There are regular programs that I listen to that I would really love to be able to record from the FM radio on my EVO.....is it possible? Is there anything? Can something be made?
It would be awsome....thanks for the help!
I've been looking for something like this myself. So far nothing exists AFAIK. Some suggestions in the past were to try using one of the many voice/call recording apps available but any that I try kill the radio output when recording starts. I'm actually learning how to develop for Android now and that is one of the things on my list of apps to try and develop, but hopefully someone has already beat me to the punch.
yea I've been looking for something for a long time......got the same responses like u......but would totally awsome if you get to make it.....
There its no published api for the radio. I wanted to do something exactly like this, but gave up since HTC does not publish any mechanism to interact with the fm radio.
-frank
Sent from my PC36100 using XDA App
check out chillirec
chillirec is for recording internet radio... we're looking for something to record FM radio... big difference, but thanks for the suggestion...
i want one, add me, my old nokia ngage use to do it.
Definitely. This would be a very handy app to have. My old Creative Zen Sleek Photo mp3 player could do this.
Many times many places (although, not often enough even at that) this has been asked for. Many of us would be grateful!
This simply has to be possible. It's a shame it's apparently not an appealing enough project to interest some developers that understand these things.
Amigaben, perhaps you did not read my post. The mechanisms just don't exist from htc. Unlike most apps, the tools and system calls don't exist in java which is what the main supplication is written in. It is not a question of lack of interest, I would love to do this as a developer and have explored this pretty extensively, it just isn't feasible without a release of code from HTC.
To do this would likely require low level c coding at least and might require keys or some other special code we don't have.
-frank
Sent from my PC36100 using XDA App
kaediil, I didn't mean to be rude in my post. I realize that what you said is true, that the mechanisms don't exist from HTC, or if they do they're not documented. It just seems like the type of thing that can get worked around or implemented the hard way when it's something truly interesting for enough developers/hackers. I just figured FM recording wasn't interesting to enough of the right people in the right situations to make that happen yet, realizing that if it is possible to do without HTC's help it would probably require a lot of effort.
Anyway, I meant no slight. Though I might have intended a prod to those looking for a challenge.
If there are any coders/hackers out there who have any interest in working on this, I have looked at the FmRadio.apk file from my EVO.
I have gotten as far as confirming from this code that the FMRadio is actually a part of the Broadcom Bluetooth chip, which I think is the BCM4329. Reference this code from the file BroadcomFMTuner.java:
iget-object v1, p0, Lcom/htc/fm/BroadcomFMTuner;->mFmReceiver:Lcom/broadcom/bt/service/fm/FmReceiver;
Note the reference to the bt (bluetooth) service. Just after that line is:
const-string v2, "!!!! @@@@@@@ ##### setRdsOn() - successfully!!"
Also in this file the lines:
com/broadcom/bt/service/fm/FmReceiver;->turnOnRadio()
The java code modifies a few files located in:
/data/data/com.htc.fm/
There is a file called fm in there that shows what channel the radio is tuned to, if the channel is a favorite and what name you gave that channel.
Once the radio is turned on a new file is created there called audio_fm which describes the audio path or where the app should be sending the audio.
There is a mime type described in the file: application/fm and a data or URI prefix of: htcfm://
Apparently to play the app uses the MediaPlayer with that URI, and shuts down all other players, hence why you can't record when playing the FmStream.
In the code I see a line like this:
"mime_type = \'application/fm\' and _data = \'htcfm://"
then a few lines later:
const-string v0, "internal"
invoke-static {v0}, Landroid/provider/MediaStore$Audio$Media;->getContentUri(Ljava/lang/StringLandroid/net/Uri;
Anyway, all of these things point to needing com.broadcom.bt.service.fm.FmReceiver, which I am assuming is in some other apk or file on the system, but I have not looked for/found it yet.
-frank
I want to record from FM!!!
Disclaimer: Perhaps this should be in Development, but I'm below the 10 post threshhold
I'm new to XDA forums posting, have no programming experience(ie:copy/paste script), but have been lurking for some time now reading as much as I can without asking for help, scouring the forums so I can achieve my whims and hopefully help others in the long run when I have more experience. I've succeeded in setting up adb/SDK, decompiling/recompiling apk's, editing 9patch, flashing, signing etc..
My post is in regards to my efforts to change the width of the drawable line used to connect the pattern dots on a security pattern lock screen.
I found these instructions from another site from someone asking the same question, The answer given was:
In com\android\internal\widget\LockPatternView.smali of framework.jar (make sure you decompile with backsmali),
find something that looks like:
Code:
iput v2, p0, Lcom/android/internal/widget/LockPatternView;->mDiameterFactor:F
Above it, you should find something like:
Code:
const/high16 v0, 0x3f00
Change 0x3f00 (or whatever it is) to 0x3dcccccd
Click to expand...
Click to collapse
I Decompiled classes.dex from framework.jar on two roms. Reaper 3.0 (default) and classes.dex from the latest CM9 (which has the thinner drawable line) to try and compare them. Attached are 2 screen shots from within notepad++ One from the Reaper LockPatternView.smali which I modified and tried to recompile. And the other from CM9's LockPatternView.smali left untouched. I tried to draw a comparison.
After editing LockPatternView.smali I saved the file, but am getting recompile errors with either autosmali or by command line.
Code:
C:\AutoSmali_1.0-2>java -Xmx512M -jar smali-1.3.2.jar out/ new-classes.dex
out\com\android\internal\widget\LockPatternView.smali[0,0] 1036831949 cannot fit
into a short
out\com\android\internal\widget\LockPatternView.smali[251,4] mismatched tree nod
e: I_STATEMENT_FORMAT22c_FIELD expecting I_CATCHES
out\com\android\internal\widget\LockPatternView.smali[261,4] mismatched tree nod
e: I_STATEMENT_FORMAT35c_METHOD expecting <UP>
I was wondering if anyone has any experience with this, or has experienced the same error. I have been able to change all the png's and customize the appearance to my hearts content, i only lack the ability to edit that 'connecting line'
I'm just a beginner who's good with Photoshop, but If i can work this out I figure I'll write a tutorial with everything combined.
twiice
Almost a year later comes someone with the exact same issue. The only difference is that I'm a Samsung Y DUOS user.
So, anyways, I was able to compile the file again with no errors.
I've changed this:
Code:
const/high16 v2, 0x3f00
Into this:
Code:
const v2, 0x3dcccccd
If I left it like this:
Code:
const/high16 v2, 0x3dcccccd
I got compile errors.
Nevertheless, I don't think that this is the right way to do this. I was able to flash the new framework.jar onto my phone and it booted ok without errors. The only thing is that I've noticed that the phone gain some LAG while moving around the UI. The LAG is not always present, but it happens with a lot more frequency than before.
So, my question is, what the hell does const/high16 means? Why do I have a compile error if I leave it like that, and why does it get recompiled ok if we remove the /high16?
Can anyone help me?
It most likely means high 16 bits of 32-bit variable.
You're using 32-bit value.
Obviously you can't stick 32-bit value into 16 bits, that's why you're getting compilation errors.
The lag has most likely nothing to do with this, and has to do with the tool version you used for recompilation and/or lack of zipaligning and/or something else caused by the change you did.
I'm comparing two APK's after decompiling them.
The code is very much identical apart from when I decompile one there are many lines such as
.line
.prologue
Is there anyway to cut this out as it would help very much when comparing?
Yeah.
Don't include debugging information.
For baksmali just pass the b argument. You'll see it in the binaries documentation.
zeroprobe said:
I'm comparing two APK's after decompiling them.
The code is very much identical apart from when I decompile one there are many lines such as
.line
.prologue
Is there anyway to cut this out as it would help very much when comparing?
Click to expand...
Click to collapse
Search for xda user mudhi then check his signature and goto the "A way to optimize app and framework files" thread in his sig.
It strips out the debugging code like .line .prologue etc and gives more readable code
Or, you could simply enter -b like I said before.
No need to install new software this is easy.
Thanks guys, much appreciated.
Latest Version 0.5.1 (beta)
What is CobaltDebugger? An ARM Processor Simulator/Emulator/Debugger. At its current state, it reads Android bootloader files, and runs them in a simulator, giving you control over which instructions execute and when. For optimal experience, use this in conjunction with IDA Pro.
Hint: Try setting the PC Register to an interesting address found in IDA.
https://youtu.be/cwvz8Cj70Ac <- newer but still old
https://youtu.be/L5NDob2rCmI <- even older
Unzip contents
Run CobaltDebugger.exe
Load up your aboot.mbn or sbl1.mbn
If you want to display referenced strings, open your binary in IDA, go to View > Subviews > Strings, then copy and paste the contents of the strings window into a new text file, then load that text file into CobaltDebugger.
Memory file will grow to 4GB
Click "Load Binary"
Then click "Step Into" or "Run"
You can
- Set breakpoints by address: use >, and < to define break-ranges
- Alter register values, condition flags, psr modes, instruction sets (ARM and Thumb)
Memory edits are not yet implemented but will most likely come as time permits
Page Up, Page Down, Up, and Down keys can be used to navigate the memory viewer - or you can type an address and click "Go" to go there - There's a bug in here somewhere - I'll get to it
The output from the bottom right window is saved as output.xxxxxx.txt, although the file may not get flushed until you click "Unload" or close the application.
All ARM and Thumb instructions were implemented in C# by hand by me. There may be bugs here and there as this is a work in progress and beta. Not all instructions have been implemented so you may encounter a message that states such and such instruction not implemented. If you see that, let me know which instruction and I will implement it as time permits, or you can wait until the next release. I plan on continuing this project until all instructions are implemented.
Originally built with the binaries from the AT&T Samsung Galaxy Note 3 (NC2) in mind, but focus switched to the Verizon Samsung Galaxy S4 (NK1), then back to Note 3 (OC1). This should work with other similar binaries as well.
I'm hoping this will help us discover new ways to unlock bootloaders. But at the very least it's fun to watch the files run.
Change Log 0.5.1
Added image verification steps thanks to Tal Aloni
Bug fixes
More instructions implemented
Slight redesign
Change Log 0.5
Bug fixes, UI improvements, a few more instructions implemented
Now the "Next" instruction is actually the Next instruction as opposed to the most recently executed instruction, so you can see the instruction highlighted BEFORE it executes.
Change Log 0.4.1
Fixed some bugs
Implemented some more instructions
AT&T Note 3 NC2 aboot runs to completion again, although you may find some instructions I've missed if you start jumping around editing the PC value.
Change Log 0.4
Complete refactor
Verizon S4 NK1 aboot runs to completion, although you may find some instructions I've missed if you start jumping around editing the PC value.
Broke some things with the Note 3 aboot instructions
Change Log v0.3:
set default breakpoint for Verizon S4 aboot - Either it's actually *supposed* to start executing code at 0x880C7000 after an MCR and BX instruction, or I may have mis-coded something, but it seems odd, so a breakpoint is set to 0x88E0E4BC until I can figure that one out.
Output to file - C:\temp\output.HHmmss.asm - Now you can review the log after the program has run.
Subscribed. This is going to be epic.
Taking the trash out then going to have some fun hopefully with this.
Next feature to add is the ability to load and run elf files like tz and sdi
v0.2
I Implemented the SP Minus Immediate instruction, which should resolve the NotImplemented exception reported by @dmt010 . I also implemented a bunch more instructions needed by the S4 aboot, although I'm still not done. I went ahead and uploaded an update anyway. This one doesn't blow up like the first version, but rather displays the missing instruction if it encounters one. To skip to a specific address and start executing code, you can modify the PC register and click Apply Edits, then step or run. Sometimes you have to do it twice for it to take, for some reason. If you want to play around with this with your own abootmbn or sbl1.mbn, feel free to post any Not Implemented messages here so I can add them, just make sure no one else has already posted it. Make sure you copy and paste the whole line including the instruction mnemonic and "Pattern" which will help me to identify the desired encoding.
Instruction [Thumb16,LDRB] not implemented. Pattern: [01111iiiiinnnttt]. Address: [0x88E1C470]
Cheers
I just uploaded v0.3. Now it runs the Verizon S4 aboot file without exception until it gets to a section where keeps incorrectly executing ANDEQ R0, R0, #0x3. I know that's not what it is supposed to do, and that it is a result of BX R14, when R14 is holding 0x880C7000, but 0x880C7000 has only zeros because the s4 aboot is running out of context, isolated. Maybe there is supposed to be code at 0x880C7000, ready and waiting to run. Or maybe there was a calculation error in my code and R14 should not have held the value 0x880C7000. I don't know. I will relook at the preceeding steps and make sure the calculations are correct. Might add a unit test or two. I may need to spend more time looking at the line before the branch (MCR p15, 0, R0,c1,c0, 0) MCR was one of the first instructions I implemented months ago. I may need to re-look at that logic and make sure I did it right...
Cobaltikus said:
I just uploaded v0.3. Now it runs the Verizon S4 aboot file without exception until it gets to a section where keeps incorrectly executing ANDEQ R0, R0, #0x3. I know that's not what it is supposed to do, and that it is a result of BX R14, when R14 is holding 0x880C7000, but 0x880C7000 has only zeros because the s4 aboot is running out of context, isolated. Maybe there is supposed to be code at 0x880C7000, ready and waiting to run. Or maybe there was a calculation error in my code and R14 should not have held the value 0x880C7000. I don't know. I will relook at the preceeding steps and make sure the calculations are correct. Might add a unit test or two. I may need to spend more time looking at the line before the branch (MCR p15, 0, R0,c1,c0, 0) MCR was one of the first instructions I implemented months ago. I may need to re-look at that logic and make sure I did it right...
Click to expand...
Click to collapse
What did I say? Glad I snagged the first post, I knew this project would take off.
It is possible that at some point I will consider sharing my source code to the public. But first I need to look into different licensing steps I should take to make sure that if I do release it, it will remain open source and not be stolen and licensed by someone else, forcing me to take my code down, or something else that could be bad for me. I want to make sure that if I do it, I do it right. Another issue for me is that I like to copy and paste the psuedocode from ARM directly into my code, commented, so I have it for reference. I'm fairly certain I would have to take that out before releasing, so I'm not infringing on ARM's copyright policies. But it would be nice to collaborate. Possibly. Maybe.
Cobaltikus said:
... (MCR p15, 0, R0,c1,c0, 0) MCR was one of the first instructions I implemented months ago. I may need to re-look at that logic and make sure I did it right...
Click to expand...
Click to collapse
Yep. I need to re-implement MCR. I wasn't doing all that needed to be done.
v0.4
v0.4 runs Verizon S4 NK1 aboot to completion, and you can view and modify the active Instruction Set (ARM vs Thumb).
v0.5
v0.5
I got a bit side tracked. Thanks to Tal Aloni, Cobalt Debugger now shows and validates the certificate chain and image signature, which started me down the rabbit hole of potentially cracking RSA. When I come back up for air I'll post my latest changes.
ive been trying to crack that thing for months now! haha join in the telegram again for info and we can collaborate live. from what i understand we're dealing with an RSA-SHA1 sig with PKCS#11 padding
Sorry to be somewhat off-topic, but RSA is a method of encryption. So Samsung/Verizon used this to encrypt the bootloader. So if we can crack it, we have access to the bootloader and can Loki it/ another exploit?
Oh yeah, I subbed. I'm teaching myself python and Java(was already on my to do list) to try and offer limited help.
XxD34THxX said:
Sorry to be somewhat off-topic, but RSA is a method of encryption. So Samsung/Verizon used this to encrypt the bootloader. So if we can crack it, we have access to the bootloader and can Loki it/ another exploit?
Oh yeah, I subbed. I'm teaching myself python and Java(was already on my to do list) to try and offer limited help.
Click to expand...
Click to collapse
can you do much with python on android?
What exactly does this thing do ? I"m a bit confused This is some kind of simulator so that you can see how it impacts memory during execution ? But then again, if it can't access hardware then what's the use ? What does it offer over IDA pro ? I'm confused
Not now. Still on the basics of python. I have python and ide on my pc waiting if you need me to test something.
kcarden said:
ive been trying to crack that thing for months now! haha join in the telegram again for info and we can collaborate live. from what i understand we're dealing with an RSA-SHA1 sig with PKCS#11 padding
Click to expand...
Click to collapse
Ah right, getting now what the use of this is As long as stuff is not done in hardware, which it most likely wont be anyway (cause kernel is not up lol) then this could function as a simulator to debug the bootloader. Makes sense
XxD34THxX said:
Sorry to be somewhat off-topic, but RSA is a method of encryption. So Samsung/Verizon used this to encrypt the bootloader. So if we can crack it, we have access to the bootloader and can Loki it/ another exploit?
Oh yeah, I subbed. I'm teaching myself python and Java(was already on my to do list) to try and offer limited help.
Click to expand...
Click to collapse
i've been looking a lot at recovery.img and the recovery partition. and what happens is the image is encrypted and then signed to be accepted by other software sig checks