thanks. Include in AIO-X-TremEXD Mod
Click to expand...
Click to collapse
you included in newest version (actual)?
working?
My idea
Another way, to prevent this battery drain I use Rescan Media ROOT (need ROOT) (you can download at market or link at Here) to "Disable and Kill the media scanner at boot.Scan Media Files on demand"
Press thanks if it works for you
Hi there
I'd like to code a simple app for IOS devices which displays a feed available on a website, but I don't have URL to do that...
There is an existing app for Android which do it well, so I've uncompiled this APK with APK Studio, with the hope of having the URL in clear in the code....
After hours of researches, I'm stuck with a constant "/data/", and an other ".xml", but don't have the middle !
I tried to show the URL in a Toast(), but the app still crashing (probably I do something wrong)...
If someone has an idea... I'm waiting for it :/ Thanks !
Code:
.method public static getFeeds(Ljava/lang/String;)Ljava/util/ArrayList;
.locals 11
.param p0, "s" # Ljava/lang/String;
.annotation system Ldalvik/annotation/Signature;
value = {
"(",
"Ljava/lang/String;",
")",
"Ljava/util/ArrayList",
"<",
"Lfr/.../.../.../...;", #Hidden by myself
">;"
}
.end annotation
.prologue
.line 31
invoke-static {}, Ljavax/xml/parsers/SAXParserFactory;->newInstance()Ljavax/xml/parsers/SAXParserFactory;
move-result-object v3
.line 32
.local v3, "fabrique":Ljavax/xml/parsers/SAXParserFactory;
const/4 v6, 0x0
.line 33
.local v6, "parseur":Ljavax/xml/parsers/SAXParser;
const/4 v2, 0x0
.line 36
.local v2, "entries":Ljava/util/ArrayList;, "Ljava/util/ArrayList<Lfr/.../.../.../...;>;"
:try_start_0
invoke-virtual {v3}, Ljavax/xml/parsers/SAXParserFactory;->newSAXParser()Ljavax/xml/parsers/SAXParser;
:try_end_0
.catch Ljavax/xml/parsers/ParserConfigurationException; {:try_start_0 .. :try_end_0} :catch_0
.catch Lorg/xml/sax/SAXException; {:try_start_0 .. :try_end_0} :catch_1
move-result-object v6
.line 44
:goto_0
const/4 v7, 0x0
.line 46
.local v7, "url":Ljava/net/URL;
:try_start_1
new-instance v8, Ljava/net/URL;
new-instance v9, Ljava/lang/StringBuilder;
const-string v10, "/data/"
invoke-direct {v9, v10}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
invoke-virtual {v9, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v9
const-string v10, ".xml"
invoke-virtual {v9, v10}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v9
invoke-virtual {v9}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v9
invoke-direct {v8, v9}, Ljava/net/URL;-><init>(Ljava/lang/String;)V
:try_end_1
.catch Ljava/net/MalformedURLException; {:try_start_1 .. :try_end_1} :catch_4
.line 51
.end local v7 # "url":Ljava/net/URL;
.local v8, "url":Ljava/net/URL;
:try_start_2
new-instance v4, Lfr/.../.../.../.../ParserXMLHandler;
invoke-direct {v4}, Lfr/.../.../.../.../ParserXMLHandler;-><init>()V
:try_end_2
.catch Ljava/net/MalformedURLException; {:try_start_2 .. :try_end_2} :catch_5
.line 54
.local v4, "handler":Lorg/xml/sax/helpers/DefaultHandler;
:try_start_3
invoke-virtual {v8}, Ljava/net/URL;->openStream()Ljava/io/InputStream;
move-result-object v5
.line 55
.local v5, "input":Ljava/io/InputStream;
if-nez v5, :cond_0
.line 56
const-string v9, "error android"
const-string v10, "null"
invoke-static {v9, v10}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
:try_end_3
.catch Lorg/xml/sax/SAXException; {:try_start_3 .. :try_end_3} :catch_2
.catch Ljava/io/IOException; {:try_start_3 .. :try_end_3} :catch_3
.catch Ljava/net/MalformedURLException; {:try_start_3 .. :try_end_3} :catch_5
move-object v7, v8
.line 71
.end local v4 # "handler":Lorg/xml/sax/helpers/DefaultHandler;
.end local v5 # "input":Ljava/io/InputStream;
.end local v8 # "url":Ljava/net/URL;
.restart local v7 # "url":Ljava/net/URL;
:goto_1
return-object v2
.line 37
.end local v7 # "url":Ljava/net/URL;
:catch_0
move-exception v0
.line 38
.local v0, "e":Ljavax/xml/parsers/ParserConfigurationException;
invoke-virtual {v0}, Ljavax/xml/parsers/ParserConfigurationException;->printStackTrace()V
goto :goto_0
.line 39
.end local v0 # "e":Ljavax/xml/parsers/ParserConfigurationException;
:catch_1
move-exception v0
.line 40
.local v0, "e":Lorg/xml/sax/SAXException;
invoke-virtual {v0}, Lorg/xml/sax/SAXException;->printStackTrace()V
goto :goto_0
.line 58
.end local v0 # "e":Lorg/xml/sax/SAXException;
.restart local v4 # "handler":Lorg/xml/sax/helpers/DefaultHandler;
.restart local v5 # "input":Ljava/io/InputStream;
.restart local v8 # "url":Ljava/net/URL;
:cond_0
:try_start_4
invoke-virtual {v6, v5, v4}, Ljavax/xml/parsers/SAXParser;->parse(Ljava/io/InputStream;Lorg/xml/sax/helpers/DefaultHandler;)V
.line 60
check-cast v4, Lfr/.../.../.../.../ParserXMLHandler;
.end local v4 # "handler":Lorg/xml/sax/helpers/DefaultHandler;
invoke-virtual {v4}, Lfr/Lfr/.../.../.../.../ParserXMLHandler;->getData()Ljava/util/ArrayList;
:try_end_4
.catch Lorg/xml/sax/SAXException; {:try_start_4 .. :try_end_4} :catch_2
.catch Ljava/io/IOException; {:try_start_4 .. :try_end_4} :catch_3
.catch Ljava/net/MalformedURLException; {:try_start_4 .. :try_end_4} :catch_5
move-result-object v2
move-object v7, v8
.line 62
.end local v8 # "url":Ljava/net/URL;
.restart local v7 # "url":Ljava/net/URL;
goto :goto_1
.end local v5 # "input":Ljava/io/InputStream;
.end local v7 # "url":Ljava/net/URL;
.restart local v8 # "url":Ljava/net/URL;
:catch_2
I could really use a hand here, maybe with the right help, this can turn into a nice How To thread...
Here's the situation...
NOTE: I am on a Note 3 with Touchwiz Rom
I'd like to add a customization to my Settings.apk (this part's not the problem), and have it fire off a bash script on selection (whether it's a simple tap-the-setting, checkbox, list item, etc...)
Here is what I have thus far for my smali
Code:
.class public Lcom/android/settings/ExecSH;
.super Lcom/android/settings/SettingsPreferenceFragment;
.source "ExecSH.java"
.implements Landroid/preference/Preference$OnPreferenceChangeListener;
.implements Landroid/preference/Preference$OnPreferenceClickListener;
# direct methods
.method public onPreferenceTreeClick(Landroid/preference/PreferenceScreen;Landroid/preference/Preference;)Z
:try_start_0
const-string v2, Landroid/preference/Preference;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference; # String of command to fire off
invoke-static {v2}, Lcom/android/settings/ExecSH;->execRootCmdSilent(Ljava/lang/String;)I
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
.end method
.method public static execRootCmdSilent(Ljava/lang/String;)I
.locals 6
.parameter "paramString"
.prologue
.line 40
:try_start_0
const-string v4, "RootCmd"
invoke-static {v4, p0}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
.line 41
invoke-static {}, Ljava/lang/Runtime;->getRuntime()Ljava/lang/Runtime;
move-result-object v4
const-string v5, "su"
invoke-virtual {v4, v5}, Ljava/lang/Runtime;->exec(Ljava/lang/String;)Ljava/lang/Process;
move-result-object v2
.line 42
.local v2, localProcess:Ljava/lang/Process;
new-instance v0, Ljava/io/DataOutputStream;
invoke-virtual {v2}, Ljava/lang/Process;->getOutputStream()Ljava/io/OutputStream;
move-result-object v4
invoke-direct {v0, v4}, Ljava/io/DataOutputStream;-><init>(Ljava/io/OutputStream;)V
.line 44
.local v0, localDataOutputStream:Ljava/io/DataOutputStream;
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
invoke-virtual {v4, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
const-string v5, "\n"
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
.line 45
.local v3, str:Ljava/lang/String;
invoke-virtual {v0, v3}, Ljava/io/DataOutputStream;->writeBytes(Ljava/lang/String;)V
.line 46
invoke-virtual {v0}, Ljava/io/DataOutputStream;->flush()V
.line 47
const-string v4, "exit\n"
invoke-virtual {v0, v4}, Ljava/io/DataOutputStream;->writeBytes(Ljava/lang/String;)V
.line 48
invoke-virtual {v0}, Ljava/io/DataOutputStream;->flush()V
.line 49
invoke-virtual {v2}, Ljava/lang/Process;->waitFor()I
.line 50
invoke-virtual {v2}, Ljava/lang/Process;->exitValue()I
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
move-result v4
.line 55
.end local v0 #localDataOutputStream:Ljava/io/DataOutputStream;
.end local v2 #localProcess:Ljava/lang/Process;
.end local v3 #str:Ljava/lang/String;
:goto_0
return v4
.line 52
:catch_0
move-exception v1
.line 53
.local v1, localException:Ljava/lang/Exception;
invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V
.line 55
const/4 v4, 0x1
goto :goto_0
.end method
Will this do what I think it'll do? (I think it's grab the preference key and fire it off as a root command...
Hello XDA again,
Maybe many of you knew me before, especially my work on secure folder for rooted note 5.
I currently own Note 8 rooted.
Many devs said that Samsung introduced TEE and because of that we can not use secure folder again.
After spending a lot of time on investigating, patching both old and new lib, apk, framework, services I figured that actually Secure Folder is currently not related to TEE. Samsung just patched by code then we can bypass their patch to use Secure Folder in custom rooted rom.
How:
A. FOR PIE ROM
I. Include all Knox related things in your rom.
II. Patch build.prop:
change ro.config.iccc_version=3.0 to
ro.config.iccc_version=iccc_disabled
De-compile new SecureFolder.apk show that it uses Iccc (IntegrityControlCheckCenter) to check system integrity status (device_status). If it's ok, SecureFolder.apk will create container. Old SecureFolder.apk did not use that check.
Patch libtz_iccc.so is difficult so that just bypass this check by above patch.
III. Patch services.jar
Lcom/samsung/android/knox/SemPersonaManager is personal manager for knox related things. If device is compromised then Lcom/samsung/android/knox/SemPersonaManager will set persona's attribute to 0x4 and securefolder container will be uninstalled.
Check this code in Lcom/android/server/pm/PersonaManagerService:
Code:
iget-object v11, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
if-nez v11, :cond_2
.line 1345
const-string v11, "PersonaManagerService"
const-string v12, "Device compromise detected !"
invoke-static {v11, v12}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1346
[COLOR="DarkOrange"] invoke-static {v10, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v10
if-nez v10, :cond_3
.line 1347
const-string v10, "PersonaManagerService"
const-string/jumbo v11, "setting compromise attribute failed !"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_2
.line 1349
:cond_2
invoke-virtual {v8}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v10
if-eqz v10, :cond_3
.line 1350
const-string v10, "PersonaManagerService"
const-string v11, "Device is super locked - start lock screen"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1354
.end local v8 # "ui":Landroid/content/pm/UserInfo;
:cond_3
:goto_2
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/samsung/android/knox/SemPersonaManager;->isKioskModeEnabled(Landroid/content/Context;)Z
move-result v8
if-eqz v8, :cond_4
.line 1355
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v8
const/4 v8, 0x1
if-nez v8, :cond_4
.line 1356
invoke-direct {p0}, Lcom/android/server/pm/PersonaManagerService;->getPersonaManager()Lcom/samsung/android/knox/SemPersonaManager;
move-result-object v8
invoke-virtual {v8}, Lcom/samsung/android/knox/SemPersonaManager;->getKioskId()I
move-result v8
[COLOR="darkorange"] invoke-static {v8, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v8
if-nez v8, :cond_4
.line 1357
const-string v8, "PersonaManagerService"
const-string/jumbo v9, "setting compromise attribute failed !!"
invoke-static {v8, v9}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1362
:cond_4
return-void
and this code in Lcom/android/server/pm/PersonaServiceHelper
Code:
.method public static shouldBlockUserStart(Landroid/content/Context;I)Z
.locals 7
.param p0, "c" # Landroid/content/Context;
.param p1, "userId" # I
.line 934
invoke-static {}, Landroid/os/Binder;->clearCallingIdentity()J
move-result-wide v0
.line 936
.local v0, "token":J
:try_start_0
const-string v2, "PersonaServiceHelper"
new-instance v3, Ljava/lang/StringBuilder;
invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
const-string/jumbo v4, "shouldBlockUserStart() "
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v3, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
.line 937
invoke-static {}, Lcom/android/server/pm/PersonaServiceHelper;->getUserManager()Lcom/android/server/pm/UserManagerService;
move-result-object v2
invoke-virtual {v2, p1}, Lcom/android/server/pm/UserManagerService;->getUserInfo(I)Landroid/content/pm/UserInfo;
move-result-object v2
.line 938
.local v2, "uinfo":Landroid/content/pm/UserInfo;
if-eqz v2, :cond_2
.line 939
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
const/4 v4, 0x1
if-eqz v3, :cond_0
.line 940
invoke-static {p0}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v3
if-nez v3, :cond_0
.line 941
[COLOR="darkorange"] const/4 v3, 0x4
invoke-static {p1, v3}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
.line 942
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "Device compromise attribute set for user : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 943
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_0
.line 944
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.line 945
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 945
return v4
.line 950
:cond_0
:try_start_1
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isDeviceCompromised()Z
move-result v3
if-eqz v3, :cond_1
.line 951
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.line 952
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 952
return v4
.line 955
:cond_1
:try_start_2
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v3
if-eqz v3, :cond_2
invoke-static {p1}, Lcom/samsung/android/knox/SemPersonaManager;->isLegacyClId(I)Z
move-result v3
if-eqz v3, :cond_2
.line 956
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking non-BYOD super locked user "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.line 957
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 957
return v4
.line 961
:cond_2
const/4 v3, 0x0
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 961
return v3
.line 963
.end local v2 # "uinfo":Landroid/content/pm/UserInfo;
:catchall_0
move-exception v2
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
throw v2
.end method
Then we can bypass those things by several way:
1. Delete those Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z lines
2. Patch Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ so that it returns true. But this way may cause other issues related to tima.
3. Just add simple code like below:
Code:
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
[COLOR="DarkOrange"] const/4 v11, 0x1[/COLOR]
if-nez v11, :cond_2
Better use the third way.
IV. Patch method isUnifiedKeyStoreSupported in Lcom/android/server/locksettings/SyntheticPasswordManager so that it return true, by two way:
1. Simply add that line (from S10 firmware to system/etc/floating_features.xml:
<SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>TRUE</SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>
2. Modify smali file.
V. If your rom is a ported rom. You should replace services\smali_classes3\com\android\server\enterpr ise\ccm from stock services.jar.
VI. Recompile services.jar and enjoy secure folder.
B. FOR OREO ROM
I. Include all Knox related things in your rom.
II. Patch build.prop:
change ro.config.iccc_version=3.0 to
ro.config.iccc_version=iccc_disabled
De-compile new SecureFolder.apk show that it uses Iccc (IntegrityControlCheckCenter) to check system integrity status (device_status). If it's ok, SecureFolder.apk will create container. Old SecureFolder.apk did not use that check.
Patch libtz_iccc.so is difficult so that just bypass this check by above patch.
III. Patch services.jar
Lcom/samsung/android/knox/SemPersonaManager is personal manager for knox related things. If device is compromised then Lcom/samsung/android/knox/SemPersonaManager will set persona's attribute to 0x4 and securefolder container will be uninstalled.
Check this code in Lcom/android/server/pm/PersonaManagerService:
Code:
iget-object v11, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
if-nez v11, :cond_2
.line 1345
const-string v11, "PersonaManagerService"
const-string v12, "Device compromise detected !"
invoke-static {v11, v12}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1346
[COLOR="DarkOrange"] invoke-static {v10, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v10
if-nez v10, :cond_3
.line 1347
const-string v10, "PersonaManagerService"
const-string/jumbo v11, "setting compromise attribute failed !"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_2
.line 1349
:cond_2
invoke-virtual {v8}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v10
if-eqz v10, :cond_3
.line 1350
const-string v10, "PersonaManagerService"
const-string v11, "Device is super locked - start lock screen"
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1354
.end local v8 # "ui":Landroid/content/pm/UserInfo;
:cond_3
:goto_2
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/samsung/android/knox/SemPersonaManager;->isKioskModeEnabled(Landroid/content/Context;)Z
move-result v8
if-eqz v8, :cond_4
.line 1355
iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
invoke-static {v8}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v8
const/4 v8, 0x1
if-nez v8, :cond_4
.line 1356
invoke-direct {p0}, Lcom/android/server/pm/PersonaManagerService;->getPersonaManager()Lcom/samsung/android/knox/SemPersonaManager;
move-result-object v8
invoke-virtual {v8}, Lcom/samsung/android/knox/SemPersonaManager;->getKioskId()I
move-result v8
[COLOR="darkorange"] invoke-static {v8, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
move-result v8
if-nez v8, :cond_4
.line 1357
const-string v8, "PersonaManagerService"
const-string/jumbo v9, "setting compromise attribute failed !!"
invoke-static {v8, v9}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1362
:cond_4
return-void
and this code in Lcom/android/server/pm/PersonaServiceHelper
Code:
.method public static shouldBlockUserStart(Landroid/content/Context;I)Z
.locals 7
.param p0, "c" # Landroid/content/Context;
.param p1, "userId" # I
.line 934
invoke-static {}, Landroid/os/Binder;->clearCallingIdentity()J
move-result-wide v0
.line 936
.local v0, "token":J
:try_start_0
const-string v2, "PersonaServiceHelper"
new-instance v3, Ljava/lang/StringBuilder;
invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
const-string/jumbo v4, "shouldBlockUserStart() "
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v3, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
.line 937
invoke-static {}, Lcom/android/server/pm/PersonaServiceHelper;->getUserManager()Lcom/android/server/pm/UserManagerService;
move-result-object v2
invoke-virtual {v2, p1}, Lcom/android/server/pm/UserManagerService;->getUserInfo(I)Landroid/content/pm/UserInfo;
move-result-object v2
.line 938
.local v2, "uinfo":Landroid/content/pm/UserInfo;
if-eqz v2, :cond_2
.line 939
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
const/4 v4, 0x1
if-eqz v3, :cond_0
.line 940
invoke-static {p0}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v3
if-nez v3, :cond_0
.line 941
[COLOR="darkorange"] const/4 v3, 0x4
invoke-static {p1, v3}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
.line 942
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "Device compromise attribute set for user : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
.line 943
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_0
.line 944
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.line 945
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 945
return v4
.line 950
:cond_0
:try_start_1
iget v3, v2, Landroid/content/pm/UserInfo;->id:I
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
move-result v3
if-eqz v3, :cond_1
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isDeviceCompromised()Z
move-result v3
if-eqz v3, :cond_1
.line 951
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking when device compromised : "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.line 952
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 952
return v4
.line 955
:cond_1
:try_start_2
invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
move-result v3
if-eqz v3, :cond_2
invoke-static {p1}, Lcom/samsung/android/knox/SemPersonaManager;->isLegacyClId(I)Z
move-result v3
if-eqz v3, :cond_2
.line 956
const-string v3, "PersonaServiceHelper"
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
const-string v6, "blocking non-BYOD super locked user "
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.line 957
nop
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 957
return v4
.line 961
:cond_2
const/4 v3, 0x0
.line 963
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
.line 961
return v3
.line 963
.end local v2 # "uinfo":Landroid/content/pm/UserInfo;
:catchall_0
move-exception v2
invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
throw v2
.end method
Check this code in KnoxMUMContainerPolicy
Code:
invoke-static {v5}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ
move-result v5
if-nez v5, :cond_0
Then we can bypass those things by several way:
1. Delete those Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z lines
2. Patch Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ so that it returns true. But this way may cause other issues related to tima.
3. Just add simple code like below:
Code:
invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
move-result v11
[COLOR="DarkOrange"] const/4 v11, 0x1[/COLOR]
if-nez v11, :cond_2
Code:
invoke-static {v5}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ
move-result v5
[COLOR="DarkOrange"] const/4 v5, 0x1[/COLOR]
if-nez v5, :cond_0
Better use the third way.
IV. Patch method isUnifiedKeyStoreSupported in Lcom/android/server/locksettings/SyntheticPasswordManager so that it return true, by two way:
1. Simply add that line (from S10 firmware to system/etc/floating_features.xml:
<SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>TRUE</SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>
2. Modify smali file.
V. Mod KnoxFileHandler
In Oreo Samsung forced using tima to store, retrive and delete encryptkey. But in Pie they changed to use KeyProtector. So that we will mod KnoxFileHandler. Compare modded one to stock one in attached to find out what need to be changed.
VI. If your rom is a ported rom. You should replace services\smali_classes3\com\android\server\enterpr ise\ccm from stock services.jar.
VII. Recompile services.jar and enjoy secure folder.
PS:
VII. SamsungPay and SamsungPass still use TEE, their own trustlets and use samsung server to check, store hash code. I will try to investigate deeper on those apk if I have time.
This is great to see, ive been curious on how you fixed SS back on Note 5 nougat for a while now, ill give it a go on my N5 running pie.
Thanks for sharing :good: god bless
Nice find mate,Keep it up
Nice finding mate, can i try the implement this method on @ananjaser1211 's Refined Nougat for N4? ?
Is great, but I don't know how to do it ?
nice !Good job!!!
Massive thanks mate!
Great! @khongloi113 welcome back!
Nicee
Great job mate, working perfect... View attachment 4794516
Sent from my SM-N950F using Tapatalk
Can someone just post the edited secure folder because i dont know how to even decompile it?
SHKOMAGDID said:
Can someone just post the edited secure folder because i dont know how to even decompile it
Click to expand...
Click to collapse
Secure Folder doesn't needs to be edited...
AbrahamGC said:
Secure Folder doesn't needs to be edited...
Click to expand...
Click to collapse
So why it didnt work i just edited the build.prop then what should i do?
SHKOMAGDID said:
So why it didnt work i just edited the build.prop then what should i do?
Click to expand...
Click to collapse
There is only 2 files to edit on the guide, build.prop and services.jar, is not much long to read...
Add back knox files you debloated (idk exactly which are required and which not, for testing I just added all knox stuff), edit prop, edit services, and done :good:
AbrahamGC said:
There is only 2 files to edit on the guide, build.prop and services.jar, is not much long to read...
Add back knox files you debloated (idk exactly which are required and which not, for testing I just added all knox stuff), edit prop, edit services, and done :good:
Click to expand...
Click to collapse
And heres the problem i dont know how to edit it maybe any guides?
What's tools you use decompile service.jar?
sazuke0703 said:
What's tools you use decompile service.jar?
Click to expand...
Click to collapse
Apktool
khongloi113 said:
Apktool
Click to expand...
Click to collapse
Link apk tool please I decompile has eror.
Can anyone please share their edited Service.jar?
AbrahamGC said:
Great job mate, working perfect...
Click to expand...
Click to collapse
Did you patch via option III.? I.e. just adding the line, or which way?