Getting T-Mobile Wifi Calling working on other ROMS/Devices - Galaxy S 4 Developer Discussion [Developers-Only]

This thread is as much a dumping ground for what I figure out, as it is an information sharing endevor. Anyone who feels that they can contribute, feel free.
My goal is to take the tmobile wifi calling code, and make it portable to as many devices/roms as I can. Ideally I would like to take whatever I need from the various frameworks, and make it portable enough that we could inject it into even cyanogenmod with little to no hassle.
All of this is based on the m919 t-mobile version of the SGS4.
This is what I have figured out about wifi calling so far:
Files Containing Wifi Calling stuff
Code:
./app/ims-service.apk -- whole file? possible merge required.
./app/ip-provider.apk -- whole file
./app/IPService.apk -- whole file
./app/SecContacts.apk -- We REALLY should merge. This may be easier to just copy to other TW Roms.
./app/SecMms.apk -- We REALLY should merge. This may be easier to just copy to other TW Roms.
./app/SecPhone.apk -- We REALLY should merge. This may be easier to just copy to other TW Roms.
./app/SecSettings.apk -- We REALLY should merge. This may be easier to just copy to other TW Roms.
./app/WifiCall.apk -- whole file
./framework/jsr-api.jar -- partial methods + merge -- This contains a class that we can simply copy into our target framework, but there are still files that must be manually merged.
./framework/services.jar -- merge
./framework/telephony-common.jar -- partial methods + merge -- This contains a class that we can simply copy into our target framework, but there are still files that must be manually merged.
Files needing to be merged.
Code:
./telephony-common.jar/com/android/internal/telephony/gsm/GsmServiceStateTracker.smali
./telephony-common.jar/com/android/internal/telephony/PhoneFactory.smali
./telephony-common.jar/com/android/internal/telephony/CallManager.smali
./telephony-common.jar/com/android/internal/telephony/uicc/SIMRecords.smali
./telephony-common.jar/com/android/internal/telephony/uicc/IsimUiccRecords.smali
./jsr-api.jar/com/android/ims/core/media/player/RecvPlayerImpl.smali
./jsr-api.jar/com/android/ims/core/media/player/RecvPlayerImpl$1.smali
./jsr-api.jar/com/android/ims/core/media/player/SendPlayerImpl.smali
./jsr-api.jar/com/android/ims/core/media/player/SendPlayerImpl$1.smali
./services.jar/com/android/server/WifiService.smali
./app/SecSettings/apk/res/values/strings.xml
./app/SecSettings/res/xml/wifi_calling_settings.xml
./app/SecSettings/smali/com/android/settings/deviceinfo/Status$6.smali
./app/SecSettings/smali/com/android/settings/deviceinfo/Status.smali
./app/SecSettings/smali/com/android/settings/wifi/WifiSettings.smali
./app/SecSettings/smali/com/android/settings/SecuritySettings.smali
./app/SecContacts/smali/com/sec/android/app/contacts/util/ImsLowSignalHelper.smali
./app/SecContacts/smali/com/sec/android/app/contacts/util/ImsLowSignalHelper$1.smali
./app/SecPhone/res/xml/wifi_calling_settings.xml
./app/SecPhone/smali/com/android/phone/GsmUmtsAdditionalCallOptions.smali
./app/SecPhone/smali/com/android/phone/CallController.smali
./app/SecPhone/smali/com/android/phone/GsmUmtsAdditionalCallOptions$3.smali
./app/SecPhone/smali/com/android/phone/InCallControlState.smali
./app/SecPhone/smali/com/android/phone/InCallTouchUi.smali
./app/SecPhone/smali/com/android/phone/NotificationMgr.smali
./app/SecPhone/smali/com/android/phone/InCallScreen.smali
./app/SecPhone/smali/com/android/phone/CallFeaturesSetting$16.smali
./app/SecPhone/smali/com/android/phone/CallCard.smali:
./app/SecPhone/smali/com/android/phone/PhoneUtils.smali
./app/SecPhone/smali/com/android/phone/InCallMenu.smali
./app/SecPhone/smali/com/android/phone/InCallScreen$38.smali
./app/SecMms/smali/com/android/mms/util/IMSUtils.smali
./app/SecMms/smali/com/android/mms/ui/ComposeMessageFragment$1.smali
./app/SecMms/smali/com/android/mms/ui/ComposeMessageFragment.smali
More to come as I figure out more.
*EDIT*
I am working from the open source project here:
https://github.com/FennyFatal/the-ims-open-source-project-for-android

I got a preliminary merge done with framework/apk files from the i9505:
I am building now to test...
Here is a more complete listing of the functions that were involved. There ARE some missing. I got a bit anxious around 85% of the way through and stopped documenting.. silly me.
Functions needing merge:
Code:
SecMms/smali/com/android/mms/transaction/HttpUtils.smali
.method protected static httpConnection(Landroid/content/Context;JLjava/lang/String;[BIZLjava/lang/String;ILandroid/net/http/AndroidHttpClient;Lorg/apache/http/HttpRequest;)[B
SecMms/smali/com/android/mms/transaction/PushReceiver$ReceivePushTask.smali
.method private isDataAvailable()Z
./SecMms/smali/com/android/mms/transaction/RetrieveAckTransaction.smali
.method private isNetworkAvailable()Z
./SecMms/smali/com/android/mms/transaction/RetryScheduler.smali
.method private constructor <init>(Landroid/content/Context;)V
.method private isConnected()Z
./SecMms/smali/com/android/mms/transaction/Transaction.smali
.method private ensureRouteToHost(Ljava/lang/String;Lcom/android/mms/transaction/TransactionSettings;)V
./SecMms/smali/com/android/mms/transaction/TransactionService.smali
.method private isNetworkAvailable()Z
.method protected beginMmsConnectivity()I
.method public onDestroy()V
./SecMms/smali/com/android/mms/ui/ComposeMessageFragment.smali
.method public confirmSendMessageIfNeeded()V
.method public onResume()V
.method public onOptionsItemSelected(Landroid/view/MenuItem;)Z
.method networkWarningDialogAndSend(Z)V
./SecContacts/smali/com/android/contacts/detail/ContactDetailFragment$ViewAdapter$4.smali
.method public onClick(Landroid/view/View;)V
./SecContacts/smali/com/android/contacts/detail/ContactDetailFragment.smali
.method public onCreate(Landroid/os/Bundle;)V
.method public onPause()V
.method public onResume()V
./SecContacts/smali/com/android/contacts/list/ContactEntryListFragment.smali
.method public onCreate(Landroid/os/Bundle;)V
.method public onResume()V
.method public onPause()V
./SecContacts/smali/com/android/contacts/list/ContactTileListFragment.smali
.method public onCreate(Landroid/os/Bundle;)V
.method public onResume()V
.method public onPause()V
./SecContacts/smali/com/android/contacts/quickcontact/QuickContactListFragment.smali
.method static synthetic access$800(Lcom/android/contacts/quickcontact/QuickContactListFragment;)Lcom/sec/android/app/contacts/util/ImsLowSignalHelper;
.locals 1
.parameter "x0"
.prologue
.line 78
iget-object v0, p0, Lcom/android/contacts/quickcontact/QuickContactListFragment;->mImsLowSignalHelper:Lcom/sec/android/app/contacts/util/ImsLowSignalHelper;
return-object v0
.end method
.method public onResume()V
.method public onPause()V
./SecContacts/smali/com/android/contacts/quickcontact/QuickContactListFragment$2.smali
.method public onClick(Landroid/view/View;)V
./SecContacts/smali/com/sec/android/app/contacts/list/ContactListSweepActionListener.smali
.method public onSweepActionFired(II)V
./SecContacts/smali/com/sec/android/app/dialertab/calllog/CallDetailActivity.smali
.method protected onCreate(Landroid/os/Bundle;)V
.method protected onPause()V
./SecContacts/smali/com/sec/android/app/dialertab/calllog/CallLogFragment.smali
.method public callSelectedEntry()V
.method public onCreate(Landroid/os/Bundle;)V
.method public onPause()V
.method public onResume()V
.method public setSweepActionEnabled(Z)V
./SecContacts/smali/com/sec/android/app/dialertab/dialpad/DialpadFragment.smali
.method private placeCall_result(Ljava/lang/String;)V
.method private setupAddtionalButtons(Landroid/view/View;)V
.method public callVisualVoiceMail()V
.method public callVoicemail()V
.method public dialButtonPressed()V
.method public onCreate(Landroid/os/Bundle;)V
.method public onPause()V
.method public onResume()V
./SecContacts/smali/com/sec/android/app/dialertab/widget/DialtactsListSweepActionListener.smali
.method public onSweepActionFired(II)V
./SecPhone/smali/com/android/phone/CallCard.smali
.method private updateDisplayForConference(Lcom/android/internal/telephony/Call;)V
.method updateMySoundBtn(Lcom/android/internal/telephony/Call$State;)V
./SecPhone/smali/com/android/phone/CallController.smali
.method private placeCallInternal(Landroid/content/Intent;)Lcom/android/phone/Constants$CallStatusCode;
./SecPhone/smali/com/android/phone/CallFeaturesSetting.smali
.field private mWifiCallSwitchPreference:Landroid/preference/Preference;
.method private registerRegReceiver(Z)V
.method private updateEtcPreference()V
.method protected initGeneralSetting(Z)V
.method protected initVideoSetting(Z)V
.method public onCreate(Landroid/os/Bundle;)V
.method public onPause()V
.method public onResume()V
./SecPhone/smali/com/android/phone/GsmUmtsAdditionalCallOptions.smali
.method public onFinished(Landroid/preference/Preference;Z)V
.method public onPause()V
.method public onResume()V
./SecPhone/smali/com/android/phone/GsmUmtsAdditionalCallOptions$3.smali
.method public onReceive(Landroid/content/Context;Landroid/content/Intent;)V
./SecPhone/smali/com/android/phone/IccNetworkDepersonalizationPanel$2.smali
Replace file, and subfiles.
./SecPhone/smali/com/android/phone/InCallMenu.smali
.method protected prepareOptionsMenu(Landroid/view/Menu;)Z
./SecPhone/smali/com/android/phone/InCallTouchUi.smali
.method private updateInCallIcons(Lcom/android/phone/InCallControlState;)V
./SecSettings/smali/com/android/settings/deviceinfo/Status.smali
.method private registerRegReceiver(Z)V
.method public onPause()V
.method protected onResume()V
./SecSettings/smali/com/android/settings/wifi/WifiSettings.smali
.method private updateConnectionState(Landroid/net/NetworkInfo$DetailedState;)V
./SecSettings/smali/com/android/settings/SecuritySettings.smali
.method private createPreferenceHierarchy()Landroid/preference/PreferenceScreen;
./services.jar.out/smali/com/android/server/WifiService.smali
.method constructor <init>(Landroid/content/Context;)V
.method private setNotificationVisible(ZIZI)V
Side Note:
./SecMms/smali/com/android/mms/ui/ComposeMessageFragment.smali
.method public static isWhiteTheme()Z
./SecMms/smali/com/android/mms/MmsConfig.smali
+ const-string v10, "http://wap.samsungmobile.com/uaprof/SGH-M919.xml"
- const-string v10, "http://wap.samsungmobile.com/uaprof/GT-I9505.xml"
Will post back with results soon, I am building my own custom kernel from the i9505 source, because it seems that the current (latest) stock kernel binaries have some sort of anti suid patch.

WiFi calling on AOSP ROMs has been attempted ever since T-Mobile came out with it. Its impossible from what i have read. T-Mobile uses specific libs and modules that they DO NOT release. Making it impossible. I think there is like a 10000 dollar bounty thread in the S3 forums for it too. And its been there since forever. I don't see it being possible unless somehow AOSP (Cyanogenmod) makes their own version of it.

elesbb said:
WiFi calling on AOSP ROMs has been attempted ever since T-Mobile came out with it. Its impossible from what i have read. T-Mobile uses specific libs and modules that they DO NOT release. Making it impossible. I think there is like a 10000 dollar bounty thread in the S3 forums for it too. And its been there since forever. I don't see it being possible unless somehow AOSP (Cyanogenmod) makes their own version of it.
Click to expand...
Click to collapse
You just watch me.

Fenny said:
You just watch me.
Click to expand...
Click to collapse
You'd be an XDA star if you do Not trying to discourage, but iv'e seen elite recognized developers say they have tried and failed xD

Let's put the non-technical comments aside and keep the focus on what it's supposed to be in these forums - the technical stuff. General comments have plenty of room in other forums.
And as it was reminded - let's not get wrapped up too much in the titles, post counts, etc to see who is innovative. DJRbliss is a great example.

elesbb said:
WiFi calling on AOSP ROMs has been attempted ever since T-Mobile came out with it. Its impossible from what i have read. T-Mobile uses specific libs and modules that they DO NOT release. Making it impossible. I think there is like a 10000 dollar bounty thread in the S3 forums for it too. And its been there since forever. I don't see it being possible unless somehow AOSP (Cyanogenmod) makes their own version of it.
Click to expand...
Click to collapse
#1. AOSP is not cyanogenmod.
#2. Developers long ago made this mod for all Sensation ROMs including stock AOSP and stock Sense ROMs.
#3. This isn't an open discussion for people who think they know it all.
To the |OP|
I have both the M919 and the i9500 and would love to help with any files, logs, etc.
My experience includes decompiling/recompiling/modifying XMLs and .apks, just shoot me a PM for any additional items you may require.
Lets do this !

I dont know if this helps but I have tmobile and I tried to use wifi calling on a phone with no service and it called tmobile instead of the number I dialed. So it seems connected to their service not just the wifi that you are on

maradonaiconboy said:
You just watch me.
Clubvegas999
Click to expand...
Click to collapse
If you can solve the project totally before I can, more power to you.
I've figured out that the issues I was having were due to SELinux on the particular i9505 rom I was working with, things are progressing a lot more smoothly now. I should have enough information to build a more generic Xposed Framework Mod soon.

There is a1400$ bounty for this in the nexus 4 forums if you do solve this and want to cash out. Going to watch this threads closely. I don't know if you need assistance but I'm a programmer with some experience in decompiling/compiling apks and doing forensic work on apks. More than willing to help out and beta test for cm 10.1 on the n4

I posted some info awhile back from when I had the S3, perhaps this may be of some use to you http://forum.xda-developers.com/showthread.php?t=2110061

layzer253 said:
I posted some info awhile back from when I had the S3, perhaps this may be of some use to you http://forum.xda-developers.com/showthread.php?t=2110061
Click to expand...
Click to collapse
Good information there, that makes me think it might need some sort of T Mobile OEM certificate on the device in order to validate the sim over wifi. If that's the case perhaps we can take the entire certificate store from the T Mobile stock rom, and load that only for the purposes of authentication for wifi calling. Looks like it's time to do more digging
Sent from my SGH-M919 using Tapatalk 4 Beta

I'm no smali/apk hacker, but I am fairly competent in porting ROMs from the ground up. Nonetheless, I would assume part of the issue may be that some of the code is relying on particular libs in addition to framework changes.

Just thought I would let y'all know I am making some progress.
layzer253 said:
I posted some info awhile back from when I had the S3, perhaps this may be of some use to you http://forum.xda-developers.com/showthread.php?t=2110061
Click to expand...
Click to collapse
Super good call on that. I was just able to successfully log into the service, and send a text message with code from the open ims project.

Fenny said:
Just thought I would let y'all know I am making some progress.
Super good call on that. I was just able to successfully log into the service, and send a text message with code from the open ims project.
Click to expand...
Click to collapse
Keep us updated, this will be awesome w my $30 prepaid plan that has 100 mins only.
Ian B

I am excited, WiFi calling is by far the number 1 feature I miss running on an aosp ROM!

Just a quick update.
I have got it to the point that it generates the proper login data, but it seems that the ROM that I am on is not updating cellular location information properly, so it is leaving off the "last network" entry that should be sent as part of the auth, it works if I hack it into the message, but that's not a good solution.
You can have a look at the code here: https://github.com/FennyFatal/the-ims-open-source-project-for-android
Build Instructions for the test client.
Clone the repo, do 'ant update', then ./build.sh. Make sure you have smali/baksmali wrapper scripts in your path.
You DO need to replace '12066311973' with your own imsi, as reading the imsi is not properly implemented yet.

Fenny said:
Just a quick update.
I have got it to the point that it generates the proper login data, but it seems that the ROM that I am on is not updating cellular location information properly, so it is leaving off the "last network" entry that should be sent as part of the auth, it works if I hack it into the message, but that's not a good solution.
You can have a look at the code here: https://github.com/FennyFatal/the-ims-open-source-project-for-android
Build Instructions for the test client.
Clone the repo, do 'ant update', then ./build.sh. Make sure you have smali/baksmali wrapper scripts in your path.
You DO need to replace '12066311973' with your own imsi, as reading the imsi is not properly implemented yet.
Click to expand...
Click to collapse
Keep up the good work!

layzer253 said:
Keep up the good work!
Click to expand...
Click to collapse
I have finally found the code for the hashing algorythm for AKA auth it was in telephony-common, and was being called via an ITelephony interface. Not sure if I can take the appropriate classes and just move them verbatim or not... certainly we will have to either move it out of telephony-common and into the code for this app, or add it to the aosp code since it does use data from the sim. (And add it to the interface in framework). I would ideally like this to all be java (No smali injection) so I'm working on translating it from smali right now.
The good news is that I can reliably move the wifi calling feature to almost any sammy based rom, just working on portability to aosp now.
Sent from my SGH-M919

Fenny said:
I have finally found the code for the hashing algorythm for AKA auth it was in telephony-common, and was being called via an ITelephony interface. Not sure if I can take the appropriate classes and just move them verbatim or not... certainly we will have to either move it out of telephony-common and into the code for this app, or add it to the aosp code since it does use data from the sim. (And add it to the interface in framework). I would ideally like this to all be java (No smali injection) so I'm working on translating it from smali right now.
The good news is that I can reliably move the wifi calling feature to almost any sammy based rom, just working on portability to aosp now.
Sent from my SGH-M919
Click to expand...
Click to collapse
Can you share the one for Sammy roms ?

Related

[Q] Call method from view to activity

hi, how can i call a method that is in a view.java going to my activity.java? is there a command for that?
please help =(
In general, if the classes can "see" each other, and the method you want to call is accessible by the caller class, then just call the method via an instance of the according class. So let's say there were class A in file A.java with the method a() and you want to call it from class B in B.java you need to make sure that a() is not a private method (declared public, protected or not explicitly declared) and also it were good if the classes shared the same package.
Then just create an instance of A accessible by a method of B. (only necessary if a() isn't static!) For example like:
Code:
class B {
B() {
A objectOfTypeA = new A();
objectOfTypeA.a();
// voila
}
}
So as you can see there's no special command necessary to call a method of another class. Also I recommend you to read some tutorials about controlling access to members of a class.

[Q] How can I add missing symbols to a proprietary .so?

Is it possible to add some missing symbols to existing shared libraries?
The stock libaudio.so on Milestone XT720 references three static strings found in the stock libmedia.so that are not common in other ROMs. Basically, the relevant parts in the original proprietaries are (via nm -D)
Code:
libaudio.so:
U _ZN7android14AudioParameter11keyFMLaunchE
U _ZN7android14AudioParameter12keyFMRoutingE
U _ZN7android14AudioParameter14keyHDMIRoutingE
Code:
libmedia.so:
0005fb68 D _ZN7android14AudioParameter11keyFMLaunchE
0005fb6c D _ZN7android14AudioParameter12keyFMRoutingE
0005fb70 D _ZN7android14AudioParameter14keyHDMIRoutingE
Code wise, we've figured out that they're just these stupid static strings
Code:
namespace android {
class AudioParameter {
static const char *keyFMLaunch;
static const char *keyFMRouting;
static const char *keyHDMIRouting;
};
const char *AudioParameter::keyFMLaunch = "FM_launch";
const char *AudioParameter::keyFMRouting = "FM_routing";
const char *AudioParameter::keyHDMIRouting ="HDMI_routing";
}; // namespace android
For example we're mostly compatible with Milestone A853's stock ROM, but Milestone A853's libmedia.so doesn't have these symbols, so we get link failure and substituting our libmedia.so causes big problems. If we use Milestone A853's libaudio.so instead, then FM radio volume control doesn't work.
AOSP/CyanogenMod don't have these symbols in libmedia either, so we've been using a forked framework/base just to stick these symbols in. I'm trying to clean up our tree and if it's possible I'd rather just stuff those symbols into libaudio.so somehow and never think about it again.
Is there some way to copy those strings from libmedia.so? I've been trying some things with the various binutils (objcopy, ld) and scouring man pages but no luck so far. I put the code above in wrapper.cpp but I can't figure out whether gcc can add to an existing .so. Any suggestions? I'm happy to read if someone knows where to point me.

[Q] NullPointerException when trying to access MainActivity from different class

Hi!
I am trying to develop an android app with a google map v2, location service and some control buttons.
But I don't want to put all these things inside one MainActivity class. So I thought I could split all the code into some more classes. The MainActivity shall controll all the GUI things and react on map or location events...
Now I have the following problem. Inside my onCreate I instanziate the additional classes:
Code:
// Preferences as singleton
pref = Prefs.getInstance(this.getApplicationContext());
pref.loadSettings();
// Set up the location
loc = new Locations(pref);
loc.setCallback(this);
map = new MyMap(pref);
It seems to work fine. But inside the MyMap class every time I start the app a null pointer exception is thrown. When I am calling MyMap() the following code will be executed:
Code:
[...]
private Prefs pref;
private GoogleMap mMap;
[...]
public MyMap(Prefs prefs) {
pref = (Prefs) prefs;
if (mMap == null) {
FragmentManager fmanager = getSupportFragmentManager();
mMap = ((SupportMapFragment) fmanager.findFragmentById(R.id.map)).getMap();
[...]
}
The line with the findFragmentById is the one that causes the exception.
If I write
Code:
SupportMapFragment f = ((SupportMapFragment) fmanager.findFragmentById(R.id.map));
f is allways null. But how can I access the fragments and view elements defined within my MainActivity?
It works if I put the code inside my MainAcitivity.
Every class extends "android.support.v4.app.FragmentActivity"
I tried to save the application context within my Prefs() class, so that I can access it from everywhere.
But I don't know how to use it inside my additional classes.
How to share the "R" across all my classes?
Can someone help me please?
Thank you very much!!
Thorsten
Are you having trouble adding a Map to a Fragment? If so, then you may take a look at this tutorial. I haven't tried it myself since I couldn't install Google Play Services on my development device. If it helps, do write back, as I am definitely going to try it myself soon.

Need help with porting a TW package

Hi guys!
I'm trying to port some package from Samsung ROM to CM following this guide and I'm stuck.
I decompiled the package, removed TW dependency from the manifest and now I'm adding additional classes from TW framework into this package. Everything was smooth so far as I was getting rid of "class not found" and similar messages in logcat by adding the missing class and recompiling the package.
But now I'm facing an issue, which I don't know how to fix:
When I try to run the app, I get the following message in logcat:
Code:
I/dalvikvm(30301): Could not find method com.sec.android.touchwiz.widget.TwAbsListView.isInDialog, referenced from method com.sec.android.touchwiz.widget.TwAbsListView.onHoverDrawableState
W/dalvikvm(30301): VFY: unable to resolve virtual method 9561: Lcom/sec/android/touchwiz/widget/TwAbsListView;.isInDialog ()Z
D/dalvikvm(30301): VFY: replacing opcode 0x74 at 0x006c
TwAbsListView class derives from TwAdapterView (from TwAbsListView.smali):
Code:
.super Lcom/sec/android/touchwiz/widget/TwAdapterView;
TwAdapterView derives from android.view.ViewGroup, which derives from android.view.View, which has a definition for "isInDialog". This what I found when decompiled framework.jar from the stock ROM:
smali\android\view\View.smali
Code:
.method public isInDialog()Z
However, based on official documentation this method does not exist in this class.
If I try to add android.view.ViewGroup and android.view.View from stock framework.jar into the package explicitly, I start getting "multiple definition" messages in logcat, and isInDialog still can't be resolved.
So, I'm currently stuck. Please advise. Is there something I'm doing wrong or not doing?
I guess with my last edit, I answered my own question.
It looks like Samsung decided to change implementation of android.view.View class to include isInDialog() method.
I just tried moving the definition of this method into com.sec.android.touchwiz.widget.TwAdapterView class, which derives from android.view.ViewGroup, and it looks like I no longer getting the message about missing isInDialog method.
There are still a gazillion other methods like this, but at least it's clear now what needs to be done.

What's the deal with extended DEX bytecode verification on Oreo?

Hey guys and gals,
I've been doing some unwholesome DEX bytecode patching on an app. Frequently I'll want to patch a function(which returns Boolean) to do an early return, with a hardcoded value that I want. Normally, this could be accomplished by assembling:
12 00 const/4 v0, 0
0f 00 return v0
This used to work all well and good up until Oreo. Now, the same approach will sometimes trip a verification error on Oreo:
Code:
AndroidRuntime: java.lang.VerifyError: Verifier rejected class blah: boolean blah.foo(java.lang.Object) failed to verify: boolean blah.foo(java.lang.Object): [0x3] register v0 has type Undefined but expected Boolean return-1nr on invalid register v0 (declaration of 'blah.foo' appears in blahblahblah.dex)
In the original code I'm patching, v0 *is* the register that would normally be used to return a Boolean type. I was under the impression that Booleans were internally implemented using ints at the VM level, and that you could just move a 0 or a 1 into a register and return it as Boolean. Yet with Oreo, the bytecode verifier is somehow now able to infer data types from the bytecode?? I realize how weird this sounds, but the above error seems to imply exactly this (unless I'm missing something here)??
So, questions for people:
* Does anyone know the means by which the bytecode verifier in the VM infers the data types of virtual registers (or at least, of primitive values being returned)?
* Does anyone know how to 'trick' the verifier into thinking a particular virtual register is holding a Boolean type, even though the given virtual register was last written using a 'const' (0x12) instruction? (Yeah, I know how ridiculous this sounds. I can't even type this question with a straight face...)
Thanks!
Argh. Looking at https://android.googlesource.com/platform/dalvik.git/+/android-4.1.1_r3/vm/analysis/CodeVerify.cpp, it looks like register types are set based on type-specific get/put instructions. But in addition to iget-boolean / iput-boolean, it is possible to move a constant into a register and treat THAT as a Boolean directly. But why would the VM freak out if one of these were to be returned?

Categories

Resources