This is work done by clockworx which can originally be found: http://forum.xda-developers.com/showthread.php?t=877752
I just grabbed the original patch and merged it into 1.1.0 framework.jar; and I'm posting this here for reference on how to patch framework.jar in future B&N releases.
Things you'll need:
APKtool(by brutall): http://code.google.com/p/android-apktool/
framework.jar: Just grab it from the official sideload update.zip
Patch: http://dl.dropbox.com/u/9992367/TelephonyManager.patch
Pastebin: http://pastebin.com/4gxqHw6B
How-to:
You'll need to decompile the framework.jar from the sideload update.zip.
Create a separate folder to do all of this.
Code:
apktool d framework.jar
Should output:
Code:
I: Baksmaling...
I: Copying assets and libs...
Then you'll grab the above patch, and copy it to /framework.jar.out/smali/android/telephony/
Code:
cp TelephonyManager.patch /framework.jar.out/smali/android/telephony/TelephonyManager.patch
Then cd to the directory, and patch the file!
Code:
cd framework.jar.out/smali/android/telephony
patch -p0 -E < TelephonyManager.patch
output:
Code:
patching file TelephonyManager.smali
and you're done patching the file!
Remove the patch file before continuing!
You'll now need to build framework.jar again. Go back to the initial directory and run:
Code:
apktool b framework.jar.out
output:
Code:
I: Checking whether sources has changed...
I: Smaling...
W: Could not find resources
I: Building apk file...
Don't worry about the warning about not finding resources, it's expected.
And thats about it.
Here's the patched framework.jar for 1.1.0 that's already included in IOMonsters rootpack: http://dl.dropbox.com/u/9992367/framework.jar
Hopefully this will be a valuable reference in the future!
Credits:
Clockworx
brut.all
Full patch, visualized:
(for analysis)
Code:
--- TelephonyManager.smali 2011-02-15 16:14:11.000000000 -0600
+++ TelephonyManager.smali 2011-02-02 19:17:21.000000000 -0600
@@ -82,6 +82,8 @@
.field private static final TAG:Ljava/lang/String; = "TelephonyManager"
+.field private static final TAG_CWX:Ljava/lang/String; = "CLOCKWORX"
+
.field private static sInstance:Landroid/telephony/TelephonyManager;
@@ -687,52 +689,73 @@
.end method
.method public getDeviceId()Ljava/lang/String;
- .locals 3
+ .locals 5
.prologue
- const/4 v2, 0x0
+ .line 191
+ const-string v0, "35828001"
- .line 187
- :try_start_0
- invoke-direct {p0}, Landroid/telephony/TelephonyManager;->getSubscriberInfo()Lcom/android/internal/telephony/IPhoneSubInfo;
+ .line 192
+ .local v0, fakeDevId:Ljava/lang/String;
+ new-instance v1, Ljava/util/Random;
- move-result-object v1
+ invoke-direct {v1}, Ljava/util/Random;-><init>()V
- invoke-interface {v1}, Lcom/android/internal/telephony/IPhoneSubInfo;->getDeviceId()Ljava/lang/String;
- :try_end_0
- .catch Landroid/os/RemoteException; {:try_start_0 .. :try_end_0} :catch_0
- .catch Ljava/lang/NullPointerException; {:try_start_0 .. :try_end_0} :catch_1
+ .line 193
+ .local v1, randomGenerator:Ljava/util/Random;
+ new-instance v2, Ljava/lang/StringBuilder;
- move-result-object v1
+ invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V
- .line 191
- :goto_0
- return-object v1
+ invoke-virtual {v2, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
- .line 188
- :catch_0
- move-exception v1
+ move-result-object v2
- move-object v0, v1
+ const v3, 0xf4240
- .local v0, ex:Landroid/os/RemoteException;
- move-object v1, v2
+ invoke-virtual {v1, v3}, Ljava/util/Random;->nextInt(I)I
- .line 189
- goto :goto_0
+ move-result v3
- .line 190
- .end local v0 #ex:Landroid/os/RemoteException;
- :catch_1
- move-exception v1
+ invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
- move-object v0, v1
+ move-result-object v2
- .local v0, ex:Ljava/lang/NullPointerException;
- move-object v1, v2
+ invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
- .line 191
- goto :goto_0
+ move-result-object v0
+
+ .line 203
+ const-string v2, "TAG_CWX"
+
+ new-instance v3, Ljava/lang/StringBuilder;
+
+ invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
+
+ const-string v4, "Generated:"
+
+ invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
+
+ move-result-object v3
+
+ invoke-virtual {v3, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
+
+ move-result-object v3
+
+ const-string v4, "."
+
+ invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
+
+ move-result-object v3
+
+ invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
+
+ move-result-object v3
+
+ invoke-static {v2, v3}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
+
+ .line 204
+ return-object v0
.end method
.method public getDeviceSoftwareVersion()Ljava/lang/String;
@@ -1139,70 +1162,20 @@
.end method
.method public getPhoneType()I
- .locals 3
+ .locals 2
.prologue
- .line 282
- :try_start_0
- invoke-direct {p0}, Landroid/telephony/TelephonyManager;->getITelephony()Lcom/android/internal/telephony/ITelephony;
-
- move-result-object v1
-
- .line 283
- .local v1, telephony:Lcom/android/internal/telephony/ITelephony;
- if-eqz v1, :cond_0
-
- .line 284
- invoke-interface {v1}, Lcom/android/internal/telephony/ITelephony;->getActivePhoneType()I
-
- move-result v2
-
- .line 296
- .end local v1 #telephony:Lcom/android/internal/telephony/ITelephony;
- :goto_0
- return v2
-
- .line 287
- .restart local v1 #telephony:Lcom/android/internal/telephony/ITelephony;
- :cond_0
- invoke-direct {p0}, Landroid/telephony/TelephonyManager;->getPhoneTypeFromProperty()I
- :try_end_0
- .catch Landroid/os/RemoteException; {:try_start_0 .. :try_end_0} :catch_0
- .catch Ljava/lang/NullPointerException; {:try_start_0 .. :try_end_0} :catch_1
+ .line 318
+ const-string v0, "CLOCKWORX"
- move-result v2
+ const-string v1, "Returning 1."
- goto :goto_0
+ invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
- .line 289
- .end local v1 #telephony:Lcom/android/internal/telephony/ITelephony;
- :catch_0
- move-exception v2
-
- move-object v0, v2
-
- .line 292
- .local v0, ex:Landroid/os/RemoteException;
- invoke-direct {p0}, Landroid/telephony/TelephonyManager;->getPhoneTypeFromProperty()I
-
- move-result v2
-
- goto :goto_0
-
- .line 293
- .end local v0 #ex:Landroid/os/RemoteException;
- :catch_1
- move-exception v2
-
- move-object v0, v2
-
- .line 296
- .local v0, ex:Ljava/lang/NullPointerException;
- invoke-direct {p0}, Landroid/telephony/TelephonyManager;->getPhoneTypeFromProperty()I
-
- move-result v2
-
- goto :goto_0
+ .line 319
+ const/4 v0, 0x1
+
+ return v0
.end method
.method public getSimCountryIso()Ljava/lang/String;
Deca, anyway to move files with root explorer? I am lazy.
bdcrim said:
Deca, anyway to move files with root explorer? I am lazy.
Click to expand...
Click to collapse
lol, no. You need to decompile framework.jar to be able to patch telephony manager to generate an AndroidID
This patch file does not work with the framework.jar for NF. Could we get an updated patch file? Or the method on how the patch file was created?
brianf21 said:
This patch file does not work with the framework.jar for NF. Could we get an updated patch file? Or the method on how the patch file was created?
Click to expand...
Click to collapse
The patch file itself will give you an idea of what needs to be done. There are a lot of differences between the 2.1 Telephony Manager and the 2.2(NF) Telephony Manager so you'll have to take those things into account when merging them in.
Decad3nce said:
The patch file itself will give you an idea of what needs to be done. There are a lot of differences between the 2.1 Telephony Manager and the 2.2(NF) Telephony Manager so you'll have to take those things into account when merging them in.
Click to expand...
Click to collapse
When i did, i was getting a 15 digit IMEI number error in logcat when i opened thr market.
Huh, I had no idea this was still in use
I might be able to do a 2.2 version over weekend if no one else gets around to it (on the road currently and my Dev tools are back at home)
Also, at some point I need to have it save to a SqlDB. Right now it generates a new one each request, which doesn't matter for most people since you only get the Android ID once, but I did see a thread complaining that their app validated by IMEI and it generated a new one each time. Oops!
For what it's worth, I've never had to use a hacked framework.jar for NF, otherwise I would have done one already. Does anyone have a further description of why they want it? The main purpose this was used for was to make Market/Talk work, and they both work for me in NF out of the box.
Just wanted to say thanks for the patch. After I replaced my framework.jar with the patched one. Some apps that were FC'ing now runs. Especially my NBA Gametime is back up and running. Some of my GAMELOFT HD games that were FC'ing is also running as well now. Guess it has to do with the app looking for an AndroidID.
Stock 1.1.0 Rooted
Update: My apps work now but it broke my stock B&N shop. Goes to a black screen after loading. Im able to exit out of it. What could be causing this?
Edit: Neva mind. Seems that the modified framework didn't include the META and preloaded-class files from my original framework.jar. Guess shop is dependent on it somehow. Everything works now. Thanx again.
Little bit confused...
1) What problem(s) does this address?
2) Will this fix my current inability to use the web-based market?
3) Can we simply replace our framwork.jar file with the one in the OP, or do we have to compile our own? What directory is it in?
Note: I used the unofficial AN3.0 on top of stock 1.1 to root and install gapps...
Thanks ahead of time!
Not working in Windows
Okay, I have the file decompiled but there is nothing to execute "patch" on my Windows system. Where do I get the tool to do the actual patching. Or how do you do the patch in Windows?
jboxer said:
Okay, I have the file decompiled but there is nothing to execute "patch" on my Windows system. Where do I get the tool to do the actual patching. Or how do you do the patch in Windows?
Click to expand...
Click to collapse
Just google for UnxUtil or GNUWin32.
Sent from my "NookDroid" using XDA App
racks11479 said:
Just google for UnxUtil or GNUWin32.
Sent from my "NookDroid" using XDA App
Click to expand...
Click to collapse
Okay. I did that and tried to patch the file but I got the following error:
patching file `TelephonyManager.smali'
Assertion failed: hunk, file patch.c, line 321
What do I need to do to fix this problem?
Thanks again for your help.
Any chance of getting a pre-patched framework.jar for 1.1.0? I'm on a road trip and don't have access to a computer with the necessary setup to do this.
i replaced my framework.jar with the one provided by decadence, and, as racks11479 suggested i also added the META-INF and the preloaded-class from my original file.
it works, it also fixed my gameloft games problems, but now it takes a lot more time when booting and once booted, the startup time (show my homescreen) also takes longer. i have rebooted 3 times to check if the delay dissapear, but no....
is there any logical explanation for this behaviour?
Strange. Because mine only delayed the first time after replacing my framework.jar file. Seems fine since. I've just rebooted again to make sure. And no delay whatsoever. Not sure what could be causing your problem.
Please excuse my ignorance, but what exactly does this patch provide? Is it for stability issues with the stock eclair rom?
Also want to confirm that since the framework patch. My XDA app is surviving login like it used to on 1.0.1.
I understand that this was an issue with the 1.1.0 release.
Stock 1.1.0 rooted.
Sent from my "NookDroid" using XDA App
don_ernesto said:
i replaced my framework.jar with the one provided by decadence, and, as racks11479 suggested i also added the META-INF and the preloaded-class from my original file.
it works, it also fixed my gameloft games problems, but now it takes a lot more time when booting and once booted, the startup time (show my homescreen) also takes longer. i have rebooted 3 times to check if the delay dissapear, but no....
is there any logical explanation for this behaviour?
Click to expand...
Click to collapse
The first boot, yes, as it would force a dalvik cache rebuild, but on subsequent boots no
paleh0rse said:
Little bit confused...
1) What problem(s) does this address? ie. What is this for??
2) Can we simply replace our framwork.jar file with the one in the OP, or do we have to compile our own? What directory is it in?
Note: I used the unofficial AN3.0 on top of stock 1.1 to root and install gapps...
Thanks ahead of time!
Click to expand...
Click to collapse
Anyone? Please?
Related
I saw the that from http://bbs.lidroid.com/t-64175-1-1.html
Now I'll translate it to english so that you can know it.
It'very easy to a developer I think .
We should decode our systemui.apk and modify SystemUI/smali/com/android/systemui/statusbar/StatusBarService.smali
search QuickSettingsView ,and change
Code:
const v7, 0x7f030002
invoke-static {p1, v7, v9}, Landroid/view/View;->inflate(Landroid/content/Context;ILandroid/view/ViewGroup;)Landroid/view/View;
move-result-object v3
check-cast v3, Lcom/android/systemui/statusbar/quickpanel/QuickSettingsView;
.line 379
.local v3, qsv:Lcom/android/systemui/statusbar/quickpanel/QuickSettingsView;
to
Code:
const v7, 0x3030003
invoke-static {p1, v7, v9}, Landroid/view/View;->inflate(Landroid/content/Context;ILandroid/view/ViewGroup;)Landroid/view/View;
move-result-object v3
check-cast v3, Lcom/lidroid/systemui/quickpanel/PowerWidget;
.line 394
.local v3, qsv:Lcom/lidroid/systemui/quickpanel/PowerWidget;
invoke-virtual {v3}, Lcom/lidroid/systemui/quickpanel/PowerWidget;->setupWidget()V
then decode LidroidSystemUI.apk ,copy the files under LidroidSystemUI/smali
(com and lidroid) to SystemUI/smali
the last step is repack the systemui and put the lidroid-res.apk to /system/framework and put systemui.apk and QuickPanelSettings.apk into system\app .
by this we can get a statusbar taggles like cm7 . Now I wonder if any one can port it to our x10 .
My english is so poor , so …
nice find there buddy i'll have a look tomorro
there is more to ir that just copying the smali in have to update the public res with all new id's then update all teh smali with the matching codes
like i said i'll do it tomorrow if i can make it work i'll let ya know.
Pvy.
Is there a way to remove the home button lag without using a jkay theme? Don't get me wrong, I think jkay is fantastic, but I'm having problems with it, not to mention I only want this one feature, cheers!
Sent from my GT-I9100 using XDA App
Hi. Sure... Here is the original thread: http://forum.xda-developers.com/showthread.php?t=1227479
[Fix] Decrease home button lag
Sent from my GT-I9100 using xda premium
_JKay_ said:
Hi. Sure... Here is the original thread: http://forum.xda-developers.com/showthread.php?t=1227479
[Fix] Decrease home button lag
Sent from my GT-I9100 using xda premium
Click to expand...
Click to collapse
Thank you!
Sent from my GT-I9100 using XDA App
okmijnlp said:
Thank you!
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
There's also a method for ICS firmwares posted by a commenter on Wanamlite's firmware site. Here's a copy and paste of it:
Code:
Here are the instructions to get rid of the +- 50ms home button lag due to the annoying Vlingo. Do this at your own risk.
0. Make a backup. Make a backup. Make a backup.
1. get android.policy.jar
2. extract classes.dex from it
4. use baksmali to decompile classes.dex
5. open bar/com/android/internal/policy/impl/PhoneWindowManager.smali
6. find .line 2048
7. find .line 2050
8. check the patch, and apply it. Note that the exact symbols might change between firmwares. So apply the patch manually. The important part is to remove the if statement that eventually invokes addAction. And second important part is to ensure that the launchHomeFromHotKey is invoked.
— PhoneWindowManager.smali 2012-03-22 19:59:19.000000000 +0100
+++ foo.smali 2012-03-22 19:59:06.000000000 +0100
@@ -7551,80 +7551,7 @@
.line 2048
:cond_15d
- const-string v36, “GT-I9100″
-
- const-string v37, “SGH-I727R”
-
- invoke-virtual/range {v36 .. v37}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
-
- move-result v36
-
- if-nez v36, :cond_1a4
-
- const-string v36, “GT-I9100″
-
- const-string v37, “YP-GB70D”
-
- invoke-virtual/range {v36 .. v37}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
-
- move-result v36
-
- if-nez v36, :cond_1a4
-
- const-string v36, “GT-I9100″
-
- const-string v37, “SGH-T769″
-
- invoke-virtual/range {v36 .. v37}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
-
- move-result v36
-
- if-nez v36, :cond_1a4
-
- .line 2050
- const/16 v36, 0×3
-
- move/from16 v0, v19
-
- move/from16 v1, v36
-
- if-ne v0, v1, :cond_1a4
-
- move-object/from16 v0, p0
-
- iget-object v0, v0, Lcom/android/internal/policy/impl/PhoneWindowManager;->mHoldKeyConcept:Lcom/android/internal/policy/impl/PhoneWindowManager$HoldKeyConcept;
-
- move-object/from16 v36, v0
- const/16 v37, 0×3
-
- invoke-virtual/range {v36 .. v37}, Lcom/android/internal/policy/impl/PhoneWindowManager$HoldKeyConcept;->isSystemKeyEventRequested(I)Z
-
- move-result v36
-
- if-nez v36, :cond_1a4
-
- .line 2051
- move-object/from16 v0, p0
-
- iget-object v0, v0, Lcom/android/internal/policy/impl/PhoneWindowManager;->mHomeKeyDoubleClickConcept:Lcom/android/internal/policy/impl/PhoneWindowManager$HomeKeyDoubleClickConcept;
-
- move-object/from16 v36, v0
-
- invoke-virtual/range {p2 .. p2}, Landroid/view/KeyEvent;->getAction()I
-
- move-result v37
-
- move-object/from16 v0, v36
-
- move/from16 v1, v37
-
- move/from16 v2, v26
-
- invoke-virtual {v0, v1, v2, v5}, Lcom/android/internal/policy/impl/PhoneWindowManager$HomeKeyDoubleClickConcept;->addAction(IIZ)V
-
- .line 2060
- :cond_1a4
const/16 v36, 0×3
move/from16 v0, v19
@@ -7672,6 +7599,8 @@
if-nez v8, :cond_28d
+ invoke-virtual/range {p0 .. p0}, Lcom/android/internal/policy/impl/PhoneWindowManager;->launchHomeFromHotKey()V
+
.line 2071
const/16 v36, 0×0
9. save the file
10. recompile the result back to classes.dex
11. rebuild android.policy.jar
12. put the android.policy.jar back
Phone should reboot now. After reboot, the packages have to be reoptimized. Afterwards, enjoy the lagfree home-button click.
Just for the sake of transparency Here is a quick rundown of the process for everyone to see.
High level overview:
1. ) baksmali classes.dex from NfcNci.apk
2. ) Mod the resulting smali.
3. ) smali, and inject back into NfcNci.apk
Since this is the dev section I will focus on step 2 you can read about steps 1 and 3 elsewhere. For the sake of this example I will be working with the system dump from the original release of the gt-i9505g (S4 Google Edition) System Software.
What you are looking for is this function contained in the NfcIntegrityChecker class:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
If we track back the exception error message that comes up in the debug log ("Client module is tampered"), you will see that the text is contained in the NfcService class within the function ".method public enforceNfcIntegrity()V"
Code:
.method public enforceNfcIntegrity()V
.locals 3
.prologue
.line 470
iget-object v1, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
monitor-enter v1
.line 471
:try_start_0
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
invoke-virtual {v0}, Lcom/android/nfc/NfcIntegrityChecker;->getStatus()I
move-result v0
const/4 v2, 0x3
if-ne v0, v2, :cond_0
.line 472
new-instance v0, Ljava/lang/SecurityException;
const-string v2, "NfcIntegrityChecker is not on the proper status"
invoke-direct {v0, v2}, Ljava/lang/SecurityException;-><init>(Ljava/lang/String;)V
throw v0
.line 480
:catchall_0
move-exception v0
monitor-exit v1
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
throw v0
.line 475
:cond_0
:try_start_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
invoke-virtual {v0}, Lcom/android/nfc/NfcIntegrityChecker;->getStatus()I
move-result v0
const/4 v2, 0x2
if-eq v0, v2, :cond_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
const-string v2, "client"
invoke-virtual {v0, v2}, Lcom/android/nfc/NfcIntegrityChecker;->checkIntegrity(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_1
iget-object v0, p0, Lcom/android/nfc/NfcService;->mIntegrityChecker:Lcom/android/nfc/NfcIntegrityChecker;
const-string v2, "clientlib"
invoke-virtual {v0, v2}, Lcom/android/nfc/NfcIntegrityChecker;->checkIntegrity(Ljava/lang/String;)Z
move-result v0
if-nez v0, :cond_2
.line 478
:cond_1
new-instance v0, Ljava/lang/SecurityException;
const-string v2, "Client module is tampered"
invoke-direct {v0, v2}, Ljava/lang/SecurityException;-><init>(Ljava/lang/String;)V
throw v0
.line 480
:cond_2
monitor-exit v1
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.line 481
return-void
.end method
If we follow the flow of the application we see that the code for this failure is only reached if the function call to
Code:
checkIntegrity(Ljava/lang/String;)Z
returns false, or the status is not properly set. (the 'Z' at the end means it returns a boolean).
There are two ways to handle this. We can either patch out the call to checkIntegrity entirely (jump over it, or literally remove the calls), or we can modify the checkIntegrity function so that it always returns true.
So, let's look at the checkIntegrity function:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 11
.parameter "type"
.prologue
const/4 v10, 0x2
const/4 v9, 0x1
const/4 v8, 0x0
.line 293
iget-object v5, p0, Lcom/android/nfc/NfcIntegrityChecker;->mModuleMap:Ljava/util/HashMap;
invoke-virtual {v5, p1}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v2
check-cast v2, Ljava/util/ArrayList;
.line 294
.local v2, modules:Ljava/util/ArrayList;,"Ljava/util/ArrayList<[Ljava/lang/String;>;"
const/4 v1, 0x0
.line 295
.local v1, module:[Ljava/lang/String;
const/4 v3, 0x1
.line 296
.local v3, ret:Z
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v4
.line 298
.local v4, size:I
const/4 v0, 0x0
.local v0, i:I
:goto_0
if-ge v0, v4, :cond_2
.line 299
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v1
.end local v1 #module:[Ljava/lang/String;
check-cast v1, [Ljava/lang/String;
.line 301
.restart local v1 #module:[Ljava/lang/String;
if-eqz v1, :cond_0
array-length v5, v1
if-eq v5, v10, :cond_4
.line 302
:cond_0
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_1
const-string v5, "NfcIntegrityChecker"
const-string v6, "checkIntegrity module format error"
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 303
:cond_1
const/4 v3, 0x0
.line 314
:cond_2
:goto_1
if-nez v3, :cond_3
iput v10, p0, Lcom/android/nfc/NfcIntegrityChecker;->mStatus:I
.line 316
:cond_3
return v3
.line 307
:cond_4
aget-object v5, v1, v8
aget-object v6, v1, v9
invoke-direct {p0, v5, v6}, Lcom/android/nfc/NfcIntegrityChecker;->checkModuleIntegrity(Ljava/lang/String;Ljava/lang/String;)Z
move-result v5
if-nez v5, :cond_6
.line 308
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_5
const-string v5, "NfcIntegrityChecker"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "checkModuleIntegrity "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v8
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
const-string v7, " tampered : "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v9
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 309
:cond_5
const/4 v3, 0x0
.line 310
goto :goto_1
.line 298
:cond_6
add-int/lit8 v0, v0, 0x1
goto :goto_0
.end method
There is only one return statement, so this should be a simple matter of setting our value, and calling return. In some cases there is code that your application needs to run in order to function, so usually a light touch is a good idea, but in this case all of the code is there to run various checks so we can skip most of it.
The easiest way would be to replace the whole function with this:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 2
.parameter "type"
.prologue
const/4 v0, 0x1
return v0
.end method
But that method never sat right with me (old school c++ cracking I guess), so I prefer something like this:
add a goto, and modify the constant here:
.line 303
:cond_1
:goto_666
const/4 v3, 0x1
then add the following line to the beginning of the function (after the .prologue)
goto :goto_666
We end up with something like this:
Code:
.method public checkIntegrity(Ljava/lang/String;)Z
.locals 11
.parameter "type"
.prologue
const/4 v10, 0x2
const/4 v9, 0x1
const/4 v8, 0x0
goto :goto_666
.line 293
iget-object v5, p0, Lcom/android/nfc/NfcIntegrityChecker;->mModuleMap:Ljava/util/HashMap;
invoke-virtual {v5, p1}, Ljava/util/HashMap;->get(Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v2
check-cast v2, Ljava/util/ArrayList;
.line 294
.local v2, modules:Ljava/util/ArrayList;,"Ljava/util/ArrayList<[Ljava/lang/String;>;"
const/4 v1, 0x0
.line 295
.local v1, module:[Ljava/lang/String;
const/4 v3, 0x1
.line 296
.local v3, ret:Z
invoke-virtual {v2}, Ljava/util/ArrayList;->size()I
move-result v4
.line 298
.local v4, size:I
const/4 v0, 0x0
.local v0, i:I
:goto_0
if-ge v0, v4, :cond_2
.line 299
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->get(I)Ljava/lang/Object;
move-result-object v1
.end local v1 #module:[Ljava/lang/String;
check-cast v1, [Ljava/lang/String;
.line 301
.restart local v1 #module:[Ljava/lang/String;
if-eqz v1, :cond_0
array-length v5, v1
if-eq v5, v10, :cond_4
.line 302
:cond_0
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_1
const-string v5, "NfcIntegrityChecker"
const-string v6, "checkIntegrity module format error"
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 303
:cond_1
:goto_666
const/4 v3, 0x1
.line 314
:cond_2
:goto_1
if-nez v3, :cond_3
iput v10, p0, Lcom/android/nfc/NfcIntegrityChecker;->mStatus:I
.line 316
:cond_3
return v3
.line 307
:cond_4
aget-object v5, v1, v8
aget-object v6, v1, v9
invoke-direct {p0, v5, v6}, Lcom/android/nfc/NfcIntegrityChecker;->checkModuleIntegrity(Ljava/lang/String;Ljava/lang/String;)Z
move-result v5
if-nez v5, :cond_6
.line 308
sget-boolean v5, Lcom/android/nfc/NfcIntegrityChecker;->DBG:Z
if-eqz v5, :cond_5
const-string v5, "NfcIntegrityChecker"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "checkModuleIntegrity "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v8
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
const-string v7, " tampered : "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
aget-object v7, v1, v9
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 309
:cond_5
const/4 v3, 0x0
.line 310
goto :goto_1
.line 298
:cond_6
add-int/lit8 v0, v0, 0x1
goto :goto_0
.end method
confirmed working
thanks again!
This is great, thanks for your contribution!
So does the integrity check call only have to do with access to the secure element? Or does it also eliminate the need to spoof device model for compatibility purposes?
CPA Poke said:
This is great, thanks for your contribution!
So does the integrity check call only have to do with access to the secure element? Or does it also eliminate the need to spoof device model for compatibility purposes?
Click to expand...
Click to collapse
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Fenny said:
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Click to expand...
Click to collapse
I think that's what the existing Xposed Wallet hack modules do (watch for the read prop values originating from Wallet). But for whatever reason it won't intercept the calls on initial setup, which is why you have to actually change the build.prop prior to initially setting up Wallet.
Fenny said:
It is just for the secure element. You can modify the wallet apk to bypass things like root checking, model versions, and carrier checks as well. It looks like the xposed framework patch that has been floating around does some of this, but it doesn't seem to patch the calls to read the device properties for device ID and such.
In my testing, I was able to replace all of those calls in the wallet app with constant strings containing "valid" values. This would kind of suck to have to do for each update... Though It would be a simple enough matter to write a script to do this automagically for each update. (Baksmali, sed/awk to find and replace in the smali, and smali to classes.dex) or write an xposed module to watch for calls to read prop values originating from wallet.
Sent from my GT-I9505G
Click to expand...
Click to collapse
if you had time to add a how-to to bypass root checking, model version and carrier check, I'd update it every time. wouldn't be a problem and I'd be happy to help out.
mrvirginia said:
if you had time to add a how-to to bypass root checking, model version and carrier check, I'd update it every time. wouldn't be a problem and I'd be happy to help out.
Click to expand...
Click to collapse
Bypassing Root:
Look at the com.google.android.apps.wallet.security.EnvironmentProperty class in the constructor method.
We're looking for this segment containing SU_COMMAND_LOCATIONS:
Code:
.line 70
new-array v0, v4, [Ljava/lang/String;
const-string v1, "/system/bin/su"
aput-object v1, v0, v3
const-string v1, "/system/xbin/su"
aput-object v1, v0, v2
sput-object v0, Lcom/google/android/apps/wallet/security/EnvironmentProperty;->SU_COMMAND_LOCATIONS:[Ljava/lang/String;
Note: These variable names change (v3, v4, etc...), usually they will be the const/4 numbers defined at the beginning of the method. Just make sure you use the one that contains 0.
Change this line from v4 (which contains the number 2)
Code:
new-array v0, v4, [Ljava/lang/String;
to v3 (which contains the number 0)
Code:
new-array v0, v3, [Ljava/lang/String;
Then simply delete the following lines:
Code:
const-string v1, "/system/bin/su"
aput-object v1, v0, v3
const-string v1, "/system/xbin/su"
aput-object v1, v0, v2
This will Set the environment property SU_COMMAND_LOCATIONS as an empty string array which will cause the checkDevice function in Lcom/google/android/apps/wallet/security/EnvironmentProperty$1 to simply break out of it's for loop and return 0 (which is what we want).
Bypassing device/carrier restrictions:
Here is a quick script I whipped up to replace the build prop calls automagically.
Usage would be something like:
Baksmali the classes.dex in your apk:
java -jar baksmali.jar your.apk -o outdir
Run the script (below):
/path/to/pwnprop.sh outdir
Do whatever other changes to the outdir directory.
Then smali:
java -jar smali.jar outdir -o classes.dex
Finally, winzip, lol. (If you actually use winzip imma kill you.)
The script:
Save this as pwnprop.sh (or whatever you feel like) and chmod +x
Code:
#!/bin/bash
do_replace ()
{
case $3 in
# Replace these with whatever device you want to clone.
MODEL)
ours="Galaxy Nexus";;
BRAND)
ours="Google" ;;
BOARD)
ours=""tuna"
ID)
ours="JDQ39E" ;;
PRODUCT)
ours="yakju" ;;
DEVICE)
ours="yakju" ;;
FINGERPRINT)
ours="google/yakju/maguro:4.2.2/JDQ39/573038:user/release-keys" ;;
*)
echo "Replacement property not defined: "$3" in "$1
return ;;
esac
sed -i 's{sget-object '$2', Landroid/os/Build;->'$3':Ljava/lang/String;{const-string '$2', "'$ours'"{g' $1
echo sed -i 's{sget-object '$2', Landroid/os/Build;->'$3':Ljava/lang/String;{const-string '$2', "'$ours'"{g' $1
}
OIFS=$IFS; IFS=$'\n'
for line in `grep -ro "[v0-9]*, Landroid/os/Build;->[A-Z]*" $ | sed 's{, Landroid/os/Build;->{:{'`
do
IFS=':'
temparray=($line)
if [ ${#temparray[@]} -eq 3 ]
then
do_replace $line
fi
IFS=$OIFS
done
CPA Poke said:
I think that's what the existing Xposed Wallet hack modules do (watch for the read prop values originating from Wallet). But for whatever reason it won't intercept the calls on initial setup, which is why you have to actually change the build.prop prior to initially setting up Wallet.
Click to expand...
Click to collapse
I think it actually just replaces the function that checks, "Is this device id allowed?" But for the initial setup the strings in build prop are sent to google where they can reject them server-side.
when trying to run the script, i keep getting a syntax error
pwnprop.sh: line 2: $'\r': command not found
pwnprop.sh: line 3: syntax error near unexpected token `$'\r''
'wnprop.sh: line 3: `do_replace ()
i'm doing:
bash pwnprop.sh classes
classes is my "outdir"
edit: alright, i've converted dos2unix. now i'm just getting errors that the file doesn't exist. argh, oh linux.
edit: zip has been updated to no longer check for su binary. still needs a device/carrier bypass restriction removed...
Fenny said:
I think it actually just replaces the function that checks, "Is this device id allowed?" But for the initial setup the strings in build prop are sent to google where they can reject them server-side.
Click to expand...
Click to collapse
Gotcha, that makes perfect sense.
mrvirginia said:
when trying to run the script, i keep getting a syntax error
pwnprop.sh: line 2: $'\r': command not found
pwnprop.sh: line 3: syntax error near unexpected token `$'\r''
'wnprop.sh: line 3: `do_replace ()
i'm doing:
bash pwnprop.sh classes
classes is my "outdir"
edit: alright, i've converted dos2unix. now i'm just getting errors that the file doesn't exist. argh, oh linux.
edit: zip has been updated to no longer check for su binary. still needs a device/carrier bypass restriction removed...
Click to expand...
Click to collapse
Make sure you have the sed, echo, and grep utilities installed and in your path.
Sent from my GT-I9505G
Fenny said:
Make sure you have the sed, echo, and grep utilities installed and in your path.
Sent from my GT-I9505G
Click to expand...
Click to collapse
i finally figured out what the problem was. iirc, i was running it as root or something. had the same problem when i tried using the Kitchen again a week or two ago and got it sorted so i'll attempt to run this again [hopefully] over the weekend and give everyone a working Wallet regardless of device so they won't have to do silly tweaks anymore with build.prop etc. thank you again, sir.
oh, did you ever figure out the SIM unlock issue?
Causes NFC to FC on official 4.3 with full wipe. Oddly, it works with dirty flash. Ideas?
[Edit]
Never mind. It was just a bad signature.
@ OP: this NfcNci mod works on TW firmware MF8.
maanz said:
@ OP: this NfcNci mod works on TW firmware MF8.
Click to expand...
Click to collapse
Good to hear. Sounds like this is a new feature in Samsung firmware. Still makes me wonder if non-samsung devices suffer the same fate. The function call is the same no matter which implementation of NfcNci you are using, but I suppose that each vendor's implementation of the integrity checks by necessesity will differ.
Sent from my GT-I9505G
@Fenny looks like Superuser (unsecure) check was removed from newest Wallet release on the Google Play Store
mrvirginia said:
@Fenny looks like Superuser (unsecure) check was removed from newest Wallet release on the Google Play Store
Click to expand...
Click to collapse
That is great news. Much less work to be done on it then.
Keep up the good work! You guys are close, I can feel it! I would offer to help this weekend, but I think I would just slow you down.
Sent from my Galaxy Nexus using XDA Premium 4 mobile app
What is this? Let me explain you. It will Bypass the signature checking of sony. Sometimes when we mod any system app and put it back in to system with correct permission but the app doesn't work or doesn't install or force closes. Or Some of the apps from other sony device like Z1, Z Ultra, Z etc. are not installing in our phone even we put them in system with correct permission but they don't work. Most of the time these problems are happening because of signature checking.
Main Features :
Bypass Signature Checking
Works On Deodex And Odex System
Changelog :
v2.0.0 :
Based On Build Firmware Number 12.1.A.1.205
Works On Deodex And Odex System
Tutorial Updated
v1.0.0 :
Initial Release
Based On Build Firmware Number 12.1.A.0.256
Download :
v2.0.0 :
Bypass Signature Checking v2.0.0 By BDFreak Odex.zip
Bypass Signature Checking v2.0.0 By BDFreak Deodex.zip
v1.0.0 :
Bypass Signature Checking v1.0.0 By BDFreak.zip
How To Install :
v2.0.0 :
JellyBean 4.3 Firmware Build 12.1.A.1.205
Take nandroid backup
Download Bypass Signature Checking v2.0.0 By BDFreak Odex.zip or Bypass Signature Checking v2.0.0 By BDFreak Deodex.zip
Place it in your phones sdcard
Reboot into recovery
Install Bypass Signature Checking v2.0.0 By BDFreak Odex.zip or Bypass Signature Checking v2.0.0 By BDFreak Deodex.zip
Reboot your phone
Enjoy
v1.0.0 :
JellyBean 4.3 Firmware Build 12.1.A.0.256
Your rom should be DEODEXED (Click Here To Deodex)
Take nandroid backup
Download Bypass Signature Checking v1.0.0 By BDFreak.zip
Place it in your phones sdcard
Reboot into recovery
Install Bypass Signature Checking v1.0.0 By BDFreak.zip
Phone will reboot automatically
Enjoy
[16/06/2014][TUT]Bypass Signature Checking[4.3]
Here I will teach you How To Mod Your services.jar To Bypass Signature Checkin
Make sure you have a basic knowledge on how to compile/decompile .apk/.jar files.
Decompile services.jar
[*]Navigate to \com\android\server\pm
[*]Open PackageManagerService.smali file in file editor
[*]Search for .method static compareSignatures
[*]Original code looks like this (it can be different in different build of firmware)
Code:
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
.locals 7
.parameter "s1"
.parameter "s2"
.prologue
.line 2612
if-nez p0, :cond_1
.line 2613
if-nez p1, :cond_0
const/4 v6, 0x1
.line 2632
:goto_0
return v6
.line 2613
:cond_0
const/4 v6, -0x1
goto :goto_0
.line 2617
:cond_1
if-nez p1, :cond_2
.line 2618
const/4 v6, -0x2
goto :goto_0
.line 2620
:cond_2
new-instance v3, Ljava/util/HashSet;
invoke-direct {v3}, Ljava/util/HashSet;-><init>()V
.line 2621
.local v3, set1:Ljava/util/HashSet;,"Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
move-object v0, p0
.local v0, arr$:[Landroid/content/pm/Signature;
array-length v2, v0
.local v2, len$:I
const/4 v1, 0x0
.local v1, i$:I
:goto_1
if-ge v1, v2, :cond_3
aget-object v5, v0, v1
.line 2622
.local v5, sig:Landroid/content/pm/Signature;
invoke-virtual {v3, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z
.line 2621
add-int/lit8 v1, v1, 0x1
goto :goto_1
.line 2624
.end local v5 #sig:Landroid/content/pm/Signature;
:cond_3
new-instance v4, Ljava/util/HashSet;
invoke-direct {v4}, Ljava/util/HashSet;-><init>()V
.line 2625
.local v4, set2:Ljava/util/HashSet;,"Ljava/util/HashSet<Landroid/content/pm/Signature;>;"
move-object v0, p1
array-length v2, v0
const/4 v1, 0x0
:goto_2
if-ge v1, v2, :cond_4
aget-object v5, v0, v1
.line 2626
.restart local v5 #sig:Landroid/content/pm/Signature;
invoke-virtual {v4, v5}, Ljava/util/HashSet;->add(Ljava/lang/Object;)Z
.line 2625
add-int/lit8 v1, v1, 0x1
goto :goto_2
.line 2629
.end local v5 #sig:Landroid/content/pm/Signature;
:cond_4
invoke-virtual {v3, v4}, Ljava/util/HashSet;->equals(Ljava/lang/Object;)Z
move-result v6
if-eqz v6, :cond_5
.line 2630
const/4 v6, 0x0
goto :goto_0
.line 2632
:cond_5
const/4 v6, -0x3
goto :goto_0
.end method
[*]Replace the whole code with this
Code:
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
.registers 9
const/4 v0, 0x0
return v0
.end method
[*]Save the file
[*]Recompile your services.jar
Please Note :
Take backup before doing anything.
Your rom should be DEODEXED
Use Notepad++ to edit files.
Please read the tutorial properly befor editing files.
If you found any mistake in this tutorial then please let me know.
Naming it as superuser mod might be more well known
Sent from my C5306 using xda app-developers app
Sahaab said:
Naming it as superuser mod might be more well known
Sent from my C5306 using xda app-developers app
Click to expand...
Click to collapse
Done. Hope it's now ok.
Works on ICS 4.0.4 thanks a mil
Sent from my A500 using XDA Premium 4 mobile app
thanks man
is a useful instruction
working for app 4.1 on 4.3???(mean can use app 4.1 on 4.3)?
Good! 4 me fixing any app installing on 4.3
Wysłane z mojego C5303 przy użyciu Tapatalka
abbas_2010 said:
working for app 4.1 on 4.3???(mean can use app 4.1 on 4.3)?
Click to expand...
Click to collapse
No
hi
please update the 2st post ( i mean tut )
because in 4.3 build 205 , has different smali code from your tut
thanks
Changelog :
v2.0.0 :
Based On Build Firmware Number 12.1.A.1.205
Works On Deodex And Odex System
Tutorial Updated
Great great great great great great, I really needed that! thank you :good:
I can install rom v.4 ExistenZ xperia sp???
3du ibrahim said:
I can install rom v.4 ExistenZ xperia sp???
Click to expand...
Click to collapse
eXistenZ already this mod
@BDFreak please update this mode for build 207
thanks before
hamidreza2010 said:
@BDFreak please update this mode for build 207
thanks before
Click to expand...
Click to collapse
Already this mod from me
http://forum.xda-developers.com/showthread.php?p=51849794
jancsessz said:
Already this mod from me
http://forum.xda-developers.com/showthread.php?p=51849794
Click to expand...
Click to collapse
Hhhhmmm
Please upload single file
hamidreza2010 said:
Hhhhmmm
Please upload single file
Click to expand...
Click to collapse
Tomorrow upload okey?
jancsessz said:
Tomorrow upload okey?
Click to expand...
Click to collapse
No problem dear
Is this superusermode on build 207 be installed?
Hello Xda Users,
This Guide is for Adding Edge Panels To Latest Samsung UX Based Roms
What's Required:
*Apktool for Decompiling/Recompiling jars
*Notepad++ For Editing Smalis
Steps:
1. Open your " system/etc/floating_feature.xml " with Notepad++
And
Find The Following Code:
Code:
<SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE></SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE
<SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE_STRIPE></SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE_STRIPE>
REPLACE IT WITH:
Code:
<SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE>[COLOR="DarkGreen"]people,task,circle,panel[/COLOR]</SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE>
<SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE_STRIPE>[COLOR="darkgreen"]-1[/COLOR]</SEC_FLOATING_FEATURE_COMMON_CONFIG_EDGE_STRIPE>
Now you must use ApkTool to decompile/Make Changes to smalis/Recompile
*Use Tickle My Android Apktool or Any other Apktool
2. Now Decompile your " Services.jar "
Find Red Text and Add Green Lines:
LOCATE TO:
smali/com/android/server/SystemServer.smali
Click to expand...
Click to collapse
Open up "SystemServer.smali" with Notepad++
SEARCH FOR:
Code:
[COLOR="Red"]const-string/jumbo v6, "spengestureservice"[/COLOR]
YOU SHOULD SEE SOMETHING LIKE THIS:
Code:
const-string/jumbo v6, "spengestureservice"
new-instance v7, Lcom/android/server/smartclip/SpenGestureManagerService;
move-object/from16 v0, v218
invoke-direct {v7, v5, v0}, Lcom/android/server/smartclip/SpenGestureManagerService;-><init>(Landroid/content/Context;Lcom/android/server/wm/WindowManagerService;)V
invoke-static {v6, v7}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
:try_end_85
.catch Ljava/lang/Throwable; {:try_start_85 .. :try_end_85} :catch_53
:goto_57
const-string v6, "2"
invoke-static {v6}, Ljava/lang/Integer;->valueOf(Ljava/lang/String;)Ljava/lang/Integer;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/Integer;->intValue()I
move-result v192
const/4 v6, 0x2
move/from16 v0, v192
if-lt v0, v6, :cond_32
move-object/from16 v0, p0
iget-object v6, v0, Lcom/android/server/SystemServer;->mSystemServiceManager:Lcom/android/server/SystemServiceManager;
const-string v7, "com.android.server.aod.AODManagerService"
invoke-virtual {v6, v7}, Lcom/android/server/SystemServiceManager;->startService(Ljava/lang/String;)Lcom/android/server/SystemService;
:cond_32
:try_start_86
const-string v6, "SystemServer"
Now add the Green lines:
Code:
const-string/jumbo v6, "spengestureservice"
new-instance v7, Lcom/android/server/smartclip/SpenGestureManagerService;
move-object/from16 v0, v218
invoke-direct {v7, v5, v0}, Lcom/android/server/smartclip/SpenGestureManagerService;-><init>(Landroid/content/Context;Lcom/android/server/wm/WindowManagerService;)V
invoke-static {v6, v7}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
:try_end_85
.catch Ljava/lang/Throwable; {:try_start_85 .. :try_end_85} :catch_53
:goto_57
[COLOR="DarkGreen"]move-object/from16 v0, p0
iget-object v6, v0, Lcom/android/server/SystemServer;->mSystemServiceManager:Lcom/android/server/SystemServiceManager;
const-string v7, "com.android.server.cocktailbar.CocktailBarManagerService"
invoke-virtual {v6, v7}, Lcom/android/server/SystemServiceManager;->startService(Ljava/lang/String;)Lcom/android/server/SystemService;[/COLOR]
const-string v6, "2"
invoke-static {v6}, Ljava/lang/Integer;->valueOf(Ljava/lang/String;)Ljava/lang/Integer;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/Integer;->intValue()I
move-result v192
const/4 v6, 0x2
move/from16 v0, v192
if-lt v0, v6, :cond_32
move-object/from16 v0, p0
iget-object v6, v0, Lcom/android/server/SystemServer;->mSystemServiceManager:Lcom/android/server/SystemServiceManager;
const-string v7, "com.android.server.aod.AODManagerService"
invoke-virtual {v6, v7}, Lcom/android/server/SystemServiceManager;->startService(Ljava/lang/String;)Lcom/android/server/SystemService;
:cond_32
:try_start_86
const-string v6, "SystemServer"
LOCATE TO:
smali/com/android/server/power/PowerManagerService.smali
Click to expand...
Click to collapse
SEARCH FOR:
Code:
[COLOR="Red"]const-string v8, "SEC_PRODUCT_FEATURE_COMMON_SUPPORT_COCKTAIL_FW: false"[/COLOR]
REPLACE IT WITH:
Code:
[COLOR="darkgreen"]const-string v8, "SEC_PRODUCT_FEATURE_COMMON_SUPPORT_COCKTAIL_FW: true"[/COLOR]
LOCATE TO:
smali/com/android/server/notification/NotificationManagerService$6.smali
Click to expand...
Click to collapse
SEARCH FOR:
Code:
[COLOR="Red"].method public enqueueEdgeNotification(Ljava/lang/String;Ljava/lang/String;ILandroid/os/Bundle;I)V
[/COLOR]
YOU SHOULD SEE SOMETHING LIKE THIS:
Code:
.method public enqueueEdgeNotification(Ljava/lang/String;Ljava/lang/String;ILandroid/os/Bundle;I)V
.locals 8
return-void
.end method
Now Replace the Whole method with this one:
Code:
[COLOR="darkgreen"].method public enqueueEdgeNotification(Ljava/lang/String;Ljava/lang/String;ILandroid/os/Bundle;I)V
.locals 8
# invokes: Lcom/android/server/notification/NotificationManagerService;->checkCallerIsSystemOrSameApp(Ljava/lang/String;)V
invoke-static {p1}, Lcom/android/server/notification/NotificationManagerService;->access$3700(Ljava/lang/String;)V
iget-object v0, p0, Lcom/android/server/notification/NotificationManagerService$6;->this$0:Lcom/android/server/notification/NotificationManagerService;
invoke-static {}, Landroid/os/Binder;->getCallingUid()I
move-result v3
invoke-static {}, Landroid/os/Binder;->getCallingPid()I
move-result v4
move-object v1, p1
move-object v2, p2
move v5, p3
move-object v6, p4
move v7, p5
invoke-virtual/range {v0 .. v7}, Lcom/android/server/notification/NotificationManagerService;->enqueueEdgeNotificationInternal(Ljava/lang/String;Ljava/lang/String;IIILandroid/os/Bundle;I)V
return-void
.end method[/COLOR]
In Same Smali
SEARCH FOR:
Code:
[COLOR="Red"].method public removeEdgeNotification(Ljava/lang/String;ILandroid/os/Bundle;I)V
[/COLOR]
YOU SHOULD SEE SOMETHING LIKE THIS:
Code:
.method public removeEdgeNotification(Ljava/lang/String;ILandroid/os/Bundle;I)V
.locals 7
return-void
.end method
Now Replace the Whole method with this one:
Code:
[COLOR="darkgreen"].method public removeEdgeNotification(Ljava/lang/String;ILandroid/os/Bundle;I)V
.locals 7
# invokes: Lcom/android/server/notification/NotificationManagerService;->checkCallerIsSystemOrSameApp(Ljava/lang/String;)V
invoke-static {p1}, Lcom/android/server/notification/NotificationManagerService;->access$3700(Ljava/lang/String;)V
invoke-static {}, Landroid/os/Binder;->getCallingPid()I
move-result v0
invoke-static {}, Landroid/os/Binder;->getCallingUid()I
move-result v1
const/4 v3, 0x1
const/4 v4, 0x0
const-string v5, "cancelNotificationWithTag"
move v2, p4
move-object v6, p1
invoke-static/range {v0 .. v6}, Landroid/app/ActivityManager;->handleIncomingUser(IIIZZLjava/lang/String;Ljava/lang/String;)I
move-result p4
iget-object v0, p0, Lcom/android/server/notification/NotificationManagerService$6;->this$0:Lcom/android/server/notification/NotificationManagerService;
invoke-static {}, Landroid/os/Binder;->getCallingUid()I
move-result v1
invoke-static {}, Landroid/os/Binder;->getCallingPid()I
move-result v2
move-object v3, p1
move v4, p2
move-object v5, p3
move v6, p4
invoke-virtual/range {v0 .. v6}, Lcom/android/server/notification/NotificationManagerService;->removeEdgeNotificationInternal(IILjava/lang/String;ILandroid/os/Bundle;I)V
return-void
.end method[/COLOR]
Done
3. Now Recompile your " services.jar "
4. *Now Decompile your " Framework.jar "
LOCATE TO:
smali/android/app/NotificationManager.smali
Click to expand...
Click to collapse
SEARCH FOR:
Code:
[COLOR="Red"].method constructor <init>(Landroid/content/Context;Landroid/os/Handler;)V[/COLOR]
YOU SHOULD SEE SOMETHING LIKE THIS:
Code:
.method constructor <init>(Landroid/content/Context;Landroid/os/Handler;)V
.locals 3
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
iput-object p1, p0, Landroid/app/NotificationManager;->mContext:Landroid/content/Context;
return-void
.end method
Now add the Green lines:
Code:
.method constructor <init>(Landroid/content/Context;Landroid/os/Handler;)V
[COLOR="DarkGreen"].locals 4[/COLOR]
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
iput-object p1, p0, Landroid/app/NotificationManager;->mContext:Landroid/content/Context;
[COLOR="darkgreen"]new-instance v0, Landroid/app/NotificationManager$EdgeNotificationManager;
invoke-direct {v0, p1}, Landroid/app/NotificationManager$EdgeNotificationManager;-><init>(Landroid/content/Context;)V
iput-object v0, p0, Landroid/app/NotificationManager;->mEdgeNotificationManager:Landroid/app/NotificationManager$EdgeNotificationManager;[/COLOR]
return-void
.end method
LOCATE TO:
smali/android/app/SystemServiceRegistry.smali
Click to expand...
Click to collapse
SEARCH FOR:
Code:
[COLOR="Red"]const-string/jumbo v1, "multiwindow_facade"[/COLOR]
YOU SHOULD SEE SOMETHING LIKE THIS:
Code:
const-string/jumbo v1, "multiwindow_facade"
const-class v2, Lcom/samsung/android/multiwindow/MultiWindowFacade;
new-instance v3, Landroid/app/SystemServiceRegistry$83;
invoke-direct {v3}, Landroid/app/SystemServiceRegistry$83;-><init>()V
invoke-static {v1, v2, v3}, Landroid/app/SystemServiceRegistry;->registerService(Ljava/lang/String;Ljava/lang/Class;Landroid/app/SystemServiceRegistry$ServiceFetcher;)V
const-string v1, "2"
invoke-static {v1}, Ljava/lang/Integer;->valueOf(Ljava/lang/String;)Ljava/lang/Integer;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/Integer;->intValue()I
move-result v0
const/4 v1, 0x2
if-lt v0, v1, :cond_1
const-string v1, "AODManagerService"
const-class v2, Lcom/samsung/android/aod/AODManager;
new-instance v3, Landroid/app/SystemServiceRegistry$87;
invoke-direct {v3}, Landroid/app/SystemServiceRegistry$87;-><init>()V
invoke-static {v1, v2, v3}, Landroid/app/SystemServiceRegistry;->registerService(Ljava/lang/String;Ljava/lang/Class;Landroid/app/SystemServiceRegistry$ServiceFetcher;)V
:cond_1
const-string/jumbo v1, "spengestureservice"
Now add the Green lines:
Code:
const-string/jumbo v1, "multiwindow_facade"
const-class v2, Lcom/samsung/android/multiwindow/MultiWindowFacade;
new-instance v3, Landroid/app/SystemServiceRegistry$83;
invoke-direct {v3}, Landroid/app/SystemServiceRegistry$83;-><init>()V
invoke-static {v1, v2, v3}, Landroid/app/SystemServiceRegistry;->registerService(Ljava/lang/String;Ljava/lang/Class;Landroid/app/SystemServiceRegistry$ServiceFetcher;)V
[COLOR="darkgreen"]const-string v1, "CocktailBarService"
const-class v2, Lcom/samsung/android/cocktailbar/CocktailBarManager;
new-instance v3, Landroid/app/SystemServiceRegistry$85;
invoke-direct {v3}, Landroid/app/SystemServiceRegistry$85;-><init>()V
invoke-static {v1, v2, v3}, Landroid/app/SystemServiceRegistry;->registerService(Ljava/lang/String;Ljava/lang/Class;Landroid/app/SystemServiceRegistry$ServiceFetcher;)V[/COLOR]
const-string v1, "2"
invoke-static {v1}, Ljava/lang/Integer;->valueOf(Ljava/lang/String;)Ljava/lang/Integer;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/Integer;->intValue()I
move-result v0
const/4 v1, 0x2
if-lt v0, v1, :cond_1
const-string v1, "AODManagerService"
const-class v2, Lcom/samsung/android/aod/AODManager;
new-instance v3, Landroid/app/SystemServiceRegistry$87;
invoke-direct {v3}, Landroid/app/SystemServiceRegistry$87;-><init>()V
invoke-static {v1, v2, v3}, Landroid/app/SystemServiceRegistry;->registerService(Ljava/lang/String;Ljava/lang/Class;Landroid/app/SystemServiceRegistry$ServiceFetcher;)V
:cond_1
const-string/jumbo v1, "spengestureservice"
5. Now Download
The " SystemServiceRegistry$85.smali " and
Add it to " framework.jar\smali\android\app "
Download From Here ->> View attachment SystemServiceRegistry$85.rar
Done
6. Now Recompile your " framework.jar "
7. Download the Attached
System Folder For " Edge Apks, Permissions Xmls "
Add them to correct location into your System Folder
Download From Here ->> https://www.androidfilehost.com/?fid=457095661767134120
Thank you
If Anyone has Access code Error, then only follow this post #2
Then Match the Access Code in the two smalis as below
LOCATE TO:
smali/com/android/server/notification/NotificationManagerService$6.smali
Click to expand...
Click to collapse
SEARCH FOR:
Code:
[COLOR="Red"].method public enqueueEdgeNotification(Ljava/lang/String;Ljava/lang/String;ILandroid/os/Bundle;I)V
[/COLOR]
YOU SHOULD SEE SOMETHING LIKE THIS:
See the Red Code, the access code should be same in NotificationManagerService.smali Also
Code:
.method public enqueueEdgeNotification(Ljava/lang/String;Ljava/lang/String;ILandroid/os/Bundle;I)V
.locals 8
# invokes: Lcom/android/server/notification/NotificationManagerService;->checkCallerIsSystemOrSameApp(Ljava/lang/String;)V
invoke-static {p1}, Lcom/android/server/notification/NotificationManagerService;->[COLOR="Red"][B]access$3700[/B][/COLOR](Ljava/lang/String;)V
iget-object v0, p0, Lcom/android/server/notification/NotificationManagerService$6;->this$0:Lcom/android/server/notification/NotificationManagerService;
LOCATE TO:
smali/com/android/server/notification/NotificationManagerService.smali
Click to expand...
Click to collapse
SEARCH FOR:
Code:
[COLOR="Red"].method static synthetic access$3700(Ljava/lang/String;)V
[/COLOR]
YOU SHOULD SEE SOMETHING LIKE THIS:
See the Red Code, the access code is same as in NotificationManagerService$6.smali
Code:
.method static synthetic [COLOR="Red"][B]access$3700[/COLOR][/B](Ljava/lang/String;)V
.locals 0
invoke-static {p0}, Lcom/android/server/notification/NotificationManagerService;->checkCallerIsSystemOrSameApp(Ljava/lang/String;)V
return-void
.end method
Also make sure that access$3700 access right on NotificationManagerService
Hi mate @yash92duster, do you know how to make the background to blur? really needed... thank's before
Axl_Rush said:
Hi mate @yash92duster, do you know how to make the background to blur? really needed... thank's before
Click to expand...
Click to collapse
What background?
Explain more
Where you needed blur?
yash92duster said:
What background?
Explain more
Where you needed blur?
Click to expand...
Click to collapse
I mean, i want to make this blur. I have change in system/lib/libsurface.so but my phone dont even boot.
Axl_Rush said:
I mean, i want to make this blur. I have change in system/lib/libsurface.so but my phone dont even boot.
Click to expand...
Click to collapse
if you have S5 then that blur lib will work
it works fine on S5 G900F and G900H - no issues
if you tried this mod and blur lib on different device
specify the device model, stock rom or port rom
if you had tried on A Series device then native blur wont work
if J series also in some variants it wont work
so give more info so that i can see if i can help
yash92duster said:
if you have S5 then that blur lib will work
it works fine on S5 G900F and G900H - no issues
if you tried this mod and blur lib on different device
specify the device model, stock rom or port rom
if you had tried on A Series device then native blur wont work
if J series also in some variants it wont work
so give more info so that i can see if i can help
Click to expand...
Click to collapse
Oh I see.. Well ok my friend...
My device is J700F running on stock MM Indonesia firmware
I appreciate for your work and for your help my friend.. thank U
and sorry for my bad english
Axl_Rush said:
Oh I see.. Well ok my friend...
My device is J700F running on stock MM Indonesia firmware
I appreciate for your work and for your help my friend.. thank U
and sorry for my bad english
Click to expand...
Click to collapse
you can try to enable the EDGE PANELS in your J Series Device
but
Blur lib wont work on J series ( Many tried and failed )
only way for you is to use ACER BLUR to edge panels
Check for acer blur in
https://forum.xda-developers.com/showthread.php?t=2799050
https://forum.xda-developers.com/ga...ified-development/devs-helpingd-devs-t3321679
yash92duster said:
you can try to enable the EDGE PANELS in your J Series Device
but
Blur lib wont work on J series ( Many tried and failed )
only way for you is to use ACER BLUR to edge panels
Check for acer blur in
https://forum.xda-developers.com/showthread.php?t=2799050
https://forum.xda-developers.com/ga...ified-development/devs-helpingd-devs-t3321679
Click to expand...
Click to collapse
Ok i will try it.... thank's mate :good::good:
@yash92duster : this method really working on pure stock S5 MM? I tried many times but always FC when swipe... from another guide also..and tried your framework ans services.jar that you share on that guide, but still FC.
maybe something missing on pure stock. If anyone have success on pure stock, please share the framework & service.jar, me and others will greatly appreciate it.
thanks working fine in AJ A8 Rom
@yash92duster
nice guide, very well done. I was wondering if this would work on Nougat 7.X.X too...
I am trying to port that Galaxy Tab A, but when I decompile framework.jar, nothing really...in fact, its framework.jar is only 14kb size..so probably Samsung move that stuff somewhere in Galaxy Tab A...no idea..
jazzespresso said:
@yash92duster
nice guide, very well done. I was wondering if this would work on Nougat 7.X.X too...
I am trying to port that Galaxy Tab A, but when I decompile framework.jar, nothing really...in fact, its framework.jar is only 14kb size..so probably Samsung move that stuff somewhere in Galaxy Tab A...no idea..
Click to expand...
Click to collapse
Bad deodex
Lol
yash92duster said:
Bad deodex
Lol
Click to expand...
Click to collapse
oh crap...yeah saw -- Framework\arm folder is still there...funny though, it deodexed some, but not all...
what deodex utility you use usually?
jazzespresso said:
oh crap...yeah saw -- Framework\arm folder is still there...funny though, it deodexed some, but not all...
what deodex utility you use usually?
Click to expand...
Click to collapse
Use
Assayyed
It works perfectly till 7.0
7.1.1 also works in assayyed but for framework folder alone use flumics tool
yash92duster said:
Use
Assayyed
It works perfectly till 7.0
7.1.1 also works in assayyed but for framework folder alone use flumics tool
Click to expand...
Click to collapse
yeah I used Assayyed cook my ROM, so assumed it deodexed fine, then found out today, it is not...
it seems like, build ROM with Assayyed Kitchen, and switch over to flumics tool to deodex and copy back to Assayyed and finish the build
I got all figured out now..
following your guide up until framework.jar, smali/android/app/SystemServiceRegistry.smali, and search for "multiwindow_facade", which does not find in the file (found all other though) but i added Green lines change in the file anyway...
have not tested yet, we will see if it works:good:
jazzespresso said:
yeah I used Assayyed cook my ROM, so assumed it deodexed fine, then found out today, it is not...
it seems like, build ROM with Assayyed Kitchen, and switch over to flumics tool to deodex and copy back to Assayyed and finish the build
I got all figured out now..
following your guide up until framework.jar, smali/android/app/SystemServiceRegistry.smali, and search for "multiwindow_facade", which does not find in the file (found all other though) but i added Green lines change in the file anyway...
have not tested yet, we will see if it works:good:
Click to expand...
Click to collapse
Better ask in right place
This is not kitchen thread:silly:
yash92duster said:
Better ask in right place
This is not kitchen thread:silly:
Click to expand...
Click to collapse
wasn't really kitchen question, read my post again
Screenshots?