[TOOL][OPEN SOURCE][JAVA] Lockscreen Gesture Pattern Cracking Tool - Android Apps and Games

REQUIREMENTS
Oracle Java 8 +
HOW IT WORKS
So I saw this on some shady Russian website and decided to make it more open. I researched more of it on Google and found out it was quite popular.
Your lockscreen gesture pattern is saved as an unsalted hash under the data/system folder in a file "gesture.key".
This is actually an unsalted SHA-1 hash of a sequence of bytes representing your oh so secure pattern! We shall brute force it with ourincluded custom dictionary. So the pattern can easily be surpassed, the only problem is getting to the gesture.key! Use SE or one of metasploits android privilege escalation modules.
For the nerds: http://www.cclgroupltd.com/a-rainbow-table-for-android-pattern-locks/
TL;DR We take the gesture pattern's hash and brute-force it.
USAGE
In your terminal call:
Code:
java GestureCrack gesture.key AndroidGestureSHA1.txt
Reference your paths accordingly
Source
https://gitlab.com/ken-okech-94/android_lockscreen_gesture_pattern_crack/
Download
https://www.mediafire.com/?10845bg1v6djkfg
Have fun and use the tool for white hat causes :angel:

Changelog/Issues/Bugs
Reserved

kenokech2 said:
Reserved
Click to expand...
Click to collapse
It would be nice if you give the instructions how to use it

Explicit Instructions
miju12 said:
It would be nice if you give the instructions how to use it
Click to expand...
Click to collapse
1. Clone the repo or download the compiled binary(Find the links above)
2. Install Oracle Java 8
Java 8 is important cause I used some of the new features while coding the bruteforcer
3. Add Java 8 to your path if on Windows
4. Run it like a normal Java class with the first argument being the location of the key and the second being the loaction of the custom SHA1 dictionary.
Thank you.

Related

[TOOL][AIO] StudioAndroid # Automize everything! [GUI]

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
vlt96 said:
You shouldn't try it out when you have free time, it will give you free time
Click to expand...
Click to collapse
If you like my work, please consider a little donation:
Features
FEATURES LIST​Image
Install Image Tools: Install ImageMagick and/or PIL to use my Image Tools
Convert Image: Convert any image in given directory to given extension
Resize: Batch-resizes files found in given directory with given percent or given DPIs, or resizes an APK with given DPIs
Batch Theme: Applies a theme overlay (caclulated with luminosity values) to all images found in a given directory (e.g. THEME!)
Batch Rename: Batch renames all files found in a directory with a given pattern, and renames them to given out (for porting Themes)
CopyFrom: Copies images present in directory 1 FROM directory 2 (if present in dir 2) - for themers!
OptimizeImage: Optimizes Image, so that size will be smaller
Development
Prepare Building: Installs necessary build tools
Build from Source: Builds one from many sources and even choose a device (if available)
Add Governor: Add a governor to a kernel
Install Android SDK
Install Java JDK
APK
(De)Compile
Extract/Repackage APK
Sign APK with different keys
Zipalign APK
Install APK
Optimize Images INSIDE APK
Advanced
(Bak)Smali: Lets you edit the code inside classes.dex and compile back
ODEX: ODEX a ROM
DE-ODEX: DE-ODEX a ROM
Compile to an Exe: lets you compile Python scripts to an executable for your OS
Android
Configure ADB: Connect to devices over IP, enable/disable Network ADB on connected device
Logcat
Build.Prop: Pulls Build.prop from device and let you edit it
Backup / Restore: full backup of (all optional) apps, system apps, data, shared storage
ADB File Explorer
StudioAndroid options
Clean workspace and go back to before you used this tool the first time!
Debug: Includes printing the used commands before executing and testing the latest changes
Check the log in a scrollable window with selectable text
Report a bug: Opens a reply on this XDA thread with the content of your log in it
Changelog: See what's changed!
Update: Update StudioAndroid and choose between Stable en Nightly
Restart
About: shows information about the developer, contact info, profile image, twitter etc
​
Click to expand...
Click to collapse
SCALED PREVIEW: (Click to see full preview)
​
Click to expand...
Click to collapse
Instructions
Download the latest update OR one of the stable updates
Extract in your home directory
double-click StudioUnix
Click to expand...
Click to collapse
Preparation:
Download one of the stable updates
Extract in a path without spaces (e.g. NOT in "Documents and Settings")
Double-click StudioWindows.exe
Click to expand...
Click to collapse
OR
Download and run Python
Download and run PYGTK - 32-bits
Download the latest update OR one of the stable updates
Extract in a path without spaces (e.g. NOT in "Documents and Settings")
Right-click Studio.py > Open with > Python
Click to expand...
Click to collapse
Preparation:
install python2.7: 64-bit/32-bit x86-64/i386 / 32-bit i386/PPC
Install this (GTK+ and PyGTK)
Download THIS
Run StudioUnix
Click to expand...
Click to collapse
Click to expand...
Click to collapse
​
[TOOL][Linux / Windows] StudioAndroid - GtkUI
vlt96 said:
You shouldn't try it out when you have free time, it will give you free time
Click to expand...
Click to collapse
Translate?
LINUX
First navigate to StudioAndroid directory.
Then
xgettext -k_ -kN_ -o messages.pot Studio.py
msginit
Click to expand...
Click to collapse
A new file will be created (***.po)
Open that file with PoEdit and translate the right-column
When finished, save it and rename ***.po to Studio.po and put it in StudioAndroid/lang/yourlang_YOURLANG/LC_MESSAGES
afterwards, compile it:
msgfmt Studio.po -o yourlang_YOURLANG/LC_MESSAGES/Studio.mo
Click to expand...
Click to collapse
When I update it, merge the changes using:
xgettext -k_ -kN_ -o messages.pot Studio.py
msgmerge -U Studio.po messages.pot
Click to expand...
Click to collapse
and translate the new strings in PoEdit
The file I need is yourlang_YOURLANG/LC_MESSAGES/Studio.mo, but it's handy for you and me if you also include yourlang_YOURLANG/LC_MESSAGES/Studio.po
WINDOWS
Open lang/LanguageFiles/en_US.po in a text editor
msgid indicates the original string
msgstr indicates the string you need to translate.
So translate the msgstr strings.
Afterwards, send me en_US.po renamed to yourlanguage_YOURCOUNTRY.po
Thanks!
If you cant upload files anywhere, then past the content of SA.po in Pastebin and send me the link
THanks in advance
FULL CREDITS WILL BE GIVEN
Click to expand...
Click to collapse
Info
All info is now available at Github:
Git Source
Changelog
Bugs & Feature requests
BitLy Stats
Click to expand...
Click to collapse
Credits
Ablankzin : Contributor to StudioAndroid
Popdog123: He took the MAC side of the project
vlt96: Making a game to play while waiting
KeitlG: Compiled for windows!!!
KeitlG: Helped me testing the long-awaited ReCompile Fix!
Rookie407 : He compiled this tool for windows! AWESOME! You don't have to install Python and GTK anymore!!!
Lithid-CM : He was my messias on Python in general and GTK specific. Go and give him a "THANKS!"
KeitG: Gettext translation
WilliamCharles & Lycan: Windows testers - AWESOME, THANK THE GUYS!!
Click to expand...
Click to collapse
Omega Theme Studio
vlt96 said:
You shouldn't try it out when you have free time, it will give you free time
Click to expand...
Click to collapse
Features
This is a mode of StudioAndroid.
To go to this mode, run StudioAndroid > Options > Toggle Omega.
The purpose of modes is to specialize the GUI for specific actions and functions.
The purpose of the Omega Mode (AKA OmegaThemeStudio) is to create themes for Omega Apps on the fly.
FEATURES LIST
Retrieving styles
Download styles from official TeamSyndicate dropbox (30 and more styles!)
Upload your own style folder to the tool
Import selected styles from a CM-Theme.apk or ThemeUpdate.zip (!!)
Editing styles
Colorize the images, the same way as StudioAndroid does
includes selecting specific styles (clock, battery, signal, notification etc)
Customize on the fly!
This tool supports customizing all available values in XMLs
That means:
Editing clock colors
Editing clock dividers
Editing icon locations (for all notifications seperately)
Padding between icons
Clock size
Text size
AND MORE!
Building
Build with your own theme name and version
Dev name
"HELLO!" text on startup
E-Mail, website and version
Click to expand...
Click to collapse
Instructions
1. Download StudioAndroid as instructed in post #1
2. Run it as instructed in post #1
3. Click Options > Toggle Omega
Done​​
Click to expand...
Click to collapse
edit: out of date
KeitIG said:
Ok, i reserved this post for my translation
Click to expand...
Click to collapse
Good one!
I'll link already to the post xD
Could you add this piece of text to the top of your post?
Looks official
HTML:
[CENTER][IMG]http://www.mupload.nl/img/s81uiuto3.png[/IMG][/CENTER]
I'm getting errors using Cygwinn on Windows to execute your scripts, mainly with variables ><
I'm going to execute it with VirtualBox
KeitIG said:
I'm getting errors using Cygwinn on Windows to execute your scripts, mainly with variables ><
I'm going to execute it with VirtualBox
Click to expand...
Click to collapse
That would be possible indeed.
I think I am going to investigate a bit in Cygwin to make it compatible.
When using VirtualBox, use Ubuntu 10.04 LTS (64-bit preffered!)
Greets!
Add: could you post the errors or PM them to me??
Greets!
HELP​
What does your script do?
Well, look at the screenshot! And then look at the explanation below.
Update
Check ONLINE for updates!
Utils
Install Utilities
You are now able to install ADB, APKTOOL, AAPT, 7z, (bak)smali and a lot more seperately or together. This makes it easier for you to use them!
Resize pictures
Seems clear enough. It resizes pictures for you, theme conversion is easy!
Now also includes a small manual..
Batch Theme
This places a color layer over an image.
You can theme 1000 images in 4.31 seconds (I timed it).
Please note that if the current color is red and you want purple, you are not gonna add purple to it, but blue!
CopieFrom
It copies images that are in Directory A FROM Directory B.
Example: A contains 1 2 3 4 5, B contains 2 3 5 6 7 9 8
2 3 and 5 get copied over. Handy for theme porting!
Optimize Images
After selecting Extract APK, you can optimize images so they look better.
Click to expand...
Click to collapse
Develop
Install SDK
Installs the Android Software Development Kit.
You can run Virtual Machines with Android with it, and create APPS.
Install JDK
Installs the Java Development Kit.
You can develop in java and for Android with it.
Prepare Building
A lot of things should be installed before you can build your ROM from source.
This option does that for you, you don't have to do anything yourself again
Build from Source!
You can build a ROM from online sources with it! ALl you need is in it, but for any help you can always PM me!
Build Kernel
BETA!
You can sync the kernel sources with it. THAT'S IT FOR NOW!
Switch BUILD-Mode
Unfortunately, every device has its own sources to build a ROM or Kernel with.
I made this tool to be able to switch from devices
If your device is not (yet) included, then use option "Include".
Click to expand...
Click to collapse
APK​
Compile APK
The way Android reads the files inside an APK is not the way we do.
Compiling transforms our files into Android files. That's the only way I can explain...
Decompile APK
Undo compile, so we can edit code.
Extract APK
Leave everything intact, but extract. You will not be able to edit anything other then images!
Sign
Every APK needs a signature to verify the Permissions and files in the APK.
This tool does that for you
You can now also choose the Key
Install APK
Install it on your device via USB without a popup.
Zipalign
Aligns the APK. That makes it faster
Click to expand...
Click to collapse
Advanced
Baksmali
This allows you to "decompile" the classes.dex file in the APK so you can edit the code of your APK!
Smali
After you edited code, you need to "compile" again. Using this!
De-Odex
WIth system APKs, the smali files are not inside the APK, but outside. Inside an ODEX file.
De-odex includes the files inside the APK, so that it it needs less space
Warning: ODEX apps can be imported in dalvik straight.
DE-ODEXED apps don't. So De-Odexed is a bit slower...
Click to expand...
Click to collapse
Aroma​
I am working on this.
Many features will be added, but for now it's just a few options.
Click to expand...
Click to collapse
So, I dont need to download the sources when building from source?
dhruv.always said:
So, I dont need to download the sources when building from source?
Click to expand...
Click to collapse
The script does it for you.
Further explanation: building from source option actually just syncs the source. I think I even forgot to sync the device and vendor too, I'll check on it.
complete .zip file uploaded with AC and ACI translated. There should be some mistakes but i'll correct them when there will be a new release
(cf my post)
KeitIG said:
complete .zip file uploaded with AC and ACI translated. There should be some mistakes but i'll correct them when there will be a new release
(cf my post)
Click to expand...
Click to collapse
Thanks for that
I had an idea: could you add an option in the menu to add manualy a source location ?
When sources are downloaded, where can we found them to edit them ?
And will this script be only for optimus one or for other devices ?
KeitIG said:
I had an idea: could you add an option in the menu to add manualy a source location ?
When sources are downloaded, where can we found them to edit them ?
And will this script be only for optimus one or for other devices ?
Click to expand...
Click to collapse
1 there is, use option 1 in the Build menu (Other)
EDIT: whoops, there isn't... I think I'll change to the home directory.
2 you can find them in your Android Central folder /WORKING_DIR_x
x is the number of the option you chose to fetch it.
3 It already is for other devices, use the Other option
Greets!
Updated
###v0.12
[^] Implemented BuildKernel
[^] French translation by KeitG - THANKS!
[^] Some small code improvements. Visual changes to the MAIN MENU
[^] Added switches and commands. example: "./AC [menu option]" to go to that option DIRECTLY. "./AC -h" to go to the HELP page
[^] SubDirs now supported in Resize (example: drawable-hdpi gets copied over)
[^] BetaInstaller inside ACI script
[^] Every output will now be visible inside LOG!
[^] Implemented CASE options, more clean. Implemented InvalidOption.
[^] Utils.zip is now less then HALF the previous size
Click to expand...
Click to collapse
any suggestions are REALLY appreciated!
Thanks @kssood for suggesting awesome things!
thanks @ta for the idea of kernel building (although is still much work to do!)
I Figured out people like previews...
Do you?
BuildKernel mean it will download kernel source? and then we can build kernel or it's diff? Sorry for bad english
cips gokhle said:
BuildKernel mean it will download kernel source? and then we can build kernel or it's diff? Sorry for bad english
Click to expand...
Click to collapse
Build kernel is exactly as it says. You can build a kernel from a source.
I included Arjen, Arjen 3.0, thunderVN, Cyanogenmod and stock Android.
But t's still beta!
Greets!
mDroidd said:
Build kernel is exactly as it says. You can build a kernel from a source.
I included Arjen, Arjen 3.0, thunderVN, Cyanogenmod and stock Android.
But t's still beta!
Greets!
Click to expand...
Click to collapse
got it thanks and can you add franco source

best way to decompile android

hello
i lost my android project source and all things which i have is my apk file which is obfuscated by proguard
i tried many decompiling options :
1- dex2jar with jd gui : this gives me source with lots of errors(all variable names are paramView which a have to edit my self) and after fixing all errors it results in a blank activity (setcontentview is called correctly but i dont know why it is blank (black))
2- JADX : this is excellent and gives me fewest errors and i run it with no problem
3- procyon : few errors and blank (black)activity after running !
------------
so best choice is JADX but source is obfuscated and because JADX converts dex to java directly i can not use any .jar deobfascating utility to deobfuscate code
so main question is this : how can i deobfuscate java sourcre(mass auto rename all field (var,method,class) to a meanigful name) ? (i can do it by eclipse refactor but it is slow and i have to do it one by one,it is great if i can refactor all automaticly )
any help is appreciated
thanks

[TOOL][Windows] Zip Builder v4.5.2 - Build and Sign ANY script based installer

Zip Builder is a stand-alone Windows exe (ZipBuild.exe) that can be used to build and sign Android zip-based installers from Windows folders. All required components to build and sign a zip installer are included - no additional files or software are required. The only requirement is that you have a current version of Java installed on your system. Zip Builder can be used on both shell-script and edify-script based installers and performs the proper build and signing methods, accordingly.
Although it's highly recommended to install the software using the Windows Installer (see below), the stand-alone exe is all that's required to use the program. The program command line options are as follows:
ZipBuild.exe <option1> <option2...> <*Folder Name>
Valid options are as follows:
'm' or '-manual': Manually select folder to be processed
's' or '-signed': Append '-signed' to the output file name
'5' or '-md5': Generate corresponding MD5 checksum file
'c' or '-confirm': Confirm options before building
'g' or '-gitinclude': include .git folders and related files
* Ignored when using manual selection mode
OPTIONS EXPLAINED
'm' or '-manual': In Manual mode you will be presented with a dialog box where you can manually select the folder containing the files to be processed. *When using Manual mode, the folder name will be ignored if it was provided in the command line
's' or '-signed': This option will append '-signed' to the output file name. For example: Folder name 'UPDATE-adb.Installer.v1.0.36' would produce a signed zip file named 'UPDATE-adb.Installer.v1.0.36-signed.zip'.
'5' or '-md5': This option will create a separate, corresponding MD5 checksum file that can be used to verify file integrity in TWRP or with other Windows checksum utilities.
'c' or '-confirm': When this option is used, you will be presented with a dialog box where you can confirm (or change) the 2 options above. If either (or both) options above have been specified on the command line, the checkboxes will be pre-selected accordingly. Once you're satisfied with your selections, click the 'Build Zip File' button to begin the zip building and signing process.
'g' or '-gitinclude': This option will include any .git folders and related files (.git, .gitignore, and .gitattributes) that are excluded from the zip file by default. [Should rarely be needed, if ever]​
ZIP BUILDER SETTINGS MANAGER
Zip Builder Settings Manager (ZipBuildSettings.exe) is an optional companion app that can be used to manage the settings and options (shown below) for Zip Builder:
You can choose to create Windows Context (Right-Click) menus that will allow you to build a signed zip installer simply by right-clicking on a folder name. Folder names that end in '20YYMMDD' or '20YYxxxx' as well as folder names that begin with 'UPDATE' are supported in Windows 7 and above. You can also enable the option to build from any folder by holding the SHIFT key while selecting the folder.
You can choose when to display the confirmation dialog
You can choose when to append '-signed' to output file names
You can choose when to create md5 checksum files
You can choose to include all .git folders and related files (see above)
DATE CODE FEATURE
If you're building from a Windows folder name that ends in '20YYMMDD' or '20YYxxxx', Zip Builder will give you the option to change or update the date code portion of the file name before building the zip (it will also suggest the current date's date code - YYYYMMDD). And, if you're building a zip installer that includes a g.prop file (found in many GApps packages), the installer will read the date code from the 'ro.addon.*_version=' property and automatically use it in place of the date code from the Windows folder name.​
WINDOWS INSTALLER
As mentioned above, you'll have the best user experience if you install Zip Builder using the Windows installer. It runs in standard user mode (no Admin access required or requested) and installs the Zip Builder and Zip Builder Settings exe's in: 'C:Users<user>AppDataRoamingZip Builder'. The installer will create a program group and shortcuts in the Windows start menu (and optionally on the desktop) that can be used to launch Zip Builder in 'manual selection mode', where the user can manually select the folder they wish to build. The installer will automatically run Zip Builder Settings Manager at the conclusion of the install where you can configure the settings and options to your personal preference.
Uninstalling Zip Builder from the Windows Uninstall menu will remove all traces of the software from your system. And, since Zip Builder, Zip Builder Settings Manager, or its installer will NEVER prompt for UAC access, you can be confident that it's not touching the Windows operating system. Of course, all source code is available if you want to check for yourself - you can even build it for yourself, if you want!​
TECHNICAL NOTES
Version 4.3+ of Zip Builder includes the new ZipSigner 2.1 Java executable that was rewritten from the ground up by @topjohnwu for use in his Magisk root management software. This change will allow you to build the largest zip installer on even the smallest 32-bit machine. I was able to build a 1.0+GB shell-script based installed on a 32-bit Windows XP machine with only 1GB of RAM.
If you have had java heap size issues building zip installers in the past, version 4.3+ of Zip Builder should completely eliminate these problems.​
XDA:DevDB Information
Zip Builder, Tool/Utility for all devices (see above for details)
Contributors
TKruzze
Version Information
Status: Stable
Current Stable Version: 4.5.2
Stable Release Date: 2020-09-06
Created 2018-01-23
Last Updated 2020-09-06
Anti-Virus False-Positives
ANTI-VIRUS FALSE-POSITIVES
There have been reports of false-positive flaggings of Zip Builder and/or the Windows installer. While I can, personally, assure you that there's no malware included in Zip Builder or its installer, I also understand that there may be some concern with using software that's been flagged on your machine.
To allay your concerns as best as possible, I have included 100% of the original source code for you to inspect and/or build the software yourself. Again, there is no possibility of malware as I do all of my compiling on a clean machine that is not connected to the internet. I have also submitted all 4 Windows executables to the major AV inspection service on the net. Below are the results of these inspections:
VirusTotal.com
ZipBuild.exe (32 bit) 7/68
ZipBuild.exe (64 bit) 2/68
ZipBuildSettings.exe 4/67
Zip Builder_4.5.2_Setup.exe 1/69
Sources & Acknowledgements / Recent Changes
SOURCES AND ACKNOWLEDGEMENTS
Zip Builder has existed for me since way back in 2013 when I started developing GApps packages. I've added features here and there and finally decided to share it. After privately sharing with @osm0sis, I received a lot of very constructive feedback and based on this, I polished the interface and added some new features. A big thank you to @osm0sis for this feedback. Without his input, it would look a lot clunkier than it does today.
All source code is provided, however, it's only appropriate for me to publicly acknowledge that this work includes code and binaries from several third party sources. Below is a complete list of these sources. You will also find this list as well as the actual code and binaries in the Source Code Zip file available for download.
Zip Builder
------------
Zip Builder is Copyright (c) 2013-2020 by @TKruzze
Original source code and compiled executables can be found on
XDA Developers. Zip Builder also includes code and compiled
executables from the sources listed below:
ZipSigner
---------------
ZipSigner is Copyright (c) 2016-2020, John Wu @topjohnwu)
Original source code and license can be found at:
https://github.com/topjohnwu/Magisk
The version of ZipSigner used in Zip Builder was built by @topjohnwu using the source code above and optimized using ProGuard optimizations
Info-ZIP
----------
Info-ZIP is Copyright (c) 1990-2007 Info-ZIP
Original License can be found at:
http://www.info-zip.org/license.html
Downloads can be found at:
ftp://ftp.info-zip.org/pub/infozip/win32/
Original source code can be found at:
https://sourceforge.net/projects/infozip/
Hashutils
----------
The MD5 Checksum code and executable are from code.kliu.org
Original source code and compiled executables can be found at:
http://code.kliu.org/misc/hashutils/
SUMMARY OF RECENT CHANGES
SEPTEMBER 6, 2020 - v4.5.2
Fixed RegEx bug (oversight) that only supported automatic folder renaming through the year 2019. Now we're good through the year 2029.
As always, the best and easiest way to update is to simply install the new version using the Windows installer without uninstalling the previous version. All of your settings and options will be retained
NOVEMBER 1, 2018 - v4.5.1
Updated the cleanup function to also include removal of the SignAPK*.tmp files that are created in the %TEMP% folder during the signing process.
- Thanks to @osm0sis for reporting
MARCH 26, 2018 - v4.4.0
Updated the ZipSigner java executable to v2.1-min. This version is significantly smaller than v2.1 (458K vs 4.0MB) and was built by @topjohnwu, himself, using using ProGuard optimizations
Recompiled Zip Builder Settings Manager (ZipBuildSettings.exe) without UPX compression to try and further minimize AV false-positives
Windows installer now built using lzma2/max compression and no longer uses solid compression. This was done to optimize installation speed and further minimize AV false-positives
MARCH 25, 2018 - v4.3.0
Updated signing code with the new ZipSigner 2.1 Java executable that was rewritten from the ground up by @topjohnwu for use in his Magisk root management software. This change will allow you to build the largest zip installer on even the smallest 32-bit machine. I was able to build a 1.0+GB shell-script based installer on a 32-bit Windows XP machine with only 1GB of RAM.
- Thanks, of course, to @topjohnwu, but also to @osm0sis for the heads up on its existence
- Thanks to @jenslody for building it for inclusion here.
Since memory and java heap size issues are now resolved with the above change, I have removed all memory and java heap size checks from Zip Builder. The above change also allowed me to remove the separate test key files (testkey.pk8 and testkey.x509.pem), signapk.jar, zipadjust, and minsignapk.jar executables as their functions are all now contained in the new ZipSigner 2.1 Java executable mentioned above.
Installer will now clean up its 'temp folder' files before displaying the 'COMPLETED' message. On slower systems this should reduce the delay when selecting the 'Close' button after Zip Builder completes the signing process.
- Thanks to @osm0sis for reporting and helping track down the issue
Zip Builder is now built without UPX compression on the Windows exe's. This was done to try and reduce false-positives that may be reported by your AV software. If you're still having AV hits, please read the ANTI-VIRUS FALSE-POSITIVES section on the OP.
Fixed bug in installer that would corrupt the context (right-click) menu settings on an update (not initial) installation.
- Thanks to @osm0sis for reporting and helping track down the issue
Excellent! Glad to see a public release! I was using Zip Builder all day to prepare my latest round of updates for my Odds and Ends thread, and it couldn't be easier!
It's been great working with you again @TKruzze, I knew you couldn't stay away from contributing awesome things to the community for too long.
Looks very cool! You're inspiring me to clean up and release a tool that I built which has no current equivalent.
Seeing as this uses Java, what would it take to make it work under linux? As a staunch Linux/osx user who only runs a windows VM for flashing his Samsung with odin, I would love to integrate this into my workflow, but without linux or Mac support for me personally that will be difficult ?
This is an incredible contribution. Thank you for making this public and for your hard work!
partcyborg said:
Seeing as this uses Java, what would it take to make it work under linux?
Click to expand...
Click to collapse
The only thing I'm actually using Java for is the signing portion of the process. There's no real way I can think of to easily port the rest of it to Linux. Thanks for the feedback!
wow thanks @TKruzze :good:
this will be really helpful for my future firmware updates ✌
Ok im very very new to all this but does this make zips that are flashable in twrp? Im wanting to learn how to do that if you guys could point me in the right direction id be thankful.
papasmurf879 said:
Ok im very very new to all this but does this make zips that are flashable in twrp? Im wanting to learn how to do that if you guys could point me in the right direction id be thankful.
Click to expand...
Click to collapse
yes
you need update-script and update-binary along other files
TKruzze said:
The only thing I'm actually using Java for is the signing portion of the process. There's no real way I can think of to easily port the rest of it to Linux. Thanks for the feedback!
Click to expand...
Click to collapse
My mistake. Thanks for the explanation! I'm sure then that this will run in wine however, I may give it a shot at some point. If I do I will let you know.
kamilmirza said:
yes
you need update-script and update-binary along other files
Click to expand...
Click to collapse
Thank you for replying im doing searches right now trying to figure it out.
papasmurf879 said:
Thank you for replying im doing searches right now trying to figure it out.
Click to expand...
Click to collapse
Advanced, but check out my thread here and the linked resources: [DEV][TEMPLATE] Complete Shell Script Flashable Zip Replacement + Signing [SCRIPT]
The EDIFY references/resources are the place to start. :good:
Can i create flashable zips of my apks. I Flash custom roms very often and some apps are needed as my daily driver so can i make a flashable zip of those apk file and flash via this tool
Ash225 said:
Can i create flashable zips of my apks. I Flash custom roms very often and some apps are needed as my daily driver so can i make a flashable zip of those apk file and flash via this tool
Click to expand...
Click to collapse
Have you tried this?
This tool in this thread is for making a zip if you already have the components (updater script and binary).
madbat99 said:
Have you tried this?
This tool in this thread is for making a zip if you already have the components (updater script and binary).
Click to expand...
Click to collapse
Thanks but i knew about this app i want to creat zips from my computer and not from my phone thats why i asked the question thanks for your prompt reply
This looks like this tool that will, hopefully, be helpful for one of my other little projects that I had to put aside till I finish catching up with some other projects/developments that's already on my plate.
I already have a working set of script commands for safely disabling the Google Play Protect but, i will need a medium/delivery system before I can release it and this looks promising to help with this.
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Did you just give me a Trojan? Because Defender says so and even VirusTotal was positive about this. Beware about using this software!
Djentist said:
Did you just give me a Trojan? Because Defender says so and even VirusTotal was positive about this. Beware about using this software!
Click to expand...
Click to collapse
Yeah, I'm sure one of the most respected developers on XDA would do that. I'd be more worried about those antivirus softwares you're using than anything.
Djentist said:
Did you just give me a Trojan? Because Defender says so and even VirusTotal was positive about this. Beware about using this software!
Click to expand...
Click to collapse
Definitely not a very responsible post to make. There's nothing wrong about reporting your findings, but to make an accusation like this is a bit irresponsible. I also seriously doubt that Microsoft Defender identified this as a virus (as you claim).
Anyways, here are the facts: There is no virus or malicious behavior. Below are the actual results of scans by VirusTotal and VirScan
Zip Builder_4.2.1_Setup.exe
VirusTotal.com (0/65)
VirScan.org (1/39)
ZipBuildSettings.exe
VirusTotal.com (2/66)
VirScan.org (2/39)
ZipBuild.exe (32 bit)
VirusTotal.com (2/66)
VirScan.org (2/39)
ZipBuild.exe (64 bit)
VirusTotal.com (1/65)
VirScan.org (1/39)
Based on personal experience, ANY file that is not signed with a Microsoft Root Certificate and/or uses UPX compression is going to produce false positives with the heuristics deployed by some of these 'so called' anti-virus software products in the marketplace. I'm actually surprised the numbers are as low as they are.
All that said, if you are not comfortable using the software, fine. But please exercise responsible reporting if you have questions or concerns. A big part of the reason for me releasing all the source code is to avoid having to defend myself from people making exactly this type of assertion.

[Linux] Install postmarketOS Linux on the Poco F1

postmarketOS (or pmOS for short) is a full Linux distribution for mobile devices and has a rather stable and actively developed port for the Poco (albeit missing key features). You can even choose your desktop environment with choices ranging from mobile friendly like Librem 5's Phosh to full desktop environments like XFCE4.
postmarketOS website: https://postmarketos.org/
postmarketOS wiki: https://wiki.postmarketos.org/wiki/Main_Page
postmarketOS Poco F1 wiki page: https://wiki.postmarketos.org/wiki/Xiaomi_Poco_F1_(xiaomi-beryllium)
Is it possible to install apps like JDownloader?
amn1987 said:
Is it possible to install apps like JDownloader?
Click to expand...
Click to collapse
If they have linux arm builds yes
Nice video. Thanks for creating a video on our work!
CedArctic said:
If they have linux arm builds yes
Click to expand...
Click to collapse
JDownloader runs in Raspberry Pi and a bunch of other SBCs and NAS devices which are mostly ARM and run Linux. So I guess it's doable?
LibreOffice can now be installed on a PinePhone running PostmarketOS. The Pocophone F1 is faster than the first PinePhone. To have LibreOffice on a PostmarketOS Poco F1 would be highly desirable.
An Instruction how to install LibreOffice on a PinePhone with PostmarketOS can be found on my personal website. The instruction can eventually be used to install LibreOffice on a PostmarketOS Poco F1:
https://petergamma.org/how-to-resol...ice-running-on-a-pinephone-with-postmarketos/
it is very complex the postmark to install ...
there is another possibility postmark to install
install with fastboot or twrp possible?
kafitüfo said:
it is very complex the postmark to install ...
there is another possibility postmark to install
install with fastboot or twrp possible?
Click to expand...
Click to collapse
It's not that complicated actually, try to follow this after installing pmbootstrap:
postmarketOS - Mate
-pmbootstrap init
-pmbootstrap install
-pmbootstrap flasher flash_rootfs --partition userdata
-Fist thing that I recommend after installation is to move the top bar to the bottom due to the notch covering it, than you can persoalise as you want.
Display
set display scaling to 200%, apply and logout
On our pocof1 I don't recommend yet to change screen rotation unless you know what you are doing, turning the screen to landscape via the displays settings will make your touch screen not follow the screen rotation and you will have hard time to put it back.
Store app
-Install "Discover" store (sudo apk add discover)
-sudo apk update, to make Discovery work you should open a KDE installation link from web browser or "Discover" will close itself when opened (e.g. search for kde clock on google and open the first link "Clock - KDE Applications") hit the "Install on linux blue icon" hit open link and Discover will open, this time you will have lots of apps available.
obs: launch apps from Discovery does not work however you can uninstall apps from it.
Firefox
to make Firefox touch screen friendly follow the postmarketOS wiki
https://wiki.postmarketos.org/wiki/Xfce4#Firefox
phone apps
-sudo apk add calls
-sudo apk add chatty
-sudo apk add gnome-contacts
-sudo apk add modemmanager
-sudo rc-service modemmanager start
-sudo rc-update add modemmanager default
this is just a compilation of information gathered from the wiki and my experience on it.
i don't own nothing here.
Hi
Can I run whatsapp.apk without compatibility issues?
cesarbrofc said:
Hi
Can I run whatsapp.apk without compatibility issues?
Click to expand...
Click to collapse
Since postmarketos is Linux, not Android, you'll either need to use the web whatsapp version or run it through Waydroid

[Android 12 / LineageOS 19.1] Manual patch to services.jar for signature spoofing

I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.
Background
Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.
To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.
Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).
A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.
Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.
The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.
This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.
Patching
This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
Obtain the file services.jar to patch. For example:
Pull it from your device: adb pull /system/framework/services.jar – or –
Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
Extract the file with APK Tool: apktool2 d -o services services.jar
Make the changes that allow signature spoofing. Either:
Apply the patch attached to this post: patch -i services.diff -p0 – or –
As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
Recompile the modified framework: apktool2 b -c -f -o services.jar services
Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.
One More Thing
For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:
/data/dalvik-cache/arm64/[email protected][email protected]@classes.dex
/data/dalvik-cache/arm64/[email protected][email protected]@classes.vdex
Further Steps
These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.
Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
Aqq123 said:
Patching
This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
Obtain the file services.jarto patch. For example:
Pull it from your device: adb pull /system/framework/services.jar – or –
Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
Click to expand...
Click to collapse
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
kullanici32 said:
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
Click to expand...
Click to collapse
I don't know anything about Samsung but try here:
[TUTORIAL] How to Edit Unpack & Repack Samsung system.img or system.img.ext4
Follow https://stackoverflow.com/questions/58541074/how-to-unpack-modify-pack-and-flash-system-img-ext4-file-using-odin a) Modifying With simg2img system.img.ext4 system.img, you will get a raw image file named system.img With mkdir system...
forum.xda-developers.com
Alternatively you can just take services.jar from a live (running) system.
kullanici32 said:
can i do this method for android 12 one ui 4.1 s10e? it says extract lineage os from system image but how do i do that in one ui?
Click to expand...
Click to collapse
There are many good custom Rom for s10e. Why do you want to start with one UI ?
kurtn said:
There are many good custom Rom for s10e. Why do you want to start with one UI ?
Click to expand...
Click to collapse
due to some dysfunctions and design change, I will debloat one UI 4.1 and turn off google and samsung services in the back and make it like lineage os as much as possible, but the main services I use will be samsung applications. so i have a dream
kullanici32 said:
due to some dysfunctions and design change, I will debloat one UI 4.1 and turn off google and samsung services in the back and make it like lineage os as much as possible, but the main services I use will be samsung applications. so i have a dream
Click to expand...
Click to collapse
I've seen people doing similar things on android 12
Signature Spoofing on unsuported Android 11 (R) Roms
How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com
kurtn said:
I've seen people doing similar things on android 12
Signature Spoofing on unsuported Android 11 (R) Roms
How to get Signature Spoofing working on Android 11 (R) Roms that have no support for Signature Spoofing? In my Case here I use a Samsung Galaxy S8 with an unofficial LineageOS 18.1 (Android 11) by stricted I use TWRP recovery but this should...
forum.xda-developers.com
Click to expand...
Click to collapse
because once you use samsung software, you can't quit. (of course debloated) I have used my phone without root until now, only by disabling system applications. now I'm trying to remove as much samsung/google as possible from the system or whatever services are unnecessary for me, I will do just like micro g for lineage os, the only difference is by using quality applications such as gallery phone application, because lineage os is very lousy.
Aqq123 said:
As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now
Click to expand...
Click to collapse
How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
so how do i open this file and where do i patch it?
kullanici32 said:
How can I manually edit this file? because the attached file is 288kb and the one in samsung is 390kb.
so how do i open this file and where do i patch it?
Click to expand...
Click to collapse
Of course. The patch is against current LOS 19.1, and this is the only situation where you can replace the whole .smali file instead of reapplying the patch. On other flavors of Android you'd have to redo the equivalent manually. In some cases it might even take a different patch altogether.
These are all text files. Just use any text editor, preferably with syntax highlighting, such as Notepad++. First look at services.diff. This is the code you want to add.
Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined. The patch works by adding two private methods:
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
These can really be added anywhere but preferably within the same .smali file.
Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).
Maybe it's easier to understand if you look at the original code, not the decompiled one: https://github.com/lineageos4microg..._patches/android_frameworks_base-S.patch#L128 This is why I linked to it in the top post.
Again, I don't know anything about Samsung One UI. The implementation might be different. So another approach would be to find a version of Samsung's services.jar patched for signature spoofing (possibly for an earlier version of Android) and decompile it to see how it's done there.
Aqq123 said:
Now, in the APK you decompiled, look for where .method public final generatePackageInfo(Lcom/android/server/pm/PackageSetting;II)Landroid/content/pm/PackageInfo; is defined.
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
I just write this code you say?
Or should I search for the code you provided in services.diff and copy the places marked in blue and copy the entire blue one into my original compiled file?
Aqq123 said:
Finally, you change the code for generatePackageInfo(...) accordingly so that: (1) signature faking is added (OR-ed) to computed permissions for apps that have this permission granted, and the fake signature is returned where applicable instead of the actual one with applyFakeSignature(...).
Click to expand...
Click to collapse
I hardly understand what you mean here.
i'm a bit of a novice
EDİT:
I added the blue parts after I found the red part, now I'll compile and test (I've probably missed something, but I'll have a look)
EDİT2:
generatePackageInfo
I searched for the code you said, but there were 3-4 (there was 1 that continued as L, and I deleted the one in this picture)
and i replaced it with this
I'll compile it now, probably won't, but...
This is the first time I've been in such a complicated business.
EDİT3: (FİXED EDİT 4 I went inside the extracted folder and solved this problem now it keeps compiling)
It gives such an error, why? (apktool2 command didn't work when extracting the file, it worked when I made apktool, ignore it) but now when recompiling it gives an error as in the picture.
EDİT5:
such an error???
EDİT6:
now that this did not happen, after extracting the jar file, I packed it again without making any changes, the original 30 mb file decreased to 20 mb and transferred to the device with mtp, then I copied it with root browser, the device system ui restarted and opened, the permissions were something like rw rw rw, maybe rw rw is Then I rebooted but the phone bootlooped. that is, if I decompile the original file and repackage it without doing anything else, it breaks down. :/
Aqq123 said:
I haven't seen this shared anywhere but it's really quite straightforward if you know what you're doing. Maybe it helps someone to post it here. The next section is only for completeness, feel free to skip past it to get to the gist of it.
Background
Android by design depends for full functionality on Google services. These are normally provided by a proprietary application package com.google.android.gms. MicroG is an open-source replacement for Google services, allowing the user to take advantage of working notifications, location backends, installer, and other essential services, without compromising privacy and giving Google a backdoor to your device.
To operate properly, MicroG needs the ability to pretend it is the actual Google services application package, signed by Google. Hence the need for signature spoofing.
Official LineageOS builds do not include the ability to spoof signatures. Thus, using LineageOS with MicroG takes extra steps such as building patched LineageOS locally (a resource-consuming endeavor), or taking advantage of the LineageOS for MicroG builds helpfully provided in collaboration with the MicroG team (which however, due to resource constraints, are updated less often and lag behind the official builds).
A third solution is to patch an already-built system at installation time. This was initially implemented with Needle by souramoo, forked and improved upon as Tingle by @ale5000, which eventually inspired a wholly different approach with DexPatcher by @Lanchon, a tool allowing flexible patching of Dalvik executables, in particular services.jar, where signature spoofing is commonly implemented. Relevant patches for DexPatcher were authored by Lanchon himself up to Android 9. Later on, @oF2pks picked up the work to provide patches for Android 11.
Unfortunately, no such patch to be used with DexPatcher has existed from Android 12 onwards. One other option includes installing the FakeGApps Xposed module as forked and updated by whiz-inc. While it's great it exists, and the author's work should be appreciated, it's a complication and an unnecessary burden in many scenarios to depend on Xposed (and thus Magisk and LSPosed or the like) as a prerequisite for the patch to work. It's also worth it to be aware that the implementation makes it less secure than the traditional signature spoofing method.
The DexPatcher approach has several advantages. The patch can be more flexible and continues to apply as the underlying code changes. In comparison, the simple approach presented here is much more primitive and might require readjustment as new versions emerge over time. However it might still be good to know it works.
This way you can use the latest official LineageOS with MicroG, and update at will, as soon as new builds become available.
Patching
This is not a walkthrough, and I'm not going to explain everything step-by-step. Rather, the purpose is to give you the general idea what to do, which you can then adjust to your specific use case.
Obtain the file services.jarto patch. For example:
Pull it from your device: adb pull /system/framework/services.jar – or –
Extract it from a LineageOS image: payload-dumper-go -p system payload.bin and imgextractor system.img
Extract the file with APK Tool: apktool2 d -o services services.jar
Make the changes that allow signature spoofing. Either:
Apply the patch attached to this post: patch -i services.diff -p0 – or –
As of current LOS 19.1 builds (Nov 2022), you can just replace the single file: smali_classes2/com/android/server/pm/PackageManagerService$ComputerEngine.smali with the one attached to this post.
Note: this might not always hold in the future. You might even need to apply the patch manually if the source changes too much. Either approach works for now.
Recompile the modified framework: apktool2 b -c -f -o services.jar services
Note: This will overwrite the original services.jar. The -c flag to APK Tool is important as it keeps all the original META-INF inside it intact.
Copy services.jar over to the device: adb push services.jar /system/framework/ and you probably also have to adjust the permissions accordingly
This approach should work for any Android version in principle, although the exact patch might differ. However, since better options exist for Android 11 and below, you are probably interested in applying this to Android 12 or higher only.
One More Thing
For Android 12, an extra step is critical to ensure no bootloop on subsequent boot (2nd and then on), since oat_file_manager.cc now includes a check if OAT (.odex/.vdex) files are loaded from "trusted" locations only (effectively, the /system partition). You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
The .vdex file will be created as well (these files already exist but should be overwritten, check the timestamps or you might want to delete them beforehand just to be sure). If you skip this step, the device will boot the 1st time but then the optimization files will be generated and saved in /data/dalvik-cache/. On any subsequent boot, an attempt to load these files from an "untrusted" location by the system will throw a fatal error and the Zygote process will die with the message: "Executing untrusted code from [...]". If you somehow find yourself in this predicament, delete the following files and reboot to temporarily make it work one more time:
/data/dalvik-cache/arm64/s[email protected][email protected]@classes.dex
/data/dalvik-cache/arm64/[email protected][email protected]@classes.vdex
Further Steps
These are not all the required steps to install MicroG on an official LineageOS installation. You still want to, in particular:
Install at least the main MicroG app (GmsCore) and a dummy signature spoofing APK (also attached to this post) as priv-apps
Set up the priv-app permissions accordingly – otherwise you'll get a bootloop
Likely also install FakeStore, Aurora Store/F-Droid, and location backends of your choice, etc.
However: this is a simple solution to perhaps the most cumbersome aspect of signature spoofing. It's not necessary to resort to Xposed modules to get it working on Android 12, or to depend on a special build with the spoofing patched in at compilation time.
Credit: The patch .smali code has been reverse-engineered from the spoofing patch for LineageOS for MicroG builds.
Click to expand...
Click to collapse
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.
Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
JedidroidX said:
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.
Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
Click to expand...
Click to collapse
Don't use signature spoofing app. The only relevant measure of success is microG self-check. Use an installer to make microG a system app.
JedidroidX said:
I followed your steps for my OnePlus 8T on Lineage 19.1 and the signature spoofing app says disabled. When recompiling the system.jar with the new file copy and pasted in classes 2 the new system.jar is smaller than the original. Perhaps there is the issue with spoofing. Any information on this matter is much appreciated. Thank you for a great post btw.
Below is the attachment recompiled, perhaps some one else maybe interested in giving it a try or to just examine and find where the error may exist or to conclude it's my own error in recompiling.
Click to expand...
Click to collapse
I don't see any attachment (seems you edited your post) but I guess you recompiled it fine. If you didn't, the device would have ended up in a bootloop (Zygote process wouldn't start), so you'd definitely know. It should be services.jar though, not * system.jar, so maybe you didn't install it properly? Smaller file size is expected, since the repackaged version uses stronger compression as a ZIP file, so nothing to worry about. Again, if there's any problem with the modified services.jar, the device wouldn't get past the boot animation.
I'm not sure what you mean exactly by "signature spoofing app says disabled." It's not an actual app: it doesn't have any code, and won't show up in Launcher. Its only purpose is to add this permission. That being said, if you go into: Settings → Apps → See all ... apps → ⋮ → Show system → Signature Spoofing, there should be a button saying Disable (meaning it's enabled now), and not Enable (which would mean it were disabled at the time). Also, if you go further from that screen into Permissions → Additional permissions → Signature spoofing it should say Allow for this app, and when you click See all apps with this permission, it should show microG Services Core there as Allowed. If you set it up well this is all done automatically with the configuration files, you shouldn't have to go through the settings to change anything via the UI.
As I wrote in the original post, additional steps are required to fully set up MicroG, which is really outside the scope of this thread. These are, for the most part, the same steps as if you were using oF2pks's patch for Android 11 with Lanchon's DexPatcher except more recently you also have to add android.permission.MANAGE_USB to com.gooogle.android.gms (that is, MicroG Services Core) privapp-permissions, or you'll end up with a bootloop for a wholly different reason.
This topic is vast, and there are multiple ways to do it. Note that these should be installed as system apps, some of them as priv-apps, so there are many things that can go wrong. If you don't grant a priv-app all the required permissions through the configuration, now (as of Android 9 I think) you'll get a bootloop. For system apps, you also have to extract libraries (if any) from APKs and place them separately on the filesystem, and make sure you get the details right for the architecture: if you don't, you get... guess what (a bootloop). It's good to have a script automating all this: I have my own flashable ZIP specific to my needs but there are other more general solutions. Or, if you want to learn how to do this manually, one way would be to compare a vanilla LineageOS image with LineageOS for MicroG for the same device around the same build date and see what they are doing extra. On Windows you can use WinMerge to compare files and entire directory structures easily. But again, this is really outside the scope of this thread, which is about patching services.jar for signature spoofing support. No matter how you implement signature spoofing, you still have to figure out those other steps separately.
kurtn said:
Don't use signature spoofing app.
Click to expand...
Click to collapse
Actually, with this approach, Signature Spoofing app has to be used. This is to keep the patch as lean as possible (since it's easier to install a separate app rather than keep maintaining a more complicated patch).
It's not needed with LineageOS for MicroG, where it's already incorporated into the system (lines 1-82 in the patch): https://github.com/lineageos4microg...atches/android_frameworks_base-S.patch#L1-L82
Aqq123 said:
I don't see any attachment (seems you edited your post) but I guess you recompiled it fine. If you didn't, the device would have ended up in a bootloop (Zygote process wouldn't start), so you'd definitely know. It should be services.jar though, not * system.jar, so maybe you didn't install it properly? Smaller file size is expected, since the repackaged version uses stronger compression as a ZIP file, so nothing to worry about. Again, if there's any problem with the modified services.jar, the device wouldn't get past the boot animation.
I'm not sure what you mean exactly by "signature spoofing app says disabled." It's not an actual app: it doesn't have any code, and won't show up in Launcher. Its only purpose is to add this permission. That being said, if you go into: Settings → Apps → See all ... apps → ⋮ → Show system → Signature Spoofing, there should be a button saying Disable (meaning it's enabled now), and not Enable (which would mean it were disabled at the time). Also, if you go further from that screen into Permissions → Additional permissions → Signature spoofing it should say Allow for this app, and when you click See all apps with this permission, it should show microG Services Core there as Allowed. If you set it up well this is all done automatically with the configuration files, you shouldn't have to go through the settings to change anything via the UI.
As I wrote in the original post, additional steps are required to fully set up MicroG, which is really outside the scope of this thread. These are, for the most part, the same steps as if you were using oF2pks's patch for Android 11 with Lanchon's DexPatcher except more recently you also have to add android.permission.MANAGE_USB to com.gooogle.android.gms (that is, MicroG Services Core) privapp-permissions, or you'll end up with a bootloop for a wholly different reason.
This topic is vast, and there are multiple ways to do it. Note that these should be installed as system apps, some of them as priv-apps, so there are many things that can go wrong. If you don't grant a priv-app all the required permissions through the configuration, now (as of Android 9 I think) you'll get a bootloop. For system apps, you also have to extract libraries (if any) from APKs and place them separately on the filesystem, and make sure you get the details right for the architecture: if you don't, you get... guess what (a bootloop). It's good to have a script automating all this: I have my own flashable ZIP specific to my needs but there are other more general solutions. Or, if you want to learn how to do this manually, one way would be to compare a vanilla LineageOS image with LineageOS for MicroG for the same device around the same build date and see what they are doing extra. On Windows you can use WinMerge to compare files and entire directory structures easily. But again, this is really outside the scope of this thread, which is about patching services.jar for signature spoofing support. No matter how you implement signature spoofing, you still have to figure out those other steps separately.
Click to expand...
Click to collapse
Yes sir, I meant the services.jar, silly me I was writing in a rush. Sorry about that confusion.
I will try again and post the result. I guess I will use the same services.jar, however the issue with optimization. I did reboot several times after flashing a cache optimization module for magisk after I adb the services.jar because I'm not familiar on how to do the optimization manually.
The optimization module did lead to magisk not loading the modules and only booted successfully due to magisk bootloop protector module.
Also to adjust permissions to 644 I presume is already in the recompiled services.jar? As I could not view what permission with mixplorer that it had.
Btw, the signature spoofing app is an app I downloaded from f- droid that just displays the signature spoofing status, if disabled or enabled and it says disabled. Again sorry about the confusing and thank you again for your great feedback.
Hi,
would like to try on AOSP 12 GSI, installed over stock OOS10 On Nord (avicii).
@Aqq123 Do you think i can make it ? Any suggestion before starting ?
What about if i get service.jar from a GSI AOSP with google apps ? Maybe signature spoofing is altredy implemented there ?
kidronvalley said:
Hi,
would like to try on AOSP 12 GSI, installed over stock OOS10 On Nord (avicii).
@Aqq123 Do you think i can make it ? Any suggestion before starting ?
What about if i get service.jar from a GSI AOSP with google apps ? Maybe signature spoofing is altredy implemented there ?
Click to expand...
Click to collapse
Most gsi have signature spoofing feature.
Hi @kurtn
thanks,
heh, this AOSP 12 vanilla from PHH treble seems not, at least, microg is not detecting it, and one specific banking app is failing to work.
EDITED: I solved all installing PHH trebvle A12 "floss" that has signature spoofing up and running.
hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),
your attached:
I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
I copied the code to where it says .end method and pasted it anywhere in my services.jar.
I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.
I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.
I did a lineage os install from scratch after failing here.
I copied the PackageManagerService$ComputerEngine.smali file you provided,
I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.
I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
and on the 2nd reboot, it naturally enters the bootloop as you said.
i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.
QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
now i have 3 questions:
1. why did my patch to original smali fail (bootloop even on first boot)?
2. Why isn't the smali file you provided spoofing?
3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
ahmadmahmood2048 said:
hi, @Aqq123 i applied the guide you wrote for lineage os 19.1 s10e (or so I think),
your attached:
I opened the PackageManagerService$ComputerEngine.smali file with notepad++,
.method private static applyFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackage;Landroid/content/pm/PackageInfo;Ljava/util/SetLandroid/content/pm/PackageInfo;
.method private static getRequestedFakeSignature(Lcom/android/server/pm/parsing/pkg/AndroidPackageLjava/lang/String;
I copied the code to where it says .end method and pasted it anywhere in my services.jar.
I deleted the next text where it says generatePackageInfo( and added the code that says applyFakeSignature( after it), and saved it and repackaged it as you said above.
I put it in the phone's memory and gave rw r r permissions in the system fremework with root explorer and restarted it. but the system went into bootloop.
I did a lineage os install from scratch after failing here.
I copied the PackageManagerService$ComputerEngine.smali file you provided,
I deleted the original PackageManagerService$ComputerEngine.sma in services.jar.
I pasted yours and repackaged it with the packaging code you wrote above (only apktool2 does not work for me, it works as apktool, does that cause the problem?) and I added the system to fremework and restarted the device once the device turned on but micro g and spoofing checker apk shows signature patch not applied .
and on the 2nd reboot, it naturally enters the bootloop as you said.
i didn't understand how to implement the following path, if i did that it wouldn't go into bootloop.
QUOTE: You have to generate the optimization files and place them in the correct location, which is /system/framework/oat/arm64/:
dex2oat --dex-file=/system/framework/services.jar --instruction-set=arm64 --oat-file=/system/framework/oat/arm64/services.odex
now i have 3 questions:
1. why did my patch to original smali fail (bootloop even on first boot)?
2. Why isn't the smali file you provided spoofing?
3. The file you gave does not bootloop the 1st time, but it does it for the 2nd time. What should I do to fully understand the above fix code?
Click to expand...
Click to collapse
Use lineage.microg.org

Categories

Resources