Related
Could someone explain the method to zipalign please?
Best wishes.
sathkartha said:
Could someone explain the method to zipalign please?
Best wishes.
Click to expand...
Click to collapse
zipalign -f -v <alignment> old.apk new.apk
-f is overwirte old apk file if you want to keep old apk remove the -f
-v is verbose mode
if you want to check an apk to see if it is already been zipaligned
zipalign -c -v <alignment> existing.apk
again
-v for verbose
-c is confirm
THIS IS NEEDED! for the <alignment> you can best choose 4 this will give the best results so the final lines will be
zipalign -f -v 4 old.apk new.apk or ofc zipalign -v 4 old.apk
zipalign -c -v 4 existing.apk
best is to have verbose mode always on to see if there are any errors
also you need to now zipalign file is located in /tools folder from SDK
so if you added it to system32 you can use the lines above otherwise run this command first "cd /path-to-sdk/tools"
when you build apk for 1.6+ android versions you can use Ant this will be used by default when building the apk in debug mode
most apps have this but not all (Ant align and signs the apk)
when you build apk's with eclipse you can use ADT plugin which also will automaticly align and sign the output.apk for you but only if you use the wizard for exporting the apk
and never do align and then sign this will break the align
always sign and then align but this is only when you build an apk and you export it without using the wizard
now you know everything about zipaligning lol
Thank you very much.
Best wishes.
Sent from my X10mini using XDA App
and what is alignment for?
I'm in Ubuntu running the terminal in an effort to get access to rlthe android source. This command: curl https://android.got.kernel.org/repo > ~/bin/repo returns an error. bash: /bin/repo: Permission denied. Help??
My name is Revos I'm a recovering flashaholic running Liquid Gingerbread 3.0
You'll either need to run as root (sudo su...*just sudo should give the same error* unless you use sudo bash -c "command") then change perms on the file so you can run it or you could just set your build directory somewhere else like ~/android and change ~/bin/repo to ~/android/bin/repo (and make the same change to any future commands or change the PATH *which may sound stupid*). All depends on how you want to proceed.
Edit:
Hmm, while what I said made sense at the time for the error you were receiving...for some reason I'm wondering if you ran any previous steps as root or local user. Are you sure you typed it exactly?
Kernel.org is down I apparently got a decent copy of repo but now it seems that my repo init command is coming back with multiple errors...
My name is Revos I'm a recovering flashaholic running Liquid Gingerbread 3.0
I learned about this here... http://fieldeffect.info/w/NativeCompileSDK
You can install an i386/x86_64 chroot within your existing Debian chroot using qemu-user-static to run the Android SDK on your Android phone/tablet/phablet.
1.
Get yourself a debian chroot, I recommend at least 2gb. I use DebianKit from market.
2.
You will need a X11 desktop environment and a VNC client on your device. I use androidVNC from market.
Here is my working example...
Start your Debian chroot/environment and do...
apt-get install openbox openbox-themes obmenu obconf menu menu-xdg xdg-utils xfonts-base xfonts-terminus* nautilus terminator lxappearance gmrun leafpad man-db hicolor-icon-theme tightvncserver tint2
That gives you a window manager, fonts, filebrowser, terminal emulator, text editor, theme manager, taskbar, and a VNC server.
Now lets get some GTK engines and libraries....
apt-get install gtk2-engines-auroa gtk2-engines-murrine gtk2-engines-oxygen gtk2-engines-pixbuf libgtk2.0-bin gtk3-engines-oxygen gtk3-engines-unico libgtk-3-bin
Now 7zip to handle zips and archives comfortably(put non-free in your apt sources.list)...
apt-get install p7zip p7zip-full p7zip-rar zip unzip
##The Android SDK manager, qemu, and multistrap##
apt-get install ant file openjdk-6-jre openjdk-6-jdk qemu-user-static libswt-gtk-3-java libswt-cairo-gtk-3-jni
3.
Now we can build a small x86_64 rootfs using multistrap
multistrap can use a config, have mine...
http://db.tt/hS5j3wg
Copy multistrap.conf straight into your working(pwd) directory....
cp /sdcard/Download/multistrap.conf .
Do this to avoid multistrap complaining later...
cat multistrap.conf >mstrap
mkdir /data/mnt
Determine size of rootfs for loop image..
du -hs /data/mnt/
Now make an image for x86_64 chroot
dd if=/dev/zero of=/sdcard/64bit.img bs=$(( 0x100000 )) count=YOUR IMAGE SIZE
That byte size makes your image slightly larger than the count value in Mb, for example count=78 will write 82Mb image.
mkfs.ext2 /sdcard/64bit.img
tune2fs -c0 /sdcard/64bit.img
mkdir /data/tmp
busybox mount -o loop /sdcard/64bit.img /data/tmp/
cp -r /data/mnt/* /data/tmp/
umount /data/tmp
rm -r /data/tmp/
rm -r /data/mnt/
mkdir /data/mnt
busybox mount -o loop /sdcard/64bit.img /data/mnt/
5.
Now the environment is set up and mounted, at this point install the SDK
Aim your browser to http://developer.android.com/sdk/index.html
Select "Linux" from "SDK Tools Only", thats the last thing at the bottom of the list.
cp /sdcard/Download/android-sdk_r21.0.1-linux.tgz .
7z x android-sdk_r21.0.1-linux.tgz russosv
7z x android-sdk_r21.0.1-linux.tar
Now we need a couple goodies from http://fieldeffect.info/w/NativeCompileAPK ##--Thanks to russosv from FeildEffect
These are edited from original....
#!/bin/bash
QEMU=/usr/bin/qemu-x86_64-static
64CHROOT=/data/mnt/
case "$1" in
mklinks)
if [ ! -e "./64BIT" ]; then
mkdir ./64BIT
fi
for i in $(file ./* | grep "ELF 32" | awk '{print $1}' | sed s/://g | sed s/[./]//g); do
echo "Moving $i..."
mv $i ./64BIT
ln -s ~/bin/run-64-link $i
done-
;;
*)
$QEMU $64CHROOT/lib64/ld-linux-x86_64.so.2 --library-path $64CHROOT/lib:$64CHROOT/usr/lib:$64CHROOT/usr/share/perl/5.12.4/unicore/lib:$64CHROOT/var/lib:$64CHROOT/lib/x86_64-linux-gnu:$64CHROOT/usr/lib/x86_64-linux-gnu [email protected]
;;
esac
Copy that to run-64, then...
chmod 755 run64
cp run-64 /usr/bin/
One more...
echo $(dirname $0)/64BIT/$(basename $0) [email protected]
/usr/bin/run-i386 $(dirname $0)/64BIT/$(basename $0) [email protected]
Make that run-64-link
chmod 755 run-64-link
cp run-64-link /usr/bin/
5b.
Now launch VNC server
tightvncpasswd
tightvncserver
killall Xtightvnc
cat >.vnc/xstartup<<EOF
tint2 &
terminator &
openbox-session
EOF
tightvncserver
export DISPLAY=:1
6.
Now launch the VNC client I mentioned earlier, should connect with 127.0.0.1:5901 and your password you set.
Go back to terminal or use the one launched on X11 to do...
sh android-sdk-linux/tools/android
Install at least one api.
If all went well you can now go around "debugging" yours and your friends Android devices over wifi now.
For an example, and to see it work do....
svc wifi disable(or enable) ##this turns off/on wifi
setprop service.adb.tcp.port 5555(or -1) ##this turns on/off adb over network
stop adbd
start adbd
adb connect 127.0.0.1(yours) or any other adbd addy listening on your network,
Have fun
Never did a "how to" before, go easy and I'll make corrections and answer things. Thanks for reading. Leave feedback.
Potential necro post but I believe the information is still currently valid and not readily available on searches. I've looked variations of this up for years with no luck until I hit the right search terms.
bump, and thanks.
can't believe there's no comments.
I know it's a slower than real-64-bit-pc method but not all of us have access to new hardware... or pc's. Maybe a novelty, still cool and useful if you've got the time to let the slower hardware compile.
you have preserved the scripts, original link is dead.
here is the Internet Wayback Machine cache of the original circa 2012 for reference.
http://web.archive.org/web/20120502044700/http://fieldeffect.info/w/NativeCompileAPK
appreciate you sharing.
I9500 firmwares come with around 380mb full of libraries. I know, we need most of them in order to make sensors and innovative applications work. But the question is, are they all needed? I believe we can slim out the firmware by removing possible unwanted libraries..
Rahulrulez said:
I9500 firmwares come with around 380mb full of libraries. I know, we need most of them in order to make sensors and innovative applications work. But the question is, are they all needed? I believe we can slim out the firmware by removing possible unwanted libraries..
Click to expand...
Click to collapse
I would like to know this as well. I've tried to remove some of them that I thought shouldn't be used, but it caused problems with some apps... FC's, bootloops in some cases...
Would love to have someone that knows enough about it explain how they go about removing libraries properly or even how to go about determining what apps rely on what libraries... if that's at all possible.
Unknownforce said:
I would like to know this as well. I've tried to remove some of them that I thought shouldn't be used, but it caused problems with some apps... FC's, bootloops in some cases...
Would love to have someone that knows enough about it explain how they go about removing libraries properly or even how to go about determining what apps rely on what libraries... if that's at all possible.
Click to expand...
Click to collapse
We can do this with a little bit of grep magic.
Any time a shared object is loaded it is loaded by calling the function:
Code:
Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
If we baksmali/decomple all of the apks in question into folders we can search for all of the loadlibrary calls.
We can look for this using this command:
Code:
grep -r 'loadLibrary' ./path/to/RomFolder
In following examples I will use './' as the path. Which, in this case, is whatever the current folder is.
This just gives us a list of the files that we need to look into to see which libraries are called.
Let's look for the line with the string constant that is passed into the function by using the -B argument (show lines before the matching line):
Code:
grep -r -B 2 'loadLibrary' ./
Note: The Library name CAN be stored in the string resources, or passed another way. If you see a result at this stage that is not a string literal, you may need to look there.
Okay, so now we have a list of function names, but our output is a bit messy. Let's pipe it to grep one more time so that we can filter out the stuff that is not useful.
Code:
grep -r -B 2 'loadLibrary' ./ | grep 'const-string .*["]'
Now that's better, but we still have a lot of duplicates. We can use the sort command's -u switch to only show unique entries. (Note: this will not display any result until the command has fully completed.)
Code:
grep -r -B 2 'loadLibrary' ./ | grep 'const-string .*["]' | sort -u
And of course, we can pipe that to a file so that we can save the results.
Code:
grep -r -B 2 'loadLibrary' ./ | grep 'const-string .*["]' | sort -u > functions.txt
Awesome write up. Thanks bud! :good:
Sent from my SPH-L720 using xda app-developers app
Amazing. Now all we need is to decompile all the apks and list out which libraries are being used..
Rahulrulez said:
Amazing. Now all we need is to decompile all the apks and list out which libraries are being used..
Click to expand...
Click to collapse
When I get some time, I'm gonna write a script to go through a folder of apk's decompile them all, one at a time, pull the list of necessary libraries, append that to a text file, then delete the output (so that it doesn't burn up my mini Virtual Box's hard drive ) Then maybe put it all together in a comprehensible list of all libraries and list out all the apk's that use it. Maybe something on a Google Doc in like a spreadsheet or something.
Unknownforce said:
When I get some time, I'm gonna write a script to go through a folder of apk's decompile them all, one at a time, pull the list of necessary libraries, append that to a text file, then delete the output (so that it doesn't burn up my mini Virtual Box's hard drive ) Then maybe put it all together in a comprehensible list of all libraries and list out all the apk's that use it. Maybe something on a Google Doc in like a spreadsheet or something.
Click to expand...
Click to collapse
Yes. I already have SGS4 app information database spreadsheet. People are really helping out. I can make the script too.. but only when I get some time from my job
Rahulrulez said:
Yes. I already have SGS4 app information database spreadsheet. People are really helping out. I can make the script too.. but only when I get some time from my job
Click to expand...
Click to collapse
This script could easily be enhanced to loop forever through multiple .apk files passed as an argument using the shift command.
Don't forget to chmod this file with +x
ListReqs.sh
Code:
#!/bin/sh
# This Script will use apktool to decompile a single .apk file passed as an argument, and grep for library files that are loaded.
# replace apktool with java -jar /path/to/apktool.jar if you don't have a launcher script set up for it in path.
# You could also just as easily replace apktool d with baksmali, so as not to waste time decompiling resources.
apktool d $1 $1.out
grep -r -B 2 'loadLibrary' $1.out | grep 'const-string .*["]' | sort -u > $1.txt
rm -R $1.out
Usage:
Code:
find -name '*.apk' ./ -exec /path/to/ListReqs.sh {} \;
Hello,
I want to install DNScrypt proxy 1.4 on my android phone. You can get it here : download.dnscrypt.org/dnscrypt-proxy/
Could someone please make a tutorial an tell me how to install this? I want it to work with following DNS server: https://dnscrypt.eu/
It is a great enhancement in security and I would be glad if someone can get it to work and tell us.
Regards
Is nobody interested in this? [emoji20]
Can't believe there is no response. Is no one of the XDA members who looked at this able to install DNScrypt on there phone?
Do you prefer flappy bird clones over such a security enhancement?
Bump again then.
Bump
Another bump for all secureless xda members
XDA members are not able to install a tar.gz package on their android phone? Aww, really guys?!
B u m p
Seriously, no one...?
How to install dnscrypt on android
Requirements:
rooted phone
installed busybox
some handy tools like terminal emulator or ssh daemon for testing purpose, file explorer with acces to system partition
dnscrypt: https://copy.com/M6r38z6g3iyj (thanks to GitHub esp. @daddybr, KionLi...) - files for arm7
About:
We need to run dnscrypt every time phone is booted - for this purpose is necessary to add script "dnscrypt" into "init.d" directory In this script-file you can also change parameters like used resolver/provider etc.
dnscrypt-proxy is main binary file which will provide dnscrypt service for us. There is also script to start/stop dnscrypt-proxy service anytime we need and made some other usefull things for us...
How to:
check if directory "init.d" in /system/etc/ exist - if there is not such directory use program "Universal Init.d" and create it - otherwise follow bellow
extract downloaded files and put it into same directories they are, just to system partition (u can use any file browser with access to system partition, eg. Solid Explorer)
check if there is file "resolv.conf in /system/etc/ directory
- if there is not such file create it and put this into it "nameserver 127.0.0.1"
- if there is such file check if "nameserver 127.0.0.1"and delete else
all files putted in directory /system/xbin/ should have right permission to work correctly
Checking functionality:
Easiest way is to visit "www.opendns.com/welcome"
If it is working you will get something like "Your Internet is safer, faster, and smarter..."
If it is not working you will get something like "OOPS..."
Other way is to run nslookup in terminal emulator and check if you get 127.0.0.1 and name, eg "nslookup 8.8.8.8"
The hardest way is to use wireshark or tcpdump and analyze traffic while browsing on the phone..., eg. http://askubuntu.com/questions/105366/how-to-check-if-dns-is-encrypted
Also you can check if dnscrypt-proxy is running in terminal , eg. "ps w |grep dnscrypt"
DNS setting
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
<dexter> said:
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
Click to expand...
Click to collapse
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
piscoo said:
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
Click to expand...
Click to collapse
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Draygon said:
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Click to expand...
Click to collapse
Flash this zip from recovery. It works
Do you have any source for this?
How can I enter the IP address of the service I want to use?
Draygon said:
How can I enter the IP address of the service I want to use?
Click to expand...
Click to collapse
Edit /etc/init.d/dnscrypt and see here
So you compiled DNScrypt for Android from this source at github?
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
No. I just flashed zip file and investigated on it
Anyone flash this zip besides the guy who posted it? Can't find much reference to this file name anywhere dnscrypt-5-armv7-opendns.zip
lamero1 said:
No. I just flashed zip file and investigated on it
Click to expand...
Click to collapse
How do you set your phones global DNS setting for any dynamic IPs on any network? I cannot figure out how to point my phone to 127.0.0.1
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
Assuming you have the Android NDK installed (no idea how to do it under Windows; Cygwin has never been my forte... Under Arch all you need to do is install the packages from the AUR), it's insanely easy to do yourself, thanks to the build scripts in the libsodium and dnscrypt packages.
Code:
export ANDROID_NDK_HOME=${ANDROID_NDK} # Or wherever your NDK dump happens to be residing
mkdir ~/dnsc && pushd ~/dnsc
This part deals with signature verification, used to determine we have not received a tampered-with copy of DNSCrypt. This page is being delivered over unsecured HTTP, so don't necessarily trust what's being written here.
Again: REMEMBER THAT THIS PAGE IS UNSECURE (granted, I imagine a person intending to cause malice would remove these warnings but, hey, it's not like I have alternatives). I'm also not a security expert in the slightest, so it wouldn't be surprising if it transpired I was giving bad advice.
Read http://doc.libsodium.org/installation/README.html for instructions on how to get libsodium's SHA256 hashsum (which you can verify against the file you've got downloaded by running sha256sum) and for the public key used to sign the downloaded files. It can be imported by copying it, pasting it into a Notepad etc. instance, saving it and running gpg --import <whatever.gpg>.
Use your own judgement, other keyservers and Google to determine whether you have jedisct1's real key.
Download dnscrypt's dependency, libsodium:
Code:
curl -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz.sig
Verify the file's signature:
Code:
gpg --verify libsodium-1.0.2.tar.gz.sig libsodium-1.0.2.tar.gz
I get the following (the warning can be ignored -- unless you've managed to verify the key with jedisct1 in person):
Code:
gpg: Signature made Tue 10 Feb 2015 10:59:17 AM GMT using RSA key ID 2B6F76DA
gpg: Good signature from "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 54A2 B889 2CC3 D6A5 97B9 2B6C 2106 27AA BA70 9FE1
Subkey fingerprint: 0C79 83A8 FD9A 104C 6231 72CB 62F2 5B59 2B6F 76DA
If everything looks OK, then continue. Conversely, if anything is out of place, then abort. Seriously.
Untar and go to the directory with the libsodium code:
Code:
tar xf libsodium-1.0.2.tar.gz && pushd libsodium-1.0.2
It's not in the tarball yet, so download this into the dist-build folder and chmod 0755 it.
If running into problems, edit aandroid-armv7-a.sh and do the following:
change TARGET_ARCH to arm
set the march value to armv7-a
Start building libsodium:
Code:
./dist-build/android-armv7-a.sh
I get the following dumped:
Code:
[email protected] ~/dnsc/libsodium-1.0.0 % ./dist-build/android-arm.sh
<configure output removed>
libsodium has been installed into /home/faheem/dnsc/libsodium-1.0.0/libsodium-android-arm
./dist-build/android-arm.sh 21.97s user 2.72s system 165% cpu 14.927 total
Note the line saying where libsodium has been installed. Let its value be stored in the environment:
Code:
export SODIUM_ANDROID_PREFIX=<folder where libsodium has been installed, as reported by android-arm.sh>
Consider removing debugging symbols to reduce the size of the file:
Code:
./android-toolchain-arm/arm-linux-androideabi/bin/strip $SODIUM_ANDROID_PREFIX/lib/libsodium.so
I won't repeat what's on the main dnscrypt.org site or, really, what I've already written.
popd back to the ~/dnsc folder and download the latest version of dnscrypt and its signature. Follow the instructions on the website to verify the tarball's SHA256SUM and run gpg like above to verify the tarball against the signature. If everything is OK, untar dnscrypt like we did libsodium.
Run to build:
Code:
./dist-build/android-armv7.sh
If running on Lollipop, make the changes below, as per alihassani:
add -fPIE to the end of the CFLAGS
place export LDFLAGS="-fPIE -pie" under the CFLAGS line
If running into problems running android-armv7.sh, make the applicable changes above again.
After it's been built, you'll get this:
Code:
[email protected] ~/dnsc/dnscrypt-proxy-1.4.1 % SODIUM_ANDROID_PREFIX="$HOME/dnsc/libsodium-1.0.0/libsodium-android-arm/" dist-build/android-armv7.sh
<configure output snipped>
dnscrypt-proxy has been installed into /home/faheem/dnsc/dnscrypt-proxy-1.4.1/dnscrypt-proxy-android-armv7
Again, consider stripping the resulting binary. Transfer, fix permissions etc.
Some notes:
The binary is dynamically linked to libsodium. If installing, you'll need to copy libsodium.so to /system/lib. If you're just testing you can put libsodium.so in the same folder as the dnscrypt-proxy binary and invoke dnscrypt-proxy as such: LD_LIBRARY_PATH=<path to current folder> ./dnscrypt-proxy
The prefix is weirdly set by the android-build script. You'll need to point dnscrypt to the resolver list manually (I recommend putting it somewhere on the system partition as a file on the [internal] SD card is too easy to change): https://github.com/jedisct1/dnscrypt-proxy/issues/123