Related
There are many json files containing the information {"color": "red"}. I want to create a listBox of colors of these files,data must be read. The most simple (which I wrote):
Code:
int i = 1;
while (i < 300)
{
var file = Application.GetResourceStream(new Uri("files/color"+i+".json", UriKind.Relative));
i++;
if (file == null)
{
Debug.WriteLine("file not found");
break;
}
DataContractJsonSerializer ser = new DataContractJsonSerializer(typeof(Color));
Color example = (Color)ser.ReadObject(file.Stream);
}
I have not found how to work with directories of the project so just go over everything.
I read about IsolatedStorageFile, this store is used as a sandbox for the application. How to install the application can put files there?
This is a simple example I used just to find out, in fact, much more data.
P.S. Sorry for my bad english
Quick tip: you should be using the "using" keyword, or manually cleaning up your stream.
That said, there's no official way to write to the isolated storage on program installation. Unofficially, you can use the XAP deployer hack (read about it on the dev&hacking sub-forum) if you really want to do this, although it almost certainly won't survive market ingestion (if you want to publish it).
The best official way is to check, when the program starts up, whether it has populated its isostore. If not, it uses the GetResourceStream to read from its install folder and write to the isostore.
If that's not enough info or doesn't answer your question, please try to be more precise.
evgen_wp said:
There are many json files containing the information {"color": "red"}. I want to create a listBox of colors of these files,data must be read. The most simple (which I wrote):
Code:
int i = 1;
while (i < 300)
{
var file = Application.GetResourceStream(new Uri("files/color"+i+".json", UriKind.Relative));
i++;
if (file == null)
{
Debug.WriteLine("file not found");
break;
}
DataContractJsonSerializer ser = new DataContractJsonSerializer(typeof(Color));
Color example = (Color)ser.ReadObject(file.Stream);
}
I have not found how to work with directories of the project so just go over everything.
I read about IsolatedStorageFile, this store is used as a sandbox for the application. How to install the application can put files there?
This is a simple example I used just to find out, in fact, much more data.
P.S. Sorry for my bad english
Click to expand...
Click to collapse
Indeed, clearly, is better.
thank you
Every time you hit the page will load data from files. It's slow. Probably better to use the database. What do you suggest?
an additional question: how to view the contents of the folder in the install folder
Loading the app's IsolatedStorageSettings.ApplicationSettings data (which is a simple text file in the data folder) is quite fast; I really doubt you'll notice it. Just save their once the fact that you imported the files from the install folder to the isostore. I just about guarantee that any kind of database access will take much longer, at least for the initial hit. Reading a short plain-text file and parsing it should take maybe a few miliseconds, at worst.
As for viewing folder contents, technically this can be done using native code, but it can't be done with the official API (I get the feeling you want to publish this app, so that matters). However, that shouldn't matter, really - you know what files are in the install folder and its subfolders, because you put them there. If you want to know how to use GetResourceStream on sub-folders of the install folder, that's easy; your code as listed above should work. Note that the files must be build action "content" and not "resource". You can still access "resource" files but the URI is different.
Hello guys,
I know there are multiple guides like this one on the forums, but I guessed: Why should one just have tutorials in Batch and C#? I can program in VB, why not share it?
First: This guide will contain some code out of my own program (Universal Android Toolkit) but only the free stuff
So, I guess I'll start off.
Prerequisites:What will you need?
Microsoft Visual Studio (2008, 2010 or 2012) for Windows Desktop. I'll provide links.
A computer with at least 1GB RAM, a P4 @ 2.8GHz, 128MB Graphics chip/card, some basic knowledge of ADB commands (You'll learn them here, I guess...)
A cup of coffee or whatever your favorite warm beverage is.
Oh, and some decent music would be good.
Setting things up:As I've already done this a while back, I cannot provide screenshots, but I'll do my best to explain things.
First, download Visual Studio 2012 for Windows Desktop and open the installer.
It should look somewhat like this, just with a big 'START' button at the bottom.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Once you have installed that, it is advisory, that you download the .Net framework 3.5, 4.0 and 4.5
.Net 3.5 (Includes 2.0, 3.0 and 3.5 SP1
.Net 4.0
.Net 4.5
Once you have installed those, you should bookmark this page and restart your computer.
Then, move to the next step.
Creating a New Project:Open up Visual Studio. You will be welcomed by a screen, which looks somewhat like this:
Click on 'New Project...'
You will then see this type of screen:
Select 'Windows Forms Application' and give it a name. You may name it whatever you want. You can also change the location it should be stored in. I'll change the name to Android One-Click Tutorial and I'll leave the default location as it is.
Once you have done that, hit OK and wait for the project to load up.
One-Click, Here we Come!:
Once the project has loaded, you will see a screen like this (Depending on which version of VS you are using..)
You may name the form however you want. I'll name it the same as the project.
Once you have given it a name, you'll want to resize the form to the desired size and give it an icon.
Please excuse the weird highlights, I'm using my old laptop, because my computer broke and my mouse died with it.
Then debug the program, to make sure it is how you want it to be.
If it's OK for you, then let's get to downloading all the ADB-Stuff.
Download the ADT bundle from here and then download the platform-tools.
You might want another cup of coffee for this. Sadly, I can't drink anything warm or with caffeine, because I had an operation to my mouth yesterday (Friday the 07th of June 2013) so feel free to drink one on me
Once it is done downloading, extract the archive to your computer. I'll just put it in my Documents folder.
Once everything is extracted, move to the sdk\platform-tools folder. Make sure that the files 'adb.exe', 'AdbWinApi.dll', 'AdbWinUsbApi.dll' and 'fastboot.exe' are present. If they are, go back to Visual Studio and go to the properties of the project (Project ->> <Project Name> properties) and move to 'Resources'. Change the resource type from Strings to Files.
Then, add the four files from above to the resources.
Once all that is done, we can start coding.
So go ahead and double-click on the form, so that the code file shows up.
It'll look like this:
Type in the following over Public Class Form1:
Code:
Imports System.IO
Imports System.Threading
Imports System.Windows.Forms.DialogResult
Now, as this program is supposedly going to be used by others, probably people without knowledge of coding, and therefore people without ADB, etc., we want the program to look for our files and copy them if necessary.
We want to do this right at the beginning of the program, so we'll do it the Form1 Load Event.
Type the following code:
Code:
If Not Directory.Exists("ADB") Then
Directory.CreateDirectory("ADB")
Else
If Not File.Exists("ADB\adb.exe") Then
File.WriteAllBytes("ADB\adb.exe", My.Resources.adb)
End If
If Not File.Exists("ADB\AdbWinApi.dll") Then
File.WriteAllBytes("ADB\AdbWinApi.dll", My.Resources.AdbWinApi)
End If
If Not File.Exists("ADB\AdbWinUsbApi.dll") Then
File.WriteAllBytes("ADB\AdbWinUsbApi.dll", My.Resources.AdbWinUsbApi)
End If
If Not File.Exists("ADB\fastboot.exe") Then
File.WriteAllBytes("ADB\fastboot.exe", My.Resources.fastboot)
End If
End If
The code folder should now look something like this:
Ok. So now debug the program and check in the project's \bin folder for a folder named ADB and check if all the files were created accordingly.
If your folder looks like mine: You've done a great job! So you can already give yourself a pat on the back!
Now, to move on to the next step:
Adding Buttons and Commands:
Move back to the designer and add a few buttons like I've done. The buttons I've created will:
Back up the device
Restore the device
Install an app
Push a file
Now, we want to create four more forms. One for the backup, one for the restore, one for the install app and one for pushing a file.
Hit CTRL+SHIFT+A to add new items.
You can name the forms however you want.
I created some with pretty self-explaining names:
Now, double-click on each button in Form1 to create a new code block in the code file.
Once you have done that, copy the following codes into each code block.
Button1_Click
Code:
Backup.Show()
Me.Hide()
Button2_Click
Code:
Restore.Show()
Me.Hide()
Button3_Click
Code:
Install.Show()
Me.Hide()
Button4_Click
Code:
Push.Show()
Me.Hide()
Now open up the Backup form. We'll start here. You can close the Form1-files.
Start designing the form as you wish. Here's how I've done it:
If you're using the same design as me, you might want to use the same code.
NOTE: I rarely use the .Net components in the Toolbox. Only for static operations. For things like dialog boxes, I use pure code.
This is working code. I have debugged and tested!
Code:
Imports System.IO
Public Class Backup
Private Sub Backup_Load(sender As Object, e As EventArgs) Handles MyBase.Load
TextBox2.Text = "Backup_From_" & Date.Now.ToShortTimeString
If Not Directory.Exists(TextBox1.Text) Then
Directory.CreateDirectory(TextBox1.Text)
End If
End Sub
Private Sub Backup_FormClosing(sender As Object, e As EventArgs) Handles MyBase.FormClosing
Form1.Show()
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim FolderBrowse As New FolderBrowserDialog
FolderBrowse.Description = "Select the destination of where you wish your backup to be saved to." _
& "Note: Please do not choose locations with spaces in the directories. These may cause errors!"
FolderBrowse.ShowNewFolderButton = True
Dim DialogRes As DialogResult = FolderBrowse.ShowDialog
If DialogRes = Windows.Forms.DialogResult.OK Then
TextBox1.Text = FolderBrowse.SelectedPath
End If
End Sub
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
Shell("""ADB\adb.exe"" backup -f" & TextBox1.Text & "\" & TextBox2.Text & "-apk -system -full -all", AppWinStyle.NormalFocus, True, 30000)
End Sub
End Class
Once you have that done, move to the next form. This, in my case, is Restore.
To keep the thread clear, I'll carry on in post #2.
Ok, now let's get on with Restore.
Open up the file, and again, design it as you want.
If you're using the same design as me, it is advisory, that you use the same code.
Here is the code I used:
Code:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim OpenFile As New OpenFileDialog
OpenFile.InitialDirectory = My.Computer.FileSystem.SpecialDirectories.Desktop
OpenFile.Multiselect = False
OpenFile.Filter = "AB (Android Backups)|*.ab"
OpenFile.SupportMultiDottedExtensions = False
OpenFile.Title = "Select the Android Backup (*.ab) file to restore your device from..."
Dim DialogRes As DialogResult = OpenFile.ShowDialog()
If DialogRes = Windows.Forms.DialogResult.OK Then
TextBox1.Text = OpenFile.FileName
End If
End Sub
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
Shell("""ADB\adb.exe"" restore " & TextBox1.Text, AppWinStyle.NormalFocus, True, 30000)
End Sub
Private Sub Restore_FormClosing(sender As Object, e As EventArgs) Handles MyBase.FormClosing
Form1.Show()
End Sub
And now we're ready to move to the third form. As usual; if you're using the same design as me, you'll want to use the same code as me.
I'd like to note: I'll explain all the code in post #3.
The third form (Install an App) will be a bit different than the others. Here, we'll give the user the opportunity to select an entire folder which contains .apk files and then with a mouse-click, the app will install the desired APK.
Note the ListBox, That is where all the APKs will be listed. (Hence the name 'ListBox'.)
I have pulled some APKs from my phone and have put them in a folder (C:\APKs). We will use this folder to list all the available APKs in the listbox.
But before we do that, here is the code for the form. Again, nothing is imported here.
Code:
Private Sub Install_FormClosing(sender As Object, e As EventArgs) Handles MyBase.FormClosing
Form1.Show()
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim FolderBrowse As New FolderBrowserDialog
FolderBrowse.Description = "Select the folder containing your APK files."
FolderBrowse.RootFolder = Environment.SpecialFolder.DesktopDirectory
FolderBrowse.ShowNewFolderButton = False
Dim DialogRes As DialogResult = FolderBrowse.ShowDialog()
If DialogRes = Windows.Forms.DialogResult.OK Then
For Each Item As String In My.Computer.FileSystem.GetFiles(FolderBrowse.SelectedPath)
ListBox1.Items.Add(Item)
Next
End If
End Sub
Private Sub ListBox1_SelectedIndexChanged(sender As Object, e As EventArgs) Handles ListBox1.SelectedIndexChanged
Shell("""ADB\adb.exe"" install " & ListBox1.SelectedItem.ToString, AppWinStyle.NormalFocus, True, 30000)
End Sub
And here are some pictures of the code in action:
FolderBrowserDialog (FolderBrowse):
The list of apps (ListBox):
Ok. We're almost done with our One-Click utility!
We've only got one more form and we'll do that in a dash! Then I'll get to explaining what everything means. Though most of it is pretty much self-explanatory, I'd rather go over it.
Move on to the last form, and the same rules apply.
This form will be using the same method as the Install form - Using a ListBox to display files.
Here is the code:
Code:
Private Sub Push_FormClosing(sender As Object, e As EventArgs) Handles MyBase.FormClosing
Form1.Show()
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim FolderBrowse As New FolderBrowserDialog
FolderBrowse.Description = "Select the folder containing the file/s you want to push to the device..."
FolderBrowse.ShowNewFolderButton = False
FolderBrowse.RootFolder = Environment.SpecialFolder.DesktopDirectory
Dim DialogRes As DialogResult = FolderBrowse.ShowDialog()
If DialogRes = Windows.Forms.DialogResult.OK Then
For Each Item As String In My.Computer.FileSystem.GetFiles(FolderBrowse.SelectedPath)
ListBox1.Items.Add(Item)
Next
End If
End Sub
Private Sub ListBox1_SelectedIndexChanged(sender As Object, e As EventArgs) Handles ListBox1.SelectedIndexChanged
Shell("""ADB\adb.exe"" push " & ListBox1.SelectedItem & " " & TextBox1.Text, AppWinStyle.NormalFocus, True, 30000)
End Sub
Cool! We've got our first One-Click-Utility done in Visual Basic.Net! This is pretty awesome, don't you think? I may have to re-do this thread, but for the moment it'll do, I guess.
Move down to the third post, to read all about what what piece of code does.
What Does What Piece of Code Mean and do?
In this post, I'll go over what which piece of code does. The practical thing about Visual Basic, is that it uses a lot of words used in the English language. That means: If you can speak English fluently, you can code in Visual Basic quite decently.
But nevertheless, I'll go over each bit, and that bit by bit. Of course, if you have questions, I'm happy to answer.
What does 'Imports' Mean and do?
Imports
In Visual Basic, as in pretty much every other programming language, has references it uses to communicate to the OS (Operating System).
But, although referenced data is there, it is not entirely available to each form. So you must import that data to the form, where it is needed.
You can imagine 'Import' as if you were importing freight from another country - With the only difference, that you're importing data.
If you're familiar with C++, #includes <stdio.h> is the same as if you were using Imports System.IO in Visual Basic.
If, Else, ElseIf and End If
What will be explained here, is the If-Statement. Every programming and scripting language has an If-Statement - Even if it is used with a different name.
Basically, what an If-Statement does, is check whether specific criteria is met by a clause you typed.
For example:
Code:
If File.Exists("C:\HelloWorld.vb") Then
MessageBox.Show("The file exists!")
Else
MessageBox.Show("The file doesn't exist!")
End If
This piece of code checks if a specific file exists.
If it exists, it will throw a message box saying that the file exists. Else, it will throw a message box saying it doesn't exist. Make sense?
But then we have ElseIf.
Using ElseIf can make the code more precise.
For example: Imagine you have a form with a text box, and you want to determine whether that text box contains, say http:// or ftp://, you'd type something like this:
Code:
Dim Text As String = TextBox1.Text (We'll get to Dim in a moment)
If Text.Contains("http://") Then
MessageBox.Show("The text box contains http://")
ElseIf text.Contains("ftp://") Then
MessageBox.Show("The text box contains ftp://")
Else
MessageBoz.Show("The text box doesn't contain http:// or ftp://")
End If
End If basically just terminates the If-Statement. I don't have an example for this in C++, but I guess you guys are smart enough to get what I mean
What does Dim mean?
This is probably the easiest thing to explain, in this entire tutorial: All Dim does and means, is Declare. It declares a variable with a type.
I think in C++, you'd write something like
Code:
int a = 16;
Where the equivalent in VB is:
Code:
Dim a As Integer = 16
Sure, it's a bit more to write, but the code is easier to understand. Which is all VB is about: Easy coding.
For Each X As String In... Whaa?
Well, here we've gotten to a stage, which I only learned a few months ago, and I've been programming in Visual Basic for five years, now.
Basically, For Each is kind of like an If-Statement. It searches for specific criteria. If that criteria is met, the code will be executed.
I'll use an example from the program written above:
Code:
For Each Item As String In My.Computer.FileSystem.GetFiles("C:\Windows")
This searches for files (FileSystem.GetFiles("") ) and returns these to a variable (Item) as a string value.
Code:
Next
The Next statement tells the computer to move to the next piece of code.
And last but not least:
Shell? But wait.. I know that from somewhere, don't I?
Yup, you do! Shell is just a command prompt or terminal (Whatever you prefer). All it does, is it executes commands as the computer's shell and it gets a bit more low-level as other commands.
For example:
Code:
Shell("")
This would execute a simple program, without any command line arguments (Command Line Args).
Code:
Shell("""adb.exe"" install")
This would execute a specific file (In this case adb.exe) and would add a command line arg. Which gives you more flexibility and it allows you to interact with the shell-executable.
But the Shell Function can do more than that. It is also still a part of the program, which means it can still tell the program what to do.
For example:
Code:
Shell("""ADB\adb.exe"" install " & ListBox1.SelectedItem.ToString, AppWinStyle.NormalFocus, True, 30000)
This piece of code executes adb.exe, with a command line arg, but adds to the shell (CMD) window.
AppWinStyle: This determines how the CMD window is shown. In this example, we used NormalFocus, which puts the CMD window in the foreground and focuses on it. So the user can immediately interact with it, if necessary.
Where True is: True or False determine whether the program should wait until the shell operation is completed, before moving on to the next step of code. And ultimately, this is also what the integer (Whole number) behind it is for. The number (Must be an integer!) determines how long the program should wait until the program should execute the next line of code, in milliseconds.
And that was that, I guess.
If you feel I've missed something out, or you don't understand something, fell free to let me know and I'll it it to the list.
I'll add the project to my GitHub, so you can all download it.
Once I have the time, I'll re-design the posts, but at the moment, I think it'll do
(Mods: If you think I should, I'll do it right away! )
Downloads:
Download the source code (And pre-compiled binary) from my GitHub.
https://github.com/Beatsleigher/OneClickUtil
This is licensed under the GPL3.0, so feel free to do with it as you wish
I probably won't add to this project, but that should stop you!
Happy developing!
--- Reserved #4 ---
mfastboot.exe flash partition gpt.bin mfastboot.exe flash motoboot motoboot.img mfastboot.exe flash logo logo.bin mfastboot.exe flash boot boot.img mfastboot.exe flash recovery recovery.img mfastboot.exe flash system system.img_sparsechunk.0 mfastboot.exe flash system system.img_sparsechunk.1 mfastboot.exe flash system system.img_sparsechunk.2 mfastboot.exe flash modem NON-HLOS.bin mfastboot.exe erase modemst1 mfastboot.exe erase modemst2 mfastboot.exe flash fsg fsg.mbn mfastboot.exe erase cache mfastboot.exe erase userdata pause mfastboot.exe reboot
---------- Post added at 01:51 PM ---------- Previous post was at 01:48 PM ----------
Plz help me to execute above codes on a button press event
I know how to add mfastboot.exe
Quite useful thanks
coldflid said:
Quite useful thanks
Click to expand...
Click to collapse
You're welcome
I'm thinking of doing something similar for Java. Should keep people occupied
Looking forward to it
ADB Bruteforcer
I have made a Android Debugging Bridge 0000 to 9999 bruteforcer,
With this I will make a nice interface for it,
When I'm done, I will upload it somewhere at XDA.
Thanks 4 ur upload!
This just one of the great wonders. Nice Job .. Greeting from Mawcot Inc
dear @Beatsleigher first of all i wold like to thanks you for such a nice guide
i have some questions please answer it
1st. how to use multiple adb commands with one button
for example ( adb kill-server , adb start-server )
2nd how to print information to a textbox or label
for example if i want to see the connected adb devices and i use (adb devices ) so i want to print connected devices into a text box
thanks
zameer_yus said:
dear @Beatsleigher first of all i wold like to thanks you for such a nice guide
i have some questions please answer it
1st. how to use multiple adb commands with one button
for example ( adb kill-server , adb start-server )
2nd how to print information to a textbox or label
for example if i want to see the connected adb devices and i use (adb devices ) so i want to print connected devices into a text box
thanks
Click to expand...
Click to collapse
This is a pretty old thread to resurrect. I only saw your reply by chance.
I'm not an active member of this community anymore, just as with all tech-related things.
Those are rudimentary questions. If you're interested in programming, you should read up on some tutorials.
Everything you need to find the answers to those questions is written on MSDN.
Furthermore, the information provided in this thread is outdated. I recommend you check out @regaw_leinad's AndroidLib or my JDroidLib The documentation for both of these libraries can be found on my website.
Good luck with programming. Just don't read these tutorials and documentations and go from there.
Depending on which language you want to use, read the maintainer's website (e.g.: MSDN, or Oracle's JavaDoc) and read their tutorials. They'll teach you the basics, best practises, dos and donts, and more.
NOTE: I will not be providing support for this tutorial any longer. I have since moved on, and don't see any value in helping people make their lives more complicated than necessary. There are plenty libraries out there which allow you to do much more than I showed in this tutorial, and are easier for beginners, as they show you the best-practises of the language anyway.
Author: Apriorit (Research and Reverse Engineering Team)
Permanent link: www(dot)apriorit(dot)com/dev-blog/76-reversing-of-mobile-phones-insertions
Once we faced the need to investigate how Samsung cellular phones work; we required some information from them, which is not documented (and will never be, for sure). So this article is about interesting points our reverser had met while working with Samsung cellular phones firmware.
Reversing of Insertions for ARM-based Mobile Phones
I have managed to research insertions of all Samsung' generations, including CDMA (except for the smartphones only). In every Samsung phone the ARM-compatible processor with a set of ARM7TDMI commands is used. Insertions are built on the basis of three OS: RTCX, RTK, Nucleus, and compiled on different compilers. I have seen insertions compiled on ADS (SDT) and IAR.
On forums people call Samsung's generations in different way: somebody divides them into Gumi/Suvon (2 cities in Korea), others give code names - "Sysol", "Agere", "VLSI", "Conexant" and "Ancient". I have come to a conclusion that it's more correctly to divide them according to the phone processor.
Processor Models
OM6357 (aka Sysol) E100, E700, E720, E800, E820, S50x, X100, X460, X60x
M46 (aka Conexant) A100, A110, A200, A300, A400, M100, T208
SkyWorks (aka Conexant) C100, C108, C110, P510, P518
ONE-C (aka VLSI) R2XX, Nxxx, Txxx(except for T208)
Trident (aka Agere) Dxxx, Qxxx, Sxxx(except for S50x), Vxxx, C200, E105, E310, E400, E600, E710, E810, X105, X400, X42x, X450 etc.
MSMxxxx all CDMA
Hope, I haven't made any mistakes in this list. )
According to the list, insertions within the same generation are very similar and, to be honest, sometimes they are twins at all (with extremely slight changes). For example, in X100 there are obvious traces of E100/E700/X600 - why then there is a code for working with the second display, camera and IRDA, which it didn't have in a whole life?
Naturally, OS is the same for the whole generation:
OM6357 - RTK
M46 - RTCX OSE
SkyWorks - RTCX OSE
ONE-C - RTK
Trident - Nucleus
MSMxxxx - don't know exactly, it might be any OS from Qualcomm. It's just clear that they are collected to ADS/SDT.
If you are going to investigate the low level, then SDK from corresponding OS will be to the point. Another helpful thing is the symbolical information, which can be met in some insertions archives. Sometimes you can come across the insertions with .lst, .sym, .map, .out files, containing the information, extremely useful in researches. In particular, such files occur in almost all C100, S500 insertions. When talking about the other models, the situation is worse and you have to content yourself with symbols signatures, made for insertion of the same generation. For example, for M46 I have managed to find just one insertion with symbols and it was from A110. But signatures made from it perfectly lie down on A200, A300 etc.
Interpretation of the symbolical information
MAP format
.map files contain the information on modules included in the insertion and look like
Code:
Base Size Type RO? Name
0 20 CODE RO AAA_vectors from object file obj/isr.o
20 38e8 CODE RO C$$code from object file../../src/t9latin.o
3908 30 CODE RO C$$code from object file obj/mmi_date.o
3938 5a4 CODE RO C$$code from object file hw_slow.o
3edc 874 CODE RO C$$code from object file rtkgo.o
etc.
where
Base - displacement in an insertion file.
Size - length.
Type - region type.
RO? - region access type.
Name - original file name, part of which was included in the insertion
How all this can be interpreted? For example, this way: starting with displacement 20, there is a block of the code (CODE) 38e8 length - it's an access to Read Only block. The fact that block has CODE attribute is far from being means that the WHOLE area is filled with a code. Actually, it is a code plus data, just as if the block has DATA type it does not mean that it is necessary to make it all by data in IDA.
Without the names/symbols file this information can be used only for determination of insertion code size (i.e. to not get into the graphics). Therefore, we will better examine SYM format.
SYM Format
.sym files are the mines of information. They look like:
Code:
Symbol Table
AAA_vectors$$Base 000000
AAA_vectors$$Limit 000020
VectorMap$$Base 1006a3c
VectorMap$$Limit 1006a60
isr$$Base 12774c
isr$$Limit 127bb0
gl_MaskIT 1000078
Rtk_RegionCount 100564c
rtk_WorthItSched 10056a0
Rtk11_Schedule 11f5c8
etc.
It is a little bit easier here, because the name-address correspondence exists. But as for the addresses, there are some secrets - a set of names exists, containing $ sign and having the special status. Symbols with $$Base at the end indicate the beginning of virtual address space area, $$Limit indicates the end. I.e. here we have the information on segments. It is possible to make a memory map of these segments and see how the parts of binary code are being thrown to different addresses. Building memory map should be started with such symbols:
Code:
Image$$RO$$Base 000000
Image$$RO$$Limit 1afef4
Image$$RW$$Base 1000000
Image$$RW$$Limit 107dad4
Image$$ZI$$Base 1006a60
Image$$ZI$$Limit 107dad4
RO - Read Only, indicates code addresses.
RW - Read/Write i.e. it is RAM.
ZI - Zero Initialized. RAM, which is being stuffed with zero values when mobile phone is turned on.
Thus segments can be easily created on these addresses. Now we look further:
Code:
AAA_vectors$$Base 000000
AAA_vectors$$Limit 000020
C$$code$$Base 000020
C$$code$$Limit 127310
C$$code$$__call_via$$Base 127310
C$$code$$__call_via$$Limit 127320
Example$$Base 127320
Example$$Limit 127324
HAL_boot$$Base 127324
HAL_boot$$Limit 12735c
RtkCode$$Base 12735c
RtkCode$$Limit 127408
SysSupportCode$$Base 127408
SysSupportCode$$Limit 12744c
boot$$Base 12744c
boot$$Limit 127654
clib$$Base 127654
clib$$Limit 12774c
isr$$Base 12774c
isr$$Limit 127bb0
C$$constdata$$Base 127bb0
C$$constdata$$Limit 1afef4
C$$data$$Base 1000000
C$$data$$Limit 1005a38
Stacks$$Base 1005a38
Stacks$$Limit 1006a3c
VectorMap$$Base 1006a3c
VectorMap$$Limit 1006a60
C$$zidata$$Base 1006a60
C$$zidata$$Limit 107dad4
In this interesting way they go one after another. If you wish, it is possible to divide them into segments to corresponding addresses, but this is merely a logic division. Moreover, in .sym file these lines are scattered badly. And more sooner or later a question appears: why the code size is 1afef4, if length of insertion file is 1b6950? Where to put the rest 6a60 byte? We look again on the initial memory map:
Code:
Image$$RW$$Base 1000000
Image$$RW$$Limit 107dad4
Image$$ZI$$Base 1006a60
Image$$ZI$$Limit 107dad4
RAM ends on 107dad4 address, block 1006a60-107dad4 is zero initialized, hence there is a question: what does initialize the 1000000-1006a60 block, which size is exactly 6a60? Absolutely right, those odd bytes. If analyse the OS start code, then in the RAM initialization procedure you will find the same copying.
In the newer insertions there is a chance to come across the next inscriptions:
Code:
Load$$IRAM$$Base 639a74
Image$$IRAM$$Base 2010000
Image$$IRAM$$Length 0015a4
They should be understood this way: data of 15a4 length are being loaded from 639a74 file displacement to the 2010000 address.
We continue the analysis of symbols with the $ sign:
x$litpool$ - Literal Pool, pieces of the data from functions. At the end of many functions indexes, lines, constants are placed, and x$litpool$ specifies the beginning of such constants.
x$litpool_e$ - Literal Pool end.
$T is merely for debugger. Indicates the addresses where the PC register change take place. So, at these addresses transition commands BL/BEQ/B/BX etc. are placed.
$$- addresses where there is a change of ARM/THUMB state.
There are also C$$code symbols, but I haven't found what it is.
Other names without $ sign are the names for constants and functions. They can be freely used.
If the archive with an insertion contains both MAP and SYM, it is an ideal variant - when you set a name taken from SYM it is possible to check up whether it lays in the code area by using data from MAP. If yes, we may freely indicate it as code not being afraid, that code/data will be determined in IDA incorrectly.
LST Format
It's a real paradise for a reverser, in these files lays all at once. They consist of five parts:
Image Symbol Table - symbols... their meaning I have not understood yet
Local Symbols - everything is clear from the name
Global Symbols - .sym file analogue.
Memory Map of the image - memory map! All at once!
Image component sizes - .map file analogue
The information is so detailed, that even the processor mode for each function is specified.
OUT Format
Have met it only in the Nucleus-based insertions. Here can be tlink.out and tsymb.out files:
tsymb.out - ordinary SYM
think.out - MAP file to which almost useless linker information is added.
Now when we are armed with the symbolical information we can load the insertion in IDA.
What to do if there are no symbols at all
"When there is no toothbrush at hand..." Yes, we take IDA, emulating debuggerand brains in the hands. IDA is "must have". The emulating debugger for ARM, called Trace32, can be taken here.
First of all, we load the insertion in IDA to 0 address. I.e. the whole insertion is being loaded to default addresses. Then look what is on 0 address.
Code:
BOOT:00000000 B ResetHandler
BOOT:00000004 B loc_3B4
BOOT:00000008 B loc_410
BOOT:0000000C B loc_42C
BOOT:00000010 B loc_488
etc.
The code in any case begins with 0 address. In all Samsungs and, as I guess, not only in Samsungs an insertion begins with the interruption vectors. These are eight B commands in ARM state, i.e. 8 vectors. 0 address is a vector of null interruption or insertion start/restart. This zero interruption simply starts the mobile phone and thus handler leads to the system loader:
Code:
BOOT:00000048 ResetHandler; CODE XREF: BOOT:loc_0 _ j
BOOT:00000048 MRS R0,CPSR
BOOT:0000004C BIC R0,R0,#0x1F
BOOT:00000050 ORR R0,R0,#0x13
BOOT:00000054 ORR R0,R0,#0xC0
BOOT:00000058 MSR CPSR_cxsf,R0
BOOT:0000005C LDR R3,=(InitialHWConfig+1)
BOOT:00000060 MOV LR,PC
BOOT:00000064 BX R3
If the jump from zero address goes to the non-existent address it means that the rest part of the code is mapped to some other addresses. It's easy to determine to which exactly. For example, we have such beginning:
Code:
BOOT:00000000 B 0x4003CE
And there is no code on the 4003CE address. We look on 3CE displacement and see an ARM-code. It means the rest part of insertion is displaced on 0x400000. So we have to copy piece of insertion with interruption handlers, load them to zero address and then load an insertion from 400000 address. Now our code is in the right place. We go further. It is necessary to find out where are the RAM and area of input/output ports. The ports are usually either in the end (addresses from about e0000000 and higher) or in the beginning of the memory (up to 0x200000), depending on where the insertion is being loaded. There can be several RAM areas. First of all, we see ports initialization:
Code:
BOOT:00000588 MOV R1,#1
BOOT:0000058A LDR R0,=0xE0006000
BOOT:0000058C LSL R1,R1,#0x1B
BOOT:0000058E STR R1,[R0]
BOOT:00000590 STR R1,[R0,#0x10]
BOOT:00000592 STR R1,[R0,#0x20]
BOOT:00000594 LDR R1,=loc_20102
BOOT:00000596 LDR R0,=0xE0003040
BOOT:00000598 STR R1,[R0, #4]
BOOT:0000059A LDR R1,=0x20003
BOOT:0000059C STR R1,[R0, #8]
BOOT:0000059E LDR R0,=0xE0003000
BOOT:000005A0 MOV R1,#0xC
BOOT:000005A2 STR R1,[R0,#0x24]
I.e. since around E0000000 there is an area of input/output ports. Its size doesn't exceed the size of segment and therefore it's possible to create a segment of 0x10000 size. Now we go further. In any insertion there are RAM area which is initialized by zero values and the area which is filled by initial settings which are taken from an insertion. We are looking for copy cycles, so we need the debugger.
Here we see copying:
Code:
BOOT:000000D4 LDR R0,=0x63B018
BOOT:000000D8 LDR R1,=0x1000000
BOOT:000000DC LDR R3,=0x1045B38
BOOT:000000E0 CMP R1,R3
BOOT:000000E4 BEQ loc_F8
BOOT:000000E8
BOOT:000000E8 loc_E8; CODE XREF: BOOT:000000F4 _ j
BOOT:000000E8 CMP R1,R3
BOOT:000000EC LDRCC R2,[R0],#4
BOOT:000000F0 STRCC R2,[R1],#4
BOOT:000000F4 BCC loc_E8
The block is being copied from 63B018 address to 1000000 address of insertion. The length is 45B38.
This is the first RAM area. Now we look for the second one, whose zero initialization should be nearby:
Code:
BOOT:000000F8 LDR R1,=0x11ED9E4
BOOT:000000FC MOV R2,#0
BOOT:00000100 CMP R3,R1
BOOT:00000104
BOOT:00000104 loc_104; BOOT:00000108 _ j
BOOT:00000104
BOOT:00000104 STRCC R2,[R3],#4
BOOT:00000108 BCC loc_100
Indeed, there is a stuffing with zero values in the area from 1045B38 to 11ED9E4, so here we have the second part. If there are any areas, then there will certainly be zero or copy initialization. Other memory pieces can be found only analytically, but we have got the basis already.
The further research depends on the presence of symbols/signatures. If yes, then everything comes to looking for the necessary function in the names list. What to do if not? First of all, it is necessary to determine approximate code bounds and, if possible, to find functions in the code. The most primitive and effective way is to search for a push command with which 60 % of insertion code begins. Insertion code usually consists of Thumb code on 90 %, so we should look for B5 byte (push) and try to define it as the code in IDA. Insertion code usually takes less than 50 % of the whole size, the rest part is for graphics and language resources. Else I can say that very often at the end of the code there are copyrights lines, a kind of "Samsung corp. 199x-200x ARM ADS 1.2".
Some code has been revealed, around 20% were harmed by IDA itself, because it often can't cope with THUMB/ARM transition. And now we have to take anything left lying around loose, i.e. what had been left by programmers. And what they had left? Trace and Assert. And any trace and assert doesn't go without sprintf/printf. We have to find it. It's easy - we should just look for the "%s" line. We need that which obviously contains a pattern of the error message. With xref we find where this line is used and it will be exactly sprintf, followed by Trace or Assert. Now, with basing on the error messages, we can name the functions. I.e. walking with xref to the Trace/Assert function, we can find output of more than half of mistakes. Further functions naming is possible by searching the following words:
Code:
Bad
Fail
Incorrect
Invalid
Error
Memory
File
Null
No
Critical
Abnormal
etc.
This way we will find some more error output functions. Thus we will gradually gain the information, not being based on anything except for the insertion.
Hi,
I hope this is the right section for app-specific questions (if not, please move the thread)...
My wife recently got into that sticker/emoji-collecting-thing on WeChat (god knows why) and she would like to use the WeChat stickers on other messengers like Whatsapp (or have access to the image files in general). There are millions of tutorials how to make your own animated stickers for WeChat, but unfortunately there is zero information how to get them out of WeChat... Apparently everything is stored in the folder "Phone\tencent\MicroMsg\--some-md5-like-number--\emoji". Therein are subfolders like "com.tencent.xin.emoticon.NAME", I guess for each sticker creator, and the image files themselves have cryptic filenames like "fd0476f63c51690b88dd17d9be63af1c" without any extension. The good news is that PNGs and JPGs are saved "natively" - such files can be easily recognized by any image viewer via the header. However, animated stickers (typically discernible by the much larger file size) are apparently stored in a kind of proprietary format. It's not GIF or any image format I know of (or rather tried it with), it's also not a common compressed container, and the hex editor doesn't reveal anything useful, just densely packed gibberish...
Is there any kind of documentation on how WeChat stores animated images and how they can be converted back into something useful like GIF?
I was wondering this as well. I did the same digging as the OP, with one thing to add. I took a look at one of the said files – this one is 13Kb and about 1kb from the beginning there is a 648-byte xml rdf metadata tag. It shows that whatever this thing is, it was made with Photoshop. I took out the id's and hashes:
Code:
<rdf:Description rdf:about="" xmlns:xmpMM="http ://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http ://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http ://ns.adobe.com/xap/1.0/" xmpMM:eek:riginalDocumentID="xmp.did:…" xmpMM:DocumentID="xmp.did:…" xmpMM:InstanceID="xmp.iid:…" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:…" stRef:documentID="adobe:docid:photoshop:…"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
Looking for the same answer
It's been forever since this question was posted, but I still kinda want to know. I don't think anyone's figured out how. XD;;
Nope, I gave up and urged my wife to find a new hobby
Drats, the stickers are so adorable tho... iiOTL
The files are stored in the WXAM format (an in-house proprietary format). The most I found was this post detailing an exploit for WXGF (that's the name of the format), which includes POC code in Python (see zip at end of post) that encrypts a file to WXGF. In it, you can see the code calculating the encryption key - which, I imagine the way to decrypt them would be to do the opposite (obviously)
Python:
imei = '358035085174146'
key = hashlib.md5(imei).hexdigest()[0:16]
cipher = AES.new(key, AES.MODE_ECB)
result[0:1024] = cipher.encrypt(buffer[0:1024])
As for converting the unencrypted file - whether Android or Windows, it's contained in a dll or so file.
On Windows, the decompilation code can be found at
Code:
C:\Program Files (x86)\Tencent\WeChat\WXAMDecoder.dll
, while on Android it can be found at
Code:
libwechatcommon.so
Particularly on Android, the Java class located in
Code:
com.tencent.mm.plugin.gif.MMWXGFJNI
contains the java -> native implementation, with functions such as
Code:
nativePic2Wxam()
As for documenting the internal native code -> It's too much past my ability / time at the moment. Maybe this can be for someone for another day~ That being said, decryption isn't impossible as you saw above, related to IMEI and AES keys.
The particular function you were looking for was - sadly, using it would be a bit hard. But I imagine that you could take the so file, wire it up to an Android app with the same declarations here, and pass in the Wxam file in a byte[] array to get the result back -> You wouldn't have to know the internal code for that either, and since the type is byte[], we don't need to even reverse engineer the code to see what it supplied. Clearly it is a byte[] array of the files contents.
Code:
public static native byte[] nativeWxamToGif(byte[] bArr);
In fact, now that I think about it, I'd like to try it myself now and see what happens lol.
Edit: Yup, it works. I just decoded a few files. Working on decryption now. Sorry, I can't share it since I don't wanna get in trouble. But there's the information above ^^ If you can make Android apps and know enough, it's not hard
BBRecon said:
The files are stored in the WXAM format (an in-house proprietary format). The most I found was this post detailing an exploit for WXGF (that's the name of the format), which includes POC code in Python (see zip at end of post) that encrypts a file to WXGF. In it, you can see the code calculating the encryption key - which, I imagine the way to decrypt them would be to do the opposite (obviously)
Python:
imei = '358035085174146'
key = hashlib.md5(imei).hexdigest()[0:16]
cipher = AES.new(key, AES.MODE_ECB)
result[0:1024] = cipher.encrypt(buffer[0:1024])
As for converting the unencrypted file - whether Android or Windows, it's contained in a dll or so file.
On Windows, the decompilation code can be found at
Code:
C:\Program Files (x86)\Tencent\WeChat\WXAMDecoder.dll
, while on Android it can be found at
Code:
libwechatcommon.so
Particularly on Android, the Java class located in
Code:
com.tencent.mm.plugin.gif.MMWXGFJNI
contains the java -> native implementation, with functions such as
Code:
nativePic2Wxam()
As for documenting the internal native code -> It's too much past my ability / time at the moment. Maybe this can be for someone for another day~ That being said, decryption isn't impossible as you saw above, related to IMEI and AES keys.
The particular function you were looking for was - sadly, using it would be a bit hard. But I imagine that you could take the so file, wire it up to an Android app with the same declarations here, and pass in the Wxam file in a byte[] array to get the result back -> You wouldn't have to know the internal code for that either, and since the type is byte[], we don't need to even reverse engineer the code to see what it supplied. Clearly it is a byte[] array of the files contents.
Code:
public static native byte[] nativeWxamToGif(byte[] bArr);
In fact, now that I think about it, I'd like to try it myself now and see what happens lol.
Edit: Yup, it works. I just decoded a few files. Working on decryption now. Sorry, I can't share it since I don't wanna get in trouble. But there's the information above ^^ If you can make Android apps and know enough, it's not hard
Click to expand...
Click to collapse
I'm using nativeWxamToGif(), but I keep getting a return value of null. Do you know if it is still supposed to work? I tried the libwechatcommon.so in wechat versions 7 and 8 and still no luck.
My decryption code is almost the same as the encryption code. The only difference is that I strip off the trailing 0-pad and then reuse the imei-generated (using my own imei) key to decrypt.
Were you able to use nativePic2Wxam? The signature is too complex so it's too hard for me to guess what parameters to pass in.
Code:
private static native int nativePic2Wxam(String paramString1, String paramString2, int paramInt1, int paramInt2, int paramInt3, int paramInt4, int paramInt5);
Since I don't know how to use nativePic2Wxam, I'm just blindly trusting you that I should be able to decrypt one of the wxgf into wxam and then use nativeWxamToGif() to convert it to a gif. But I'm not sure why my gifs are always null.
I think I do have the libwechatcommon.so lib working because I am able to use other simple functions such as the following:
Code:
public static native int nativeRewindBuffer(long paramLong);
public static native int nativeUninit(long paramLong);
Does nativeWxamToGif() return null if the input byte array is invalid wxam or something?
Sometimes you're trying something low-level or experimenting or whatever.
The normal application context of untrusted_app is giving you avc: denied in the logs.
Before you reach for sepolicy or a hammer, try this.
/system/etc/security/mac_permissions.xml holds the correlation of app signature to context.
If you put in your own X509 signature, you can make all your signed apps have a context of platform_app.
You don't even have to reinstall the apps.
Code:
keytool -export -alias [i]whatever[/i] -file x509.bin
Then turn the bin into an ASCII hex dump.
Make your own <signature> node in the XML just like the first <signature> except with your ASCII hex.
Leave the first one in there, it will need to still work for the real platform_apps!
[My apologies if this is all old hat.]