To Whom It May Concern & To Whom Could Not Be Concerned Less... - General Topics

...What, in your opinion, qualifies one as an Android Developer?
"Yeah, that means You The Reader, pretending you didn't just read these very words as you attempt to beat a hasty retreat to the Exit sign."
Newsflash: The Exit Sign, for that very reason, has been moved to Tidy Bowl Control, if you take my meaning.
In my opinion, to be viewed as "written in stone", and based upon the very definition of each word strung together:
1-One who uses Android (generalization of any OS variant) on a daily basis to such an extent that he understands his and/or her own system as if it were second nature.
2-One who is qualified accordingly, can do their own research when a problem arises and thereby apply that research that results in a solution.
3-One who can install, update, and maintain ones own system and the systems of others whom one plays the role of support technician with the same results as one's own system.
4-One who has learned, via certification or self-taught "certification" to administer all of the above.
5-Learning Android related operating procedures by obtaining knowledge of Android, it's underlying systems, and applying one's knowledge of Android under any given circumstance resulting in solutions for the maintaining of said system.
What say you?
Footnote: I made a very similar thread pertaining to Unix/Linux operating systems years ago that gained quite the following in a previous Community/Message Board (UseNet) no longer active in the fashion of modern message board's. So do forgive any generalizations accordingly.

Related

Android OS exploit discovered

I came across this article while surfing the internet. I wanted to share this with you guys, and see what your feelings were on this.
"Mobile Device Security and Android File Disclosure
Back in November, Thomas Cannon brought to light an issue within the Android operating system. Specifically, he found that it was possible to obtain the contents of files on an Android device by simply persuading its owner to visit a web site under attacker control. The issue only garners a 3.5 CVSS score, but yet it’s still fairly serious.
Thomas reported this issue responsibly to Google and they took it seriously. However, since then they have come back with a ridiculous remediation plan. Granted, its probably not entirely Google’s fault, but the overall situation looks very bleak for Android.
The problem is that Google stated that a fix will be available as part of an update to the upcoming Android 2.3. While that, in itself, may not be totally ridiculous, the reality of the situation is that Google is only one party involved in Android. There are two other groups, namely OEMs and Carriers, that must also do their part in getting the fix to users. Although Android devices are becoming increasingly functional, the security posture remains abysmal.
The security posture for desktop applications has improved vastly with all of the sand-boxing, automatic updates, and various other exploit mitigation technologies. Meanwhile, Android includes almost none of existing security protections. In fact, mobile users are being left out in the cold, unable to get a patch for a trivially exploitable cross-zone issue. For that matter, they can’t even control whether their device’s browser automatically downloads files or not.
This situation is not news, rather it is a sad fact. It is totally unfair for end users to be left out to fend for themselves. After all, they are paying a small fortune for these devices and the service to be able to use them. Hopefully the vendors involved will wake up before a network worm outbreak occurs.
Originally, Thomas disclosed the details of his bug on his blog. Later, he removed some details to help protect users. I believe that responsible disclosure is a two-way street that requires responsibility on both sides. Since Google, OEMs, and carriers all continue to act irresponsibly, it is necessary bring more attention to this issue and the situation as a whole.
I spent a little time and managed to recreate the issue with nothing more than HTML and JavaScript. As of today, I have released a Metasploit module to take advantage of the flaw. It is available in the latest copy of our Framework product, or you can view the source via the link to our Redmine project tracker above.
Before I go deeper into the consequence of this bug, I want to point out that Thomas outlined several workarounds for this vulnerability in his blog.
Now, take a deep breath give some thanks to the fact that, under Android, most every process runs under a separate, confined, unix-style user account. This design feature partially mitigates this issue, lowering confidentiality impact to “Partial” and bringing the CVSS score from 5 to 3.5. That said, an attacker can still gain access to some pretty interesting stuff.
For starters, an attacker can steal any world-readable file. In my tests it was possible to get potentially sensitive information from the within the “proc” file system. This type of information could include kernel versions, addresses, or configuration that can be used enhance further attacks.
Also, you can snarf any files that are used by the browser itself. This includes bookmarks, history, and likely more. This kind of information could potentially be embarrassing or possibly even give an attacker access to any saved passwords or session cookies you might have stored.
Perhaps the easiest win though, is that you can grab anything off of the SD card. You might ask, “Anything?! What about the user separation?” Well, because the SD card has been formatted with the “vfat” (aka “fat32”) file system, there is no concept of ownership. All files are owned by the same user id since the file system itself cannot encapsulate who created which file. As Thomas said, files in the SD card that have predictable names are ripe for the picking. This includes pictures and movies. These may in fact be some of the most private data on your device.
In conclusion, I hope that the Android security debacle will get resolved as soon as possible. If Google, OEMs, and carriers can’t work it out, perhaps another party will step in to maintain the operating system. I believe this could be very similar to the way various Linux distributions operate today. If the situation is not resolved, I fear the Android device pool could become a seething cesspool of malicious code..."
Here is the address
http://blog.metasploit.com/2011/01/mobile-device-security-and-android-file.html
Sent from my PC36100 using XDA App
Shocking. Thanks for the info.
Nice find. You are right that oems and manufactures need to stay on top to mantain security. Hopefully meaningful post like this will make users aware of the possible dangers of the internet, data, and phone usage
Sent from my ADR6300 using Tapatalk
Ouch. Wish Android updates were like iOS..
Android is open, one of the main assumptions is that there is no single company, which controls it. I could create my own phone with Android, sell it to people and give them no support at all - Google can't do anything about it.
There is only one solution to this problem: people have to choose their phones wisely. People look at phone specs, at CPU, RAM, camera, but they ignore future support and openess. Recently Motorola has stated they will lock bootloaders in their future phones. People will go for these phones anyway and then they will complain they can't do anything with some horrible bugs, they will complain about Android and Google, but they should complain about Motorola and themselves. While Nexus S owners will have same bugs fixed by both Google and community.
Choose your phones wisely.
SD with vfat...good catch. Horrible bug while many users trying to move their apps to SD. And maybe 80-90% of the apps in the market require modify SD card perm? Horrible. Verizon SGS is screwed since that phone have little internal and lots of external SD.
I'm so glad you guys came across this thread, and it didn't get lost in all the other threads. I hope some of the devs see it. Can a fix be implemented at the Rom or kernal level?
Sent from my PC36100 using XDA App

Android for Windows - BlueStacks

Good day community,
Over the past several months, a few of us have been working on a projerct some may be familiar with. We have bundled an add-on to specific BlueStacks versions to allow for a complete Operating System environment, full of communications tools.
We didn't "develop", any of it. We have taken the time to scour the internet and primarily this site to garner the education, information and knowledge to actually bring it to fruition. We would like to say a big THANK YOU to the entire community here. We feel this is am important piece to a software life-cycle where developed information is compiled into a fully functioning system, exposing your people's craftsmanship.
The motive here is a moral one. I have been a communications engineer for 22 years and have seen and done things I thought weren't possible. I have been tasked with trying to develop an education platform technology matrix for schools. Specifically using my innovation abilities to solve problems. I am not a coder, I am more of a script writer. I have found success in making disparate hardware and software work together, and producing middle-ware scripts and functions to technologically solve challenges. In every sector.
I believe I have identified one of the major issues related to student success rates. Basic communications is hindered in many schools, internet cut out, and dictator like classroom regime. I feel communications is the king of industry and whomever has the information the fastest, cheapest, and accurate, wins. This is proven time and time again in capitalism. I feel students should be able to sms, or exchange pictures and peruse social networks, both to each other and their teachers. These are real-world tools, and the primary back-bone of a child's social life. But students need to learn to be accountable for they digital actions,
This "OS" changes things ever so slightly., not every student can afford the gear required to have that type of communication. If every kid could afford an iphone and ipad, than I don't need to do this project. Android on the other hand, little or no cost at all.
I will be deploying Android for Windows across the board. Students will have to setup a Google account and online storage. Copies of AW can be had for their home computer. The environment is the environment kids all love and use, the emulated touch interface is "cool" and the kids can support it and maintain it mostly themselves, and sync it to their PC phones or other devices, but those are NOT required. And no need to upgrade the PC's for a while, BlueStacks is Linux(ish), it's hardware demands are low, and I can keep the PC's at there current level.
I distribute it on thepratebay, another long story for another day, but this is the best way to ensure it stays out there, and the price is right to be able to push it out to the world. We have tirelessly worked to ensure compatibility with the apps the devs release and I know this particular release of AW has restored many of the items BlueStacks cripples
We have started a mini marketing campaign to drum up interest, although modest. And for you devs, this open an ENTIRE new revenue stream you didn't even have before. Making Android the primary OS used.
---------------------------
That's the agenda, I would like to open a support thread for it somewhere on here. I have an armada of info, tools, rootkits, tricks and troubleshooting information that we feel can be valuable to the community. I'll get things posted here ASAP. Anyone that has played with this at all before will be able to appreciate all of the challenges we had to solve.
We did not knowingly disassemble or modify any of the original distribution files of any applications, staying in accordance with about every license agreement on earth.
--------------------------
Looking for some feedback, questions, thoughts, ideas.. have to get 10 posts or something anyway...
Thank you to everyone!
-js
What's the difference between your project and the Android x86 project?
syung said:
What's the difference between your project and the Android x86 project?
Click to expand...
Click to collapse
AFAIK Bluestacks has its own VM, so you doesn't need to install Virtual Machine any more.
I used this for a several months and it helps me to try an application without to send it to any Android device.
If you use Android x86 project, yo need to install it inside a Virtual Machine or make a USB Bootable, and as far I know it has limitations in the Play Store. Only some application that supports the architecture can be downloaded..
The Android x86 project is a piece of this absolutely. What BlueStacks is and what they have done is this:
Taken x86 gingerbread and ad an arm translator inside there. This is very unique, all of the other arm emulations fail out there after you even try to put them to the test with heavier use or apps. Basically the compatibility is just not there.
BlueStacks then added the vm player which is the most sophisticated player there is. Network mounts to shared fordler without installing drivers, and opengl support for limited HD graphics.
What we did
BlueStacks also crippled the hell out of the original ROM. All kinds of things missing that had to be put back in piece by piece, and still ensure compatibility. Some things fine to leave out, other maybe useful.
poring over the information, rooting bluestacks came easy, so we rooted every single v7.x of bluestacks, and began the mountain task of building compatibility. The winners are 7.4 for SD and 7.8 for HD. 7.8 handle the interface scrolling operations WAY better than later revisions. I can tell it was after this rev they forced on Surface Pro support, not back checking compatibility. And 7.4 installs on any machine but drops the arm translator. Still a nice product to put on an old machine, but little support for modern apps, and there won't be
Then doing a fair assessment of applications to do all the tasks one needs, file manipulation, printing, music, calling etc, We've spent over 200 hours trying to get a reliable lock screen, failed on that But we got most of it.
Finally adding and getting gapps to fully function was about like trying to drink a beer while standing on your head, it was like a marathon game of whack mole, we'd fix something, then something else friggen slam us over the head. Then we got to writing script, and adding widows apps like virtual keyboards and mouse to basically be able to run the entire OS with 1 finger as if you were Stephen Hawking.
We had an excellent response to the initial concept stuff version 1.1. It held on to around 400 seeders and 1000 user swam for about a week then began to fizzle. We expect that to triple and estimate 100,000 downloads in the first week. It is my opinion thepiratebay is the most accurate source for demand of anything digital, people that keep a copy and seed, actually really like something, versus an artificial "like" that other sites have and profit from. That's all Trip9d0zen stuff, about removing fake values and replacing it with real information exchange freedoms, so actually all financial can get to a creator, don't want to digress to far in this thread, but there is an ideology we have in common with thee twitters and thepitatebay's who have just the extreme basics of censorship, only to ensure safety, but never manipulated the information. We have evidence and models to change current businesses, and put the devs out in-front of these projects (or the artist selected agents). The more systems Android runs on, more success one can have. And Windows being the biggest, hands down, why not?
We feel this is by far the most compatible Android environment one can use, and can actually be used by anyone as an effective tool.
We know full well that once released, the ungodly amount of app work requests will be at its highest, but that's why I am here, where the devs are.. is this a revenue stream they want to suppport,?
I am personally using it exclusively for all my communications, social media and document creation, I only use windows for video playing files.
Hope that helps answer, here is the info to commercials for it, as our lil-1337s eloquently cranked out, smartasses...
youtube search for js99912
-js
It looks interesting, i'll check that up!
Dexcellium said:
It looks interesting, i'll check that up!
Click to expand...
Click to collapse
Me too. Thanks
Android for Windows 2.0
new version just went live..... can someone reply with a hot-link, thanks
thepiratebay.sx
/torrent/8440340
Adding Game Data / Mount SDcard.sparse BlueStacks
Ok, I have been asked about this more than anything,
Used to be the SDcard was a .fs file and could be manipulated easy, now it's a bit more involved, but none to difficult.
You need to download:
thepiratebay.sx/
torrent/8453985
This will get you to be able to mount the SDcard.sparsefs as a drive letter in windows... Nothing new, just consolidating info as I have been requested for this more than anything else. Enjoy!
-js

Cydia Substrate — Native (or Java) Runtime Code Modification

Cydia Substrate is a code modification platform. It can modify the code of any major process, whether that code is written in Java or C/C++. It has been designed to support an ecosystem where many developers are interested in hooking the same processes. It is designed to be powerful and efficient.
== How do I get Substrate? ==
You can either download it from the Play Store or directly from its website.
== How do I develop for Substrate? ==
You download its SDK using the Android SDK manager or from its website. There is extensive documentation on the website.
== What is Substrate's website? ==
http://www.cydiasubstrate.com/
== How is this different from Xposed? ==
Many compare it with Xposed, but Xposed only supports a single use case: hooking Java functions inside of app_process. Substrate can hook native code, such as is required to modify the way styles are loaded inside of the Android asset manager. There are many other differences, however, as Substrate's API is based on five years of experience managing a community of runtime code modification for iOS. I normally avoid doing direct comparisons, but after attending Big Android BBQ and presenting on Substrate, I have been encouraged to make the differences and advantages of Substrate's approach more explicit here on XDA.
Xposed requires an inverted form of logic based on "before" or "after" hooks while Substrate lets the developer use more straightforward "replace and call previous" implementations. This also enables more complex interactions with the previous implementation that have been shown to be valuable among the thousands of developers using Substrate on other platforms. Xposed attempts to offer something similar with "replace" hooks, but those do not provide access to the previous implementation, and while Xposed provides a way to call the "original" implementation, that skips any other hooks that might be stacked.
Xposed requires the developer to find a safe moment to interact with the class being hooked. To make this possible, there are numerous lifecycle events such as "VM loaded", "package loaded", and "command line application started". However, this does not solve the problem that touching classes can change the order in which they statically initialize. This also means that it will not be possible to provide declarative syntax wrappers (such as Logos, which developers use on iOS) on top of Xposed, as this context will have to be made implicit in imperative logic. Substrate solves this class initialization problem by allowing developers to hook the classloader itself, getting a callback when a class is "linked" so that the developer can find a class loaded in any classloader (even as a plugin to an application an hour after that application starts, where the code is downloaded as a .dex from the Internet).
Xposed has a method hook implementation that makes it lose track of which method was hooked, requiring it to do a lookup every time such a method is called. This implementation is currently linear in the number of hooks, making it slow down the more hooks you install. Worse, there is a high constant multiplier on this algorithm, as the comparison between entries is very expensive (and was made more expensive when recently fixing a longstanding bug caused by this lookup being slightly incorrect). Substrate, in comparison, uses runtime code generation to avoid the need to every look anything up at runtime: you can use Substrate to hook small functions in tight loops without experiencing the same kind of performance issues you would see with Xposed.
Substrate is also designed with a different user focus: while it currently has a setup interface, it would prefer to not have any UI at all (and this will be strived for in subsequent versions, assuming anyone cares to use it). Upgrades to Substrate can be automatically installed by the Play Store and do not require the user to interact with Substrate for the changes to "stick". Substrate itself is distributed via Play. Rather than confine these kinds of modifications to advanced users who use forums such as XDA, the idea is that everyone should have access to using this kind of technology. If you have a ROM or another store in which you'd like to see Substrate distributed, I would be more than happy to talk to you about this to make that happen, and these installations will be fully supported.
For some more information on the differences between Xposed and Substrate (or if you are wondering why you should bother paying any attention to things that I say, as maybe you don't remember me from my earlier Android projects), I encourage you to read the comments I left a couple posts down from here on this thread that describe the history of Substrate, how I fit into the Android ecosystem, and more about how Substrate differs from Xposed. I will also likely be posting the talk I gave at Big Android BBQ (with either notes to go along with each slide or in the form of a video I will record re-giving the talk and advancing the slides), which might make some of these things more clear.
Current Changelog
[this is the changelog from Play, which has been compressed slightly. I will bring the more full changelog back, as I have it saved somewhere, and put it here or link it here]
v0.9.4011:
* fix decoder bug inside ARM emulator
* support Genymotion Intel emulator
* add symbol names for Moto X
v0.9.4010: critical Android 4.3 fix, avoid old Superuser bug
^^ must install before Android 4.3 OTA!
v0.9.4009: work around Xposed bug, 4.2 fix, better errors
v0.9.4008: HTC linker path patch, limit symbol exports
v0.9.4007: RAZR i 4.1.2, detect HTC override, avoid ps
v0.9.4005: incompatibility detector, avoid mount/ln/mkdir
v0.9.4004: Holo, Script Failure, detect physical /vendor
Comments from Developer
So, yeah: I'm the developer of Cydia Substrate, the framework everyone uses on iOS to do runtime code modification. Back in 2011, I gave a talk at Android Open along with a demo of Substrate running on Android 3.0. However, after some in-depth discussions with people there who were interested, I realized that what I had at the time "wasn't sufficient": it was just the core of an implementation, not an end-to-end offering. By the time it had everything I felt it needed to launch--including a comprehensive website filled with documentation, a configuration application to install with it, fully tested support for both ARM and x86, a forward-compatible pure Java API vetted by a bunch of the top people in the iOS modding community (as I feel like breaking APIs after launch is one of the more evil things a framework can do), and an extension that would make sense to end users that they could try (so that trade press wouldn't be horribly confused, as I knew they would report on the release)--it was already 2013.
http://www.youtube.com/watch?v=tA9cnemnQ0A <- Android Open 2011 keynote teaser
As many people then know, I released it in June. A lot of people have tried it (165k installs just from Play, and another 20k downloads of the APK off the site), and many of those people even like it enough to keep it installed and leave positive reviews, despite there being almost nothing available to use with it except WinterBoard (which I really only did as a demonstration). However, I also get comments from people who seem to believe I'm some kind of "interloper" in the world of Android. Additionally, there are the people who leave reviews saying stuff like "this is stupid, we already have Xposed" (sometimes then explicitly adding in the "go home to iOS" kind of spiel). The #1 complaint, however, is "nothing I can do with it", because developers never seem to talk about it or use it much, and the people installing it are all end users. Clearly this isn't the kind of reaction that I thought would happen, especially after having discussed Substrate at length with pulser_g2 before launch (who said that the community here tends to be very good about judging things on their usefulness and technical merits as opposed to having emotional attachments).
http://www.cydiasubstrate.com/ <- Cydia Substrate
Given this, and after an encouraging back/forth I had with some people on reddit's Android subreddit a few days ago in some threads about the analysis I did of that recent Android iMessage client (people who didn't know much about the ways in which Substrate is very different than Xposed in capability and focus), I figured I'd finally make a post on XDA. I kind of had been waiting to make this post as well, honestly (as again: I like things to be more perfect before I release them than maybe people are used to around here ;P), but it seems like I'm now waiting for something that is itself causing the delay (I had really expected to do this in July, before the whole thing got more actively depressing). This is clearly that post ;P. I've responded to a bunch of other threads here talking about Substrate (and the many other Android projects I've released) in the past, but this is the first time I've actually started a thread.
(In specific, Substrate currently doesn't support some Samsung devices due to a change they make to the linker paths, and I wanted to have 100% device coverage before making the inaugural XDA post. However, I'm finding it very demotivating to spend the time to think through all the options I've been considering for workarounds given the overall lackluster reaction to my work, so I'm not even making fast progress anymore: I tend to work on the things that people react positively to, and while I got a lot of positive reactions on the balance from users, I got much less than I expected from developers given how many people use Substrate on iOS and how powerful the framework is. I think, from some conversations I've had, this is largely due to confusion over how Substrate on Android relates to Xposed, which many people seem to think of as the "home-town competitor" "that does the same thing". I thereby figure that I may as well attempt to directly address that core motivation problem, to see if I should even bother continuing spending time helping out in this community, hence this ludicrously long and highly personal post about what is essentially a technical framework ;P.)
[Readers who find the next section boring should skip below to "=== Substrate ===".]
I imagine I (sadly) thereby need to start by defending my history in the Android community, as many people seem to not be aware of much of it; it actually goes back very far, as I had promised the overall mobile community that if Android were ever rooted, I'd immediately start looking at it in earnest (before there was a device, I had already been messing around with the emulator, but the device concepts Google had at the time were more like slightly souped-up feature phones, not competitors to something like an iPhone). So, in 2008, when that first "root console attached to keyboard" mistake was found on the G1 that let you get a root telnetd running by just typing it into any search field, I dropped everything and drove two hours to Los Angeles to pick up a G1 (they were not selling them in Santa Barbara yet, due to T-Mobile not really having a presence here at the time). As promised, I immediately set to work attempting to help out.
As I ran a number of mailing lists already for iOS, I set one up for Android called g1-hackers, which attracted a good number of people, and even a few Google employees who worked on bionic and the kernel. On this list is where the G1's bootloader was first dumped: if you've ever heard the stories about Eddie Dost figuring out how to do it, this is that. In fact, it was from my G1, with a kernel I compiled (following Eddie's direction: I did not know much about flash drivers), that that first Android NAND was obtained (as Eddie had already updated his device and thereby didn't actually have root). Here is a link to the mailing list thread, directly to the post where we finally succeeded and I provided the kernel image I used so that others could perform the same dump on their own devices.
http://www.telesphoreo.org/pipermail/g1-hackers/2008-December/000096.html <- [g1-hackers] G1 boot code
Around that same time, I was also contributing to AOSP, providing a bunch of patches to things like mount and init, as I wanted to be able to get Android devices to a state where they could run something much closer to Debian than Android (I had my eyes set on kind of a hybrid). In the process of doing this, I wrote a guide that for a couple years subsequent were the canonical instructions for getting a bootstrapped build of Debian installed as a chroot under Android. At the time the patch turnaround on AOSP was sometimes over half a year (and almost never shorter than a couple months), which made contributing to the project sufficiently painful that I eventually stopped. If you search through Android's codebase, though, you still find some of my work.
http://www.saurik.com/id/10 <- Debian & Android Together on G1
At the time, I honestly do not remember XDA having yet become "the place" where people spent much time talking about Android: instead, a lot of conversation happened on IRC (which is where the iOS community had already been, and where it remains). There was a channel that I was a part of which included a bunch of people whose names would hopefully be familiar to people around here, including JesusFreke (and, much later, Cyanogen). I got to see the birth of a lot of great websites and tools (such as JesusFreke's smali/baksmali) while participating on that channel. Apparently, I was talking about "Substrate for Dalvik" on that channel in November of 2008 (which is also when I first joined XDA): that's how long I've been staring at this ;P.
During the next couple years, I ended up developing and maintaining a website called Cyrket, which had the mission to allow developers and users to search the contents of the Android Market using their desktop web browser. It also solved a few key problems that developers had with comments, in that you could only see comments for apps your device had access to that were then written in your language. Developers without devices, or with devices that could not see their product (which often included those that paid extra for the ADP1, which could not see copy-protected apps) could not see comments at all. Cyrket presented all of the comments for your application in all regions in all languages (and even used Google Translate to translate them all into your own language).
The way Cyrket had worked is that I scraped the contents of the Market using the same protocol Google's client used, indexed it (supporting find-as-you-type search), and exported it all to the site (well, originally, it was actually just a live client, but then it got really popular ;P). It got me into some mild trouble occasionally with the Android Market team, but overall no one seemed to mind it that much. Cyrket was actually the primary site people used for this purpose for a long time, and I even got the impression that people at Google were begrudgingly using it as it was more convenient than the alternatives. There were a few times where it had to be taken offline (due to changes and rate limits from Google), one time for months, but I'd usually figure out some new way to get it running. Honestly, though: I was really glad when Google finally launched a website for the Market and I was able to stop working on Cyrket ;P (and also glad that Google added most of Cyrket's features for developers to their publishing console, features that Apple actually still doesn't have AFAIK).
http://www.androidtapp.com/cyrket-android-market-browser-back-from-awol/ <- Cyrket Android Market Browser Back from AWOL!
Since those times, I mostly felt the need to get Substrate "awesome" (which started to really come together during 2011, after Cyrket was no longer needed), and so didn't do many larger projects on Android until recently. That said, I have been involved in things related to exploits and security. One of the higher impact things that I did was to release mempodroid, an implementation of the mempodipper exploit described by Jason A. Donenfeld for Linux 2.6.39+, which became the primary method to root devices running Android versions 4.0.0 through 4.0.2. Much more recently, users have been using Impactor, my implementation of the various "Master Key" exploits (based both on bugs described by Jeff Forristal as well as techniques I pioneered against a random AOSP bug).
https://github.com/saurik/mempodroid <- mempodroid README
http://www.saurik.com/id/17 <- Exploit (& Fix) Android "Master Key"
Given all of this, I hope people can get a feeling for just how strange and depressing it feels to me when people seem to suddenly believe I'm some kind of foreign invader . (FWIW, I also feel rather awkward having to describe all of this in this fashion, but frankly I'm at a point where I'm realizing that if I don't explain it in this much detail myself, no one else will. While I'm certain I'll get some people responding really negatively with comments like "he's such a blowhard, going on and on about silly little things he did", so far when I've given similar spiels to people in person at conferences, they often go "oh wow, I remember that tool/happening, but didn't remember that that was also you", and so figure that this might go a long way to fixing this weird problem: I'm not just "that iOS jailbreak guy".)
=== Substrate ===
Alright, now with that aside: in time for Google I/O (which was arguably bad timing, as I was then immediately unavailable for days ;P), I finally released Substrate. Substrate (in my clearly biased opinion ;P) is actually really cool: as far as I know, it is currently the only tool available for Android that allows developers to easily modify native code without patching/replacing. I know, for example, that people often ask how to modify features like the holo themes that are implemented in C, and the answer is Substrate: if you can find the code (which is often exposed via a symbol as there are tons of C++ symbols available on most Android builds) you can use Substrate to hook it at runtime in a way that avoids having to patch the files on disk, allows developers to deploy their changes across multiple ROMs, and supports the idea that users should be in charge of the specific features that they have on their devices (as opposed to ROM distributions).
As another concrete example that maybe makes this more obvious: sometimes you download a program from the Play Store (which, incidentally, I have a very hard time not constantly still calling the Android Market ;P) that is pretty much just a massive JNI binary--maybe an OpenGL game or a media player of some sort--that refuses to run on a device that has been rooted. A really common way that developers implement such checks is to do things like verify the existence of files on disk. The simple/common checks are very easy to detect and defeat using Substrate as you can hook the native "open" call from the C standard library, check if the filename is something like /system/xbin/su, and return "nope, not there".
http://www.cydiasubstrate.com/api/c/MSHookFunction/ <- MSHookFunction()
Substrate lets you do this kind of hooking in any system daemon (not just those spawed via app_process). Yes: if there's a program running in the background of your phone, some native service written by the OEM that manufactured the device, you can use Substrate to modify it. A lot of very interesting extensions on iOS involve these kinds of hack; for an extreme example, the software unlocks that we used to have for earlier iPhones involved modifying CommCenter, a native program that initializes the radio hardware: by hooking some of the code in that daemon, it was possible to, at just the right moment, inject a different command sequence over the serial connection to the baseband, exploiting it for the unlock.
http://www.cydiasubstrate.com/inject/android/ <- Android Native Injection
Of course, Substrate also supports hooking Java code (yes, a little like Xposed, which at some level uses the same underlying trick I walked people through in my talk at Android Open 2011). Somehow, though, a lot of developers don't seem to catch all that other stuff that Substrate lets you do, and get hung up on this one part that Xposed also manages, leading to all those aforementioned irritating comments about how "there's no point to Substrate because we already have Xposed": Xposed can't do most of the things Substrate can do (and the developer has even told me that he actively tries to avoid Substrate-like techniques as they are "pretty complicated", so it isn't even moving in that direction). FWIW, on iOS it took a lot of time for Substrate to get these features (it did not have them in 2008 when I first released it): they aren't trivial ;P.
http://www.cydiasubstrate.com/api/java/MS.hookMethod/ <- MS.hookMethod()
Even within the restricted context of modifications to Java, however, I think Substrate has a lot to offer. Again: I actively refused to release Substrate until I felt I had truly nailed a few things, including in particular the Java API (at Android Open 2011, I only supported JNI, which developers there told me would not lead to traction). I was a major proponent of aspect-oriented programming when I was younger, I got into byte-code engineering in college, and I co-published a paper on a Java code modification framework called jMonitor in 2004: this is something I've been thinking about for a long time, and I think the approach I take has some merit in and of itself. I know a lot more can be done (I feel it would be really interesting to have AspectJ-style pointcuts, for example, or the kind of bytecode-level instruction matching that I implemented as part of jMonitor <- features not described in the paper, I think ;P), but I felt a good first step was be to directly leverage the iOS community's six years of experience.
http://www.cydiasubstrate.com/id/6dfa187d-6e04-4f97-b63a-ae75b5338e01/ <- jMonitor [RV '04]
To this end, Substrate provides an API for Java that is very analogous to the API that it provides for modifying C/C++ and Objective-C. The focus is on "I know about some code and I want to modify it", allowing you to not have to think much about the timing or execution details of the program that may be loading that code (so you never have to think about "packages" or "processes" or "applications": you just concentrate on "classes", and thereby don't need a million "helper APIs" to handle each narrow timing case). To enable this, I use the aforementioned ability of Substrate to modify native code to hack features into the VM itself, giving me the ability to instrument events like "a class has been loaded". If you want to hook a method of a class from Apache Commons, and you want to hook that class no matter whether it was loaded as part of an application or dynamically as part of a classloader for a plugin downloaded by an application, this is trivial to express with Substrate. AFAIK, that use case isn't even describable using Xposed.
http://www.cydiasubstrate.com/api/java/MS.hookClassLoad/ <- MS.hookClassLoad()
This kind of VM-level modification and runtime code generation support (that is heavily flexed on iOS Substrate, and thereby has had years of in-the-field testing; so far Android has exposed just one bug in its ARM reassembler after release, and that was only in the qemu emulator for some reason) also means that Substrate's implementation of hooks is highly efficient: to compare again to Xposed, every time a method that has been hooked is called via Xposed, there is a linear-time search through a linked list doing a rather heavyweight comparison to determine which method it was after the fact; with Substrate, every call is direct, there are no lookups, and there are no comparisons, so you can hook an arbitrary number of methods with no slow down, so even very small methods that are called very often can be hooked without issue.
Additionally, with Substrate I wanted to address a specific pain point that many people would bring up when I'd give talks: "how is this secure, and how do I control what apps can use these features". This became even more important, as I wanted Substrate extensions on Android to be easily deployable via conventional means, such as the Play Store (yes: Cydia Substrate itself is in the Play Store, as I believe it is important for these kinds of features to not just be in the hands of developers on forums, but to be used by end users everywhere). To this end, I integrate into the Android security model, providing a special permission that applications must have to install a Substrate extension. This helps enable the idea that Substrate mostly "gets out of the way", becoming more of a technical detail behind your extension rather than something users will need to interact with constantly to activate or update your product.
I also wanted to provide at least something that would help solve the "reflection hell" that developers seem to always find themselves in while attempting to do runtime code modification in Java (even back on desktop Java using AspectJ). I thereby provide the means to "bless" a class loader, allowing it to access private fields and classes without the overhead of reflection: the access checks, for just that one class loader, no longer apply. Substrate extensions are loaded into such a "blessed" classloader. (I do not, even though I could, ever just whack an access check VM-wide; Xposed does this, and I feel like it is going to have security implications on Java security contexts applied to class loaders for plugins.) In the case of WinterBoard, for example, I don't ever have to deal with invoking Methods or getting Fields: setAccessible is just a dim memory.
Being able to use this functionality, however, can be awkward, and in some cases is almost impossible: while testing this feature, I realized that developers would end up needing "public stubs" for all the classes they were working with, but the calling convention for a public method and a private one is different, so the calls fail at runtime. I thereby ship as part of the Substrate SDK (yes, there's an easily-updated SDK package that you can download using the Android SDK Manager ;P) an extension to javac itself (as you might imagine at this point, written using AspectJ) that turns off access control checks: you can thereby access private fields or call private methods with no extra work both during development and at runtime. This all works sufficiently well that I generally run all of ant under the modification, such that anything ant compiles becomes "blessed".
http://www.cydiasubstrate.com/id/c17c554f-b603-4e3b-8f99-ebb3528e3ef8/ <- Java Access Controls
(And yes: this is one of the things that caused Substrate to get delayed even longer than it already had been. There was also a rather serious delay caused by my attempts to really nail the boundary between "code that is shipped with Substrate" and "code that is shipped with the extension", something that burned me a lot throughout 2013 as it was the kind of problem that spending time actively thinking about didn't directly help, requiring an epiphany I had soon before Google I/O. Arguably had I been willing to ship without documentation at all, and had I generally cared less, I would probably have had everything out in very early 2012, but during January-May I started working on the initial draft of cydiasubstrate.com, as I had apparently incorrectly thought that such efforts would be critical to developer adoption.)
Again, I write this in the hope that it clears up misconceptions, either about myself or about Substrate. As far as I can tell, Substrate has a lot of very unique value propositions: things that currently are only made possible by Substrate; and, even within the restricted scope of hooking Java code inside of a service being managed by Zygote (the only area of overlap with Xposed), I think that it offers a bunch of advantages in security, performance, deployment, and ease of development that cannot be so casually dismissed with a flippant "we already have Xposed (go home)". A lot of these features (and I haven't even gone into all of them: I could write paragraphs about the advantages of how Substrate's API handles chained hooks, the ways I enable extensions that need to cross classloader boundaries, or the way Substrate makes it easy for end users to temporarily disable extensions without complex tooling) come from having spent over a decade now thinking about this problem and the last five years actively managing a developer ecosystem with tens of millions of users on iOS.
I am thereby happy to answer any questions about how to use Substrate, issues with Substrate on any device (I never blame the device: I might not have a fix immediately for a specific problem, but I always consider it Substrate's job to work around issues the device throws at it to get its functionality in place so the task will at least end up on my todo list), or even about me (as a lot of why I find writing this both so important and so painful are due to the occasional-yet-present more-personal attacks/misconceptions I often seem to receive about somehow being an "outsider"). (That said, please do have some patience: sometimes my ravenous need to do nearly 24/7 testing on a specific device has to give way so I can go to a conference I'm giving a talk at, or so I can focus on a different problem that might be more pressing or simply have a higher probability of near-term success: spending an infinite amount of time on one problem is unfair to all of the other problems that exist ;P.) [And, in fact, I have a meeting I have to be at tonight, but which hopefully won't take insanely long.]
Reserved Post
["reserved", as apparently you always should have at least one of these ;P]
Links to Extension Threads
[and finally, I can see ending up with a page that might link to other threads on XDA, although arguably I should put this on cydiasubstrate.com. right now, most projects that use Substrate are in Play. I am not certain if I'm now just misunderstanding how to use XDA, though: again, this is my first thread I've started myself]
Wow. The timing couldn't be any more perfect for you to post this.
I do not have an Android device yet and have been theorizing exactly how I could easily make modifications to applications.
Because I am just getting started in the Android development community, I don't have any biases towards one framework or the other.
Sooo.... this is on my watch list.
gugbot said:
Wow. The timing couldn't be any more perfect for you to post this.
Click to expand...
Click to collapse
The opinion of many (reasonable) people differ ;P.
gugbot said:
Sooo.... this is on my watch list.
Click to expand...
Click to collapse
Yay! If you have a moment, I'm curious: how/why did you find this thread? It seems like very few people actually go to this "Frameworks" sub-forum; there are almost no threads posted to it except the one about Xposed, which I'm presuming people must be finding by links from other places (whether random websites or other threads on XDA).
saurik said:
The opinion of many (reasonable) people differ ;P.
Yay! If you have a moment, I'm curious: how/why did you find this thread? It seems like very few people actually go to this "Frameworks" sub-forum; there are almost no threads posted to it except the one about Xposed, which I'm presuming people must be finding by links from other places (whether random websites or other threads on XDA).
Click to expand...
Click to collapse
I was browsing in development tools and was surprised to see that a Saurik posted about Cydia Substrate!
I was brought to this forum by one about theme development?... Maybe you should post this in a forum with more traffic. There seems to be an endless amount of categories for everything.
i have try your cydia substrate on cm10.1.3 stable..device samsung i9300..
install winterboard..apply icon pack but icon pack not applied..
then when want to open other apps the apps fc..except winterboard..
slipar said:
i have try your cydia substrate on cm10.1.3 stable..device samsung i9300..
install winterboard..apply icon pack but icon pack not applied..
then when want to open other apps the apps fc..except winterboard..
Click to expand...
Click to collapse
Yeah, as I mention in this thread WinterBoard was more of a demo that has been difficult to justify improvements to . This isn't an issue with Substrate, at least.
Would you mind sending me the crash report from the adb log? At least, would you mind telling me the name of the theme you applied? Also, thinking about it, CyanogenMod already has a theme engine... it never occurred to me how WinterBoard would interact with the existing theme engine in CyanogenMod (although I guess thinking even longer about it, I see no reason why it would fail horribly... it should just layer on top).
saurik said:
Yeah, as I mention in this thread WinterBoard was more of a demo that has been difficult to justify improvements to . This isn't an issue with Substrate, at least.
Would you mind sending me the crash report from the adb log? At least, would you mind telling me the name of the theme you applied? Also, thinking about it, CyanogenMod already has a theme engine... it never occurred to me how WinterBoard would interact with the existing theme engine in CyanogenMod (although I guess thinking even longer about it, I see no reason why it would fail horribly... it should just layer on top).
Click to expand...
Click to collapse
hope i send u the correct logcat..
im using ios7 concept theme..g play link here
slipar said:
hope i send u the correct logcat..
im using ios7 concept theme..g play link here
Click to expand...
Click to collapse
Thank you so much for the information. Here is a new version of WinterBoard that seems to work with this theme.
http://cache.saurik.com/apks/com.saurik.winterboard_0.9.3922.apk
thanx saurik..tested but this time winterboard just fc when try to change theme..
logcat attach..
slipar said:
thanx saurik..tested but this time winterboard just fc when try to change theme..
logcat attach..
Click to expand...
Click to collapse
I'm sorry about that issue... this is actually quite interesting to me as it might indicate that I need to do some more work on the blessed compiler as it relates to miranda methods. I had verified that the theme functioned, but had not gone back to attempt to re-verify the setup activity itself, which I guess hadn't been recompiled in a long time. I've added a temporary workaround to the issue while I investigate further. ("Humorously", if you have Xposed installed, I am pretty certain that the WinterBoard settings activity would have worked, as Xposed just destroys the access control checks for the entire VM.)
http://test.saurik.com/xda/com.saurik.winterboard_0.9.3922+1.gf733f01.apk
Hey there, I just happened upon this thread while deeply perusing the boards after just getting home from a 17hr drive and being unable to go to sleep yet. I am VERY interested in the substrates capabilities, it sounds like a very interesting concept. I am a new developer and am wanting to learn more and play more....I use xposed on my phone now and was considering starting to develop modules for it, buuuttt I think I just changed my mind I'm on an att sgs4 running a 4.3ge Rom. Going to install the substrate the night via Play Store and mess around with it starting tomorrow. Thanks for this
Sent from my GT-I9505G using Tapatalk
Sc4ryB3ar said:
I'm on an att sgs4 running a 4.3ge Rom. Going to install the substrate the night via Play Store and mess around with it starting tomorrow. Thanks for this
Click to expand...
Click to collapse
Yay! (Now, watch your GT-I9505G be one of those few Samsung devices Substrate detects as incompatible ;P. Samsung has so many model numbers that all map to the same high-level marketing names that it's difficult to keep track of what's what. If that happens, and you are interested in helping out, I can implement one of my alternative injectors quickly for you to work with.)
saurik said:
Yay! (Now, watch your GT-I9505G be one of those few Samsung devices Substrate detects as incompatible ;P. Samsung has so many model numbers that all map to the same high-level marketing names that it's difficult to keep track of what's what. If that happens, and you are interested in helping out, I can implement one of my alternative injectors quickly for you to work with.)
Click to expand...
Click to collapse
It installed just fine, quickly and with no apparent issues
winterboard, however rendered neither theme I chose correctly, wondering if its the themes though.... Didn't get a logcat and then I hosed my system last night messing around too much, so I started fresh and haven't gotten back to substrate and wb yet....I'll be back to it withing a couple of hours
Sent from my GT-I9505G using Tapatalk
substrate source code
Saurik,
I've been dabbling some with Cydia Substrate and it seems to offer a lot of unique possibilities for Android apps.
Do you have any plans to release the source code for this like you did on iOS? I'd be very curious to learn more about how it works. Also, is there a link to your talk from the Android Open conference?
Thanks,
Fred
(Ugh. I have no clue how people keep up with a forum, especially with the website as slow to load every page as it is ;P.)
fjones8856 said:
Do you have any plans to release the source code for this like you did on iOS? I'd be very curious to learn more about how it works.
Click to expand...
Click to collapse
I currently do have an intention to release the source code, but I'm not certain under what license (all of the licenses I normally use don't solve the specific issues related to Substrate). That said, no one seems to care much about Substrate on Android: on iOS people tend to (almost to a level of it being a problem) jump on new solutions to evaluate constantly, whereas on Android people seem to just snark "we already have X" even when there are compelling advantages to a replacement. Given this situation, I am highly unmotivated to spend the time to figure out the right solution, given that in a way Substrate is "my magnum opus": it is the culmination of the research and experience of so many years of my life, that passing up the ability to license it to the companies that sometimes talk to me about that (for either enterprise wrapping or security) to satisfy a group of people who are mostly asking for the source code specifically to replicate the technique *and then avoid using Substrate*, makes very little sense.
On the project side of it, Substrate on iOS only ever received a single code contribution from someone I wasn't already so close with that I was sharing code already. It isn't even the kind of project that one would expect getting many contributions: it is more of a backend technology, and the extent to which it has a GUI is actually a bug (I intend for it to be 100% seamless as part apps that use it: Substrate on iOS does not have a GUI and never will have a GUI, and that's how I think it really should work on Android as well, but of course right now I need the silly Install button). If anything, on iOS, we often end up with random companies that want to "own the scene", which ends up with them forking Substrate in ways that cause platform incompatibilities for other developers: Substrate on iOS has thereby actually been closed source now for almost two years, and it has actually improved the stability of the platform. I thereby am somewhat loath to "repeat the same mistakes from before" and end up with forks.
fjones8856 said:
Also, is there a link to your talk from the Android Open conference?
Click to expand...
Click to collapse
There was no recording of the actual talk, just of the keynote introduction that I already link to from my website. In the talk I walked people through a demonstration of using an early version of the JNI-level Substrate API, and showed how it worked (which was very simple at the time). In essence, I demonstrated, with my exact code on the projection, the technique that Xposed started using half a year later (which is just "oh, I'll change the contents of this Method object, as apparently the runtime doesn't care if the Method is allocated as part of a Class; if I do it right I can simulate registerNatives") and the most obvious way of implementing MSJavaHookClassLoad (which--for the really really low-level API I had at the time, on pre-4.0 VMs that didn't have complex JNI stacks--is clearly "MSHookFunction the class load and provide a callback"). Everything is going to be new for ART, though: the techniques are going to have to be much more sophisticated (which I'm excited by, as this is a game changer).
Pm sent
Sent from my GT-I9505G using Tapatalk

API vs Firmware (OS)

Hello guys!
I am new to this world completely! So please forgive my naive questions if they sound as such.
I was having a debate with an instructor of mine about iOS vs Android, and as I started criticizing Android for its fragmentation problem, my instructor started defending Android in that Android's latest move towards pushing an updated API to most of its user-base could very well negate the shortcomings of its firmware (OS) varieties. The main reason for this debate was me stating that if Apple decides to compete against google in advertising, it may reach almost all of its users through an 'unchallengeable' advantage as almost all of them run on the same OS, whereas if Android were to similarly display it ads on built-in apps as well as external apps provided by developers in Android's Appstore (ads provided by these two companies not developers, and pushed via developer-app by purchasing ad-space within their apps), Android wont be able to reach its users as iOS due to fragmentation. He ended up challenging me: if I find him a way in which iOS' firmware would create a barrier against Android's API, he'd give me 10 bonus points at the end of the semester, and if I fail, he'll cut 10 points from my final result!! Question, therefore, is: if these two giants decide to dog-fight in advertising, how could Apple exploit Android's fragmentation issue despite Android's API which could reach its old and new firmwares?
Kindly know that none of us are developers as we both specialize in business. We just happen to have huge interest in tech, especially in Apple vs Google, iOS vs Android!
Despite my lack of technical knowledge, I accepted the challenge because its sounds rather counter-intuitive, to me, that Android's API wouldn't be tackled if Apple decides to play dirty through its OS-unified (almost) user base. Why go through the hassle of overhauling the firmware if a simple fix as API could bridge the gap?!
A solution with very thorough explanation would be very much welcome and appreciated!
Thanks in advance.

Non-emergencey contact to personal device security research institutes collaborative thread

This posts here to increase the effect of sending my phones and other devices targetedly hacked files and file contents to the correct places to help forward the progress of patching the in routes and exploits used to conmlrimise my devices. im not mass generically hacked like all content marketing oriented loa pricepoint device users are. im also targetedly hacked, being a poster of evidence of organized crime. how i know this is surveying the various search results of numerous parts of code grep'd through for everything from 'usually' to 'when the' and the like and finding undocumented code); analytics traces reports screenshots etc i need to send to the correct agencies labs and engineers to effetiely take an opportunity one rarely has, not a whole lot more luck needed just to expose what ive found to get help swnding it all to the right researchers.., here to also overstep and des mceibe a social engineerig aspect to this criminal co-perogative that seems to be boiled down to a method or science always changing specific tech understanding apartide line that one would say would be inperceptible if not being lóoked for. These effects are already known, ask any journalist or researcher whos benefitted from the use of tor. do u ever get o ly search results fro. 2013 2014? ueah thats not right its 2022 and those are whats been whiddled down as passable as results to you that will derail your presumptive expectation to find usefull relevant info. like free black market oligarchay totalitarianiasm censorship of good info by masses of evil black hearted tyranical rulers. What is or was being done was not unlike untargeted hacking, wasnt unlike stalking, wasnt unlike gaslighting, was engineered by heinous psychologists under a larger tech side of a harasment as a service outfit utilizing specific individually itemized psychological attacks managed and administered from a heirerarchal chain of command involong hassers unbeknownst (effectively anyone), and salaried operative sabetuer assailant rights violators harassers, being orchestrated by a few headpieces workong to effect intimidation, harm, debilitation, eventual ruin of targets. im a lucky one to have escaped their heretounforsceen murderous grasp... technical implementation and phychological advice, and the client criminal operations, all likley make io the types involved.. and some .MOs? . A score is kept of each targets perceptable work toward outing the criminal client(most dont continually announce display post what they know under threat to their familys, i fly in the face of these intimidations and threats as ofton as possible, or as necessary. they especoally anger me and i ofton
make sure to give a speech about it if needed bwcause id say thaTs the proverbial time and place for that
the stalker or stalkers will note it all and interfere suggesting or positing jackassedly outloud (the two harasser grouping lends to this) which is being pumped as audio to the tatget , only filtered down to narrow effective frequency bands of audible sound. a effort to disturb distract frustrate is debilitating especially at length. i have audio recorsdngs of this subliminal harassment,¹¹¹i will post and have posted online. Undocmentble and likely undocumented (ie unprovable) aspects of reality, of which there are many, are derived contrieved etc by the stalkers one after the next and projected subliminally to the target as heassments, threats, psychosis induction, all to kéep reports from going to police, knowlede of anythining relevant or related from being learned basically preventing anything the target might do in the course of a day,, randomly or specifically or especially if ostensibly they were heading to the police station printing store etc. a target has to endure : Internet is filtered
friends are threatened and harssed the programs on anyones phone in the vicinity re beiing montoped to know if recording or video apps start running. Im not the only person who knows bout what i videod and posted, many involved are plausibly victims, many benefiting, profiting, buying àre monstors heartless soulless murderous enemys to mankind. How i got targeted? i was attacked by two guards at a high rise, recorded it incidentally, posted it online, in the bckground is evidence of the activities of aug fifteenth sixteenth twentyeighteen, some largescale illegal sex crime party for high rolling invertebrate clients, and not just in the background, but my interactions with the guards upclose are all evidence and the 15 mins of video as i exited the vicinity all contain evidence. They usually keep anything like video taken on a cell phone contained and from ever reaching the net, but i was recording to disk and feeling extra like it was a miracle i survived the attack gonna take the disk out for safe keeping minded also, gonna post immediately minded after evading immedite stalker harassers traveled on foot strategizing for 12 hours, went forward in visiting an art school campus, visiting the library and uploading over a simple Vpn to youtube (browser built in one if i remember correctly). My civil rights activism prior to this gave me some ability to evade gang stalker harassments, and all in all i had been being targeted digitally and had some upload strategy to use because of the same, the civil rights and land use activism i was doing videoing and posting. So the stops were pulled and full scale cmpaigns were deployed to psychologically or otherwise send me into ruin in a way that would be indetectible in any way as being foul play or at least un reportably or documentably, because tens if not hindreds had to have noticed the oddities of patterns and diversions from the norms of everything everywhere variousley i frequented. stalkers effirts were all made with intention to have effect but also to effectively obscure what was being done, why, what crime there was to reported if any, and any routes or reasons provable that i might have to seek relief from foundations for the crimes against me, so as to be able to persist and continually attack playing any and all angles of various of psychological and physiological attacks through incetivatized or otherwise achieved malfunction or alternate to normal operation of things ... this is where conputers come in, my devices were and still are if im being realistic used for and integral in facilitating this, but not without a lot of code paper trail i was expected not ever to be able to ascertain knowledge of or obtain. Largescale distributed obscured attack on individual targets isnt always viable, but ofton is it would seem... In the curse of weathering this attack i achieved slowely progress in my life , trancendance above and beyond the thercheous pitfalls and all that laid out figuritvely to ensnare me, and have atained for myself many if not a few more of my life goals as well. I have explained and exposed the immediate harassments and stalking to those being subjected to its immediate and side effects, and a page long list of other focused intentional sometimes subtle corrective or stimulating vitalization of some sort to the social and interpersonal climate within which i live life ive been, seeing as how it was being accurely poluted. it wasnt always easy or obvious but certainly something of the needed necessary and natural reaction type of measure i believe either way i know i have succeeded in the various ways i went about keeping my life from falling apart. Somewhere in these outcomes, milemarkers, graduations and self afirmations i categorically became, non susceptible to a certain category of sheer wall affront to a person who is targeted. socially, technically, socially correctovely, verbally, orationally, (speech giving?), attritionally effectively strategically, in one too many ways they cant effect their zero click exploit on one Kyle Varela, as it were, and now im here, right pretty much where id be, only here in my hand is alot of the info needed to disenfranchise those who this computer based evasion of my privacy and much worse was undertaken by, to help potentionally a lot of people, to help the world operate one incriment less innificiently... But i have to delve into realms unknown to turn in the files and doing so will continue to make it self aparent in its non accomplishability approached alone by just me. ...Leading to my posts reason.
Stated: source help, advice, and leads into and about the most suspicious of the many entrys and code snippets within the uploaded files all taken from systems i was using, and i believe is likley to contain evidence provingthY the disfunctionalityt of my devices software and hardware was intentional identifiable and ultimately hopefully reportable and patchable.
This post will be finished with attachments after getting initial post up. Just a moment

Categories

Resources