Related
I have managed to compile (from source) and install CM7.2 on my HTC dream, but my questions below are related to Android:
1. Is there a way to find out which packages (.apk) were installed on my system and if so, how do I do that?
2. Is there a way to find out each package dependencies (I need to figure out this as I am bent on removing the vast amount of guff installed on the phone - I won't need 90% of this stuff)?
3. Similarly to 2 above - is there a way to look at dependencies of a package not yet installed on my system (i.e. the .apk file)?
4. How do I actually remove a package for good from the system?
5. Similarly to 3 above, how do I actually install a package from within the root system - I know I can do this via adb, but is there a way to do this inside the, say, command line terminal?
6. Is there a way to alter (understand remove) certain program permissions which I could see "granted" to a particular program/package? I know there are various ways to look at these, but I wish to remove permissions I am not happy being granted to that particular program/package.
And one last a bit more advanced query: I would like to build a single package from the source tree and then install the resulting .apk file on my system.
Basically, I will try to upgrade a package with a new revision and add a few patches to the package source of my own before compiling it and building it again.
I usually build the whole lot (all packages + the rootfs image itself) with "mke bacon", but if I want to alter the source and build a single package how do I do that?
I am not very familiar with the Android make system, so I don't want to go heads-first into something and make a real mess of it.
Thanks a lot for any assistance given.
Small addition as apparently I cannot post a reply (too few posts) in this thread: http://forum.xda-developers.com/showthread.php?p=9055790#post9055790
Question to ezTerry (if he is reading this!): the advice given in that post above was absolutely splendid! I followed it religiously and it worked an absolute treat!
There is one exception though - I've LOST all of my IMEI, IMEI SV and Baseband information after applying these fixes. As soon as I installed the radio updates and then installed my newly-compiled kernel + CM7.2 (successfully!) I then checked the above fields from Settings and they were all gone!
After a while, the baseband, IMEI and IMEI SV appeared, but the IMEI and IMEI SV stuff have now different values than what I've had previously (I've had T-Mobile IMEI, now it appears that I was "assigned" O2 IMEI & IMEI SV values - very bizarre!).
Is this something I need worry about and (I don't yet have a sim card, but I plan to get one soon after I fix my phone), more importantly, how the hell do these IMEI numbers appeared on my phone - where did they came from?!
josh36 said:
Small addition as apparently I cannot post a reply (too few posts) in this thread: http://forum.xda-developers.com/showthread.php?p=9055790#post9055790
Question to ezTerry (if he is reading this!): the advice given in that post above was absolutely splendid! I followed it religiously and it worked an absolute treat!
There is one exception though - I've LOST all of my IMEI, IMEI SV and Baseband information after applying these fixes. As soon as I installed the radio updates and then installed my newly-compiled kernel + CM7.2 (successfully!) I then checked the above fields from Settings and they were all gone!
After a while, the baseband, IMEI and IMEI SV appeared, but the IMEI and IMEI SV stuff have now different values than what I've had previously (I've had T-Mobile IMEI, now it appears that I was "assigned" O2 IMEI & IMEI SV values - very bizarre!).
Is this something I need worry about and (I don't yet have a sim card, but I plan to get one soon after I fix my phone), more importantly, how the hell do these IMEI numbers appeared on my phone - where did they came from?!
Click to expand...
Click to collapse
Any takers?
@1 Check out the respective directories, i.e. for system apps /system/app
@2 Trial and Error, or someone might have made such a list for your device already
@3 No simple way, you would have to look through the decompiled code i guess
@4 Remove the apk from the folder (for example /system/app) and reboot your device, after wards you might have to clean up some extra folders, i.e. settings of that app. (you can use SD Maid from my signature for that)
@5 Some can just be installed the usual way, by opening it. Some .apk files have to be put in the system folders, afterswards reboot and the app should be "installed". To put those apps there use a rootcapable file explorer of your choice. To edit /system you will need to remount it as it is read only by default, you can do that through command line, but most good file explorers have an option for that.
@6 Yes thats possible, there was an app to do that, just not sure what it was called... It is very likely though, that those apps will not work correctly or just FC.
For the make system, if you just change a package, and build again, it will most likely just rebuild the changed files. I'm not so sure either though... damn make system can be pretty messy... and get upset real fast if you change something ;-).
Dark3n said:
@1 Check out the respective directories, i.e. for system apps /system/app
Click to expand...
Click to collapse
Yep, that indeed helped - I didn't realise that the .apk files are "intact" and do not behave in the "standard" (in Linux terms) way a "package" behaves - the app is "installed" as soon as .apk is placed in /data/app or /system/app. The PacketManager does the rest on reboot.
It also cleans up the mess "automagically" if I delete .apk file and reboot, which is nice.
Dark3n said:
@2 Trial and Error, or someone might have made such a list for your device already
Click to expand...
Click to collapse
Yeah, that's a real bugger - I can't see a way of finding the dependencies, but I haven't looked properly at "pm" (the Package Manager command line tool) - maybe I could use something there.
Dark3n said:
@6 Yes thats possible, there was an app to do that, just not sure what it was called... It is very likely though, that those apps will not work correctly or just FC.
Click to expand...
Click to collapse
A very simple example will issustrate my point - my calendar application is installed and needs some sort of GOOGLE_MAIL and access to the internet permissions, neither of which I am happy to grant, because 1) I won't be using online calendars; and 2) I won't use (google) mail.
The truth is, I deliberately did not install any google apps as I won't be using any of them - ever!
Now, every time I boot up and look at my log files with logcat I see a bunch of error messages that this application (the calendar) needs a bunch of permissions which do not exist (naturally, as I haven't installed a single google app on my phone).
So, I wish to wipe out these permissions from the calendar so that logcat is not filled with junk every time I start my phone.
As I already pointed out above, there are also some installed apps who are listed to "need" permissions I am not happy to grant - like the internet access to calendar for example (there are more apps, but I think you get the point).
Dark3n said:
For the make system, if you just change a package, and build again, it will most likely just rebuild the changed files. I'm not so sure either though... damn make system can be pretty messy... and get upset real fast if you change something ;-).
Click to expand...
Click to collapse
Yeah, that was my plan B - there must be another - easier - way though.
I wish to update a lot of stuff (I will be recompiling/refreshing existing packages as well as adding new things I developed for "standard" Linux), but with this Android make system I am blind - it is very different to what I am used to in the Linux world.
To top it all off, I can't post in any of the devs forums yet as I do not have 10 posts!
Further to my previous post - I just found out a superb article about stripping out Android and removing unnecessary packages from it - http://wiki.cyanogenmod.com/wiki/Barebones
It lists various dependencies and shows what could be deleted and what cannot be - what I wanted really.
My only remaining problem - at least for now - is the making of specific packages without building the whole image.
So.
As i was slowly preparing DSC v2.0 i met a hard decision: what root tool to include
Both Superuser and SuperSU are nice, but quite heavy
I decided to take my own way - rewrite su executable itself to suit my vision:
I've aknowledged that i have not modified my root access list for half a year. I don't need and don't want a separate Java process to control root access. I want a simple way to allow root access for application (via whitelist), but block unwanted (i.e. all not in list). Still, it should allow end-user to install either SuperSU or Superuser.
In short - ideal su solution for myself that should also work good for depersonalized custom ROM (with predefined access list), leaving it to end-user to decide which app he will install for superuser access.
And i didn't find a ready solution, so decided to write my own.
Here it is (attached):
SimpleSU
Simplest and lightest superuser solution (with access control)
How it's done:
Same as usual SU for Linux with control access list read from /system/etc/dsc.su_list
dsc.su_list structure is very simple:
One line per android app (case sensitive), windows and unix line breaks should be supported fine.
Current proposed list for DSC 2.0 (and an example):
dsc.SimpleSU.acl
dsc.settings
dsc.uv
dsc.levels
dsc.mugen
jackpal.androidterm
ru.org.amip.ClockSync
eu.chainfire.supersu
eu.chainfire.supersu.pro
com.ryosoftware.adbw
com.googlecode.droidwall.free
com.noshufou.android.su
de.schaeuffelhut.android.openvpn
de.schaeuffelhut.android.openvpn.installer
com.elsdoerfer.android.autostarts
com.speedsoftware.rootexplorer
com.geeksoft.screenshot
com.rerware.android.MyBackupPro
com.ghostsq.commander
ws.plattner.cifsmanager
mobi.pruss.superdim
com.force.timezonefixer
com.bigtincan.android.adfree
Caller process tree is walked till init, if match is found, access is granted.
How to install?
Via adb shell:
Code:
adb push su /system/xbin/
adb shell chmod 6755 /system/xbin/su
adb push dsc.su_list /system/etc
adb shell chown root.root /system/etc/dsc.su_list
adb shell chmod 644 /system/etc/dsc.su_list
Note that you have to manually add entries to white list (/system/etc/dsc.su_list) to grant root access in form of app full Java class name. For example, it's com.keramidas.TitaniumBackup for Titanium Backup.
As pointed by dr911, works in multiuser environment (being a linux binary).
Currenly SimpleSU supports two command formats:
Usual: su -c 'make me a sandwich'. Note that only "-c" works now. Seems to be enough though. Command simply passed to the shell.
Legacy (as seen in Google/Android su source): su username make me a sandwich. Shell is not executed in this case, so no environment variables right now in this format.
Have fun,
Sergei.
Changelog:
02.04.2013: v0.7. ":service" suffix granted root access for already granted app, more logging on reject. (0.6 had only more logging)
27.11.2012: GUI updated - forgot about remounting /system in rw mode. Attached to this post.
21.11.2012: GUI done. http://forum.xda-developers.com/showpost.php?p=34439975&postcount=41
14.11.2012: v0.5. LD_LIBRARY_PATH fixup (taken from ChainsDD), pointed by Rupert Rawnsley. Also some legacy format command-line handling changed. Also, insecure version added (no checks made, asked=granted).
11.11.2012: v0.4. Code cleanup, no longer beta, revised and fixed code with potential string overflows.
09.11.2012: v0.3b. Code changed to allow legacy format command execution.
09.11.2012: v0.2b. Fixed call with multiply parameters. OpenVPN installer works. Dynamic linking, so very small binary. Logging to system log.
07.11.2012: Fixed segmentation fault on reject, added version and build date, removed debug info.
A request:
If somebody owns Pro/Elite/other commercial Superuser or SuperSU - would you provide it's full Java class name?
For example, it's
eu.chainfire.supersu
com.noshufou.android.su
for free versions.
eu.chainfire.supersu.pro
Sent from my Amazon Kindle Fire using Tapatalk 2
Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work
com.noshufou.android.su.elite for Superuser Elite
Hi
Have you noticed any improvement in terms of speed etc? Is superuser really that heavy? How much RAM can i get by using this and ditching the superuser app? We can use this in our Galaxy 3 forum !
Get the list of all android activities from here
http://activities.droidicon.com/
Androidmarketuser said:
Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work
Click to expand...
Click to collapse
Delete system/xbin/su and uninstall your superuser app from the system.
Oh. Looks SimpleSU got in news
Androidmarketuser said:
Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work
Click to expand...
Click to collapse
You won't experience any delays - but in cost of manually editing the list. And no popups, it's simply a linux binary. After replacing su binary you may uninstall Java part.
Shree_Jamdar said:
Have you noticed any improvement in terms of speed etc? Is superuser really that heavy? How much RAM can i get by using this and ditching the superuser app? We can use this in our Galaxy 3 forum !
Click to expand...
Click to collapse
I did experience lags when using Superuser and SuperSU. I don't think modern device would benefit from SimpleSU. I expect to free 15-20MB. Good for Streak with 512MB.
I may eventually write a list editor, but most probably won't.
Again, this tool would do as preinstalled SU solution in Custom ROM (though i can't test >2.3 compatibility):
Grant predefined (and included in ROM) apps the superuser rights.
Allow end-user to choose and install he's preffered SU solution right from Play Store.
--
Have fun,
Sergei
_n0p_ said:
You won't experience any delays - but in cost of manually editing the list. And no popups, it's simply a linux binary. After replacing su binary you may uninstall Java part.
I did experience lags when using Superuser and SuperSU. I don't think modern device would benefit from SimpleSU. I expect to free 15-20MB. Good for Streak with 512MB.
I may eventually write a list editor, but most probably won't.
Again, this tool would do as preinstalled SU solution in Custom ROM (though i can't test >2.3 compatibility):
Grant predefined (and included in ROM) apps the superuser rights.
Allow end-user to choose and install he's preffered SU solution right from Play Store.
--
Have fun,
Sergei
Click to expand...
Click to collapse
Exactly what I searched, thanks :good:
I will test it on my old Desire with Android 4.1, I can tell you whether it's compatible or not.
nice tool...very lite. i m using this in extreme barebone roms for my galaxy mini. really nice, but the problem is only some apps r being granted permissions, some denied.
i hope u increase the list of activities. then this is a hit for me
good luck..
Android_United said:
nice tool...very lite. i m using this in extreme barebone roms for my galaxy mini. really nice, but the problem is only some apps r being granted permissions, some denied.
i hope u increase the list of activities. then this is a hit for me
good luck..
Click to expand...
Click to collapse
Can you provide an example of app you have added to the access list, but it didn't work?
i looked in the op and still dont understand how to install?? flash the simple SU zip in recovery.. then what???
evo401 said:
i looked in the op and still dont understand how to install?? flash the simple SU zip in recovery.. then what???
Click to expand...
Click to collapse
if you couldnt read/understand the OP, then your probably better off sticking with SuperSU or SuperUser...
Heres my non-developer understanding (potentially flawed):
Its a binary, with manual entry's (IE text editing) of pre-approved apps, it doesnt have a frontend/gui like SuperSU or SuperUser which allow you to graphically chose what to allow and what to deny...
OP: I like it so far, as for your thoughts on a graphical editor, I for one would love to see one, and before I get jumped for saying then whats the difference between the other options, an editor would be short and sweet, open, edit list, close, ram once again free (since that is the concern), instead of having it stay resident in RAM...
On that note, if I may, there are tools like Rays Toolbox and Android Tuner (formerly system tuner), that I would like to put in a feature request for them to add an editor in the app (Android Tuner already has a few editor's, adding a SimpleSU editor would just add to the overall completeness of the toolkit) to edit the list for SimpleSU, with your permission of course!
Thanks again!
Latest version working on Galaxy fit !!! It really imporves performance on low ram(We got 256mb) devices maybe OP might consider sharing it by moving thread to a more general location on xda rather than on a device forum my thoughts.
Dark Passenger said:
Latest version working on Galaxy fit !!! It really imporves performance on low ram(We got 256mb) devices maybe OP might consider sharing it by moving thread to a more general location on xda rather than on a device forum my thoughts.
Click to expand...
Click to collapse
Yes, exactly.. it works on galaxy y duos and galaxy yseries.. its better to move it to android app development section may be? as it will get more support there i feel.. Please do consider op.. And thanks for this cool app.. Its awesome. And i dont think it needs an editor, as we can have editors from many apps .. i have around 4-5 apps which has editors.. surely users who use this app will be bit advanced users..
and i bet all of them will have file editors.. and all file explorer apps comes with editors nowadays.. well , just my thoughts.. but if you can keep the file browser to bare minimum and keep size of apk less.. then i would surely like to see it too
i am hoping to use this from now on.. so i will give review for new updates.. have you pushed it to play store? i think you should do that.. many will like this idea!
Thanks again..
As far as i understood we can edit it to add new apk names to give permission.. Because Android_united kinda confused me.. So, asked this again.. i did use it and it did worked.. its just may be he didnt see that?
Works like a charm! The only problem I had is that I was doing this through Terminal Emulator, and for some reason, when i did all this, superuser perrmisions were not granted for Terminal Emulator. After a little digging i found that i have to add this line
Code:
jackpal.androidterm2
and leave the one that's there by default
Code:
jackpal.androidterm
to the dsc.su_list
Now it works, i have SU for Terminal Emulator, Adfree, and i added SetDNS (Impossible to use Google play on CM7.2 without it )
I like the idea of this but be extra careful to only whitelist activities you really use.
I could imagine a malware somehow managing to enter your system and masquerading as one of the prepopulated entries in dsc.su_list, though of course no such vulnerability exists so far.
Thank you for feedback.
--
I cannot publish it on Play Store - it's not an Android app. To publish it, i need to write SimpleSU Installer, or something like that (see below).
--
Regarding editor - it would be nice if someone else would write it I really don't expect to have enough free time required.
--
A 0.4 version i consider as stable (revised potentially bad code with possible string overflows) attached to first post.
--
Malware that could act as Java class - i thought of several scenarios, but any requres root access beforehand. And if you install an app - it's your responsibily to be careful.
--
Have fun,
Sergei
_n0p_ said:
Can you provide an example of app you have added to the access list, but it didn't work?
Click to expand...
Click to collapse
titanium backup, es-file explorer. i tested wit only these 2. as these 2 weren't gaining root access, so i stopped using this. if u want me to test wit more apps, i can help u out.
will be using this surely once it receives more updates :good:
:good: gud luck..
Here is my new ASOP distribution. I made no changes to the GUI but unlock all hidden Features and install BusyBox and a terminal. Superuser.apk doesn't work anymore with 4.2, so I have written quick-and-dirty replacement. But be warned: It gives alls apps root rights without asking. Install only apps you really trust. There is a new command "setup-swap". You can create or delete a swap file with it, if you need more memory. "install-gapps" doesn't work currently.
The "install-gnu" plug-in is much bigger now. It supports I18N and UTF-8 now. Your terminal is in the same language you set in the Android config. And I have added more programming languages, too. So if you want a real GNU environment on your Tablet, just type "install-gnu" on the command line. A Bluetooth keyboard is highly recommended.
Because of the December bug here is version 4.2.1 now:
Mirror 1
Mirror 2
My public key is here and here is the signature.
You install it like a factory firmware, so you need "fastboot" in your "PATH", then run "flash.sh". Warning: All data will be overwritten.
Supersu
x-alina said:
Superuser.apk doesn't work anymore with 4.2, so I have written quick-and-dirty replacement
Click to expand...
Click to collapse
Rom sounds good, might flash it, but about superuser, it hasn't worked very well since ICS was introduced (IMO), i have alsways used SuperSU, although 4.2 doesn't have full multi user settings on SuperSU yet, it has been patched to work. Just sayin XD
Also, have you thought about making some of these things flashable (like the install GNU and setup Swap) as I would love these alongside Paranoid android XD
Awesome stuff though =D
Thanks for your work! will test this out!
Nice work, will test it in some time.
All Mirrors are up and running now.
Sorry for the inconvenience.
Android 4.2.1 for Nerds
Because of the December bug here is version 4.2.1 now:
Mirror 1
Mirror 2
I'll test and sent you feedback...
x-alina said:
Here is my new ASOP distribution. I made no changes to the GUI but unlock all hidden Features and install BusyBox and a terminal. Superuser.apk doesn't work anymore with 4.2, so I have written quick-and-dirty replacement. But be warned: It gives alls apps root rights without asking. Install only apps you really trust. There is a new command "setup-swap". You can create or delete a swap file with it, if you need more memory. "install-gapps" doesn't work currently.
Try this mod for root permissions. http://forum.xda-developers.com/showthread.php?t=1663222
Click to expand...
Click to collapse
Edit: I've created a xposed module which works with the banking app version 1.7.1 see post below.
---------------------------------------------------
Edit: The changes needed to work with the latest version of the app (1.7.1) are listed in a post below below.
---------------------------------------------------
*There was a error in the diff file. I've uploaded the correct version. Also this patch will definitely not work with the latest version of the app.*
I managed to patch the Barclays mobile banking app version 1.4.2 to make it work with cyanagonmod 10.0 and cyanogenmod 11.
I realize that the current version on play store is 1.7.1 but I haven't updated to the latest version yet. If you do try the latest version please let me know if it differs greatly from the current version in it's root checks
I'm not going to attach the patched apk since using banking app from a stranger on the internet is really not a smart thing . Instead I will detail the work I did which hopefully someone else will find useful.
This guide is geared towards more technical people who already have some experience with android development. It will not give a detailed step by step how to, rather a general information about the process.
Obfuscation methods used in the app
The app obfuscates the names of some but not all of the namespaces/classes/methods which can stump some decompilers.
It seems to generously sprinkle useless switch statements and loops which does nothing but make the code appear way more complicated than it really is. I would guess quite a lot of the bulk in the code is coming through these dummy statements. smali2java-toolkit was of great help to figure this out.
All strings in the app have been encrypted by a simple xor algorithm which is then decrypted at run time just before they are used:
for example rather than
Code:
myfunction(“Hello world”)
the code writes something in the sort of:
Code:
myfunction(decrypt(“Juqqdxidqw”, 'x'))
The decryption function is a static method 'bЮЮЮЮЮЮ' in the class appears to be 'rrrrrr.srrrrr' (the method/class/namespace names are obfusecated)
I extracted the decompiled code from this method to write a console application which let me decrypt any string in the application:
Code:
static String decrypt(String crypStr, char keyChar) {
char[] arrayOfChar1 = crypStr.toCharArray();
char[] arrayOfChar2 = new char[arrayOfChar1.length];
for (int i = 0; i < arrayOfChar1.length; i++)
{
int j = keyChar ^ arrayOfChar1[i];
arrayOfChar2[i] = ((char)j);
}
return new String(arrayOfChar2);
}
Anti root methods used in the app
Checking for 'test-keys' string in the build tag. (/system/build.prop file)
Checking for superuser related package/apk files.
Checking for superuser hider package/apk files.
Checking for existance of 'su' binary
Attempting to execute 'su' binaryThe above checks are done both in the java/dex code and in a native code library.
Defeating the anti-root methods in Java/dex code:
The Java code is fairly easy defeat since changing the strings of the apk/file names which are checked as root related will make it think that no 'bad' apps are on the phone.
A bulk of checks happen in the isRootedDevice method of the com.barclays.android.application.BMBApplication class. While it checks for quite a lot of apk's, for my particular purpose I only needed to patch 2 lines in the method:
Smali file line 306 – which starts the checks for “test-keys” string in the build tag.
Smali file line 407 – which start the check for the string “/system/app/Superuser.apk”.The next method in the same class 'runRootCommand' attempts to execute 'su'
Smali line: 956 – which contains the string “su” which will be passed to java.lang.Runtime.exec
A (mostly?) duplicate of the isRootedDevice function exists in the com.barclays.android.container.DeviceData the relevant lines are :
smali file line 1237: "test-keys" string check
smali file line 1271: "/system/app/Superuser.apk" file checkAll of the above checks can easily be defeated by changing the the string so that it will check for a non existent package or file.
Keep in mind that all the strings listed above are in encrypted form. You can use the decrypt function listed above to decode them. I found the key char/byte needed to decrypt a given string is in the very next line to the one containing the encrypted string.
Defeating the anti-root methods in Native library
From what I can see the exact same tests which were done in the Java code is repeated in the native code library 'libtest_ndk.so'. As this check appears to form part of the authentication mechanism i don't believe it's possible to simply stop this check from being called from the Java code.
Also the com.barclays.android.container.sampler.SharedLibraryLoader which loads the native library appears to be doing some kind of checksum validation. While this probably could be easily worked around, disassembling an arm shared library was non trivial for me.
My approach was to write another native library which would hook into all the system calls such as 'system' 'stat' 'fopen', '__system_property_get' and redirect any operations to non existent targets, or change the return value. This achieves the same thing as what was done for the java code.
I put in some extra code into the smali classes to load my native library and to call it's initializer with the path to the actual native library.
Basic steps performed to patch the library:
Use apktool to decompile the original apk.
Code:
apktool d barclays.apk barclays
Use smali2java as helper to understand the code: This tool cannot decompile the critical check functions due to obfuscation. However it made it easier to understand the smali files generated by the apktool.
Patch the smali files to work around the checks as described above.
Build the hooking native library seperately
Code:
~/adt/adt-bundle-linux-x86_64-20131030/sdk/tools/android update project --path . --target android-19
ndk-build
Include the hooking shared library into the lib/armeabi of the decompiled package and change the smali files to load the new shared library.
Use apktool to rebuild the apk.
Code:
Apktool b barclays barclays.apk
Sign the apk from using your own key.
Create keystore:
Code:
keytool.exe -genkey -v -keystore my-release-key.keystore -alias release -keyalg RSA -keysize 2048 -validity 20000
Sign Keystore:
Code:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore barclays.apk release
Attached is the code for the hook library native project and the diff for the smali changes. Please note that this is for the smali files for generated by apktool (v1.5.2) for the version 1.4.2 of the Barclays mobile banking app.
For Users of other ROMs/SU applications and root hiders.
The app checks for a lot of common packages which I did not bother to patch since I don't use them, but if you do then you should put fixes for all those package/file names in both the smali and native code hook library.
A non exhustive list of files it check are:
Code:
/system/bin/amphoras
/system/bin/su
/system/xbin/su
/system/app/superuser.apk
/data/data/com.amphoras.hidemyroot
/data/data/eu.chainfire.supersu
/data/data/stericson.busybox
/data/data/stericson.busybox.donate
/data/data/com.jrummy.busybox.installer.pro
/data/data/com.jrummy.busybox.installer
/data/data/com.rootuninstaller.free
/data/data/com.rootuninstaller
Hey i will try this out shortly and post a APK (whether you use it or not thats up to you, but i am well known in the xperia play section of this website and should be trusted, Still its up to you.)
EDIT: well i am not a android developer, i can follow almost all this post except the bits about the native library any chance of a bit more information
specifically this bit "Include the hooking shared library into the lib/armeabi of the decompiled package and change the smali files to load the new shared library."
i assume that means just simply copy the built lib file in to that folder then include the file in the code somewhere? where do i do that to?
Sorry about the late reply but I just saw this message.
fma965 said:
EDIT: well i am not a android developer, i can follow almost all this post except the bits about the native library any chance of a bit more information
specifically this bit "Include the hooking shared library into the lib/armeabi of the decompiled package and change the smali files to load the new shared library."
i assume that means just simply copy the built lib file in to that folder then include the file in the code somewhere? where do i do that to?
Click to expand...
Click to collapse
That's pretty much correct. There is already a 'libtest_ndk.so' file in the lib/armeabi folder of the apk. You just have to build my code from the zip file to get the libhooktest.so, which should then be copied into the lib/armeabi folder alongside the libtest_ndk.so.
Edit: Not sure if this is enough instructions. I'm just not good at writing instructions. Steps you need to build the native library are in my post. If you need more info i suggest about building the library http://code.google.com/p/awesomeguy/wiki/JNITutorial#Setup_Environment is a good
Afterwards you have to do the modifications I've listed in the diff to the .smali files.
But i have some bad news about this patch:
The diff file i have attached in the post is wrong. I've mistakenly uploaded the patch to reverse the changes i did . I will update the post with the correct diff file.
It will only work for Barclays app version 1.4.2. it will definitely not work for the latest version of the app which is 1.7.1.
I'm currently going through the code of 1.7.1 I've made some headway into the code but there I'm quite way off from getting it to work.
If you wish I can give you a copy of the original 1.4.2 of Barclays app, the built lib file and the patched app. I would recommend against using the patched app blindly but it might make it easier to figure out the changes i did. I would rather not upload them to xda though.
HiddenRambler said:
Sorry about the late reply but I just saw this message.
That's pretty much correct. There is already a 'libtest_ndk.so' file in the lib/armeabi folder of the apk. You just have to build my code from the zip file to get the libhooktest.so, which should then be copied into the lib/armeabi folder alongside the libtest_ndk.so.
Edit: Not sure if this is enough instructions. I'm just not good at writing instructions. Steps you need to build the native library are in my post. If you need more info i suggest about building the library http://code.google.com/p/awesomeguy/wiki/JNITutorial#Setup_Environment is a good
Afterwards you have to do the modifications I've listed in the diff to the .smali files.
But i have some bad news about this patch:
The diff file i have attached in the post is wrong. I've mistakenly uploaded the patch to reverse the changes i did . I will update the post with the correct diff file.
It will only work for Barclays app version 1.4.2. it will definitely not work for the latest version of the app which is 1.7.1.
I'm currently going through the code of 1.7.1 I've made some headway into the code but there I'm quite way off from getting it to work.
If you wish I can give you a copy of the original 1.4.2 of Barclays app, the built lib file and the patched app. I would recommend against using the patched app blindly but it might make it easier to figure out the changes i did. I would rather not upload them to xda though.
Click to expand...
Click to collapse
No worries about the late reply, yeah you basically told me what i assumed it was i had to do, however when i was trying to do it i didn't have a 1.4.2 apk so was trying ot use 1.7.X and obviously failed .
Yeah the modifications to smali files is easy well when you know what your changing xD
if you could upload the apk for 1.4.2 that would be great, i would assume that as long as the signature matches the official apk its untampered, your modified one will obviously be signed with a different signature though.
:cyclops:
Good news. I've managed to get latest version 1.7.1 patched . I will try to post the patch information this weekend. In the meantime i suggest anyone interested download a copy from the play store and keep a backup of the apk in case they release a new version.
Fix for latest version of the mobile banking app (version 1.7.1)
I've figured out the changes required for the v1.7.1 of the app which is the latest version as of this post.
Changes from the old 1.4.2 are:
Almost all the classes in the app are now obfuscated, whereas before only some of the core class names were obfuscated.
The string encryption has changed. rather than a single encryption function it now uses a group of functions to perform the encryption. rrrrrr/vuuuvu class seems to manage invoking the proper decryptor based on the arguments.
All root checking is now done via the native library.
Native library now does some checks as soon as it's loaded before any methods are called.
The last change is a big problem since its not possible to do the patching of the dll after loading it as was done before. The onload/init of the dll exits the whole application as soon as it detects the phone is rooted.
My solution was to use a modified version of the 'crazy_linker' custom loader library which comes with the ndk to load the library into memory without invoking it's onload/init functions. This lets us hook into the necessary functions before they are called.
I've attached the smali changes as a diff and the new native hook library in this post.
As a side note I think the version 1.4.2 is a far better version. Why on earth would a banking app need to permissions to take pictures, who spends their time 'customizing' a banking app with personal pictures.
Edit: I've fixed a bug where the root was still being detected when used with chainfire su app. Special thanks to lil-diabo for helping me fix the issue. :good:
Xposed module for barclays banking app 1.7.1
Edit: New version (BarcPosed1.1.apk) has some support for barclays pingit. I've not tested this my self as I don't use the application personally. If anyone tries it please let me know.
I've converted my patch into xposed module. This module is compatible with the current banking app (version 1.7.1).
Please consider this as a beta version for now. I've tested it on cyanogenmod but it might have some issues with other roms. If you try it please let me know if it worked.
Assuming you already have a working xposed installation the steps to get the app working are:
1) Install banking app from playstore. Make sure it's version 1.7.1
2) Install the BarcPosed.apk from my post.
3) Run the BarcPosed app and click the 'install' button. You will need to grant it root permissions.
4) Enable the module in xposed and reboot.
5) Use the barclays app as normal.
6) Disable automatic updates for the banking app to prevent it from updating.
I've included the source code for the app.
Thanks, works perfectly. You sir (or madam) are a genius
Sent from my GT-I9300 using XDA Premium 4 mobile app
Works like a charm
Just tested it and it works!
Most excellent, Thanks again for your hard work.
So much easier than having to manually edit the files etc.
It works,excellent job, finally can use Barclays mobile, thank you very much
sent from Samsung Galaxy S4 Active
Just tested and it worked marvellously. Could you please make a fix for pingit as well?
Zell Dinch said:
Just tested and it worked marvellously. Could you please make a fix for pingit as well?
Click to expand...
Click to collapse
HiddenRambler said:
Edit: New version (BarcPosed1.1.apk) has some support for barclays pingit. I've not tested this my self as I don't use the application personally. If anyone tries it please let me know.
Click to expand...
Click to collapse
I've updated my post with version that stops the rooted warning from pingit. Don't use pingit myself so don't know how successful it is. Let me know if you try it.
Brilliant, been struggling in vain with Root Cloak Plus on my N5 but this works perfectly. Many thanks.
Sent from my Xoom Wifi using Tapatalk
Before I switched to KK, I used Barclays App 1.3 doing a small trick with SuperSU. It worked perfectly. I signed the app myself so that it wouldn't update itself from the market and so that I could still use the automatic update in the market.
Do you think it would be possible to make your AMAZING solution work with my v1.3 signed app instead?
thnx
vivelafrance said:
Before I switched to KK, I used Barclays App 1.3 doing a small trick with SuperSU. It worked perfectly. I signed the app myself so that it wouldn't update itself from the market and so that I could still use the automatic update in the market.
Do you think it would be possible to make your AMAZING solution work with my v1.3 signed app instead?
thnx
Click to expand...
Click to collapse
You could try "root cloak" or "root cloak plus" they probably will work.
Actually, what I did, is sign the app with OneClickSigner and it worked fine. Now, the app is not attached to the market anymore since the signature changed, so that means I can continue to use the "automatic update" from the market and it won't ask me to update the app all the time when Barclays upload a new version.
thnx
HiddenRambler said:
...
I've converted my patch into xposed module. This module is compatible with the current banking app (version 1.7.1).
...
Click to expand...
Click to collapse
Hello,
I have a request, can you make it compatible with GingerBread plz?
Thanks.
LoMAX_HUN said:
Hello,
I have a request, can you make it compatible with GingerBread plz?
Thanks.
Click to expand...
Click to collapse
Can you try the attached apk. It's the same code but built as an app for gingerbread version (API lvl 10). I couldn't test it as I don't have a phone for that version.
If it doesn't work please give me a logcat.
Banking Works, but Not PingIt
HiddenRambler said:
Edit: New version (BarcPosed1.1.apk) has some support for barclays pingit. I've not tested this my self as I don't use the application personally. If anyone tries it please let me know.
I've converted my patch into xposed module. This module is compatible with the current banking app (version 1.7.1).
Please consider this as a beta version for now. I've tested it on cyanogenmod but it might have some issues with other roms. If you try it please let me know if it worked.
Assuming you already have a working xposed installation the steps to get the app working are:
1) Install banking app from playstore. Make sure it's version 1.7.1
2) Install the BarcPosed.apk from my post.
3) Run the BarcPosed app and click the 'install' button. You will need to grant it root permissions.
4) Enable the module in xposed and reboot.
5) Use the barclays app as normal.
6) Disable automatic updates for the banking app to prevent it from updating.
I've included the source code for the app.
Click to expand...
Click to collapse
xposed is fantastic!
This worked for me. It's so nice to be able to update my SU binaries without fear of breaking the app.
I'm running Cyanogenmod v10.2.0 on a Samsung Galaxy S3 (International) (i9300).
I tried using the v1.1 of the BarcPosed.apk with PingIt, but it still tried to gain root and then closed itself immediately.
Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB
sgmarouf said:
Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB
Click to expand...
Click to collapse
Im also wondering the same thing
Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.
nexus511 said:
Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.
Click to expand...
Click to collapse
Good job! :good:
0312birdzhang said:
Good job! :good:
Click to expand...
Click to collapse
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
This is a good news! I just bought a "banana" today, waiting for your good news :fingers-crossed:
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
Sounds like you've made some impressive progress here, can't wait for more details!
Will you be posting a more detailed tutorial/how-to here or on your blog in the future?
Keep up the great work! :good:
Great work, would be great to uninstalled preinstalled *tty demo games.
@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
fpb4 said:
@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
Click to expand...
Click to collapse
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?
0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Is there anyway I could revert installing omniJB? I'd love to be able to install factory updates again.
hello all, just give an update on how's everything regarding nokia 8110 is going
fpb4 said:
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?
Click to expand...
Click to collapse
Could you remove the pre-installed apps?
Hi!
It's possible, to get full ADB-Root by injecting a patched adbd-binary. And with real swap instead of zram, the device is more responsive (background-tasks like Launcher/Homescreen are killed less often...)
As soon, as I have build my own patched adbd, I will provide an 'update.zip' -- it seems chainfire doens't like others to use his version. (OpenSource -- anyone? )
BTW: no, I don't have 'su' -- only my own priviledged additional startscript and ADB-Root but for me this is more than enough to 'work'
(my goal is to create native apps with Ada/Gnoga - meaning native but with HTML5-GUI. First tests are working well...)
I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?
It should be possible to remove those apps - but for me it's hard to say how. On my device there were no preinstalled apps/games other than snake. Everything else is (un)installable normally. Could be a region-thing
(I've got the european/german version)
-- but on my device the store seems to be a 'static' bunch of zips - so it could kill the store to just remove those.
(i think I would need to adjust configs for the store if I want to clean them up)
If I remember correctly, there is a flag in the app-manifest to config if an app is removeable... my first try would be to edit this flag and check if I could uninstall it normally after this
On the other hand: there is nearly no need to uninstall - KaiOS-Apps are small and with a sdcard....
(I created an extra 1GB-Swap on /data - even then enough space left)
BTW: if You have a little experience with android-stuff, rooting is simple when You know how
Enable adb --> just type *#*#33284#*#* on keypad of your phone (the digits spell 'debug' )
-- build an update.zip - sign with AOSP-Test-Keys
--- let it create '/data/opt', '/data/opt/bin'
--- put an patched adbd (chainfire's v22 works) in /data/opt/bin
--- create /data/opt/init as a shellscript, remounting / rw, replace /sbin/adbd with patched one, remount / ro kill adbd so it restarts the patched version. (you may add commands for other stuff on boot - I disable zram, enable swapfile, start en Ada-Server....)
--- and add a call to '/data/opt/init' as last line to '/etc/init.qcom.post_boot.sh' so this 'init' will start with root-rights on startup.
This way /data/opt/init will inherit root from /etc/init.qcom.post_boot.sh, so it can replace adbd - and because the patched version won't drop it's root-rights you'll have a root shell over adb.
As You see - it's quite trivial, but at the moment I don't have a patched adbd which I'm allowed to include.
(I hadn't time to build an AOSP-tree until now)
Has anyone tried installing OmniJB from 4pda.ru website? (Sorry can't post links)
If you google "4pda 890710" it will bring it up.
Also, anyway of installing whatsapp yet?
PolePolisher said:
I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?
Click to expand...
Click to collapse
root or create an update to edit /data/local/webapps/webapps.json
it worked on my phone no more s*** games and google stuff
Can I not just replace the /sbin/adbd from the boot.img?
(by extracting the boot.img with a flashable zip, and then unpack/repack with kitchen)