Related
[FIX][XPOSED][4.0+] Universal fix for the several "Master Key" vulnerabilities
You may be aware of recent news about several different security vulnerabilities that allow replacing code on a signed APK without invalidating the signature:
Master Key (Bug 8219321)
An issue related with duplicate entries on the ZIP / APK files.
It was patched by Google back in February 2013 and shared with OEMs, and some of the newer devices might have already received the fix in a recent stock update. At least both Xperia Z 4.2.2 and Galaxy S2 4.1.2 contain the fix; CM has also recently patched it, on this commit.
More info can be found on @Adam77Root's thread here: http://forum.xda-developers.com/showthread.php?t=2359943
Bug 9695860
This also originates in the ZIP file parsing routines, and was disclosed just a few days ago immediately after the previous one was made public. The correction has already been applied by Google to the code (this commit), but it's very likely that its rollout on stock ROMs will take a long time especially on non-Nexus devices.
You can read more about it here.
To know if you're vulnerable, use SRT AppScanner mentioned above.
Unless you're running CM 10.1.2, there's a fairly big chance that you have this issue, at least as of this moment.
Bug 9950697
It's yet another inconsistency in ZIP parsing that could be abused in very a similar way to the previous one.
This one is a bit special to me, since I was fortunate enough to be the first one to report it on Google's bugtracker
It was discovered around the time that the previous bug was acknowledged and Android 4.3 was a few days from being released, but despite the prompt report it was unfortunately too late to include the fix in time for the release; Therefore it wasn't disclosed till Android 4.4 sources came out and I had also decided not including a fix for in on this module, since it would be an easy way to learn about the extra attack vector.
Kudos to Jeff Forristal at Bluebox Security, who I learned was also working on that exact problem and helped me report it properly to Google, and also to Saurik who already released a Substrate-based fix and has written a very interesting article about it here.
Checking if you're vulnerable
You can use some 3rd party apps to test your system, such as:
- SRT AppScanner
- Bluebox Security Scanner
On Android 4.4 all these bugs should be fixed, and therefore this mod is not needed. But you can run one of these scanners to make sure you're not vulnerable.
While technically different, these vulnerabilities permit that legitimate APKs can be manipulated to replace the original code with arbitrary one without breaking the signature. This allows someone to take an update from a well known publisher (e.g. Google Maps), change the APK, and a device receiving it will happily apply the update as if it was indeed from that publisher. Depending on the apps being updated in this way, priviledge escalation can be achieved.
Google has already mentioned that all apps published on the Play Store are checked for this kind of manipulation, but those of us installing APKs from other sources aren't safe.
The universal fix
Since decompiling, fixing and recompiling the code for every possible ROM version is way beyond anyone's capability, the awesome Xposed framework by @rovo89 proves itself once again as an invaluable tool.
By creating hooks around the vulnerable methods and replacing the buggy implementation with a safe one, it's possible to patch the 2 issues on the fly without ever changing the original files. Applying the fix is as easy as installing and enabling an Xposed module.
Installation steps
1. Make sure the Xposed Framework is installed.
Follow the instructions on the thread. Root is required only during installation, it is no longer required afterwards. Only ICS or above is supported.
2. Install the Master Key multi-fix module.
3. Follow the Xposed notification about a new module being available, and on the list of modules activate Master Key multi-fix
4. Reboot
You should now see an image similar to the attached one when opening the app. The green text shows that the module is active and the vulnerabilities have been patched in memory.
Download
Grab it from Google Play (recommended, as you'll get updates) or use the attached APK. The files are the same.
Version history
2.0 - Fix bug 9950697; additional corrections taken from Android 4.4 (also supports GB, provided you have a working version of Xposed Framework for your ROM)
1.3 - Fixed problems with parsing some zips depending on the rom original code
1.2 - Added 2 additional zip entry integrity checks that were missing
1.1 - Support for additional devices with modified core libraries (e.g. MTK6589)
1.0 - Initial version
Sources
Available on GitHub
If you appreciated this fix, consider donating with Paypal.
Thanks!
FAQ
Fequently asked questions
[ 1 ]
Q: Bluebox Security Scanner still says my phone is unpatched after installing this... Any ideas why?
A: Make sure to click the Refresh entry on the app's menu and it should change to green once the mod is active.
[ 2 ]
Q: Bluebox Security Scanner says that the 2nd bug is not patched even after refreshing but SRT AppScanner says it's patched. Which one is right?
A: The scanner was mis-detecting the 2nd bug and it got fixed in version 1.5. Make sure you update Bluebox from the Play store.
[ 3 ]
Q: Does the module permanently patch the vulnerability or is it only when the module is active? If for example, I activate the module and reboot, then after verifying that the exploit is patched, deactivate the module. Would I still be patched? I guess what I'm asking is if I need to have this module active at all times to be patched? Permanent fix, or Just while the module is installed?
A: The fix is not permanent. It's applied only whenever the module is installed and active. If you remove it, after the next boot you're back with the original code from your ROM (which might have the bug or not).
Thank you, this would help a lot
Sent from my GT-I9500 using Tapatalk 4 Beta
Thank you but I don't see any link to the xposed patch app
Envoyé depuis mon LT28h en utilisant Tapatalk 4 Beta
Marsou77 said:
Thank you but I don't see any link to the xposed patch app
Click to expand...
Click to collapse
Have a look now
I needed to create the thread first in order to include the link on the app itself.
Thanks! I was just googling to see if someone had already done this before writing it myself!
XPosed is amazing sauce for Android.
The 4.1.2 update for the T-Mobile galaxy s3 is already patched.
Thanks for the info OP.
Maxamillion said:
The 4.1.2 update for the T-Mobile galaxy s3 is already patched.
Thanks for the info OP.
Click to expand...
Click to collapse
The second bug as well? Check java.util.zip.ZipEntry on /system/framework/core.jar and see if the readShort() values are properly converted to unsigned.
.....
Bluebox security still says my phone is unpatched after installing this... Any ideas why?
Sent from my HTC Sensation Z710e using xda app-developers app
Shredz98 said:
Bluebox security still says my phone is unpatched after installing this... Any ideas why?
Click to expand...
Click to collapse
No idea why it doesn't refresh automatically each time you execute the app, but access the Refresh option from the menu and it should change to green once the mod is active.
Tungstwenty said:
No idea why it doesn't refresh automatically each time you execute the app, but access the Refresh option from the menu and it should change to green once the mod is active.
Click to expand...
Click to collapse
Yeah you're correct mate, says patched when I rescanned so all good the patch does exactly what it says, brilliant work! Was beginning to think I would have to live with this security hole active on my device!
Sent from my HTC Sensation Z710e using xda app-developers app
Shredz98 said:
Yeah you're correct mate, says patched when I rescanned so all good the patch does exactly what it says, brilliant work! Was beginning to think I would have to live with this security hole active on my device!
Click to expand...
Click to collapse
Added to the FAQ (post #2)
Hey Everyone,
I've found an alternative for the blueboox app. It's called the SRT AppScanner and seems to work better than the BlueBox Scanner and it provides more functionality, too.
Since I'am a new user, i can't post links. Simply query SRT AppScanner in the PlayStore.
Best regards
Boradin
Thanks for great patch.
I've tested with SRT AppScanner and found I'm still vulnerable to bug 9695860.
How do I make sure bug 9695860 was fixed?
mnirun said:
Thanks for great patch.
I've tested with SRT AppScanner and found I'm still vulnerable to bug 9695860.
How do I make sure bug 9695860 was fixed?
Click to expand...
Click to collapse
When I initially installed SRT it was always giving me 2 greens even with the mod disabled, even though I checked the code for my ROM and the 2nd bug is there.
Now, after a very recent update, it always gives me a red on the second bug even with the mod active. I'll need to double check how they are doing the detection because it doesn't seem to be correct.
Bluebox Security, on the other hand, does reflect the change although it only detects the first bug. Running it on an emulator with a vulnerable ROM correctly said so, and after applying the mod and forcing a rescan it will change to no longer vulnerable.
SRT AppScanner has just received an additional update from Play and now appears to correctly detect the status of bug 9695860 depending on whether the mod is active or not and if your base ROM is vulnerable.
The sources are now available on GitHub (check 1st post).
Tungstwenty said:
SRT AppScanner has just received an additional update from Play and now appears to correctly detect the status of bug 9695860 depending on whether the mod is active or not and if your base ROM is vulnerable.
Click to expand...
Click to collapse
Confirmed, you patch is now detected by SRT AppScanner.
Thank you.
Tungstwenty said:
You may be aware of recent news about 2 different security vulnerabilities that allow replacing code on a signed APK without invalidating the signature:
Master Key (Bug 8219321)
An issue related with duplicate entries on the ZIP / APK files.
It was patched by Google back in February 2013 and shared with OEMs, and some of the newer devices might have already received the fix in a recent stock update. At least both Xperia Z 4.2.2 and Galaxy S2 4.1.2 contain the fix; CM has also recently patched it, on this commit.
An easy way to know if you're vulnerable is installing this app by Bluebox Security. Update: An ever better one is SRT AppScanner, which can detect both bugs.
More info can be found on @Adam77Root's thread here: http://forum.xda-developers.com/showthread.php?t=2359943
Bug 9695860
This also originates in the ZIP file parsing routines, and was disclosed just a few days ago immediately after the previous one was made public. The correction has already been applied by Google to the code (this commit), but it's very likely that its rollout on stock ROMs will take a long time especially on non-Nexus devices.
You can read more about it here.
To know if you're vulnerable, use SRT AppScanner mentioned above.
Unless you're running CM 10.1.2, there's a fairly big chance that you have this issue, at least as of this moment.
While technically different, both of these vulnerabilities permit that legitimate APKs can be manipulated to replace the original code with arbitrary one without breaking the signature. This allows someone to take an update from a well known publisher (e.g. Google Maps), change the APK, and a device receiving it will happily apply the update as if it was indeed from that publisher. Depending on the apps being updated in this way, priviledge escalation can be achieved.
Google has already mentioned that all apps published on the Play Store are checked for this kind of manipulation, but those of us installing APKs from other sources aren't safe.
The universal patch
Since decompiling, fixing and recompiling the code for every possible ROM version is way beyond anyone's capability, the awesome Xposed framework by @rovo89 proves itself once again as an invaluable tool.
By creating hooks around the vulnerable methods and replacing the buggy implementation with a safe one, it's possible to patch the 2 issues on the fly without ever changing the original files. Applying the fix is as easy as installing and enabling an Xposed module.
Installation steps
1. Make sure the Xposed Framework is installed.
Follow the instructions on the thread. Root is required only during installation, it is no longer required afterwards. Only ICS or above is supported.
2. Install the Master Key dual fix module.
3. Follow the Xposed notification about a new module being available, and on the list of modules activate Master Key dual fix
4. Reboot the device (a Soft reboot is sufficient)
You should now see an image similar to the attached one. The green text shows that the module is active and the 2 vulnerabilities have been patched.
Download
Grab it from Google Play or use the attached APK.
Sources
Available on GitHub
If you appreciated this fix, consider donating with Paypal.
Thanks!
Click to expand...
Click to collapse
Thank you for this patch, but can we install this mod over "REKEY" patch or remove rekey and enable this patch instead ??
Mod Edit: Thread closed by @Darth . Pay per click links are not permitted on XDA.
XPOSED FOR LOLLIPOP (CM 12.1 AND BASED ROMS)
XPOSED FOR LOLLIPOP (CM 12.1 AND BASED ROMS)
Step 1: Download Necessary Files
There are two core elements to Xposed—one is the Xposed Framework, which lays all of the groundwork, and the other is the Xposed Installer app, which allows you to download and manage modules. First up, grab a copy of the Installer from the following link:
Xposed Installer APK
In these early stages of Lollipop development, the Framework will have to be flashed in custom recovery. There are 3 different version of the Framework, and they each correspond to a different type of processor (ARM, ARM 64, x86). If you're not sure about the type of processor your Android device uses, check the spec sheet on a site like GSMArena, then download the corresponding ZIP file from one of these three links:
Xposed Framework ZIP
Step 2: Boot into Custom Recovery
When the files have finished downloading, the next step is to boot into custom recovery. To do that, start by powering your device completely off. This next part may vary, but for most devices, press and hold the volume down and power buttons simultaneously.
This will bring up Android's Bootloader menu. From here, use the volume down button to highlight "Recovery mode," then press the power button to select it.
Step 3: Install the Framework in Custom Recovery
Before you flash anything in custom recovery, it's always a good idea to make a full NANDroid backup. That's extra important in this case, since the Xposed Framework is in its early stages and may cause issues with some devices. Do not skip this step!
Then, to get started, go ahead and tap the "Install" button from TWRP's main menu. Next, navigate to your device's Download folder, then select the Xposed ZIP file that you downloaded in Step 1.
After that, just swipe the slider at the bottom of the screen to install the Framework, and when that's finished, tap "Reboot System."
Your device will take longer than normal to boot up here. This is because the Xposed Framework ZIP had to clear away some library files, which will need to be restored. Expect this process to take at least 10 minutes.
Step 4: Install the Xposed Installer App
When you get back up, it's time to install the actual Xposed Installer app. Tap the Download Complete notification for the "XposedInstaller_3.0-alpha3.apk" file, then press "Install" and "Open" on the next two menus.
At this point, you should be looking at that familiar Xposed interface we all know and love. Head to the "Download" section to begin browsing modules, but keep in mind that some may not work on Lollipop.
links to download
credits : to all those who helped me and xda members who made these files
XDA:DevDB Information
xposed module for cm 12.1 and other based roms, Xposed for all devices (see above for details)
Contributors
manhar2108
Source Code: REMOVED BY MODERATOR
Xposed Package Name:
Version Information
Status: Alpha
Current Beta Version: 4
Created 2015-07-15
Last Updated 2015-08-22
@manhar2108
why do we need another forum page the xposed devs page is here
http://forum.xda-developers.com/showthread.php?t=3034811
toolhas4degrees said:
@manhar2108
why do we need another forum page the xposed devs page is here
http://forum.xda-developers.com/showthread.php?t=3034811
Click to expand...
Click to collapse
not for sdk 22 devices sir
this is for sdk 22 mtk 6592 and other mtk65** devices
ttxp-3.3.apk
ttxp-4.4.apk
ttxp-5.5.apk
ttxp-6.6.apk
ttxp-7.7.apk
ttxp-8.8.apk
ttxp-9.9.apk
ttxp-10.10.apk
ttxp-13.13.apk - I wish link were not pre-expired...
Given the availability of the xposed framework that optionally enables the behavior modification of existing Android applications, I provide herein an optional xposed module extension to the TomTom GO app, ttxp (v13.13), developed initially for the Android Auto Head Units, but working well on any xposed enabled Android device, under KitKat (4.4.4), Lollipop, Marshmallow, Nougat, Oreo, Pie, Q, R, A12, A13, and so on.
I firstly remind that the only way of using TT GO (on the HU and elsewhere) is to get the official TT GO app from Play Store; side loading won't do. However, working official apps are stored at sites like APKMirror.
There are three two one zero ttxp configurable parameters, on-the-fly, with no reboot needed:
ro.serialno, of no interest to normal Android devices, and actually equal to its original value (but modifiable at will, a fix for the HU case).
WiFi, when selected, it enables data - map/voice - downloading seamlessly over non wifi networks. I use it for wired Ethernet access on my HU (an intermediary to my external LTE modem) or to bypass the mobile data dialogue altogether.
Free mi/km is self explanatory and if enabled comes in handy when in middle of the road, with no mileage left, and no internet access to buy a license subscription extension.
Let's see, out of 10M+ downloads, how many TT GO users would find it. Useful.
You can lead a horse to water, but you can't make it drink.
===
One swallow doesn't make a summer, but thanks anyway.
===
What's the matter, couldn't find xposed for Oreo yet? #MeNeither!
(then stick to Nougat)
===
Xposed for Oreo has become available, and the ttxp module works as expected!
(no excuse for thanklessness, now)
===
Version upgrade to v3.3 - app theme has become Theme.DeviceDefault.
(substratum would change it)
===
Version upgrade to v4.4 - will work with TT GO version 2.x.x (as well as 1.x.x)
Spoofing kicks in automatically, if enabled, but one system reboot may be needed after TT GO "crashes" - by design.
Backward compatibility has lost WiFi support which is no longer needed in TT GO v2.x.x, thankfully.
===
Version upgrade to v5.5 - because the current Android/Magisk/Riru/EdXposed framework has become too secure, the Free mi/km option is now built-in. But beware, do not uninstall the existing TT GO app, let it upgrade normally (to the current TT GO v3.1.x and above), unless prepared to reinstall the whole device...
BTW, the same spoofing code, but gentler, will no longer randomly halt the TT GO app (on the HU, under older Android versions - KitKat, Lollipop).
===
Version upgrade to v6.6 - Even new TT installations will now work OK (I used to upgrade to the new TT releases, so I had overlooked this detail).
===
Version upgrade to v7.7 - Newer TT GO versions no longer need any patches anymore, so now ttxp v7.7 is a pure xposed module, with no application support (though such app could be uninstalled from the Settings/Apps menu).
Spoofing (see module's manifest) stays...
===
Version upgrade to v8.8 - No more inconveniences related to the few days before the free trial ends...
===
Version upgrade to v9.9 - Future-proofed(?!)
===
Version upgrade to v10.10, nicer.
===
Version upgrade to v13.13 that supports TT GO starting with v3.6.159.
In the unfortunate case that this thread will be closed administratively, please send via PM any requests for the expired link above.
I will gladly oblige, provided that my account is not disabled, and you are not on my ignore list.
===
What's the matter, couldn't find xposed for Pie yet? #MeEither!
(then stick to Oreo )
===
Good News!
Although Xposed for Pie/Q/R is not released yet, there is a working replacement available, at least good for my module, that I have just discovered, see this link: https://github.com/solohsu/EdXposed , and follow its Install section to bring it up and running.
I have installed Magisk, in the first place, and the Riru - Core and Riru - EdXposed(YAHFA) Magisk modules, and the EdXposed Manager app, on my R/Q/Pie/LineageOS 16.0/AospExtended mobile phones, and after enabling the module & rebooting as usually, the ttxp module works as expected - again!
===
Finally, Magisk v21.1 + Riru-Core v23.1 + Riru-EdXposed v0.5.1.3 do support Android R/11! Just select "Skip status check" for modules in the Settings menu of the EdExposed Manager app in order to enable the ttxp module (as well as others).
===
BTW, the Magisk + Riru + LSPosed Xposed combination seems up-to-date and recommended (instead of the EdXposed module).
Actually, Magisk + LSPosed with Zygisk currently works very well.
===
Finally, note that our oldie but "goldie" HU (Lollipop, rk3188) can apparently no longer run TT GO apps newer than v3.1.0 (unrelated to spoofing). I suspect a graphical issue, but ask TT why they lost the backward compatibility...
Fortunately, the official v3.1.0 TT GO app could still be found at the APKMirror site.
Good news, I managed to upgrade to TT GO v3.3.31, so they have fixed it.
Until the closure for maintenance of my other two threads (MTCB/MTCC rk3188 (5.1.1) Firmware and MTCB/MTCC rk3188 (4.4.4) Firmware) ends, feel free to contact me via PM if interested in the respective firmware.
If you can!
The Thanos Complex
With all the six stones, I could simply snap my fingers, and they would all cease to exist. I call that... mercy.
Here is another glaring contradiction: last year I asked that my user name should not be used without permission - in thread titles - and I was told that user names don't matter to XDA. Now my MTCB & MTCC threads have been closed and my firmware was deleted because it included my ignored list of users (as courtesy for newcomers).
So, beside finger snapping, , is XDA having a less confusing set of rules?
A Thanksgiving Day Project
Disclaimer: I did not develop any of this. I am not responsible for hosting any of these files. I am not responsible for maintaining any of these links. I can't even post links because I'm too new. And you are also responsible for whatever happens to your own device.
I will more or less try to point you in the right direction of where/what to google just in case you want to do something similar.
Original Device
Locked, S-on, CID=VZW_001, Firmware Version-4.4.2 KitKat, HTC6435LVW
Updated Device
Cyanogen Mod 12.1-20160822-NIGHTLY-dlx, 5.1.1 Lolipop, Linux Kernel 3.4.10-CM
Look up most recent version (web archive org/web/20161224231920/((download cyanogenmod org/?device=dlx)))Try to download correct version here (archive org/download/cmarchive_nighlies)Also snapshots if you needed it (archive org/download/cmarchive_snapshots)Choose Your own level of google-ness (opengapps org)
Also, for reasons, you can pick older versions to try to get 12.6.85 version of google play services (github com/opengapps/arm/releases?after=20180525)Root/Unlock Bootloader - Sunshine (theroot ninja/[/url])
Recovery - TWRP 3.2.3-0 (I don't know where I got it from, but it works)
Root Manager - (MagiskManager)
General Things
Enable Developer options: About Phone>something> tap build # 7 times
Enable ADB from under Developer Options
Boot into Bootloader: Power off, Hold power + Volume Down even after the "DROID" animation until the menu pops up. Or use the relevant ADB command.
Put relevant files where they need to be
Recovery image in/near ADB and Fastboot on the computerRom, gapps, and root manager somewhere you can find them with your recovery manager on the phoneI think the CM12.1 rom comes with SU but don't quote me on thisFollow any of the other relevant guides on how to unlock bootloader/root/recovery
Make a backup, then wipe
Things I did not test
Data, hotspot, cellular network, messaging ... At least wifi, location services, and the camera work.
=========================================================================
Personal Notes: you do not need to keep reading, just a summary of what and why.
Rooting: I did try many of the other methods mentioned in the forum, but they were literally all from 2014 or earlier and some of them require server-side assistance. Also, the donor device's firmware was too new for most. And it turns out some? of the original devs developed sunshine so, take my money, y'all deserved my $25; Thanks.
Recovery and Root manager: It's just personal preference.
Things for other reasons: Magisk hide will not work because the linux kernel is too old, and I am not going to backport the patch because it is too much work for a Thanksgiving day project. That means to pass safetynet, will need to unroot (mainly just uninstalling magisk). If you needed to move apps to system apps, you can do it through a file manager while you still had the root, or through the Recovery manager while off root
Yea, this is not going to be my daily driver, hence why I didn't test out all the features. But it could work as a backup. It has wireless charging, a headphone jack, and possibly google pay. It seems really snappy with this rom too.
Credit where credit is due: All the real devs that made all these things possible, and this Droid DNA XDA community.
Have fun and have a happy US Thanksgiving.
GravityBox - all-in-one tweak box - Xposed module for devices running Android 11
Version 11.0.5 [R]
Version for JellyBean is available in this thread: https://forum.xda-developers.com/showthread.php?t=2316070
Version for KitKat is available in this thread: https://forum.xda-developers.com/showthread.php?t=2554049
Version for Lollipop is available in this thread: https://forum.xda-developers.com/showthread.php?t=3037566
Version for Marshmallow is available in this thread: https://forum.xda-developers.com/showthread.php?t=3251148
Version for Nougat is available in this thread: https://forum.xda-developers.com/showthread.php?t=3653953
Version for Oreo is available in this thread: https://forum.xda-developers.com/showthread.php?t=3739929
Version for Pie is available in this thread: http://forum.xda-developers.com/showthread.php?t=3908768
Version for Q is available in this thread: http://forum.xda-developers.com/showthread.php?t=3974497
READ THIS POST CAREFULLY BEFORE PROCEEDING ANY FURTHER
Introduction
The app utilizes Riru-EdXposed Magisk module which uses original Xposed Framework API created by rovo89.
!!!!!! WARNING !!!!!!
This module utilizes EdXposed Framework which is still in early development stage and may contain bugs or might not be fully compatible with the system of your Android device. I take no responsibility for any issues arising from using GravityBox with EdXposed and strongly recommend creating a full backup of your device before activating the module.
Requirements
- Magisk v21 or later
- Riru v23 or later (Magisk module)
- EdXposed Manager (Application)
- Avoid using Resource hooking support if possible (Can be disabled in EdXposed Manager settings)
Installation
This procedure assumes you have working Magisk installation.
1) Install Riru module in Magisk Manager
2) Install and run EdXposed Manager app and download Riru-EdXposed module v5.1.3.x or later (currently Alpha/Canary)
3) Install downloaded Riru-EdXposed module in Magisk Manager
5) Reboot and open EdXposed Manager app to check if EdXposed works and is active
6) Install GravityBox and enable it in EdXposed Manager
7) Reboot and profit
Required whitelisted packages
In case you use blacklist/whitelist functionality of EdXposed make sure all the following packages are whitelisted (not blacklisted respectively) for full GravityBox experience.
- Android System (android)
- System UI (com.android.systemui)
- Call Management (com.android.server.telecom)
- Download Manager (com.android.providers.downloads)
- Phone (com.android.dialer or com.google.android.dialer)
- Phone Services (com.android.phone)
- Phone (com.android.incallui) (OxygenOS only)
- Keyboard app (e.g. Gboard) in order to be able to use "Volume key cursor control" feature
It is strongly recommended to use Whitelist functionality for better performance as EdXposed hooks only smaller amount of processes.
In case of running multiple Xposed modules consult their whitelist requirements with the devs of module.
Feature highlight
--- Lockscreen tweaks
--- QuickSettings tile management with additional tiles
--- Statusbar tweaks
--- Navigation bar tweaks
--- Pie controls
--- Power tweaks
--- Display tweaks
--- Phone tweaks
--- Media tweaks
--- Hardware/navigation key actions
--- GravityBox Actions - interface for 3rd party apps
--- Notification control (per-app notification LED/sounds/vibrations)
--- Fingerprint launcher
--- Advanced tuning of Framework and System UI parameters
... and many more
Compatibility
GB's main concept is to make most of the preference changes to be done on the fly without need to reboot a device to achieve custom-ROM like experience.
This means it is not possible to "completely deactivate" particular feature if it causes trouble on your device or if you installed GB because you want to use only one particular feature you can't find elsewhere.
This results in issues on ROMs/devices that have parts that are diverting from default Android implementation too much, or are running heavily modified custom ROMs.
If you experience weird issues after installing GB, even if you didn't activate a particular feature, it is not because of GB is broken, it is because it is not compatible with your ROM.
It is very similar to a situation when you installed ROM built from source for Nexus to some Xperia device - it won't work.
GB is a complex module and is not suitable for 1 purpose scenario. This means, if you are running custom ROM built from source, and you are missing a certain feature, your best option is to go ask creators of those ROMs to implement those additional features. Supplementing missing features on well-known custom ROMs built from source by installing xposed modules (especially complex ones) is definitely not a good way to go and can cause more trouble than good.
GB being a complex module, it shouldn't be combined with other complex modules often racing for the same goal. They can conflict/fight on the same playground and there's no way you can deterministically say which one's going to win. They can even lose both.
So in summary:
- this module is designed to run on vanilla or close-to-vanilla Android 11 (AOSP)
- officially supports devices/systems it was developed and tested on
- Samsung, HTC, MIUI, Xperia, Lenovo, etc. are NOT supported. It is not guaranteed this module will work on these at all so try at your own risk. This module is simply too complex to support all kind of ROM brands that were vastly modified by vendors.
- DO NOT USE WITH CUSTOM ROMS MODULE WAS NOT EXPLICITLY DESIGNED FOR
- I will not implement any exceptions that will adapt this module to a specific custom ROM. Please, do understand, it is unmanageable.
- I will not provide any support for devices violating these compatibility rules
GravityBox [R] has been designed for and tested on
- Pixel 3a running Google OS
- OnePlus 7Pro running Oxygen OS 11
Reporting bugs
If possible, please use Github issue reporting interface for reporting bugs.
If you experience problems with certain feature, provide the full-detailed info that can help me
to reproduce the bug and attach logs that can be exported from EdXposed Manager app.
Real-time logging can be performed by using ADB: adb logcat -s EdXposed-Bridge
In case you experience SystemUI crashes or other apps Force Closing, or device soft reboots, attach logcat from time
crash occurs. (use adb logcat *:E or your favorite logcat app from Play Store).
Please, don't attach big logs. Only the portion where error is clearly seen.
Disable all other xposed modules before reproducing bug to make sure it is really GravityBox related
Remember, this app was developed and tested on one particular device so it is not guaranteed that it will work flawlessly on yours.
Multilanguage support
Volunteers are welcome to translate GravityBox to other languages.
Preferred way is to use GitHub interface to fork your own copy of GravityBox, make changes and then send pull request against original repository.
Anoter way is to simply download this file: https://github.com/GravityBox/GravityBox/raw/r/GravityBox/src/main/res/values/strings.xml
Use Notepad++ to edit strings and then send me edited file so I can include translations into next release.
Source code
GravityBox is opensource. Sources are available in my gihub: https://github.com/GravityBox/GravityBox/tree/r
If you're a dev and have some ideas for additional features, feel free to fork it, work on it and send the pull requests.
Copyright notice
https://github.com/GravityBox/GravityBox/blob/r/NOTICE
Support development
Coding, maintaining and supporting this project costs me a lot of my precious time. If you find this project useful, you are more than welcome to support its development via donation. This form of support is meant to compensate for my time dedicated to the community + eventually, help me to afford newer device to keep up with AOSP evolution thus providing continuous support as Android evolves. Thanks!
Info about premium features and PayPal transaction ID verification system
1) Those who supported development via PayPal donation can use their PayPal transaction ID to unlock premium features.
As of v2.9.5, there are three premium features:
- Backup/restore of GB settings.
- Ultimate notification control
- Advanced Tuning
2) If you contributed to the project by providing translations, code fragments, or by any other way
you can apply for a free transaction ID by contacting me via PM.
3) Be aware that there's a system that can identify potential transaction ID
abuse. E.g. when one ID is being used by more users. Such IDs will get blocked automatically.
In case you own more devices, you can use one transaction ID on up to 10 of them.
4) If you are using your own custom builds of GB for personal use, you will get hash mismatch
upon verifying your ID as verification system accepts requests only from official releases of GB.
If you want to be able to verify IDs with your custom build, contact me via PM so I can setup
a special hash for your build.
If you are using a custom build that you provide for broader group of users (e.g. in a custom ROM),
it is necessary to ask for new hash everytime your new custom version is released for public use.
These rules are based on mutual trust so please, do not violate them.
Credits
- RikkaW for creating and maintainng Riru Magisk module
- solohsu & MlgmXyysd for creating and maintaining EdExposed Magisk module
- @frank93 for donating Pixel 3a for development
- @bgcngm for his code contributions to the project
- @MohammadAG for Xperia specific contributions to the project
- @rovo89 for his ultimate Xposed framework and "Volume keys to skip track" mod
- @peptonib for starting me up with this project
- @simmac for app icon
- @romracer for Motorola specific code contributions
- @firefds for Samsung specific code contributions
- CyanogenMod project
- ParanoidAndroid project
- Slim, RootBox, AOKP, OmniROM projects
- Sergey Margaritov for ColorPickerPreference
- ArthurHub for Image cropping library
- All those who provided translations for different languages (Mr.Premise, peptonib, kidmar, ch-vox, romashko, Indiant, lelemm, oicirbaf, unavix, LuHash, WedyDQ10, mp3comanche, awaaas, liveasx, samsonbear, Eric850130, xtrem007, benjoe1, asmb111, Fatih Firinci, ...)
- and finally, all those who keep the project alive by supporting me via donations (you know who you are)
Changelog
https://github.com/GravityBox/GravityBox/blob/r/CHANGELOG.txt
Changelog 11.0.5 - 08/08/2021
- Lockscreen: added option to blur media artwork on lockscreen (thanks to robbins)
- Navbar: allow cursor control keys in gestural navbar
- Dialer: adjusted for compatibility with the latest Google Dialer
- Properly identify OnePlus 8T as device running OxygenOS ROM (thanks to F-i-f)
--- should improve compatibility significantly
Developed and tested on:
- Pixel 3a running Google OS
- OnePlus 7Pro running Oxygen OS 11
Current issues
- Display: Expanded Desktop - immersive modes not working
- Key actions: Home double-tap not working
- Lockscreen: Changed custom carrier text won't appear immediately
- Custom Battery indicator: stock battery may appear for a while after the reboot
- ... + potentially others mainly device/system variation specific
Removed features
- GPS and SlimKat tiles - location modes (battery saving/high accuracy/device) no longer exist in Android 11
- Audio Recording tile - background recording of audio not possible in Android 11
Download
https://github.com/GravityBox/GravityBox/releases/tag/v11.0.5_r
Settings
It is possible to restore settings that were backed up in GravityBox [Q]
Simply transfer "GravityBox" folder from internal storage of one device to internal storage of another device.
Required whitelisted packages
In case you use blacklist/whitelist functionality of EdXposed make sure all the following packages are whitelisted (not blacklisted respectively) for full GravityBox experience.
- Android System (android)
- System UI (com.android.systemui)
- Call Management (com.android.server.telecom)
- Download Manager (com.android.providers.downloads)
- Phone (com.android.dialer or com.google.android.dialer)
- Phone Services (com.android.phone)
- Phone (com.android.incallui) (OxygenOS only)
- Keyboard app (e.g. Gboard) in order to be able to use "Volume key cursor control" feature
It is strongly recommended to use Whitelist functionality for better performance as EdXposed hooks only smaller amount of processes.
In case of running multiple Xposed modules consult their whitelist requirements with the devs of module.
Credits
@frank93 for donating Pixel 3a for developemnt
Commit history
Commit history for transition from 11.0.4 to 11.0.5
@C3C076
Mate, you did it. Congratulations.
Can't wait to try it out.
Really appreciate your efforts in bringing this to us 11ers.
Cheers
2021 is looking good! Thank you so much. Working flawlessly on my pixel 3a
@C3C076
THIS is the first gift I've received of the new year. Thank you, sir!!!
Now, that's pretty awesome!
And the January update from Google should drop soon as well.
Thanks a lot @C3C076!
Got my Github notification this morning about the [R] pre-release! Just now updated my Pixel 4 XL from 08-2020 (Android 10) to 09-2020 (Android 11) using my keep root / seamless update method with no problems. Everything working perfectly fine! All I had to do was first disable GravityBox [R] in EdXposed Manager, and disabled Kirisakura AK3 (kernel) module helper in Magisk Manager. Upgraded to Android 11 with no issues at all, and everything system and root-wise seems to work perfectly fine. My current running list of Magisk / Xposed modules: https://forum.xda-developers.com/t/guide-edxposed-gpay-discussion.3992607/post-84193393
(I'm hoping @Ghisy finds this helpful, hehe)
Though I'm gonna play it safe and OTA each month, instead of factory image (sans "-w" flag) jumping. Gonna work my way up to the current firmware, then test out GravityBox [R] - thanks so much @C3C076! The fact that so many people like me have held off on upgrading to the latest Android version just based on your work should speak volumes! I'll report back once I'm able to actually play around with GB[R] some. The baby's starting to wake... :O
edit: my son rolled over, coo'ed, and faceplanted back to sleep <3
- Also should note, I was on Kirisakura 5.2.6 kernel before. Now on 6.6.0, all is well!
- Also wanted to note, SafetyNet was passing (with my current configuration) on 09-2020 build with no further modifications necessary. I just finished updating up to 12-2020, and SafetyNet is still passing . Activating GravityBox module now, and will further report back!
edit 2: Seems verrrry stable so far! The only thing I found that didn't work properly (or rather, worked 80% correctly) was for an option that I don't even normally use, and accidentally toggled, haha. Under QuickSettings management -> Tiles per header, each option works fine, but when selecting 8, it still only shows 7.
Other than that, at least as far as the options that I personally use, everything seems fine! I didn't get a chance to test out every function affected by my set of GB options in such a short time, of course, but I will certainly report if there are any issues. And of course I won't list every single option I ticked off, but attached is my backup file / preferences of my current config for anyone who may be curious. Again, keep in mind that compared to the vast functions GB offers in totality, I only use what I use so of course I can't account for the entirety of GB. But from what I've tested so far, it seems damn stable and this has made my transition to Android 11 pretty much seamless!
and @Ghisy, I'll send you some more details when I get a chance, certainly well before the weekend. Though if it's any consolation, in total the actual updating process only took me about an hour, if not less! Probably took me more time to actually download the files and prep, lol. XD
i5lee8bit said:
Just now updated my Pixel 4 XL from 08-2020 (Android 10) to 09-2020 (Android 11) using my keep root / seamless update method with no problems.
[...]
My current running list of Magisk / Xposed modules: https://forum.xda-developers.com/t/guide-edxposed-gpay-discussion.3992607/post-84193393
(I'm hoping @Ghisy finds this helpful, hehe)
[...]
Activating GravityBox module now, and will further report back!
Click to expand...
Click to collapse
Ha, thanks!
I'd be interested in your seamless update process if you don't mind sharing! Although I might go the image (sans -w) route instead.
Not sure I'll update until the week-end, I don't have much time on weekdays.
Ghisy said:
Ha, thanks!
I'd be interested in your seamless update process if you don't mind sharing! Although I might go the image (sans -w) route instead.
Not sure I'll update until the week-end, I don't have much time on weekdays.
Click to expand...
Click to collapse
see my edit above =)
But I also wanted to separately post a big finding of great news (at least for me)! - The volume key cursor control option now seems to persist through reboots, without needing to toggle the option again after reboots! Not sure, tbh, if this was fixed on [Q] already due to / as a side effect of the big Riru / EdXposed updates, but at least I can confirm that it definitely works on [R] now as intended. Woohoo!
Also @C3C076, donated an extra $10 USD via PP (20485146561217901). You're already very generous for enabling Family Library, and this should cover for installing the unlocker on my backup/secondary Android devices as well as my wife's phone. I also figured it would be better to donate via PP than disabling Family Library and purchasing again from Play Store, assuming higher fees from Google.
i5lee8bit said:
see my edit above =)
But I also wanted to separately post a big finding of great news (at least for me)! - The volume key cursor control option now seems to persist through reboots, without needing to toggle the option again after reboots! Not sure, tbh, if this was fixed on [Q] already due to / as a side effect of the big Riru / EdXposed updates, but at least I can confirm that it definitely works on [R] now as intended. Woohoo!
Also @C3C076, donated an extra $10 USD via PP (20485146561217901). You're already very generous for enabling Family Library, and this should cover for installing the unlocker on my backup/secondary Android devices as well as my wife's phone. I also figured it would be better to donate via PP than disabling Family Library and purchasing again from Play Store, assuming higher fees from Google.
Click to expand...
Click to collapse
Thanks. Your support is very much appreciated. Too kind. Interesting find about volume key cursor control. As you can see in the 2nd post I listed it there as currently not working . Looks like I'll have to take a look again. Do you use whitelist (App list mode enabled in EdXposed settings) ?
i5lee8bit said:
see my edit above =)
Click to expand...
Click to collapse
would you mind sharing your upgrade procedure from android 10 to 11 though? i’m not sure why, but my "usual" procedure (using the complete firmware, patching the boot.img, flashing everything including that boot-image afterwards) fails with all of the android 11 images. :/
(feel free to directmessage if you think it’s off topic here of course.)
frank93 said:
would you mind sharing your upgrade procedure from android 10 to 11 though? i’m not sure why, but my "usual" procedure (using the complete firmware, patching the boot.img, flashing everything including that boot-image afterwards) fails with all of the android 11 images. :/
(feel free to directmessage if you think it’s off topic here of course.)
Click to expand...
Click to collapse
If I can share my experience. I applied standard system update procedure from settings being on Pie (had it on your pixel to bring update for GB for Pie). This went without uninstalling magisk etc. I simple went incrementally from Pie through Q up to R and then several security update. Only after I was in the latest update I grabbed boot.img from corresponding system image, patched it using magisk and then flashed using fastboot. All apps and settings were preserved from Pie.
thanks. sounds about "right", your last step is basically what i’ve been doing as well previously (the "system update" never worked for me though, but i didn’t care too much). there must be something fishy going on with my device then. i’ll try again soon.
(in the end i wouldn’t even mind being without root for a few bootups inbetween, so .. i’ll flash the stock boot image and try booting android 11 then. if it works, i can try getting back root just as well afterwards i guess.)
frank93 said:
thanks. sounds about "right", your last step is basically what i’ve been doing as well previously (the "system update" never worked for me though, but i didn’t care too much). there must be something fishy going on with my device then. i’ll try again soon.
(in the end i wouldn’t even mind being without root for a few bootups inbetween, so .. i’ll flash the stock boot image and try booting android 11 then. if it works, i can try getting back root just as well afterwards i guess.)
Click to expand...
Click to collapse
Yeah, note that I never flashed full rom image. I went using standard system update from settings. In the end it was only patched boot.img I flashed.
okay, apparently not even a "real" firmware update (using the original stock boot image) works for me. loops back to bootloader 2-3 seconds after the google-logo. so i guess there’s something else wrong with my device/system.
i’ve "updated" back to the latest/last android 10 for now (there the firmware upgrade/downgrade works!?), and i’ll scratch my head another time i think. thanks for your input though!
i5lee8bit said:
and @Ghisy, I'll send you some more details when I get a chance, certainly well before the weekend. Though if it's any consolation, in total the actual updating process only took me about an hour, if not less! Probably took me more time to actually download the files and prep, lol. XD
Click to expand...
Click to collapse
Thanks, I appreciate it! You took one for the team and shared interesting info too! *(air) high five*
C3C076 said:
Thanks. Your support is very much appreciated. Too kind. Interesting find about volume key cursor control. As you can see in the 2nd post I listed it there as currently not working . Looks like I'll have to take a look again. Do you use whitelist (App list mode enabled in EdXposed settings) ?
Click to expand...
Click to collapse
I use App List mode, but not White List mode, as I use the Pass SafetyNet option (so basically on Blacklist mode). Because I also have GPay working and all (I've linked to that thread before, it's the one I linked with my list of active modules). Hahaha, I didn't even realize you put in the 2nd post about it not working - weird! Definitely working for me though, using these current configurations.
frank93 said:
would you mind sharing your upgrade procedure from android 10 to 11 though? i’m not sure why, but my "usual" procedure (using the complete firmware, patching the boot.img, flashing everything including that boot-image afterwards) fails with all of the android 11 images. :/
(feel free to directmessage if you think it’s off topic here of course.)
Click to expand...
Click to collapse
Since I'm sure others may find it useful, I'll post it here. Also, @C3C076 may find it useful to follow this concept, assuming things are similar for Pixel 3a (I've been a long time HTC user, up til U12+ and only then switched to Pixel phones, 4 for wife and 4 XL for me to be exact).
My firmware update procedure is basically predicated on restoring the stock boot and dtbo (dtbo in case custom kernel flashed) images for your current build, which restores the stock firmware (and therefore recovery) and "unroots" / stock-ifies the phone without removing any of your Magisk or EdXposed configs, which allows you to simply boot into recovery and apply (sideload) OTA zip from stock recovery. Before booting back into system after OTA flash, reboot back into bootloader and flash the new build's Magisk-patched boot image, and when you boot up into system, voila, seamless, intuitive, and relatively safe update to new firmware version. Worst case scenario, if you bootloop you just flash the stock boot image (or even better, a modified Magisk Core Only boot image) and fix whatever is causing the problem.
Here is a link to my guide for September 2020 build, which was the first Android 11 build. There's a bunch of additional notes due to the major update at the time, though some of the info is a bit outdated. I assumed everyone at the time was on a very specific versions of firmware, Magisk, EdXposed, and even modules, etc. But if you read, especially the 2nd post, you can certainly understand how it all works and how we could apply the process from any firmware version. Here's the thread: https://forum.xda-developers.com/t/...0-009-coral-magisk-stock-boot-images.4160787/
- I recommend giving the procedure a read, as you should be able to understand the intuition behind the process I use.
As we're already (assuming) on latest Magisk, Magisk Manager, EdXposed, Riru, etc. etc, we don't need to worry as much about compatibility of our installed modules before OTA'ing. So basically, I condensed down what needs to be disabled, in my case, to the old GravityBox module (obviously), and the old Kirisakura (my kernel on Q) kernel helper Magisk module. You would also want to disable any modules, Magisk and EdXposed, that may not be compatible with [R] yet.
So here was my update procedure, from here on, coming from August 2020 build already on Magisk 21.2 and up to date EdXposed / Riru / etc. modules - SPECIFICALLY FOR PIXEL 4 XL "CORAL"
(OPEN THE "SPOILER" TO VIEW!):
Spoiler: Pixel 4 XL (and by extension and intuition, hopefully other Pixel series) keep-root / updating guide-procedures
NOTE: The files I provide are specifically only for Pixel 4 XL!! You will need to obtain the correct files for your own device to follow this procedure, but the same idea should be able to be applied!
First, I downloaded the boot and dtbo file(s) for Aug. 2020 thru Dec. 2020 builds. Here's a link to my AFH uploads for these files: P4XL Boot / DTBO files
Then, I patched each month's boot image with Magisk 21.2, and put them to the side.
There's only stock dtbo.img for 08-2020 because dtbo will remain stock throughout the updating procedure, fyi.
Actually, hell, for Pixel 4 XL "Coral" users, to make your life extremely easy, I've uploaded all the files you'll need to follow this here!! - LINK HERE
And OTA files from Google servers: LINK#2 HERE
Disabled GravityBox [Q] module in EdXposed Manager / Uninstall GravityBox [Q]
(Don't bother installing GravityBox [R] yet)
Disabled Kirisakura AK3 Kernel Helper module in Magisk Manager
(you'll also want to disable any modules that potentially may not work with [R])
-- Reboot once to finalize disabling the modules --
(Don't boot back into system until this section is done, to ensure all root, settings, mods, etc. are retained - this is basically the 2nd post of the September guide I linked earlier)
- Reboot into Bootloader mode -
fastboot flash boot 08-boot.img
fastboot flash dtbo 08-dtbo.img
(these steps revert recovery to stock)
- Reboot into Recovery mode-
(when No Command / Android icon shows up, hold power button and tap volume up to get to recovery menu)
Choose option: Apply update from ADB
adb sideload (09-2020 OTA zip).zip
after OTA zip flash completes, REBOOT BACK TO BOOTLOADER
fastboot flash boot 09-patched.img
- NOW REBOOT INTO SYSTEM! -
When your phone boots back into Android (11), you will be rooted, with all mods and settings retained. And if you passed SafetyNet before with the right combination of mods and settings, it should still pass now. While you can, I wouldn't yet bother installing GravityBox [R] quite yet. Let's first continue to incrementally upgrade until we're at 12-2020 (or 01-2021 depending on when you're reading this). Basically, just make sure the Android System Update notification (sorry, I don't remember exactly the notification label, but you'll know when you see it) indicates the update completed before proceding.
Now we just repeat my OTA update procedure again, except no need to flash stock dtbo images, as we're not doing anything (like flashing custom kernel) in this short amount of time that modifies the dtbo partition.
Reboot into bootloader mode
fastboot flash boot 09-boot.img
Reboot into recovery mode
Apply update from ADB
adb sideload (10-2020 OTA zip).zip
Reboot to bootloader
fastboot flash boot 10-patched.img
Boot to system
Allow time for the system update notification to indicate update was completed.
Reboot into bootloader mode
fastboot flash boot 10-boot.img
Reboot into recovery mode
Apply update from ADB
adb sideload (11-2020 OTA zip).zip
Reboot to bootloader
fastboot flash boot 11-patched.img
Boot to system
Allow time for the system update notification to indicate update was completed.
Reboot into bootloader mode
fastboot flash boot 11-boot.img
Reboot into recovery mode
Apply update from ADB
adb sideload (12-2020 OTA zip).zip
Reboot to bootloader
fastboot flash boot 12-patched.img
Boot to system
EDIT: Google released January 2021 firmware update, literally minutes after (or maybe while??) I was posting this! Here is my January 2021 easy update guide for Pixel 4 XL: https://forum.xda-developers.com/t/...5-003-coral-magisk-stock-boot-images.4213263/
Allow time for the system update notification to indicate update was completed.
Install GravityBox [R], activate module, reboot one more time, have fun!!
Also install custom kernel or whatever else you might need to do as well.
To be honest, I kinda rushed this post, so I'll re-read it later and make sure I didn't make any little mistakes. But hopefully if you read my guides threads and stuff (like, actually read it), the entire concept should be very clear and intuitive to you! Assuming other Pixel phones (at least AB Pixel devices) have similar partitioning schemes, this should be very useful knowledge to have, as it makes updating to new firmware versions incredibly easy and low risk. Good luck, I hope this huge post helps some people / makes a better day for someone! =)
EDIT: @frank93, seeing your linked post, I see you have a Pixel 4a. Unfortunately you obviously can't use the exact files I provided / linked, but you should still be able to follow the same procedure. Just grab the OTA's, plus the full factory images, pull the necessary boot and dtbo files from the factory images, and Magisk patch the boot images for each month, and name / organize all the files and put them aside on your computer. You should still be able to follow my procedure, but with your files. I hope it works for you with no problems if you decide to try it!
Has anyone tried one plus 8t?
...aaaand Pixel January 2021 update just dropped
Awesome! 2021 is looking good! Donation sent! Keep up the awesome work bro! Working flawlessly on my Pixel 3xl