Related
Hi,
A while ago I've started to reverse engineer the (userland) baseband interface of my Samsung phone (GT-I8320 aka. H1) in an effort to see how far I can get Android running on the device (it ships with an OS based on LiMo and associated RIL).
Some Googling and inspection of other phones' RILs suggests that possibly quite some other Samsung smartphones use a similar baseband interface (Qualcomm MSM over dpram).
Searching XDA yield quite a few threads of Android upgrades blocked by a proprietary RIL. I couldn't find any traces of attempts to reverse a Samsung RIL though.
So, what I currently have is a really[/n] basic RIL implementation supporting baseband messages related to network registration (power up, imei/network info, signal info) and even outgoing calls (but that's all related to call management).
To anyone still reading this:
- Please direct me to any related effort (couldn't find any, as mentioned before).
- Direct anyone considering reversing a Samsung RIL here.
Finally, a set of goodies of unknown use:
- Known to work with my MSM6290 via a dpram interface.
- No idea how much free time I have to continue my effort.
- Might, or might not be of (limited) use for other Samsung phones.
Code: github.com/ius/samsung_h1_libmsm
You might want to check out this thread:
http : //forum.samdroid.net/f56/ril-development-froyo-3156/
Remove the space, cannot post links yet
This is for the Samsung Galaxy Spica, but may be a bit of help
hi!
I also tried to find out how samsung ril over dpram0 works...
@iuss
first of all .. amazing work.. thx
where did you get the information??? do you have any docs??
It's all based on reverse engineering of the LiMo telephony library (which is luckily pretty verbose) and it's associated logs.
I've found most similarities with Samsung RILs labeled as 'libsecril'. Those appear to use a similar interface.
I'm currently struggling to get the audio routing from the modem fixed on my board (in order to be able to test call functionality as I add it) before continuing to work on this.
I've found most similarities with Samsung RILs labeled as 'libsecril'. Those appear to use a similar interface.
Click to expand...
Click to collapse
Yes you are right, libsec-ril.so from galaxy spica uses exactly the same interface!
I opened it up in ida-pro and checked it!
@iuss:
are you good at reading asm??
[email protected] said:
@iuss:
are you good at reading asm??
Click to expand...
Click to collapse
I guess so. Anything specific you need help with?
I am testing now with your source and i can open dpram0 and power_on!
Further i can send commands, but i do not get an answer???
can you post an example .. (unlocking sim,..)
thx
It's not implemented (as is 99% of the rest). Should be trivial to implement though, I think it's the MSM_SEC_ISIM_AUTH message. Will certainly do so after the weekend, if I get my sound to work. - which is still not working. Could you try patching test.c using the following diff (after disabling the pin code if neccessary, and change the number). It should call the number - if it works for you, I'm probably missing a GPIO somewhere.
Code:
diff --git a/test.c b/test.c
index 28fae0e..a449342 100644
--- a/test.c
+++ b/test.c
@@ -18,10 +18,26 @@
*
*/
+#include <unistd.h>
#include <radio.h>
+static int flag = 0;
+
+static void do_stuff()
+{
+ msm_call_outgoing(0, "0123456798");
+}
+
static void on_receive(struct msm_request_info *info)
{
+ switch(info->type) {
+ case MSM_NET_REGIST:
+ if(!flag) {
+ flag = 1;
+ do_stuff();
+ }
+ break;
+ }
}
static struct msm_info msm = {
thx for the code!
I disabled the pin code and tried your changes!
the only message i get is
Code:
MSM_DISP_ICON_INFO NOTI (15/5) seq=179 req=0
i think the mobile is not connecting to network!
Hi,
You're testing this on a GT-I5700 (Spica) right?
Checked the dpram driver source, the ioctls are different. Hence the phone is not properly reset (by msm_power_on(), which turns the modem off first if needed). That's why you're only getting a status message regularly sent by the baseband (contains rssi and such).
Try this. Spica seems to have a few different ioctls too, but I've just dropped those as I'm not using them anyway.
- Edit: Wrong ioctls, see next 2 posts -
from where did you have the ioctls??
i checked libsec-ril.so
Code:
EXPORT onedram_phone_pow_on
onedram_phone_pow_on
PUSH {R4,LR}
LDR R4, =(_GLOBAL_OFFSET_TABLE_ - 0x33CC8)
LDR R0, =(fd_onedram_ptr - 0x45164)
LDR R1, =0x6FD0 ; request
ADD R4, PC
LDR R3, [R4,R0]
MOVS R2, #0
LDR R0, [R3] ; fd
BLX ioctl
CMP R0, #0
BGE loc_33CEE
My reference is the dpram driver shipped with GT-I5700_OpenSource.zip.
But I see that you're right, in true Samsung-style there are multiple defines for the ioctls. The ones in my patch are unused.
DPRAM_PHONE_POWON is indeed 0x6FD0. Try setting that as power_on ioctl.
DPRAM_PHONE_ON is 0xF0C0 - which seems to be called to init the OneDRAM memory, and appears to depend on POWON. If it doesn't work after the POWON ioctl, send this one as well (or even better, strace your original RIL to see the ioctls required).
There's one more ioctl (0x6FD3) related to booting, but I *think* it's only used when a modem image is uploaded. Refer to dpram.h/dpram.c for more info..
hi!
hmm it doesn't work!
Can you tell me how the image upload (over serial) works and if i need to do it??
Further how do you strace rild??
rild is startet from init and the sockets are created on startup!
if i stop rild it restarts and i can not strace it!
so i go to bed... good night
I don't know about the image upload. Either the bootloader handles it (didn't check in detail) or it's handled by the baseband itself. For my phone I can simply send the power_on ioctl and off it goes - probably it's just the same for Spica.
As for stracing, you might be able to modify init.rc so rild is started straced.
What might be easier though is simply reversing it. Seeing you already have the RIL lib in IDA, just find all xrefs to ioctl and you should be able to figure all needed.
hi,
I tried a lot, but i did not get it to work!
I changed the power_IOCTL to 0x6FD0!
It return 0 = OK
but the phone do not start!
The orignial lib loads a phone-image and a nv_data.bin and then it uses 0x6FD3 to start the phone.
But my assembly knowlegde not so good.
Can you have a look if you have time????
i attach libsec-ril.so. open it with ida and go to function RIL_Init!
the magic happens in dload_test
thx in advance
Had a quick look. You're right, Spica appears to load the phone fw/nvs from Android.
Quick writeup (in order):
- onedram_open(): Open /dev/dpram0
- dload_read_dbl(): Read /dev/bml9, 0x5000 bytes
- onedram_phone_pow_on(): ioctl 0x6fd0 (DPRAM_PHONE_POWON)
- dload_uart_init(): open /dev/s3c_serial0, 115200
- dload_hdlc_init(): init some data related to hdlc parsing
- dload_packet_init(): init some packet struct
- nop_req()
- onedram_phone_image_load(): ioctl 0x6fd1 (DPRAM_PHONEIMG_LOAD)
- onedram_nv_data_load(): load /efv/nv_data.bin 0x80000 bytes, ioctl(fd, 0x6FD2 (DPRAM_NVDATA_LOAD), buf_with_nvdata)
- onedram_phone_boot_start(): ioctl 0x6fd3 DPRAM_PHONE_BOOTSTART
onedram_nv_data_load() reads the nvdata and passes it as a param along with the ioctl, the nop_req is sent over the uart.
The baseband firmware itself seems to be read by libsecril, but not used (?) - the kernel driver contains code to read bml too when DPRAM_PHONEIMG_LOAD is issued.
I haven't traced into nop_req - no time to reverse it right now. You can import these functions from libsec-ril.so for testing (all are exported) and later replace them with your own implementation. (You can then easily strace your binary to recover the nop_req data).
I'm looking for RIL logs of Samsung phones in order to speed up development.
'logcat -b radio' might provide some, but given a specific phone model I could look up alternative log locations (i5500 for instance appears to dump RIL traffic to /data/log/).
Anyone able to help?
Nexus S
Hi,
out of curiosity I opened the 'libsec-ril.so' from the Nexus S in IDA.
although 'ioctl' is imported, I cannot really find calls to it.
Since i'm unfamiliar with Arm opcodes, I probably overlook something.
Does this code make sense to anyone ?
EDIT: Quite a lot of functions seem to call 'IPC_send_singleIPC', so I suppose
I might be looking at the wrong file...
EDIT2: Ahh, 'IPC_send_singleIPC' can print an IOCTL error message, just haven't found the actual call to ioctl() yet..
Code:
.text:00016BC4 EXPORT requestDTMFStop
.text:00016BC4 requestDTMFStop
.text:00016BC4 LDR R3, =(dword_62428 - 0x16BD0)
.text:00016BC6 PUSH {R4-R6,LR}
.text:00016BC8 MOV R4, R2
.text:00016BCA LDR R2, =0xFFFFFDC4
.text:00016BCC ADD R3, PC
.text:00016BCE MOV R6, R0
.text:00016BD0 MOV R5, R1
.text:00016BD2 LDR R0, [R3,R2]
.text:00016BD4 LDRB R3, [R0]
.text:00016BD6 CBZ R3, loc_16BEC
.text:00016BD8 LDR R3, =(aOndialtimeout - 0x16BE4)
.text:00016BDA MOVS R0, #6
.text:00016BDC LDR R1, =(aRil - 0x16BE6)
.text:00016BDE LDR R2, =(aS - 0x16BEA)
.text:00016BE0 ADD R3, PC ; "onDialTimeout"
.text:00016BE2 ADD R1, PC ; "RIL"
.text:00016BE4 ADDS R3, #0x6C
.text:00016BE6 ADD R2, PC ; "%s()"
.text:00016BE8 BLX sub_10D2C ; NOTE: this seems to be a printf() function
.text:00016BEC
.text:00016BEC loc_16BEC ; CODE XREF: .text:00016BD6j
.text:00016BEC MOV R0, R6
.text:00016BEE MOV R1, R5
.text:00016BF0 MOV R2, R4
.text:00016BF2 MOVS R3, #2
.text:00016BF4 BL sub_16B28
.text:00016BF8 POP {R4-R6,PC}
.text:00016BFA ; ---------------------------------------------------------------------------
.text:00016BFA NOP
.text:00016BFA ; ---------------------------------------------------------------------------
.text:00016BFC off_16BFC DCD dword_62428 - 0x16BD0 ; DATA XREF: .text:requestDTMFStopr
.text:00016C00 dword_16C00 DCD 0xFFFFFDC4 ; DATA XREF: .text:00016BCAr
.text:00016C04 off_16C04 DCD aOndialtimeout - 0x16BE4 ; DATA XREF: .text:00016BD8r
.text:00016C04 ; "onDialTimeout"
.text:00016C08 off_16C08 DCD aRil - 0x16BE6 ; DATA XREF: .text:00016BDCr
.text:00016C08 ; "RIL"
.text:00016C0C off_16C0C DCD aS - 0x16BEA ; DATA XREF: .text:00016BDEr
.text:00016C0C ; "%s()"
.text:00016C10 ; ---------------------------------------------------------------------------
Tuigje said:
out of curiosity I opened the 'libsec-ril.so' from the Nexus S in IDA.
although 'ioctl' is imported, I cannot really find calls to it.
Click to expand...
Click to collapse
Did you try to find xrefs to it?
Since i'm unfamiliar with Arm opcodes, I probably overlook something.
Does this code make sense to anyone ?
Click to expand...
Click to collapse
It does, but it's just an excerpt from a RIL request handler (requestDTMFStop).
EDIT: Quite a lot of functions seem to call 'IPC_send_singleIPC', so I suppose
I might be looking at the wrong file...
Click to expand...
Click to collapse
Wrong file? What are you looking for exactly? The send_single_IPC function is used to send a message to the baseband, thus it's called quite often.
Nexus S has a slightly different kernel driver for dpram, probably Google kindly requested Samsung to clean their crap up. Instead of a chardev + read/write they use ioctls to perform read/write. That would explain the ioctl references you're seeing in IPC_send_singleIPC.
iuss said:
Did you try to find xrefs to it?
Click to expand...
Click to collapse
Nope. I must have done something wrong loading the libsec-ril.so into IDA. all
imports are shown at the end of the file as:
Code:
extern:0009E54C ; int ioctl(int fd, unsigned __int32 request, ...)
extern:0009E54C IMPORT ioctl
It does, but it's just an excerpt from a RIL request handler (requestDTMFStop).
Wrong file? What are you looking for exactly? The send_single_IPC function is used to send a message to the baseband, thus it's called quite often.
Click to expand...
Click to collapse
Ok. I was wondering whether it is possible to get e.g. 'timing advance' data from the gsm-modem. So I started by digging through the android sources. Now I'm at libsec-ril.so. (and libril.so, but I can't make much sense out of that one yet).
Is it correct that libril.so and the kernel-mode gsm driver are also closed-source for the Nexus S ?
Edit: libril looks awfully similar to the android sources (device/libs/telephony/ril.cpp)
Do you know the name of the kernel driver (module filename), or is it directly compiled into the kernel ?
I haven't stumbled onto it yet, neither in the system.img nor in the ramdisk of the boot.img.
Nexus S has a slightly different kernel driver for dpram, probably Google kindly requested Samsung to clean their crap up. Instead of a chardev + read/write they use ioctls to perform read/write. That would explain the ioctl references you're seeing in IPC_send_singleIPC.
Click to expand...
Click to collapse
Is there any other place to get such information, or is it all hard work figuring this out by yourself ?
I'm running Android Revolution XE 3.6.0 with the new wifi calling patch and I can't seem to get the Wifi Calling to work. I can open the app, it sees that I am on wifi, and it just sits at the "Wifi Calling: Enabling" "Please wait while connecting to T-Mobile Network". Any ideas?
Here is what I can see when doing logcat:
E/KINETO ( 4272): KLOG103- ganswitch_init - error sending message!
I/Kineto::Receiver( 4272): onReceive Enter
I/Kineto::main( 4272): Kineto: SendAlarmEvent Enter
E/KINETO ( 4272): KLOG0A2- ERROR: IBS Msg Q Post: size is too large
E/KINETO ( 4272): KLOG0A2- ERROR: Failed to post to Queue
I/Kineto::Receiver( 4272): onReceive Exit
D/KIPCapp ( 4272): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 4272): Connecting... socket = 47, state = 0
D/KIPCapp ( 4272): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 4272): Connect failed 111
Click to expand...
Click to collapse
[/thread]
Wound up just doing a clean wipe and reinstall of the ROM since I ran into some other very weird issues after looking for why it was not working. Probably a bad install.
I don't see the wifi calling app after I flashed to 4.1.0. I also rooted, superCID, S-off my phone already. Is your Sensation superCID off too?
If you messed with your CID, WiFi calling won't be installed. Check out this thread on how to install it. Do NOT flash the file, you must follow the directions. You have to copy some files over, install an APK, and change the build.prop file.
http://forum.xda-developers.com/showthread.php?t=1193142
Sent from my HTC Flyer P512 using xda premium
I am trying to install the just released update from Verizon but I klept getting the message that the software failed. Do I need to unroot the device first?
You can keep root but make sure you have stock recovery otherwise the ota will fail.
Sent from my SGH-T999V using xda premium
shahkam said:
You can keep root but make sure you have stock recovery otherwise the ota will fail.
Sent from my SGH-T999V using xda premium
Click to expand...
Click to collapse
If I am running an unrooted VRBLI5 will OTA work to update to VRBLK3? I keep trying to check for a software update and it says that there is no new software update available.
The OTA will not show up unless you downgrade to VRALHE. Since VRBLI5 was not an official version it won't offer you the OTA. You could also upgrade to VRBLK3 using one of the guides in the development section which would probably be a lot easier.
fromaap integrable
BigErnM said:
The OTA will not show up unless you downgrade to VRALHE. Since VRBLI5 was not an official version it won't offer you the OTA. You could also upgrade to VRBLK3 using one of the guides in the development section which would probably be a lot easier.
Click to expand...
Click to collapse
Thanks so much for the quick response and for the insight - very appreciated. I was bummed when my wife got the OTA and I didn't! I will probably just upgrade to the new stock rather than downgrade and upgrade.
My completely stock S3 is failing checking for updates saying that the update service is not available. It doesn't seem to ever have been able to successfully check for updates (last checked time is blank).
I noticed the following in adb logcat when I tried to check for updates:
Code:
E/SyncmlDMGenericExtHandlerConnector( 1913): Can not route to Mobile Admin Network 64.186.176.220
However, on the phone, I can ping that IP address just fine, at the same time as it's supposedly trying to check for updates:
Code:
[email protected]:/ $ ping 64.186.176.220
PING 64.186.176.220 (64.186.176.220) 56(84) bytes of data.
64 bytes from 64.186.176.220: icmp_seq=1 ttl=248 time=61.6 ms
64 bytes from 64.186.176.220: icmp_seq=2 ttl=248 time=58.4 ms
64 bytes from 64.186.176.220: icmp_seq=3 ttl=248 time=56.5 ms
This happens on wifi or mobile data. Any suggestions on how to make this thing check for updates?
Thanks.
---------- Post added at 12:04 PM ---------- Previous post was at 12:02 PM ----------
The rest of the error:
Code:
D/ConnectivityService( 650): requestRouteToHostAddress on down network (10) - dropped
I/ ( 1913): HTTP: http_socket_connect ret:-1 Errno:115
I/ ( 1913): connect wouldblock: EINPROGRESS
D/memalloc( 340): ion: Allocated buffer base:0x42f61000 size:630784 fd:62
D/memalloc( 1913): ion: Mapped buffer base:0x5e66b000 size:630784 offset:0 fd:77
D/KeyguardViewMediator( 650): setHidden false
I/Adreno200-EGLSUB( 340): <CreateImage:893>: Android Image
I/Adreno200-EGLSUB( 340): <GetImageAttributes:1102>: RGBA_8888
D/KeyguardViewMediator( 650): setHidden false
I/ ( 1913): HTTP: SSL_CTX_load_verify_locations ret :0
I/ ( 1913): SSL_load_verify_locations failed
I/ ( 1913): HTTP: xaction 1574547464 ssl init error
I/ ( 1913): HTTP: status code 0
I/ ( 1913): [s]:[ERROR]:
I/ ( 1913): vendor/samsung/common/packages/apps/SyncMLSvc/native/syncmlcore/base/dm/src/tsldm_ses.cpp:Line:683 SesWaitForMsgSt:Error:9 happend while Recv Msg
I/ ( 1913):
I/ ( 1913): [s]:[ERROR]:
I/ ( 1913): vendor/samsung/common/packages/apps/SyncMLSvc/native/syncmlcore/base/dm/src/tsldm_ses.cpp:Line:788 Session Status :100663305
I/ ( 1913):
D/KeyguardViewMediator( 650): setHidden false
I/ ( 1913): shutdown Socket :50 return: 0
I/ ( 1913): HTTP: http_dispatch trans is already freed 5dd9b008
shahkam said:
You can keep root but make sure you have stock recovery otherwise the ota will fail.
As far as I know I have stock recovery. I did not flash a new ROM
Click to expand...
Click to collapse
I cant upgrade mine either, all I did was root
no unlocked bootloader, everything is stock
all stock apps are installed and running
Seems like lots of other Verizon customers are having the same problem. My phone is rooted, bootloader is unlocked and I have stock ROM
Please read forum rules before posting
Rule 15 tells you where to post if you are confused
Thread moved
Thank you for your cooperation
Friendly Neighborhood Moderator
And please search, this has been asked and answered several times
Hi,
currently we are try to port the unofficial CyanogenMod 10.1 build for Huawei G510 Daytona to the Huawei Ascend G330 U8825-1.
The rom runs out of the box but there are some things that won't work at this time. The baddest Problem is that telephony won't work.
There is no sim and no imei. After some search we found out that we have to use the libcm.so from the stock Firmware of Ascend G330 and now we ould connect to sim card and we have imei back and data Connection is working fully. But it's not possible to call someone, because we can't hear anything and the microphone doesn't work.
Even this tutorial: http://forum.xda-developers.com/showthread.php?t=1948560 isn't successful.
Could someone help?
Thanks
StefanV3
Hey,do you can send this cm10 via pm to me? Thanks,and,try this directly from g510 cm10.1 snapshot [quote name='joestone' timestamp='1376772208' post='2149556']Spanish guys : The troll is on again with the photoshopped screen as I read it on htcmania. You can check my previous jobs here on modaco or on xda (gt540, zte smarttab, g300).
You can download my build http://goo.im/devs/joestone/g510/cm-10.1-20130817-UNOFFICIAL-G510.zip it has a lot of non working parts , but ril and nfc are working.
Developers : This is my huaweiril2 whic was used to fix the ril. It logs a lot and not needed in production build.http://goo.im/devs/joestone/g510/HuaweiRIL2.java
How to fix ril .
First be sure you have ro.telephony.ril.v3=qcomdsds in your system prop . This is needed as our ril libs are made for multisim and have to send sub1 as main ril socket.
Qualcomsharedril is not suitable for our device as it has mQANElements=5 by default and we need 4. The main RIL has 4 as default.It is used by responseOperatorInfos(Parcel p) The second thing why it is not suitable it uses too many elements in responseIccCardStatus(Parcel p) by default (no sim pin request , invalid apptype in radiolog) . It can be switched off by using skippinpukcount oldril feature , but main RIL is fine with this too by default. Datacall routines are also fine in main ril.
The only reason why we should need a custom ril is to fix the shown baseband version. Of course if no other bug is found .
The non working state drops first this in radiolog :
W/RILC( 144): RIL_onUnsolicitedSendResponse called before RIL_register
E/RILD( 144): isMultiSimEnabled: prop_val = 0 enabled = 0
D/RILC( 144): QCRIL_RPC
D/RILC( 144): QCRIL_RPC
E/RILC( 144): RIL_register: RIL version 7
While with the working version contains :
E/RILD( 186): **RIL Daemon Started**
E/RILD( 186): **RILd param count=1**
E/RILD( 186): RIL_Init argc = 5 client = 0
E/RILD( 186): isMultiSimEnabled: prop_val = 0 enabled = 0
E/RILC( 186): RIL_register: RIL version 7
E/RILC( 186): s_registerCalled = 1, s_started = 1, RIL_getMaxNumClients = 1
No custom ril needed in framework , we can use the main ril.java.
Copy the ril libfiles from stock rom. I used these files from stock VF rom : Copy libqcci_legacy.so also as it used by atserver.
check your init files to have the following services:
in on boot section
pcm-bridge is not needed as pcm-bridge does not exist in stock rom (at least in my stock rom)
service atserver /system/bin/atserver
class core
oneshot
service netmgrd /system/bin/netmgrd
class main
service bridgemgrd /system/bin/bridgemgrd
class main
user radio
group radio
disabled
service port-bridge /system/bin/port-bridge /dev/smd0 /dev/ttyGS0
class main
user system
group system inet
disabled
service qmiproxy /system/bin/qmiproxy
class main
user radio
group radio
disabled
service qmuxd /system/bin/qmuxd
class main
user radio
group radio
In post-fs section
service ril-qmi /system/bin/sh /init.qcom.ril.path.sh
class main
user root
oneshot
in on emmc-fs section (you need BOARD_WANTS_EMMC_BOOT := true in boardconfig)
write /sys/module/block2mtd/parameters/block2mtd /dev/block/mmcblk0p14
on property:sys.radio.shutdown=true
exec /system/bin/sh /system/etc/init.qcom.efs.sync.sh
sorry for the long post.[/quote]
I have a friend devoloper,if you send to me link to cm10 i can help you,and.....are you embeddev on github
Tapatalkato via il mio gelato sfigato biscotto
Hi,
isee that you registered in german www.android-hilfe.de and joined the discussion at Huawei G330 Custom Rom section.
The CM10.1 rom for Huawei G510/Y300 is from this post at spanish htcmania Forum:
http://www.htcmania.com/showthread.php?t=613560
First of all we don't build CyanogenMod 10.1 from source for G330. We tried to modify the rom built from HERRERO7 for G510 to get it work on our G330 because the Rom does run on our G330 as it is but with the so called problems.. Our first succes was to get 3G work with the libcm.so from stock firmware. Telephoy was also prossible but without a working speaker and withou working mic. Maybe the new build of joestone is Fixing the most things...
But i am a Little bit confused about your words because this is CyanogenMod 10.1 and not CyanogenMod 10. And i am confused about the words of user joestone because of dual sim. Oour Huawei Ascend G330 (8825-1) isn't dual sim. It's the "one sim version" of Huawei Ascend G330D (U8825D)tha is dual sim.
But currently i am downloading the builds from joestone and kra1o5 an find out if it's working (even mic).
Also i am confused of the words of joestone too because i am not a developer so for me it seems that porting CyanogenMod is more that just modify some files for configuration and replacing some liberys with the ones from stock rom.
Thanks
StefanV3
Joestone explain how to fix sims problem,but id is already fixed just try joestone build,good luck
Ps:watch for modaco forum,its english and all developers are here,dont'use herrero build
Tapatalkato via il mio gelato sfigato biscotto
Hi,
thanks...
StefanV3
ProtectMyPrivacy(PMP) helps you to manage and control usages of privacy data of applications installed on your Android device! (Download at: https://play.google.com/store/apps/details?id=com.synergylabs.androidpmp)
Features
√ Get notifications and flags whenever an application that you're currently using accesses data on your device (e.g. Location, Phone Identifiers, Call logs, Contacts, Calendar, Messages, Notifications etc.)
√ Choose how you want the app to access your privacy data. (Options: Allow, Deny, Fake, Ask)
√ Easily access privacy controls from within PMP on an attractive listview display
√ Scroll between your list of 'Protected', 'System' as well as 'Unprotected' Apps to see what data accesses the apps that you’ve installed are currently accessing
√ Attractive icons and views that quickly orientate you what types of data your application is accessing
√ Real-time interactive warning mechanism that notifies you whenever an app requires the use of privacy data
PMP runs only on rooted devices running Android 4.1 and above, and requires Cydia Substrate as well as SELinuxModeChanger to function properly.
Installation Instructions:
1. PMP requires a rooted Android device (Please refer to http://android.stackexchange.com/questions/1184/how-do-i-root-my-android-device). Check that you have root access on your device. Download a root checker: e.g. (https://play.google.com/store/apps/details?id=com.joeykrim.rootcheck&hl=en) to check.
2. Install the PMP application. The list of Protected Applications will not be visible, as steps (3) and (4) have not been performed yet.
3. Download SELinuxModeChanger (http://forum.xda-developers.com/showthread.php?t=2524485). Change the mode of your device to “Permissive”.
4. Download Cydia Substrate (https://play.google.com/store/apps/details?id=com.saurik.substrate&hl=en). Link the Substrate Files by clicking on the “Link Substrate Files” button, followed by the “Restart System (Soft)” button to restart your device.
5. Navigate into the PMP application, and you should see your installed apps in the list.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Developer
SynergyLabs @ CMU
Push
..
Bump
Has anyone used this app successfully? Some reviews on play store complain about bootloop
blue5055 said:
Has anyone used this app successfully? Some reviews on play store complain about bootloop
Click to expand...
Click to collapse
Hi, I think the complain was due to the phone rooting process rather than PMP installation. In any case, we have found that the installation works best by installing PMP only after installing the Cydia Substrate and SELinuxModeChanger dependencies. If not, uninstall and re-install PMP, followed by a phone reboot by clicking on 'Restart System(Soft)' in Cydia Substrate. The list of protected apps should show up in PMP properly after this.
Use ProtectMyPrivacy(PMP), control your application privacy now!
https://play.google.com/store/apps/details?id=com.synergylabs.pmpandroid
Updated PlayStore link for PMP
Updated link:
HTML:
https://play.google.com/store/apps/details?id=com.synergylabs.androidpmp
Updated PlayStore link for PMP
Updated link:
https://play.google.com/store/apps/details?id=com.synergylabs.androidpmp
nice app worth sharing this app..!!
force close android marshmallow and android lollipop.here is the log.hope my helped.
3C Toolbox Pro (logcat)
======================
I/16:16:39.427 Sending signal. PID: 11859 SIG: 9
E/16:16:39.091 at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:117)
E/16:16:39.091 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:745)
E/16:16:39.091 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:950)
E/16:16:39.091 at java.lang.reflect.Method.invoke(Method.java:372)
E/16:16:39.091 at java.lang.reflect.Method.invoke(Native Method)
E/16:16:39.091 at android.app.ActivityThread.main(ActivityThread.java:5348)
E/16:16:39.091 at android.os.Looper.loop(Looper.java:139)
E/16:16:39.091 at android.os.Handler.dispatchMessage(Handler.java:95)
E/16:16:39.091 at android.os.Handler.handleCallback(Handler.java:739)
E/16:16:39.091 at android.view.Choreographer$FrameDisplayEventReceiver.run(Choreographer.java:753)
E/16:16:39.091 at android.view.Choreographer.doFrame(Choreographer.java:550)
E/16:16:39.091 at android.view.Choreographer.doCallbacks(Choreographer.java:580)
E/16:16:39.091 at android.view.Choreographer$CallbackRecord.run(Choreographer.java:767)
E/16:16:39.091 at android.view.ViewRootImpl$TraversalRunnable.run(ViewRootImpl.java:5935)
E/16:16:39.091 at android.view.ViewRootImpl.doTraversal(ViewRootImpl.java:1075)
E/16:16:39.091 at android.view.ViewRootImpl.performTraversals(ViewRootImpl.java:1860)
E/16:16:39.091 at android.view.ViewRootImpl.performLayout(ViewRootImpl.java:2108)
E/16:16:39.091 at android.view.ViewGroup.layout(ViewGroup.java:5046)
E/16:16:39.091 at android.view.View.layout(View.java:15715)
E/16:16:39.091 at android.widget.FrameLayout.onLayout(FrameLayout.java:514)
E/16:16:39.091 at android.widget.FrameLayout.layoutChildren(FrameLayout.java:579)
E/16:16:39.091 at android.view.ViewGroup.layout(ViewGroup.java:5046)
E/16:16:39.091 at android.view.View.layout(View.java:15715)
E/16:16:39.091 at com.android.internal.widget.ActionBarOverlayLayout.onLayout(ActionBarOverlayLayout.java:494)
E/16:16:39.091 at android.view.ViewGroup.layout(ViewGroup.java:5046)
E/16:16:39.091 at android.view.View.layout(View.java:15715)
E/16:16:39.091 at android.widget.FrameLayout.onLayout(FrameLayout.java:514)
E/16:16:39.091 at android.widget.FrameLayout.layoutChildren(FrameLayout.java:579)
E/16:16:39.091 at android.view.ViewGroup.layout(ViewGroup.java:5046)
E/16:16:39.091 at android.view.View.layout(View.java:15715)
E/16:16:39.091 at android.widget.RelativeLayout.onLayout(RelativeLayout.java:1077)
E/16:16:39.091 at android.view.ViewGroup.layout(ViewGroup.java:5046)
E/16:16:39.091 at android.view.View.layout(View.java:15715)
E/16:16:39.091 at android.widget.AbsListView.onLayout(AbsListView.java:2151)
E/16:16:39.091 at android.widget.ListView.layoutChildren(ListView.java:1673)
E/16:16:39.091 at android.widget.ListView.fillFromTop(ListView.java:759)
E/16:16:39.091 at android.widget.ListView.fillDown(ListView.java:698)
E/16:16:39.091 at android.widget.ListView.makeAndAddView(ListView.java:1864)
E/16:16:39.091 at android.widget.AbsListView.obtainView(AbsListView.java:2347)
E/16:16:39.091 at com.synergylabs.androidpmp.ui.adapters.ApplicationAdapter.getView(ApplicationAdapter.java:77)
E/16:16:39.091 at com.synergylabs.androidpmp.ui.adapters.ApplicationAdapter.loadPossiblePermissions(ApplicationAdapter.java:89)
E/16:16:39.091 at com.synergylabs.androidpmp.Util.opToString(Util.java:193)
E/16:16:39.091 java.lang.ArrayIndexOutOfBoundsException: length=2; index=2
E/16:16:39.091 Process: com.synergylabs.androidpmp, PID: 11859
E/16:16:39.091 FATAL EXCEPTION: main
D/16:16:39.090 Shutting down VM
W/16:16:39.085 Asset path /system/framework/oneplus-framework-res.apk is neither a directory nor file (type=1).
I/16:16:39.084 Success to hydrongen resources /system/framework/hydrongen-framework-res.apk
E/16:16:39.053 [com.tencent.FileManager, com.keramidas.TitaniumBackup, com.synergylabs.androidpmp, info.kfsoft.android.TrafficIndicatorPro, com.flarejune.perfectcolorbar, com.UCMobile, ccc71.at, me.piebridge.forcestopgb, com.riteshsahu.SMSBackupRestorePro, com.coolapk.market, de.robv.android.xposed.installer, com.naxy.xykey, cn.wq.myandroidtoolspro, org.adawaycn, biz.bokhorst.xprivacy, com.maxmpz.audioplayer, com.mixplorer, com.dv.adm.pay, de.defim.apk.lightningwall]
D/16:16:38.701 Enabling debug mode 0
I/16:16:38.687 Initialized EGL, version 1.4
I/16:16:38.686 Reconstruct Branch: NOTHING
I/16:16:38.686 Local Patches: NONE
I/16:16:38.686 Remote Branch: quic/LA.BF.1.1.1.c4
I/16:16:38.686 Local Branch: mybranch15158111
I/16:16:38.686 Build Date: 10/12/15 Mon
I/16:16:38.686 OpenGL ES Shader Compiler Version: E031.25.03.06
I/16:16:38.686 <qeglDrvAPI_eglInitialize:410>: EGL 1.4 QUALCOMM build: Nondeterministic_AU_msm8974_LA.BF.1.1.1.C4__release_AU ()
D/16:16:38.670 App Event: start
W/16:16:38.667 More than 500 ms to handle , msg.target = Handler (android.app.ActivityThread$H) {3e7ab1b4} , msg.callback = null, msg.what = 100 , takenTime = 908 , startTime = 800376
D/16:16:38.662 mPerfLockEnabled false mPerfLockTraceEnabled false mPerfLockDuration 100 mPerfLockCpuMinFreq 1500
D/16:16:38.661 Validating map...
D/16:16:38.659 Use EGL_SWAP_BEHAVIOR_PRESERVED: true
D/16:16:38.657 mPerfLockEnabled true
E/16:16:37.775 server might already have been initialized
E/16:16:37.773 created from an instance of the manager
E/16:16:37.773 PMPServer created
W/16:16:24.728 responed with 3 for request PermissionModeRequestImpl [opNum=1, stackTrace=[dalvik.system.VMStack.getThreadStackTrace(Native Method), java.lang.Thread.getStackTrace(Thread.java:580), com.synergylabs.androidpmp.hooks.xposed.XHookImpl$1.beforeHookedMethod(XHookImpl.java:62), de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:661), android.location.LocationManager.requestLocationUpdates(<Xposed>), android.location.LocationManager.requestLocationUpdates(LocationManager.java:534), com.a.b.a.g.d.i(Unknown Source), com.a.b.a.g.d.h(Unknown Source), com.a.b.a.g.d.<init>(Unknown Source), com.a.b.a.b.<init>(Unknown Source), com.a.b.a.a.a(Unknown Source), com.amap.android.location.internal.server.NetworkLocationService.a(Unknown Source), com.amap.android.location.internal.server.NetworkLocationService.onCreate(Unknown Source), android.app.ActivityThread.handleCreateService(ActivityThread.java:2838), android.app.ActivityThread.access$1900(ActivityThread.java:155), android.app.ActivityThread$H.handleMessage(ActivityThread.java:1437), android.os.Handler.dispatchMessage(Handler.java:102), android.os.Looper.loop(Looper.java:139), android.app.ActivityThread.main(ActivityThread.java:5348), java.lang.reflect.Method.invoke(Native Method), java.lang.reflect.Method.invoke(Method.java:372), com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:950), com.android.internal.os.ZygoteInit.main(ZygoteInit.java:745), de.robv.android.xposed.XposedBridge.main(XposedBridge.java:117)], uid=10000]
W/16:16:24.641 sent request AppopsRequest [type=SET, num=1, uid=10000, op=1, packageName=com.amap.android.location, mode=0]
W/16:16:24.641 sending request AppopsRequest [type=SET, num=1, uid=10000, op=1, packageName=com.amap.android.location, mode=0]
W/16:16:24.554 called storeMode with com.amap.android.location, Fine Grained Location, Fake
E/16:16:17.828 waiting on user response for com.amap.android.location op Fine Grained Location
D/16:16:17.794 mPerfLockEnabled true
W/16:16:17.786 Failure retrieving resources for com.amap.android.location: Resource ID #0x0
W/16:16:17.784 No package identifier when getting value for resource number 0x00000000
W/16:16:17.779 Asset path /system/framework/oneplus-framework-res.apk is neither a directory nor file (type=1).
I/16:16:17.779 Success to hydrongen resources /system/framework/hydrongen-framework-res.apk
E/16:16:17.751 request sent repackaged as an ad request: PermissionModeRequestImpl [opNum=1, stackTrace=[dalvik.system.VMStack.getThreadStackTrace(Native Method), java.lang.Thread.getStackTrace(Thread.java:580), com.synergylabs.androidpmp.hooks.xposed.XHookImpl$1.beforeHookedMethod(XHookImpl.java:62), de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:661), android.location.LocationManager.requestLocationUpdates(<Xposed>), android.location.LocationManager.requestLocationUpdates(LocationManager.java:534), com.a.b.a.g.d.i(Unknown Source), com.a.b.a.g.d.h(Unknown Source), com.a.b.a.g.d.<init>(Unknown Source), com.a.b.a.b.<init>(Unknown Source), com.a.b.a.a.a(Unknown Source), com.amap.android.location.internal.server.NetworkLocationService.a(Unknown Source), com.amap.android.location.internal.server.NetworkLocationService.onCreate(Unknown Source), android.app.ActivityThread.handleCreateService(ActivityThread.java:2838), android.app.ActivityThread.access$1900(ActivityThread.java:155), android.app.ActivityThread$H.handleMessage(ActivityThread.java:1437), android.os.Handler.dispatchMessage(Handler.java:102), android.os.Looper.loop(Looper.java:139), android.app.ActivityThread.main(ActivityThread.java:5348), java.lang.reflect.Method.invoke(Native Method), java.lang.reflect.Method.invoke(Method.java:372), com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:950), com.android.internal.os.ZygoteInit.main(ZygoteInit.java:745), de.robv.android.xposed.XposedBridge.main(XposedBridge.java:117)], uid=10000]
E/16:15:55.877 Service's server started
W/16:15:55.875 More than 500 ms to handle , msg.target = Handler (android.app.ActivityThread$H) {3e7ab1b4} , msg.callback = null, msg.what = 114 , takenTime = 2199 , startTime = 756294
W/16:15:54.882 sent request AppopsRequest [type=GETALL, num=0, uid=-1, op=-1, packageName=, mode=-1]
W/16:15:54.882 sending request AppopsRequest [type=GETALL, num=0, uid=-1, op=-1, packageName=, mode=-1]
E/16:15:53.930 server might already have been initialized
E/16:15:53.928 created from an instance of the manager
E/16:15:53.928 PMPServer created
W/16:15:53.676 More than 500 ms to handle , msg.target = Handler (android.app.ActivityThread$H) {3e7ab1b4} , msg.callback = null, msg.what = 110 , takenTime = 900 , startTime = 755394
W/16:15:53.645 Asset path /system/framework/oneplus-framework-res.apk is neither a directory nor file (type=1).
I/16:15:53.645 Success to hydrongen resources /system/framework/hydrongen-framework-res.apk
W/16:15:53.508 Suspending all threads took: 5.787ms
E/16:15:53.041 at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:117)
E/16:15:53.041 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:745)
E/16:15:53.041 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:950)
E/16:15:53.041 at java.lang.reflect.Method.invoke(Method.java:372)
E/16:15:53.041 at java.lang.reflect.Method.invoke(Native Method)
E/16:15:53.041 at android.app.ActivityThread.main(ActivityThread.java:5348)
E/16:15:53.041 at android.os.Looper.loop(Looper.java:139)
E/16:15:53.041 at android.os.Handler.dispatchMessage(Handler.java:102)
E/16:15:53.041 at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1415)
E/16:15:53.041 at android.app.ActivityThread.access$1600(ActivityThread.java:155)
E/16:15:53.041 at android.app.ActivityThread.handleBindApplication(<Xposed>)
E/16:15:53.041 at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:661)
E/16:15:53.041 at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:176)
E/16:15:53.041 at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:71)
E/16:15:53.041 at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:35)
E/16:15:53.041 at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
E/16:15:53.041 at com.phoneinfo.changer.hooks.MainHook.handleLoadPackage(Unknown Source)
E/16:15:53.041 at com.phoneinfo.changer.hooks.d.a(Unknown Source)
E/16:15:53.041 at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)
E/16:15:53.041 at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)
E/16:15:53.041 at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:174)
E/16:15:53.041 java.lang.NoSuchMethodError: android.os.Binder#execTransact(int,int,int,int)#exact
E/16:15:52.983 Hook Name: android.net.wifi.WifiInfo
E/16:15:52.983 Hook Name: android.content.ContentResolver
E/16:15:52.982 Hook Name: android.content.ContentResolver
E/16:15:52.981 Hook Name: android.telephony.TelephonyManager
E/16:15:52.944 Hook Name: android.location.LocationManager
E/16:15:52.944 Hook Name: android.content.ContentResolver
E/16:15:52.915 Hook Name: android.content.ContentResolver
I/16:15:52.699 Late-enabling -Xcheck:jni
Now you need xposed right?
This app is really very awesome. Thanks to the Dev.
But unfortunately the app force closes in CM13 rom in my Redmi 1S. Please fix it.
Installation failure?
Salut!
I cannot install .apk, not 2.1.3, neither 2.1.2. (19FF2875422ADA503517768A99342576 and 57B5919F7F9DAA269A95B9108C7BBD8B)
System message for both APK's "there was a problem parsing the package."
Xposed message for both APK's "Downloaded file is not a valid APK (or incompatible)"
Both files pass ZIP integrity check and could be unzipped with no problems.
HTC One X+ (enrc2b), Android (4.2.2) Revolution 8 HD, rooted, XPosed Installer 2.6.1.
How can I carry out step-2 of the installation instruction?
Thank you.
Cydia Substrate is years old. How are we supposed to rely on an app designed in 2013 for 2.x-4.x for your app released in 2015 for 4.3+?
I downloaded Substrate and immediately ran into a brick wall (that "can't perform initial check, please email the dev" message). For as "easy" as people say PMP is to use compared to XPrivacy, it's colossally more difficult to install, and sorely lacking in helpful resources. This thread is the only place that informed me I should even be installing Substrate in the first place.
Has anyone gotten this to work on 6 or 7? I just get bootloops all day.
qu4gmire said:
Has anyone gotten this to work on 6 or 7? I just get bootloops all day.
Click to expand...
Click to collapse
Yes. Use xposed installer to get it, menu>download>pmp>versions (or download from play) lastest version was 2.4.0 on Jan 28th 2017.
This thread on xda seems long abandoned. No separate cydia download or whatever needed.
+always have the xposed uninstaller zip handy on sdcard in case of bootloops.
Is this app open source so we can confirm that our private data is actually private?
BillTheCat said:
Is this app open source so we can confirm that our private data is actually private?
Click to expand...
Click to collapse
No it is not, we have been asking for that from the beginning, but it has been moved to xposed instead of cydia now