The answer is simple: do not include any non-open source apks or code that you have not explicitly received permission to distribute.
Instead, after building your entire update.zip, strip out all the proprietary software. Then, create a .bat and/or .sh file that will perform the following tasks:
- Download the official update.zip from the google.com site.
- Extract the required apks, obexes and jars.
- Add them to the correct locations in your update.zip
- Sign the update.zip (so include signapk.jar with your script)
- Rename the file update.zip
Name your zip as "incomplete-update.zip" (or something of the sort) and include your completer script with the file. Users will run the script and receive a complete update.zip as you had intended to distribute. THAT'S IT! A completely license-abiding way to distribute cooked "roms" without infringing on Google's licenses.
I wish google or HTC would contact me, I would say huh, what, me no speak spanish.... lol
Only if that would actually stop lawyers. God I hate lawyers. If that defense worked MMOGlider.com would still be working.
TheArtiszan said:
Only if that would actually stop lawyers.
Click to expand...
Click to collapse
It would, atleast in this case.
TheArtiszan said:
Only if that would actually stop lawyers. God I hate lawyers. If that defense worked MMOGlider.com would still be working.
Click to expand...
Click to collapse
Glider actually had a detrimental effect to the community, these mods don't. Horrible comparison.
afflaq said:
Glider actually had a detrimental effect to the community, these mods don't. Horrible comparison.
Click to expand...
Click to collapse
One man's detriment is another man's free market. It's a tough question.
Disclaimer: I hated MMOGlider and the people who use it, and wish they would've died in car crashes.
jashsu said:
The answer is simple: do not include any non-open source apks or code that you have not explicitly received permission to distribute.
Instead, after building your entire update.zip, strip out all the proprietary software. Then, create a .bat and/or .sh file that will perform the following tasks:
- Download the official update.zip from the google.com site.
- Extract the required apks, obexes and jars.
- Add them to the correct locations in your update.zip
- Sign the update.zip (so include signapk.jar with your script)
- Rename the file update.zip
Name your zip as "incomplete-update.zip" (or something of the sort) and include your completer script with the file. Users will run the script and receive a complete update.zip as you had intended to distribute. THAT'S IT! A completely license-abiding way to distribute cooked "roms" without infringing on Google's licenses.
Click to expand...
Click to collapse
This would work. But, it seems to me you could also take a similar approach that works like this:
1) Strip the proprietary code out of the update before signing.
2) Sign and distribute the update.
3) People install the update and return to the recovery screen.
4) Drop into terminal mode and run a script that downloads and installs the missing proprietary code in the proper places.
5) Reboot and enjoy.
Any reason that wouldn't work equally well (but be somewhat simpler)?
stellarman said:
This would work. But, it seems to me you could also take a similar approach that works like this:
1) Strip the proprietary code out of the update before signing.
2) Sign and distribute the update.
3) People install the update and return to the recovery screen.
4) Drop into terminal mode and run a script that downloads and installs the missing proprietary code in the proper places.
5) Reboot and enjoy.
Any reason that wouldn't work equally well (but be somewhat simpler)?
Click to expand...
Click to collapse
It doesn't seem like it would be a good idea to boot into the OS with major parts missing (esp stuff like framework.apk). However, if it can be worked around then yes, that would be a method too. Any variation on the theme of "partial update.zip plus files from a locally downloaded official update" would be good.
Is it more work to do this than just to distribute a fully complete (but not license compliant) update.zip? Yes. But it not only protects the cook from being C&D'd, it also helps to legitimize the "ROM" cooking scene.
You are still distributing the the unlicensed files, you are just providing a different way to distribute them. instead of including them directly in your ROM, you are supplying a script that adds them to your ROM.
Man all this is too much.... I might get rid of my G1. Google is always trying to ruin the good things for us. -__-"
jashsu said:
It doesn't seem like it would be a good idea to boot into the OS with major parts missing (esp stuff like framework.apk)
Click to expand...
Click to collapse
The framework.apk is APL and part of the Android source. To see what you get without the Googlebits, just run the emulator.
I think the easiest is to have the updater copy the proprietary bits from the phone to your SD card, perform update, then copy back. then reboot.
jashsu said:
It doesn't seem like it would be a good idea to boot into the OS with major parts missing (esp stuff like framework.apk). However, if it can be worked around then yes, that would be a method too. Any variation on the theme of "partial update.zip plus files from a locally downloaded official update" would be good.
Is it more work to do this than just to distribute a fully complete (but not license compliant) update.zip? Yes. But it not only protects the cook from being C&D'd, it also helps to legitimize the "ROM" cooking scene.
Click to expand...
Click to collapse
Read my post again. I am not suggesting that you try to boot without the parts. I am saying to use the terminal WITHIN Recovery. Do the step of re-adding the proprietary bits BEFORE you leave Recovery and reboot.
Actually people, let's not forget that perhaps Cyanogen had to modify some closed-source apps like Market and Camera on several occasions, right? To avoid crashes due to resource-id changes?
So just downloading older binaries might not always work?
--Tim
I sent a twitter to Cyanogen about this last night. Downloading every time would be slow and a waste of bandwidth. I think you could do it one of two ways.
1) add a script to cm-recovery that is executed with ALT+G the extracts the apks, etc from an official google dist file on the sdcard and copy them to the proper locations.
2) add a script (which does the extraction, etc. from a zip on the sd) someplace into update.zip. cm-recovery looks for that script and if it exists then it will automatically execute after the normal update routine is complete
3) a combination where the script is in update.zip but the users has to hit ALT+G to execute it.
I think #2/#3 would be most flexible because you wouldn't have to change recovery image for different ROMs and all ROM developers could have a custom script in their update.zip to fit their needs.
rewrite those applications if they haven't already been rewritten in one way or another many dialers, a couple marketplaces, youtube, all the apps could be developed just like messenger and browser come on lets just get around google and create the missing apps
kanstin said:
I sent a twitter to Cyanogen about this last night. Downloading every time would be slow and a waste of bandwidth. I think you could do it one of two ways.
1) add a script to cm-recovery that is executed with ALT+G the extracts the apks, etc from an official google dist file on the sdcard and copy them to the proper locations.
2) add a script (which does the extraction, etc. from a zip on the sd) someplace into update.zip. cm-recovery looks for that script and if it exists then it will automatically execute after the normal update routine is complete
3) a combination where the script is in update.zip but the users has to hit ALT+G to execute it.
I think #2/#3 would be most flexible because you wouldn't have to change recovery image for different ROMs and all ROM developers could have a custom script in their update.zip to fit their needs.
Click to expand...
Click to collapse
Anything that requires a user to press more keys is dumb. The problem Google has is that their apps are being redistributed by rom makers.
Lets take a look at how Google circumvents the same restrictions for HTC binaries: http://source.android.com/documentation/building-for-dream
Remember they are advocating circumventing HTC's proprietary licenses by running a script to copy these files. We need to do the same thing, and as long as we are coping the files, using the phone as the SOURCE, the process can be transparent to the user.
Edit:
Also has anyone thought about the fact that HTC proprietary files are being redistributed also? The phones are UNUSABLE without these files.
fauxhawk said:
Anything that requires a user to press more keys is dumb.
Click to expand...
Click to collapse
Yeah, it is dumb. Option #2 runs the script automatically and and Option #3 requires pressing ALT+G. Option #3 is in case the lawyers get really nasty; there is no way they can say that option is in violation because it requires user intervention (pressing ALT+G).
would this approach at distribution impact the optimization and tight fit of the ROM?
This is pretty much the same idea I had last night.
http://forum.xda-developers.com/showthread.php?t=564303
camalot said:
You are still distributing the the unlicensed files, you are just providing a different way to distribute them. instead of including them directly in your ROM, you are supplying a script that adds them to your ROM.
Click to expand...
Click to collapse
But you are not distributing these files. The update.zip you supply has absolutely no intellectual property which you are not entitled to distribute. Even the script, the IPR for it would be with the dev who write it. Now it might well be illegal - and personally I'd debate whether it is, but let's leave that for now - to *RUN* that script. But that's not the dev's concern and everything he supplied would be his own IPR.
Say you had a friend who worked for Google. It's the same as the difference between this friend emailing you a copyrighted MP3, versus you using Google to search for the same MP3 and then clicking on a link that appears. In the latter case Google hasn't distributed anything - they've merely provided the means for you to find the file on-line. YOU are then the one who breaks the law by downloading it. In the former case, it's your friend - and possibly Google as the people who provide the email system - who break the law.
Any dev who provided a script to download what is needed from a place on the internet and extract them from a zip would be very difficult to C&D.
Related
Hi everyone, as many of you guys have noticed, the newer firmwares do not come with the Amazon MP3 application. For those of you who want this, here is a tutorial on installing.
First, download the com.amazon.mp3.zip file uploaded, and place it on your desktop. DO NOT OPEN IT OR EXTRACT IT. Change .zip extension to .apk. For those of you who do not know how to do that, hit Start> My Computer> Organization> Folder and Search Options> and Uncheck "Hide Extentions for Known File Types". Then, delete the .zip extension and type in .apk. Have your G1 ready and plugged in, as you will be using ADB to install this program.
Open up command prompt and type:
cd desktop
adb install com.amazon.mp3.apk
exit
It should now be installed!
For those of you who do not have ADB installed for whatever reason, place the com.amazon.mp3.apk onto your SDcard. Then, using a file manager on your G1 (I use OIfilemanager) navigate to the location where the file is placed and install.
Also, the com.amazon.mp3.apk can also be extracted directly from RC and JF 1.4x builds.
NOTE TO MODS: I understand that Amazon MP3 is not an open source application. Therefore, if for any reason if you guys do not feel that uploading this apk is allowed, feel free to remove this post.
Paying $1 per mp3 can add up over time
With RC 33 i wanted to removed this program, now that JF 1.50 removed automatically, do you believe that i will tried this? But thanks anyway...
PS- People DL music MP3's on theirs PC' for free, Amazon Sucks!
Sometimes I find Amazon MP3 useful for previewing a CD while I am at the library.
By the way, there is no need to distribute the apk here when anyone can just extract it themselves legally from an official update.zip
jashsu said:
Sometimes I find Amazon MP3 useful for previewing a CD while I am at the library.
By the way, there is no need to distribute the apk here when anyone can just extract it themselves legally from an official update.zip
Click to expand...
Click to collapse
Yeah I understand that, I'm just saving them the trouble of having to do it themselves. However, when you say "legally" do you mean distributing this apk is illegal? If so I will remove it.
SolemnWishing said:
However, when you say "legally" do you mean distributing this apk is illegal? If so I will remove it.
Click to expand...
Click to collapse
It's not expressly forbidden. The general stance on xda is as long as the software in question isn't payware, then it is okay (of course a mod is free to make a judgement otherwise). However, everyone should have a RC33 or somesuch build lying around that they can extract the file from themselves anyway.
Seems that most folks don't appreciate the usefulness of Amazon MP3 as a source of track preview. I just wish that it still integrated into ShopSaavy and CompareEverywhere. Used to be you could scan a barcode of a CD and it would pull up the CD on Amazon MP3. If anyone knows how to make this work with current software versions, let me know.
Thank you for the explicit directions. This worked great on my G1 and my friend's using a mac.
Well, I guess that means we will wait for a mod to say something... next in line.. PDFviewer.
Okay, PDFviewer will not work on my JF1.50 build. Just for fun I also tried to push the H build camera and the H build dialer. The pushed camera resulted in the camera app disappearing all together along with the camcorder, gallery and picture frame widget. The H build dialer caused the phone to be completely unresponsive.
Remember, always use a Nandroid backup when attempting risky procedures
SolemnWishing said:
Well, I guess that means we will wait for a mod to say something... next in line.. PDFviewer.
Okay, PDFviewer will not work on my JF1.50 build. Just for fun I also tried to push the H build camera and the H build dialer. The pushed camera resulted in the camera app disappearing all together along with the camcorder, gallery and picture frame widget. The H build dialer caused the phone to be completely unresponsive.
Remember, always use a Nandroid backup when attempting risky procedures
Click to expand...
Click to collapse
If you want to extract features from Haykuro's H build for 1.50 installation, I suggest you hook up ddms so you can get realtime debugging and see what libraries/functions are being called that are causing problems. It should work in the emulator too.
By the way PDFViewer's dependencies have been well established, but the program checks some unknown properties of the build and will refuse to run for non-HTC builds. Decompiling the dex might lead to clues as to what it is and how to workaround it or patch the apk. I'm actually hoping it will just run unmodified on the official T-Mo 1.5 rom expected any day now.
jashsu said:
If you want to extract features from Haykuro's H build for 1.50 installation, I suggest you hook up ddms so you can get realtime debugging and see what libraries/functions are being called that are causing problems. It should work in the emulator too.
By the way PDFViewer's dependencies have been well established, but the program checks some unknown properties of the build and will refuse to run for non-HTC builds. Decompiling the dex might lead to clues as to what it is and how to workaround it or patch the apk. I'm actually hoping it will just run unmodified on the official T-Mo 1.5 rom expected any day now.
Click to expand...
Click to collapse
hehehhe! We can always dream can't we...
lol HTC dream.. well, I do not know how to work apps, or port them or anything, so that is pretty much out of the question. Ill just stick with the obvious ones.
Much thanks!! I wanted Amazon back.
thanks
works on JF flawless. no issue yet. Thanks.
I installed the Amazon MP3 apk night before last and found that the search function wouldn't open its search box. I uninstalled and then pushed it to /system/app via adb and now it works just fine. FWIW, I have apps on SD (the symlink version).
That is good, and does anyone know if the Teeter game from the original Haykuro H build requires some sort of special resource or something? As the game installs, but force closes on startup.
thank you very much for this... anybody got a fix for myfaves???
jashsu said:
If you want to extract features from Haykuro's H build for 1.50 installation, I suggest you hook up ddms so you can get realtime debugging and see what libraries/functions are being called that are causing problems. It should work in the emulator too.
By the way PDFViewer's dependencies have been well established, but the program checks some unknown properties of the build and will refuse to run for non-HTC builds. Decompiling the dex might lead to clues as to what it is and how to workaround it or patch the apk. I'm actually hoping it will just run unmodified on the official T-Mo 1.5 rom expected any day now.
Click to expand...
Click to collapse
hehehe. the properties aren't unknown. It's a library, and 2 framework files.
TheDudeOfLife said:
hehehe. the properties aren't unknown. It's a library, and 2 framework files.
Click to expand...
Click to collapse
So you have PDFViewer working without the "Only for HTC devices" nag screen?
Haha mind enlightening us??
someone run some diffs on thedudes libs and framework files =P!
Hi All,
Here is my second contribution to the Android community, android2sd!
I tried to make the installation a bit more straight forward and the readme very verbose.
There is NO going into recovery and wiping of the Android to install this construct. (Of course you can if you want to have a clean slate to build from but it is by your choice only!)
Remove .zip from filename, then unrar (sorry to zip users, zip was too big) the package and copy the android2sd.sh install script to the Android say /data/local and make executable with something like chmod 0750 and copy the android2sd.img install image to the sdcard. (Detailed instructions are in the readme file.) Once the install is complete, you can delete both install files.
Execute the script {where ever you installed it}ie:
/data/local/android2sd.sh and follow the instructions.
Included are several of my scripts (updated from the ones in data2sd) and the rules still apply, adjust or remove as you see fit. The readme explains them all.
I have noticed an improvement in speed based on the install, but you can judge for yourself and tweak as you see fit!
The construct uses Overlay Profiles to overlay the Android system and thus any changes to the Android once loaded, are actually done to the overlay profile thus you have like a safe mode which is the untouched Android under the overlay.
Hope you find it useful!
Darkstrumn
Darkstrumn said:
Hi All,
Here is my second contribution to the Android community, android2sd!
I tried to make the installation a bit more straight forward and the readme very verbose.
There is NO going into recovery and wiping of the Android to install this construct. (Of course you can if you want to have a clean slate to build from but it is by your choice only!)
Remove .zip from filename, then unrar (sorry to zip users, zip was too big) the package and copy the android2sd.sh install script to the Android say /data/local and make executable with something like chmod 0750 and copy the android2sd.img install image to the sdcard. (Detailed instructions are in the readme file.) Once the install is complete, you can delete both install files.
Execute the script {where ever you installed it}ie:
/data/local/android2sd.sh and follow the instructions.
Included are several of my scripts (updated from the ones in data2sd) and the rules still apply, adjust or remove as you see fit. The readme explains them all.
I have noticed an improvement in speed based on the install, but you can judge for yourself and tweak as you see fit!
The construct uses Overlay Profiles to overlay the Android system and thus any changes to the Android once loaded, are actually done to the overlay profile thus you have like a safe mode which is the untouched Android under the overlay.
Hope you find it useful!
Darkstrumn
Click to expand...
Click to collapse
Damn man. Good work.
sounds interesting, what is this all about?
brilliant?!? I think.
So basically, this is a non-destructive method that enables us to run new roms on the G1 without flashing? Am I reading this right? If so... wow.
edit: or, erm... maybe not... i think i've been up too long. Gonna have to watch this thread to get a better grasp on this. interesting nonetheless.
Rename To RAR
Darkstrumn said:
Remove .zip from filename, then unrar (sorry to zip users, zip was too big) the package and copy the android2sd.sh install script to the Android say /data/local and make executable with something like chmod 0750 and copy the android2sd.img install image to the sdcard. (Detailed instructions are in the readme file.) Once the install is complete, you can delete both install files.
Click to expand...
Click to collapse
very interesting .. at first i failed to see this part as i'm sure many pay skip over the whole "rename to rar" thing - LOL - so this loads profiles from the SD to the phone
for anyone having trouble with the whole "rename" process try this:
http://files.lucidrem.us/jf/android2sd.rar
as i know windows with hidden file extensions does not allow a rename easily
So what exactly does this do? I see install instructions, but no description.
Overlay Profiles...
tr.slate said:
So what exactly does this do? I see install instructions, but no description.
Click to expand...
Click to collapse
Well,
I've worked up the natural progression to this XXX2SD business, and have made an Android2SD construct which can expand the Android similarly to the the previous constructs, but puts /system, /data and /cache on sd.
So let me explain the overlay thing:
An overlay profile is a snapshot of the Android file system, namely /system, /data, and /cache.
The initial profile is called 'android2sd' and is a snapshot of your android at the time of install, plus the file system structure as explained in the readme adding the mnt/ dir structure and additional scripts in bin/ (which you can remove or adjust as you need).
Typically I reckon folks would only have the one profile and under it your original Android. But you can create additional profiles and set them up however you like. The overlay is overlayed on top of the Android file system with any changes or edits to the system affecting the profile and not the Android under.
The effective change is that the /system /data/, cache are moved to the sdcard thus expanding them to however large your sdcp2 is; on a class 6 card also improving access time.
A second benefit is that the underlying Android is safe from alteration and can be booted into like a 'safe mode'. (It can also serve as the base for new profiles, or you can make new profiles from active overlays. These snapshots can serve as a form of backup, but that is a fringe benefit.
It cannot protect the Android from update.zip installs exactly, as those will modify the Android directly, but say you try a theme and it gafs your 'droid...you can reapply the firmware update to clean out the theme, then copy the desired profile back to the Android and restore the Android to the state of the profile. (I would recommend having a 'base' profile of the Android but not using that as an active profile which will thus serve as a backup) Note: To restore the Android as described above, you cannot restore using a profile with 250+ apps in /data as the Android doesn't have the space for it!
Originally I used unionfs for the overlays but it was too slow.
Hope that explains things here; the readme has far more detail.
I've gotta go, but if I see that I've been as clear as mud, I'll try to explain better when I have more time.
Hmm just out of curiosity: What are you using now? Bind mounts?
I got a little bit lost in setup, I am not sure if I had problems because I was using Cyanogens latest or something else but either way Im going back to JF to try this.
I installed it using the "-COMMIT" addition
But when I made it to installing/linking apps things wouldnt link
Maybe I will let a few other people try it first.
More info...
[email protected] said:
Hmm just out of curiosity: What are you using now? Bind mounts?
Click to expand...
Click to collapse
Yes. Originally it was to have a multi profile layered system using unionfs: union0 the ro base snapshot and union1 the rw profile containing the copy-on-write data. But as the tests went on, the unionfs was too slow to use for /data; Android is unforgiving of unresponsiveness and was ANR'ing the apps that didn't respond fast enough.
The faster bind mount means that union1 is now not used and union0 is rw.
The reason I wanted the union0,union1 path was that the union0 could serve as base and various profiles could be layered over any part of the file system granting "Lego" like flexibility in how the user could adjust their a2sdLoader.sh script (the android2sd loader which controls the overlay process).
You could have a pristine base and several "change" profiles that you layered to your liking and could change any sub layer to different effect.
While you still can under this paradigm, it is not as compact.
But the unionfs option is not completely done away with. It can still be used for the above layering but shouldn't be used for that apps and package system.
An example of the layering I'm on about:
The Android 0-layer which the base layer is a snapshot of.
The base layer is pristine (fully configured settings, but minimal apps loaded, maybe a particular base launcher layout and wallpaper).
A change profile containing my apps and package system
A change profile containing a version of etc with reconfigured bluetooth settings.
A change profile with a theme (manually installed, or snapshot to profile and restored to pristine)
Now I could take these 4 profiles and arrange several different setups:
'base' with all apps loaded, themed with custom bluetooth
'base' with all apps loaded, themed with normal bluetooth
'base' with all apps loaded with custom bluetooth
'base' with all apps loaded with normal bluetooth
'base' with all apps loaded
'base' themed with with custom bluetooth
'base' themed with normal bluetooth
'base' with custom bluetooth
'base' with normal bluetooth
...
Those would be set to serve as the ro union0 and the rw union1 which will hold the copy-on-write changes to the overlay (which preserves the sub layers)
You could have several more theme profiles and have a script that randomly chooses one at boot...
You could simply use the overlay to protect a favored configuration. Should anything untoward happen such as accidentally damaging the packages.xml file while experimenting with the system, you could simply delete the change profile, make a new blank change profile and the damaged files are undone.
The things one can do with the overlay concept are limited only by your imagination and need (and if they slow down app processing too much causing ANR's)
It vary well could if done correctly allow one to have multiple roms as profiles and switch them based on the selected profile, but I have yet to experiment on that...I reckon that is my next move! (Note that this path would have a high space cost as the roms are about 40MB zipped!)
brandenk said:
I got a little bit lost in setup, I am not sure if I had problems because I was using Cyanogens latest or something else but either way Im going back to JF to try this.
I installed it using the "-COMMIT" addition
But when I made it to installing/linking apps things wouldnt link
Maybe I will let a few other people try it first.
Click to expand...
Click to collapse
Taken from [Rom] CyanogenMod:http://forum.xda-developers.com/showthread.php?t=518851
"DO NOT RUN ANY OTHER APPS2SD APPLICATIONS ON THIS BUILD. YOU WILL BREAK YOUR SYSTEM. THEY ARE NOT NECESSARY BECAUSE THIS ROM WILL DO A2SD AUTOMATICALLY AND BETTER!"
The android2sd construct pretty much falls into the A2SD category and thus is likely the reason you had issues with the install.
My Android is based on JF 1.51... and thus your mileage will vary based on the rom you are using. I reckon with a rom derived from theh JF roms, the install may work as intended.
As I go into the next construct build process, I will see if I can't make it multi-rom compatible (to support multi-rom profiles) I'm sure it will take some time to do as I would have to use my actual Android to test with, but no worries!
Hope that helps a little. Sorry it's not better news though.
An excellent "misuse" of this concept would be to run ion (picking it for its speed and almost stock nature) with a hero overlay (picked due to known instability as we are still developing it) so that ion would serve as a "safe mode" for when you crash hero.
I have a spare phone if i crash this and a secondary sd for if that gets corrupted. Let me know if you need help testing.
twistedumbrella said:
An excellent "misuse" of this concept would be to run ion (picking it for its speed and almost stock nature) with a hero overlay (picked due to known instability as we are still developing it) so that ion would serve as a "safe mode" for when you crash hero.
Click to expand...
Click to collapse
Interesting thought, and if this could be done, I suppose it would be possible to have bluetooth working in ION while using a Hero overlay?
Request for feedback...
Hi All,
Those who've installed android2sd, how is it going?
Can you give some pros and cons of your experience so I may improve things going forward? (Hopefully no cons exists!)
I know that roms that already make use apps2sd will encounter issues as the apps2sd and android2sd function similarly and thus step on each other. I may be able to detect this condition and adjust for it going forward...we'll see.
Thanks in advance for your input!
Darkstrumn
LucidREM said:
very interesting .. at first i failed to see this part as i'm sure many pay skip over the whole "rename to rar" thing - LOL - so this loads profiles from the SD to the phone
for anyone having trouble with the whole "rename" process try this:
http://files.lucidrem.us/jf/android2sd.rar
as i know windows with hidden file extensions does not allow a rename easily
Click to expand...
Click to collapse
Thanks for putting the rar up, XDA wouldn't take the .rar and I didn't want to signup to a file-share site just yet.
And it being seemingly natural to make windows show file extensions, it didn't cross my mind to make a note about that.
Thanks again!
Darkstrumn said:
Thanks for putting the rar up, XDA wouldn't take the .rar and I didn't want to signup to a file-share site just yet.
And it being seemingly natural to make windows show file extensions, it didn't cross my mind to make a note about that.
Thanks again!
Click to expand...
Click to collapse
How come no one is trying this? It seems to me an excellent idea and would be really cool to boot mutipe roms if someone figures that out. I'm not testing this because I'm using appstosd and didn't want conflicts...but no one else with jf1.51 Rom is testing this idea?
Just curious
so wait a second. let me get this straight ... if I have a class 6 8gb card i might be able to install a hero build without rosie or widgets with the original launcher on the sd card that might actually come sorta, kinda, a little close to a speed that might be bearable? at least for like 5 minutes?
Can this be adapted to install bigger roms such as hero without the dangerspl .
XD
Ill try this with ion later tonight
wow this is beautiful work! now to test it!
Im trying so hard to understand this lol.. Correct me on my errors but from what i read this is my hypothesis on what i think this does..
This is like a apps2sd but with data and that type thing from the build we are using? And you Said this takes snapshots So we can create several profiles of the phone? Like for example have a profile with some apps loaded and another profile with all removed and be able to switch between them at will?
[Patch][Rom]Malware Exploit for all pre-Gingerbread phones
Who is affected? All phones pre-gingerbread
Who should act? Users and developers using pre-gingerbread roms
How do I fix? Flash attached .zip at the bottom of this post or use one of the alternate methods down there
What if I think I was infected? Completely wipe your device, format sdard, go back to stock and re-apply rom, then flash the attached .zip (before installing any apps)
Why should I care? read below...
http://www.androidpolice.com/2011/0...your-phone-steal-your-data-and-open-backdoor/
Link to publishers apps here. I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be.
Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK’s, they both contain what seems to be the "rageagainstthecage" root exploit – binary contains string "CVE-2010-EASY Android local root exploit (C) 2010 by 743C". Don’t know what the apps actually do, but can’t be good.
I appreciate being able to publish an update to an app and the update going live instantly, but this is a bit scary. Some sort of moderation, or at least quicker reaction to malware complaints would be nice.
EDIT: After some dexing and jaxing, the apps seem to be at least posting the IMEI and IMSI codes to http://184.105.245.17:8080/GMServer/GMServlet, which seems to be located in Fremont, CA.
I asked our resident hacker to take a look at the code himself, and he’s verified it does indeed root the user’s device via rageagainstthecage or exploid. But that’s just the tip of the iceberg: it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.
Click to expand...
Click to collapse
The offending apps from publisher Myournet:
* Falling Down
* Super Guitar Solo
* Super History Eraser
* Photo Editor
* Super Ringtone Maker
* Super Sex Positions
* Hot Sexy Videos
* Chess
* 下坠滚球_Falldown
* Hilton Sex Sound
* Screaming Sexy Japanese Girls
* Falling Ball Dodge
* Scientific Calculator
* Dice Roller
* 躲避弹球
* Advanced Currency Converter
* App Uninstaller
* 几何战机_PewPew
* Funny Paint
* Spider Man
* 蜘蛛侠
Click to expand...
Click to collapse
http://www.androidpolice.com/2011/0...-android-nightmare-and-weve-got-more-details/
Now, on to some more details of the virus. We should point out that this vulnerability was patched with Gingerbread, meaning any device running Android 2.3+ should be fine. In other words, if you’re looking to play the blame game (which I’m not, but having read all the comments on the original post, many people are), then there’s plenty to go around. The hole was fixed by Google, but it’s relatively useless since many phones aren’t yet running a version of Android that is protected. It’s noteworthy that some manufacturers released updates that patched the exploit for devices without updating to Gingerbread; unfortunately, it appears that minority is quite a small one.
Perhaps most important is the question of what infected users can do about their situation; unfortunately, the answer is not much of anything. Because the virus opens up a backdoor and can bring in new code at any time, the only way to really rid an infected device of any damage is to completely wipe the device – not exactly the optimal solution, but it looks like the only one available, at least for now.
Finally, Justin notes that ROM developers working with pre-Gingerbread versions of Android can prevent the virus from backdooring in code by putting a dummy file at /system/bin/profile.
Click to expand...
Click to collapse
As you can see androidpolice.com reports on this backdoor and roots and steals personal information. The apps are removed from the market but that doesn't mean they got them all. Attached is a flashable fix as suggested by androidpolice.com
So users can flash this .zip or simply create a blank file called profile and place it in /system/bin/ (developers are encouraged to include this file in future releases. A blank file is not going to affect performance at all)
Alternate methods:
Using 'adb shell' or terminal emulator (should work on any ROOTED phone) as suggest by xaueious here
Code:
$ su
su
# remount rw
Remounting /system (/dev/stl9) in read/write mode
# touch /system/bin/profile
# chmod 644 /system/bin/profile
#
Alternate 2:
Download blank profile file from here (or create one and name it profile)
Use a program like Root Explorer to copy it to /system/bin/
Then longpress on it and check the permissions should be read/write for user, read for group, and read for others.
Alternate 3:
cyansmoker has put together an apk for the patch here https://market.android.com/details?id=com.voilaweb.mobile.droiddreamkiller
Thanks for pointing this out photoframd and androidpolice.com for investigating and reporting!
UPDATE: I renamed the .zip file and reuploaded it (350 hits wow). Also in the edify scripted version I added 644 permissions to the file (but if you already flashed it then it should have defaulted to that). I also added a pre-edify version of the patch thanks to xaueious for people using a recovery that does not yet understand edify.
Rodderik - very useful, thanks much. This will be in SyndicateROM Frozen 1.0.1.
EDIT: Between this and CIQ removal, we devs have malware removal/prevention covered.
Does Superuser provide a layer of protection against this exploit also?
Sent from my SPH-D700 using Tapatalk
mattallica76 said:
Does Superuser provide a layer of protection against this exploit also?
Sent from my SPH-D700 using Tapatalk
Click to expand...
Click to collapse
i wouldn't count on it...i've tried to root the epic using rageagainstthecage without the use of a computer and got no where with it because the only exploit that works for root is an adb bug (that doesn't mean it cannot be done!!!). but it is technically possible that malicious software once installed can install a modified version of superuser or do anything else it want's without the user's knowledge...so I wouldn't count on superuser protecting you.
So, let me understand this.
Are the Apps you download from the official Google app store stored by google or the developers?
If it's stored by Google, how in the world can they not be automating checking for apps like this?
This sounds kind of lame for a company with $11billion dollars in the bank.
Unless apps aren't stored by Google? And if they aren't, why doesn't Google tell you that when you download an app?
DAvid_B said:
So, let me understand this.
Are the Apps you download from the official Google app store stored by google or the developers?
If it's stored by Google, how in the world can they not be automating checking for apps like this?
This sounds kind of lame for a company with $11billion dollars in the bank.
Unless apps aren't stored by Google? And if they aren't, why doesn't Google tell you that when you download an app?
Click to expand...
Click to collapse
apps are stored by google but i dont blame them for stuff like this. google doesn't dissect every single piece of code that gets pushed to the market. it wouldnt be very cost effective for them or motivational for software developers....after all we dont want the android market becoming like apple's store do we?
So this patch (zip) can be applied via CWM3 just like anything else, right?
brickwall99 said:
So this patch (zip) can be applied via CWM3 just like anything else, right?
Click to expand...
Click to collapse
correct
10char
I'm pretty sure I'm in the clear, but this should prevent some future attacks, correct?
And any idea of phone compatibilities, ie MT4G? If you don't know I can flash it and let you know, but if it doesn't work there's no point in trying. Thanks in advance!
Edit: I guess it doesn't matter anyways, I could just create the blank folder. My bad... but thanks.
Sent from my HTC Glacier (Rooted, Stock ROM, Faux123's Kernel) using XDA App
eliasadrian said:
I'm pretty sure I'm in the clear, but this should prevent some future attacks, correct?
And any idea of phone compatibilities, ie MT4G? If you don't know I can flash it and let you know, but if it doesn't work there's no point in trying. Thanks in advance!
Sent from my HTC Glacier (Rooted, Stock ROM, Faux123's Kernel) using XDA App
Click to expand...
Click to collapse
from what i understand it applies to all pre-gingerbread phones that are exploitable by rageagainstthecage (but possibly others) it doesn't hurt anything to put an empty file called profile in /system/bin/ if it prevents the current malware from doing it's damage just to be safe
Thanks for the info, but I don't quite understand what putting an empty file named profile in the bin folder would do.
I'm not seeing any special permissions being set or anything.
How is this fix effective? Couldn't the "malware" simply overwrite the blank file?
I don't get it.
=]
-ps I haven';t taken the time to read through the linked source, so forgive me if this has been explained.
Anyone know exactly what that profile file flags in the OS?
edit: looks like this is a fix for this particular strain only.
the fix is based off of Justin's suggestions in the link...what is to stop future versions of this malware from ignoring this file in the future? nothing! but for now Justin over at andoidpolice.com has combed through the known infected apk files and provided us with this fix and info....i would read the 2 articles quote in the OP for all the goodies
the empty profile file shouldn't affect anything in the market or otherwise....i'm assuming the malware checks if that file exists and if it does then it doesn't try to run but this is speculation on my part. if i need to i can get some more information if the links in the OP don't answer your questions
My guess is that it tries to extract then run a file named profile, and adding the blank might prevent it from working
Would it be safe to assume that if you look in your system/bin directory and already have a file named profile than you have been infected?
Instead of flashing, using Root Explorer could I just create a file named "profile" in the system/bin directory for a fix?
Anyone think an android AV program like Lookout would have caught this if running when the infected app was installed?
rayburne said:
Anyone think an android AV program like Lookout would have caught this if running when the infected app was installed?
Click to expand...
Click to collapse
I suspect it would.
rayburne said:
Would it be safe to assume that if you look in your system/bin directory and already have a file named profile than you have been infected?
Click to expand...
Click to collapse
It is quite possible. Check and see if you installed any of the programs lately from the OP. If so then it is quite possible. It is also quite possible a rom developer put that file in there so that is not a 100% way of making sure.
rayburne said:
Instead of flashing, using Root Explorer could I just create a file named "profile" in the system/bin directory for a fix?
Click to expand...
Click to collapse
Yes indeed!
rayburne said:
Anyone think an android AV program like Lookout would have caught this if running when the infected app was installed?
Click to expand...
Click to collapse
Here is more from the articles I posted
Wow – from our perspective, it’s almost like the world exploded overnight. We have more information and details on the virus – which Lookout has named "DroidDream" (the word was consistently used in package names by the malware developers) – and some updates on where things stand.
Click to expand...
Click to collapse
So I'm assuming that means Lookout scans for or will soon scan for this malware.
Does the file prevent the root exploits from running?
I am not sure if your update.zip actually works, unless you are sure that the file is created with the correct file permissions. I'll test it in a minute. I don't know if your updater script is universal either:
Code:
ui_print("**Installing**");
ui_print("**Mounting Partition**");
run_program("/sbin/mount", "/dev/block/stl9", "/system");
ui_print("**Copying System File**");
package_extract_dir("system", "/system");
ui_print("**Unmounting Partition**");
unmount("/system");
ui_print("**Installation Successful**");
Can someone elaborate more on why this works, if it works?
It takes 10 minutes to throw this into an APK fix on the Market for rooted users, which works better than update.zip.
adb remount
adb shell touch /system/bin/profile
adb shell chmod 644 /system/bin/profile
I ran the patch using clockwork, how do I know if it worked?
The only app I may have downloaded from that list is chess, but I doubt I did install that.
Most of those other apps have keywords I STAY AWAY FROM for this very reason lol!
I redid the update.zip in OP.
Forgot attachment.
Code:
show_progress 0.1 0
copy_dir PACKAGE:system SYSTEM:
show_progress 0.1 10
show_progress 0.2 0
set_perm 0 0 0644 SYSTEM:bin/profile
show_progress 0.2 10
This should work on more devices. Test signed.
I am a NOOB, but I like myself just fine. The video for NOOBs is funny, but IMHO, should be a bit more serious.
I'm one of those people experiencing issues with GPS and TTFF being excessively long on the MT. Cry.
If I run MyPhoneExplorer, I can see the system file structure, and I believe I can move files to the phone. I believe I can do the same with SwiFTP.
Can one drop replacement GPS libraries for example into the SYSTEM and SYSTEM/HW sub-directories using a program like MPE, or an FTP program like SwiFTP without rooting, and would they be honored on the next reboot?
Would I be mangling some check-sum or other that determines the integrity of the system loaded?
I'm one of those users that doesn't really want to root if not necessary, but I wonder if doing some mod like the above - would doing so lay subsequent update pushes from VMUSA to waste?
Also, I'd really like if possible to flag some programs not to load, unless I explicitly ask them to load via the U.I. with intent. I suppose I'd have to root to do something like that. Perhaps with Ginger-Break? Would doing this make subsequent updates problematic?
Any information regarding my constraints and options to effect both of the above would be very appreciated. Thanks.
There are ways to mount the various partitions from a host machine (e.g. Linux) while it is in the "emergency" flash mode, which would permit what you want to do. Doing this is quite dangerous - at least as much as rooting the device and perhaps more-so.
I appreciate the response.
OK, if I were to root via Gingerbreak and install the files that way, then un-root, would my system then appear to be (to an update provided by Motorola or VMUSA) as something which couldn't be updated?
In other-words would rooting put me on a path to having to use specially modified updates?
Thanks.
Depends on what you change.
In GENERAL no, the update will come through. The major risk is that it crashes on install as some part of what you changed is a dependency but is not reloaded. This is rare, but can happen.
So.... root, install Clockwork, and make an immediate Nandroid backup BEFORE you screw with anything. That SHOULD allow you to un-hose yourself if you get in trouble.
APKSPY - RESURRECTED
First:
I want to thank @ido for the original application -- It was his idea (and his code I've hacked :cyclops and modified.
Second:
Since Ido seems not to be active anymore I'll re-publish the application here.
Unless for some reason Ido will specifically ask me to remove it.
The original post
ido said:
ApkSpy is a simple tool I hacked up tonight which allows you to easily view the manifest of an APK (screenshots attached - not up to date though) just by double clicking it. (It can even associate with the .apk filetype, yay!)
ApkSpy relies on the aapt.exe tool from the android SDK, so you must have that installed (or just copy aapt.exe from somewhere, that's the only file needed to run ApkSpy).
Click to expand...
Click to collapse
Third:
Requires Microsoft©® .Net Framework v4
(Kind of since I've done it some time ago and waited for Ido [the orignal developer] to respond and allow or disallow me to re-publish... So, I don't remember all the changes I've already done...)
v1.8.19 CHANGELOG:
Fixed some Date parsing function (zipped file with no time stamp) in ZipStorer (by @Jaime Olivares) maybe causing some of the error reported here...
v1.8 CHANGELOG:
Changed Icon - CONTRIBUTED BY @Jarmezrocks
Removed unneeded tabs (System, Batch Rename, Log)
Minimize / Maximized restored back
v1.7 CHANGELOG:
(Actually 4.1.7.870, but the first and the last parts are internally used :fingers-crossed:)
Try to automatically find adb.exe and aapt.exe in ApkSPY directory or in PATH variable: If failed finding any of the executables, the user is asked to manually locate them
(★ Currently the location is not saved... ★).
Check if the ADB server is running and Start or ask if to Restart ADB server
Tidy up the code
Refining the original libraries written by Ido related to ADB and AAPT
Some more minor code updates
Revised most of the "General" tab (other tabs ware not touched) of the UI:
Grouped and ordered controls on form
Added DropDown of devices attached (★ Not automatically updating upon plugging... ★)
Added some control over ADB actions
Added status bar that some other details are shown, e.g. device type (Nexus, I9100...), OS version (4.1.2, 4.4.2...) and OS build (KOT49H, KVT49L...)
Added (nice looking) information panel with clickable links (for actions on the form) and coloring
Other changes (I can't recall right now, since I've done it some time ago and waited for a response from Ido for permission to republish)
(★ Maybe I'll add an option for this later, depending on my -- not to much -- free time and requested by users .... ★)
Known bugs:
Sometimes ADB fails to return build.prop property for the status bar (however it has not caused any critical problem, so (I think) it can be safely ignored) -- haven't been able (yet) to find the exact state it is happening
Please take the time to look at the application ABOUT tab
Any Other ideas are welcome!
If you like it, Don't forget to Thank me
If you enjoy using this application as much as I have enjoyed re-writing it
please donate to show your appreciation
RESERVED
Nice
Sent from my SM-N900T using Tapatalk
Good news
Bug report, every time I open this program, this dialog pops up, after click OK, this program works well.
PS, aapt.exe is in the same dir with ApkSpy
I got this errors:
1:
2:
Error in property: [email protected]@usrdata
cmlx said:
Good news
Bug report, every time I open this program, this dialog pops up, after click OK, this program works well.
PS, aapt.exe is in the same dir with ApkSpy
Click to expand...
Click to collapse
Hey dude,
I am not sure what you are doing wrong on your PC but it's certainly not the app as it works perfectly fine on my computer? Out of interest and for the sake or helping the new dev I thought I would raise a few points just to eliminate any finger pointing. There's a wishy-washy area when it comes to building/hacking things that were originally someone elses work...so yeah one can easily make great improvements yet open the door to bugs at the same time too. Anyway...thought I'd ask this:
Does aapt sit on your path? I know you said it is in the same directory, however just like a batch script in Windows it needs to "CD" or change directories to the %~dp0 if it is to understand what an executable is that happens to be sitting in the same directory as it's self. So this is is kinda directed at the new dev now. What I think is happening is that aapt is assumed to be in the system path when quite often it is not (i.e. those on XDA who have not yet played with the Android SDK properly). Put simply unless the application knows it is in the same directory as your executable it won't at all understand what aapt is. Does that make sense?
@dmagician , I would make sure that the apkspy app can do a check (even if it is a string search for the first few lines returned from aapt.exe), a simple if statement before throwing that error ....actually it would likely be an 'if not' statement. I don't have any of the code in front of me atm but I can help you out if you like? I was hacking this app myself sometime ago when ido first released it just using reshacker.
Note: If you are stuck and don't have source code you technically could write a full AutoIT wrapper for this app that could do all the checks and more and then bundle everything up into the one exe still. Check out the newer WinAPI stuff for AutoIT and in particular "Run binary" (yes that's correct you can just about run anything repackaged now and not need to deploy the original exe's or even libraries....they can all be stream fed to AutoIT @Compile time and need not be typically "installed" like you used to have to do. Anyway...I am waffling on shoot me a PM man.
@cmlx, to overcome your ApkSpy woes, and until dmagician can put his finger on what the cause is or what ido did when building it ages ago.....then you will firstly need to be patient (props to dmagician to figuring sh!t out so far) but till then where ever you have dumped the ApkSpy and aapt.exe on your system; just copy the address and put it on your system path. To do this 1) right click on My Computer or Computer if you are on Win 7 or 8. 2) Choose properties. 3) Advanced System settings and then at the bottom of tab you will see 'Environment Variables', click it and you will see some "User" and "System" options. Depending on your User access rights on the system you are running on (hopefully you are running as Admin surely?) then you can choose to edit your main system path or create a new variable in your user settings called 'path' Note User variables are always postfix to system variables but should always work anyhow.
Disclaimer: cmlx, if however you have already got an aapt.exe already existing on your system path but it is dodgy then you have to ensure that the good aapt.exe in your app directory is placed on path BEFORE the dodgy one....just sayin. Cause your system searches till it finds what it wants and then doesn't search anymore. Simple but can stuff people up quite often....and likely your case. Nowdays we tend to work from the known application location and not from a "Global environment path" when we know that there are going to be conflicts...and I can assure you that aapt is possibly the worst and most modified binary out there LOL. Hence this is also a note to the dev to ensure that ApkSpy reads from the current directory.....or like I am suggesting, wrap aapt up in the main application as well and that way there is no confusion EVER.
And I am done.....
Oh wait no I am not....sorry bug reports LOL :good: you thought I was all praise eh? Got another thing coming man
OK....so um the red boxes should explain everything. A picture says a thousand words (and yeah I needed at least 1 picture for this god damned long arsed post - sry). Um why in gods name would you remove the minimise and expand buttons? WTF? Anyway...it works but errrm yeah it doesn't wrap the text anymore? and it cuts the words off lol.
Other than that....I only really have one suggestion and it isn't even really a suggestion as I have kind of already made it so I can just give it to you if you want it? And that is that most people (well I can't say most as I am not speaking for everyone) tend not to like how apps take over their system. This isn't your fault at all in anyway as the first dev thought it was a good idea back then.....and back then hardly anything in Windows knew what a freakin apk was so it was a GOOD thing.....However now, every man and his dog wants to steel .apk extension for himself. I myself tend to be all over the shop with apks so I tend not to want to have any particular Windows app take it away from my control. I use WinZip as the main app for simple double click open as I want to see the contents of apks without needing to decompile them (great for theming) however I have apk shell extensions displaying the apks main icon to explorer, so if I set WinZip as default I get a nice lumping hunk of gold turd/box running rampet all over my Windoze bro ......so if you like I can show you my code that allows me to have default apps for specific tasks without interfering with anyones existing sh!t It looks neat too as you can right click any apk and just choose from a dropdown list what particular app you want at the time. If one has the need to use more apps then they need only put those apps in a list. There is nothing worse than double clicking an apk to find that Bluestacks or some other rubbish Windoze crApp has taken offf with your apk.
Lastly I thought I'd ask, Why no config file? Why store everything in memory? I know it's only small....but seeking for things everytime it is executed is a pain in the arse and not good practice. At the very least if you have no idea how to make an exe totally portable then you could reference a config file in the same directory....Or do as most do and write entries to the registry all neat and tucked away. If we get paranoid about "portable-ness" then we write to temporary space in the registry and make sure we clean up upon closing and/or inspect at runtime. simple!
I have plenty of AutoIT scripts that do exactly that too, so if you are stuck for ideas let me know. Anyway I have rambled enough, good luck and I will keep reporting bugs haha
Edit: That's waaaay too many emoticons. Oooops someone is a little high aren't they?
PS: I have attached my PNG of the icon I used for this bugger waaaaaay back....it's less generic and feel free to take it and abuse it and do as you please.
cmlx said:
Good news
Bug report, every time I open this program, this dialog pops up, after click OK, this program works well.
PS, aapt.exe is in the same dir with ApkSpy
Click to expand...
Click to collapse
Yes, I know of this one (and I've specifically wrote about it in the OP), it is NOT related to AAPT executable but to the way ADB is acting (sorry, out of my hands... :angel:
Explanation
The error comes from the application when trying to query the "ro.build.id" property via adb ('ADB shell getprop "ro.build.id" ') command.
I've came across this one but cannot determine the exact situation it is happening (as it can occur when first launching of the app, but after the app is loaded, clicking on refresh does not show this error)...
[ I've tried it on with the (only) two devices I own (1st dev. is stock (only the kernel is changed) 4.4.2 Nexus 4, 2nd dev. is S2-i9100 with customized RR ROM)and it seems to happen ONLY on the S2...]
It looks that in times, the getprop is being executed before the whole "build.prop" is being processed by ADB (This one I cannot control since it is happening on the ADB shell side [running on the device] -- unless MAYBE doing some [UGLY] delay after first initialization of ADB, which is, by far NOT best practice of process handling according to the literature)...
CyberianIce said:
I got this errors:
1:
2:
Error in property: [email protected]@usrdata
Click to expand...
Click to collapse
Which came first, the "SpkSpy spy stopped working" or the "Error in property" (if anyways related)?
Was it on the same run or two different runs?
As of the 1st one:
I do not have enough information from your post to check it up...
I'll post a new version which shows the exception details
As of the 2nd one:
Can you send me a copy of your /system/build.prop (so i'll be able to dig trough it and check it)?
It looks like my name-value splitter character exist as part of a given value in your build.prop .
Wooow, Long one! But it is nice to know people are using (trying) it!
Jarmezrocks said:
Hey dude,
I am not sure what you are doing wrong on your PC but it's certainly not the app as it works perfectly fine on my computer? Out of interest and for the sake or helping the new dev I thought I would raise a few points just to eliminate any finger pointing. There's a wishy-washy area when it comes to building/hacking things that were originally someone elses work...so yeah one can easily make great improvements yet open the door to bugs at the same time too. Anyway...thought I'd ask this:
Does aapt sit on your path? I know you said it is in the same directory, however just like a batch script in Windows it needs to "CD" or change directories to the %~dp0 if it is to understand what an executable is that happens to be sitting in the same directory as it's self. So this is is kinda directed at the new dev now. What I think is happening is that aapt is assumed to be in the system path when quite often it is not (i.e. those on XDA who have not yet played with the Android SDK properly). Put simply unless the application knows it is in the same directory as your executable it won't at all understand what aapt is. Does that make sense?
Click to expand...
Click to collapse
Hi
As I've replied to @clmx, This error is not related to AAPT (either executable [location or whatever] or results), but to the ADB command being used...
Jarmezrocks said:
@dmagician , I would make sure that the apkspy app can do a check (even if it is a string search for the first few lines returned from aapt.exe), a simple if statement before throwing that error ....actually it would likely be an 'if not' statement. I don't have any of the code in front of me atm but I can help you out if you like? I was hacking this app myself sometime ago when ido first released it just using reshacker.
Click to expand...
Click to collapse
Sorry I did not understand... Check for what?
Jarmezrocks said:
Note: If you are stuck and don't have source code you technically could write a full AutoIT wrapper for this app that could do all the checks and more and then bundle everything up into the one exe still. Check out the newer WinAPI stuff for AutoIT and in particular "Run binary" (yes that's correct you can just about run anything repackaged now and not need to deploy the original exe's or even libraries....they can all be stream fed to AutoIT @Compile time and need not be typically "installed" like you used to have to do. Anyway...I am waffling on shoot me a PM man.
Click to expand...
Click to collapse
I do not need the Auto-IT to wrap these files (although I am using it for other automation in windows), as I can do it right in the C# code (on one of my early versions these files was embedded...)
BTW, I know there are some antiviruses out in the wild that do not like the embedded executables -- but it can be done -- and probably will save some time to anyone using this app...
If it will be required / asked, I'll embed the 4 binaries (AAPT.EXE, ADB.EXE, and two DLL's AdbWinApi.dll and AdbWinUsbApi.dll [I'm not sure both are required]) needed by the application.
Jarmezrocks said:
@cmlx, to overcome your ApkSpy woes, and until dmagician can put his finger on what the cause is or what ido did when building it ages ago.....then you will firstly need to be patient (props to dmagician to figuring sh!t out so far) but till then where ever you have dumped the ApkSpy and aapt.exe on your system; just copy the address and put it on your system path. To do this 1) right click on My Computer or Computer if you are on Win 7 or 8. 2) Choose properties. 3) Advanced System settings and then at the bottom of tab you will see 'Environment Variables', click it and you will see some "User" and "System" options. Depending on your User access rights on the system you are running on (hopefully you are running as Admin surely?) then you can choose to edit your main system path or create a new variable in your user settings called 'path' Note User variables are always postfix to system variables but should always work anyhow.
Disclaimer: cmlx, if however you have already got an aapt.exe already existing on your system path but it is dodgy then you have to ensure that the good aapt.exe in your app directory is placed on path BEFORE the dodgy one....just sayin. Cause your system searches till it finds what it wants and then doesn't search anymore. Simple but can stuff people up quite often....and likely your case. Nowdays we tend to work from the known application location and not from a "Global environment path" when we know that there are going to be conflicts...and I can assure you that aapt is possibly the worst and most modified binary out there LOL. Hence this is also a note to the dev to ensure that ApkSpy reads from the current directory.....or like I am suggesting, wrap aapt up in the main application as well and that way there is no confusion EVER.
Click to expand...
Click to collapse
The application IS searching for AAPT and ADB executables; The order is
Application directory (where ApkSpy.exe resides)
PATH environment variable
Jarmezrocks said:
OK....so um the red boxes should explain everything. A picture says a thousand words (and yeah I needed at least 1 picture for this god damned long arsed post - sry). Um why in gods name would you remove the minimise and expand buttons? WTF?
Click to expand...
Click to collapse
Mostly I like it this way, otherwise - No specific reason...
It will be back in the next version...
Jarmezrocks said:
Anyway... it works but errrm yeah it doesn't wrap the text anymore? and it cuts the words off lol.
Click to expand...
Click to collapse
This Tab was NOT changed by me in any way... To be honest, I've thought of removing it completely -- But -- out of respect to Ido's work -- I've left it in.
I assume it is not wrapping due to Font size changed by me globally...
I'm seriously giving it second thoughts -- if it should stay at all (It was originally meant for batch rename of multiple APK's... I haven't used it even once...)...
I'm Really, REALLY, think of removing it completely (unless someone is / will be using it -- then I'll fix it all)...
Jarmezrocks said:
Other than that....I only really have one suggestion and it isn't even really a suggestion as I have kind of already made it so I can just give it to you if you want it? And that is that most people (well I can't say most as I am not speaking for everyone) tend not to like how apps take over their system. This isn't your fault at all in anyway as the first dev thought it was a good idea back then.....and back then hardly anything in Windows knew what a freakin apk was so it was a GOOD thing.....However now, every man and his dog wants to steel .apk extension for himself. I myself tend to be all over the shop with apks so I tend not to want to have any particular Windows app take it away from my control. I use WinZip as the main app for simple double click open as I want to see the contents of apks without needing to decompile them (great for theming) however I have apk shell extensions displaying the apks main icon to explorer, so if I set WinZip as default I get a nice lumping hunk of gold turd/box running rampet all over my Windoze bro ......so if you like I can show you my code that allows me to have default apps for specific tasks without interfering with anyones existing sh!t It looks neat too as you can right click any apk and just choose from a dropdown list what particular app you want at the time. If one has the need to use more apps then they need only put those apps in a list. There is nothing worse than double clicking an apk to find that Bluestacks or some other rubbish Windoze crApp has taken offf with your apk.
Click to expand...
Click to collapse
The application is NOT taking over anything, Unless you've clicked the asterisk ("*") button on the System Tab...
Was it registered for you without clicking this button?
If so, I'll recheck the code (may be it's some residue from the original code).
BTW
As the previous part of the answer I've wrote -- this one was left in as of respect to @ido's work...
2nd BTW
I'd like to see that explorer extension (and [preferable] the code of it - if you are willing to share it) you ware writing about...
Jarmezrocks said:
Lastly I thought I'd ask, Why no config file? Why store everything in memory? I know it's only small....but seeking for things everytime it is executed is a pain in the arse and not good practice. At the very least if you have no idea how to make an exe totally portable then you could reference a config file in the same directory....Or do as most do and write entries to the registry all neat and tucked away. If we get paranoid about "portable-ness" then we write to temporary space in the registry and make sure we clean up upon closing and/or inspect at runtime. simple!
Click to expand...
Click to collapse
Yep, I've thought of it... But... I was thinking, that (at least) everyone is as geeky as me dauuh , and the most are setting the path correctly...
It'll be added in next version (I hope... TIME, TIME!!!! :cyclops...
Jarmezrocks said:
I have plenty of AutoIT scripts that do exactly that too, so if you are stuck for ideas let me know. Anyway I have rambled enough, good luck and I will keep reporting bugs haha
Click to expand...
Click to collapse
I prefer writing my own code (sorry, I'm a developer in heart and soul...) then using automation like Auto-IT...
Jarmezrocks said:
Edit: That's waaaay too many emoticons. Oooops someone is a little high aren't they?
Click to expand...
Click to collapse
Jarmezrocks said:
PS: I have attached my PNG of the icon I used for this bugger waaaaaay back....it's less generic and feel free to take it and abuse it and do as you please.
Click to expand...
Click to collapse
(@Jarmezrocks please see my PM to you.)
PHEW...
Long Answer, BUT HEY, I'm not the only one writing longies... :angel: (and i like referencing each and every part separately)...
dmagician said:
PHEW...
Long Answer, BUT HEY, I'm not the only one writing longies... :angel: (and i like referencing each and every part separately)...
Click to expand...
Click to collapse
Ahh yes. I write long messages sometimes when my medication has kicked in and I am high....not my fault I kinda need to get all the info out of my head in one go while I am awake.....or else there would just be zeds on the response zzzzzzzzzzzzzzzzzzzzzz lol :laugh: (ref narcolepsy).
I commend you on your efforts at responding to such gibberish and making good sense of it! :highfive:
I have responded to your PM accordingly, and hopefully covered all you need? I have attached all info and sources etc.....well most of it...actually a fair bit of it you will have to workout your self but that is part the fun. Shoot me any questions if you need to...although I have a feeling that you will have mostly all of it covered as you are streets ahead of my knowledge already. I may have misjudged a little in my previous post (although hopefully not to make you feel any less than you actually are? please excuse me if I had said anything that may offended - being naive or what ever....you ARE definitely on the right track). As for the middle menu....I think you could easily remove it and not offend the original dev. It wasn't being used as you mention...and I think it could make way for more/better functionality don't you think? (discuss). However I would ensure all the things I mentioned in my PM first before going too deep and releasing on here.
Good move on bringing the buttons back. They were functional. But I DO like the single button close GUI myself on just about everything else....It looks clean. We have similar taste in that regard. It just isn't functional for me to pressing the task notification desktop link everytime I want to minimise the app LOL.
The rest I we can discuss via PM, this is pretty much only posted here as an open area for other forum members to provide input and opinion (or complaint....like how often it usually is, eh?).
CyberianIce said:
I got this errors:
1:
2:
Error in property: [email protected]@usrdata
Click to expand...
Click to collapse
I'd got the same error!
For me it helped to copy two files to the install dir
"adb.exe" and "AdbWinApi.dll"
Both are installed with the well known MyPhoneExplorer into "Program Files\MyPhoneExplorer\DLL"
Hope it helps!
Feature Request
I use this tool for testing new APK builds on a project I am working on it. It allows me to quickly verify the version number and push to the device. However, since I am usually installing another version of an existing installed APK, I must manually uninstall before using APKSPY. Would it be possible to add a check box that would uninstall any previous versions? It would be really helpful.
Nevermind - I didn't fully read the message presented when it fail. It say uninstall/update and it allows the installation. HOWEVER, that brings up a question... Does it uninstall or does it update? There is a difference as you know.
Thanks,
Jonathan
Hi, I try to run this on Mac via Wineskin Winery, but no luck. Do I need something like .Net, or something else to run ApkSpy?
Thank you.
Ja_som said:
Hi, I try to run this on Mac via Wineskin Winery, but no luck. Do I need something like .Net, or something else to run ApkSpy?
Thank you.
Click to expand...
Click to collapse
The only requirement is the Microsoft .Net 4.
(I'll add this to OP)
jmo said:
I use this tool for testing new APK builds on a project I am working on it. It allows me to quickly verify the version number and push to the device. However, since I am usually installing another version of an existing installed APK, I must manually uninstall before using APKSPY. Would it be possible to add a check box that would uninstall any previous versions? It would be really helpful.
Nevermind - I didn't fully read the message presented when it fail. It say uninstall/update and it allows the installation. HOWEVER, that brings up a question... Does it uninstall or does it update? There is a difference as you know.
Thanks,
Jonathan
Click to expand...
Click to collapse
Yes I know there is difference between the two (update vs uninstall and install again).
It is updating the application (like using "adb install -r apk_file_name.apk"), not doing remove and install
Removed unneeded tabs (System, Batch Rename, Log)
Click to expand...
Click to collapse
The unneeded Batch Rename tab was the only tab I needed really. :laugh: Luckily I found Ido's original version. It's ideal for renaming all those apk's I downloaded and still have the package name when I back them up to my PC.
I have an Asus Memo Pad 10 and an Asus Memo Pad 7 and neither are recognised by APKSpy. Not that it's a problem as I have no problem copying to and from them with Windows Exploder or Total Commander.
Other than that, it's been a handy little app for this tablet/smartphone virgin newbie.
Martin.
wolrik said:
The unneeded Batch Rename tab was the only tab I needed really. :laugh: Luckily I found Ido's original version. It's ideal for renaming all those apk's I downloaded and still have the package name when I back them up to my PC.
I have an Asus Memo Pad 10 and an Asus Memo Pad 7 and neither are recognised by APKSpy. Not that it's a problem as I have no problem copying to and from them with Windows Exploder or Total Commander.
Other than that, it's been a handy little app for this tablet/smartphone virgin newbie.
Martin.
Click to expand...
Click to collapse
Hello.
1st:
I can -- if requested - re-add the Batch rename.
2nd:
I don't know why these two devices are not being recognized -- unless not being recognized by ADB itself -- since I'm spawning devices by parsing the resulting text of "ADB devices" command, So unless being unrecognized by ADB, there should be NO PROBLEM detecting ANY android device with ADB on...
if you have any exception messages thrown by the application, please post them here.
dmagician said:
Hello.
1st:
I can -- if requested - re-add the Batch rename.
2nd:
I don't know why these two devices are not being recognized -- unless not being recognized by ADB itself -- since I'm spawning devices by parsing the resulting text of "ADB devices" command, So unless being unrecognized by ADB, there should be NO PROBLEM detecting ANY android device with ADB on...
if you have any exception messages thrown by the application, please post them here.
Click to expand...
Click to collapse
No need to re-add the tab just for me, but thanks for the offer. As I get to know my way around Android I'll probably need such things less and less.
Sorry, but I know nothing about ADB other than APKSpy needing it. As you can see from the attached pic, the Asus is recognised by Total Commander
Martin.
Hi dmagician,
Nice work, and a shout-out to Ido who originally created it.
I have a feature request:
Could you add the option to remove certain permission(s) and save the modified APK file?
There are many apps which I feel allow themselves way too much permissions, and this option could be very useful to tame them apps.
One more thing:
I noticed that APKSpy v1.8.2 doesn't work with the latest version of AAPT.exe (1432KB), from the Android SDK r24.
So I had to use a previous version of AAPT.exe (833KB), which worked.
Thanks,
Eric
Hey does anybody know where the name of the apk is in the XML files inside the apk?