Dear @rovo89,
What if add version name and code in log file when modules are loading?
Loading Xposed v54 (for Zygote)...
Running ROM 'KOT49H release-keys' with fingerprint 'htc/htc_europe/m7cdug:4.4.2/KOT49H/342802.6:user/release-keys'
Loading modules from /data/app/kz.virtex.htc.tweaker-1.apk
Loading class kz.virtex.htc.tweaker.XMain
Name: 8.5.13, Code: 256
Loading modules from /data/app/com.sensetoolbox.six-1.apk
Loading class com.sensetoolbox.six.mods.XMain
Name: 1.0.7, Code: 15
Very useful when receiving logs from users and during development when module crashes system.
A good idea, but the problem is that the package manager service isn't running at that time. So this information would have to be parsed out of the AndroidManifest.xml manually. There is a PackageParser class, but it's quite complex. It could be considered, but it would have to be carefully tested to avoid unwanted side-effects. Keep in mind that this code runs before Android begins to start, and from past experiences I know that some classes on some ROMs should better not be used that early. Not sure if this would also be the case for PackageParser or its dependencies.
Could it not be stored by the Xposed Installer? Basically, instead of saving the module's name on each line in modules.list (IIRC), it'd put the name, version name and code separated by e.g. commas.
That would be an option. Not 100% reliable, but unless something goes really wrong (e.g. someone replaces the APK directly), it should be fine.
This topic and your suggestion goes a bit into the direction of a suggestion @M66B made - storing the start class name in the manifest instead of assets/xposed_init.
This doesn't really solve the problem but I think I'll share
For one if my mods I provided a report error button
The button creates a log by getting the Xposed Log and appending version
Number etc and saving to SD card
So users can easily get logs AND I can easily sove problems
Related
please any one know .how to make xposed changes permanent??
that is it remains there ..... even we uninstall xposed...
AS far as my understanding goes, xposed redirects specific function calls at runtime to other functions with the intend to run different code than the app would normally do. That said, redirecting those calls can not work without xposed framework or without the xposed modules as no changes are made to the apps directly.
Correct me if I'm wrong.
You are absolutely no wrong, however if we decompile the apk that is being modded via some specific module and we change the code of the redirected functions to the one included within module and recompile the apk, we should get an apk working exactly the same as if it was hooked via xposed+module.
Please note that a lot of modules has been originally created basing on reverse idea: first someone made a mod by changing the java/smali code of some apks, then someone wrote a module making same changes but via xposed, on-the-fly.
In my opinion such an automated tool to recompile the apks and change their code basing on the code included in a xposed module IS possible.
No one made it yet, tho...
Definitely not possible. You cannot simply redirect code from one app to another. With xposed, you are always running within app that's being modded.
esgie said:
You are absolutely no wrong, however if we decompile the apk that is being modded via some specific module and we change the code of the redirected functions to the one included within module and recompile the apk, we should get an apk working exactly the same as if it was hooked via xposed+module.
Please note that a lot of modules has been originally created basing on reverse idea: first someone made a mod by changing the java/smali code of some apks, then someone wrote a module making same changes but via xposed, on-the-fly.
In my opinion such an automated tool to recompile the apks and change their code basing on the code included in a xposed module IS possible.
No one made it yet, tho...
Click to expand...
Click to collapse
Im with this guy, and if you read on xposed... yes its code being "injected" into the stock apk ...
What xposed does is creates side files (ran by zygote)
They get copied to /system/bin as app_process(xposed)
Or app_process(origional)
These files act as Init.d scripting... to inject this code...
I assume they make both these copies for reverting back to stock (disable the module)
It IS possible to make these changes permanent and re-compile the apk...
However ... de-coding the module ... to find out what is getting injected where... THATS where im at so far ...
Arter 97 has proven this possible with adaway as a standalone apk in conjuction with his youtube apk... im assuming hes using code to call upon the adaway apk files , and still using it like xposed... but merely without xposed..
If anyone with more experience could point us on how to track down how to find exactly WHAT code is being injected and where... it would be EXTREMELY helpful to many people not wanting to run 3rd party applications to get their desired functions...
Anyone feel free to chime in
Hi,
I have written a module which records the occurrence of specific system APIs in the log file, using "XposedHelpers.findAndHookMethod". My hooked methods simply prints the name of API into the log file. My module works perfectly fine, unless I try to run an app which is instrumented by Emma, in order to measure the code coverage. The problem is that I get "Instrumentation detected, disabling framework for app" error message in the log file.
I decided to change the XposedBridge.java and replace the new XposedBridge.jar with the old one. However, it breaks the Xposed framework and my virtual machine never starts after reboot.
How can I resolve this issue?
Is there any way safe to change XposedBridge.java and replace the XposedBridge.jar?
Thanks.
Hi guys,
I was recently reverse engineering a package com.huawei.autoinstallapkfrommcc and trying to understand what it is doing.
From what I could see it looks like this service after system boots up, is checking what mobile carrier you are using and then loads a list of packages from file autoInstallAPK.xml and then installs/uninstalls them based on mcc and mnc codes.
I am wondering if this xml file can be used to bypass device security. However I can't find it on my device.
Could you please check if you have a file at
Code:
[ROOT]/System/etc/xml/autoInstallAPK.xml
and share it if it exists there?
Check your
/cust/vendor/country/xml/*.xml
&
/preload/model/vendor/country/xml/*.txt
Look also for :
APKInstallListEMUI5Release.txt
&
DelAPKInstallListEMUI5Release.txt
Share back your tweaks and findings
oslo83 said:
Check your
/cust/vendor/country/xml/*.xml
&
/preload/model/vendor/country/xml/*.txt
Look also for :
APKInstallListEMUI5Release.txt
&
DelAPKInstallListEMUI5Release.txt
Share back your tweaks and findings
Click to expand...
Click to collapse
I don't have such folders, did you mean main partition? I don't have root so I am quite limited.
Maybe this config file is included only in roms which come from mobile carriers like Verizon, T-Mobile etc.
So far what I think this package is reading from that xml is:
* package name
* apk path
* action type (install, uninstall, disable, maybe others)
* card info (probably sim card info/ carrier info)
Then this data is being processed (atm I don't fully understand the process flow but in general it goes through each element (app) described in the xml list and takes defined action depending on the carrier you have). Ofc whole process is not started untill system is booted and sim card present/installed.
I wonder why Huawei have implemented such service. Maybe to make it easier for carriers to install branding apps on EMUI? Maybe this is only used to install carrier config package to. Can't really tell at the moment.
However I see a potential use case where someone uses buffer overflow or other vunerability to alter/overwrite this xml file. This could allow someone to install malicious apps on the device.
I am now analyzing bytecode of the part that is parsing InputStream from xml to see if I have missed something.
Hello!
I'm currently playing around with Java and Xposed development and I have created a simple Android app that creates a .txt file in a folder.
What I would like to do is create a Xposed module that can automatically detect when I create said .txt file, I have 2 ideas on how I could achieve that but I'm not sure what might be the best:
Idea #1:
Create some sort of background service that will always be runnning and check if there are any or new files in said folder or maybe use the FileObserver method.
Idea #2:
Hook into the app and run a function inside my Xposed module that checks with regular interval if there are any files in the folder.
I have never really done any Java or Xposed development before so all this is quite new, but I would love to know what would be the best aproach or if anyone has some better suggestions!
Thank you all!
I don't see a xposed requirement here. File change observation is easily done by automation apps like Tasker(event->file->file modified), doesn't need xposed for it. Xposed framework better used for modifications to system or apps.
As per second requirement of performing user actions on a app, you can use Xposed edge(xposed plugin) inject gestures / AutoInput(tasker plugin)
I found this app that creates a Magisk module with your device's framework-res.apk with a replaced mouse pointer
Releases · thesandipv/pointer_replacer
Xposed or Magisk Module to replace touch pointer. - thesandipv/pointer_replacer
github.com
But it causes a bootloop on Android 11 and also can't work with a frameworks-res.apk you provide yourself from a different device.
The app also has a forced Google login on startup.
Since the app is open-source, can anyone perhaps remove the dependency to Google Play Services and the forced Google login on the startup screen so it can also work on AndroidTV and de-Googled phones?
Anyway to provide your own frameworks-res.apk from a different device to create a Magisk module instead?
The app creates a Magisk Module with a full changed frameworks-res.apk which might interfere with other overlay files.
Anyway to use runtime resource overlay instead so only the pointer_arrow.png is changed so there are minimal problems with other overlay files?
Are there any other Magisk module that could perhaps overlay the frameworks/base/core/res/res/*drawable/pointer_arrow.png instead?
dewettie said:
I found this app that creates a Magisk module with your device's framework-res.apk with a replaced mouse pointer
Releases · thesandipv/pointer_replacer
Xposed or Magisk Module to replace touch pointer. - thesandipv/pointer_replacer
github.com
But it causes a bootloop on Android 11 and also can't work with a frameworks-res.apk you provide yourself from a different device.
The app also has a forced Google login on startup.
Since the app is open-source, can anyone perhaps remove the dependency to Google Play Services and the forced Google login on the startup screen so it can also work on AndroidTV and de-Googled phones?
Anyway to provide your own frameworks-res.apk from a different device to create a Magisk module instead?
The app creates a Magisk Module with a full changed frameworks-res.apk which might interfere with other overlay files.
Anyway to use runtime resource overlay instead so only the pointer_arrow.png is changed so there are minimal problems with other overlay files?
Are there any other Magisk module that could perhaps overlay the frameworks/base/core/res/res/*drawable/pointer_arrow.png instead?
Click to expand...
Click to collapse
Have you thought to ask the developer these questions
Thats what i would do....rather than ask random people on a forum
Especially asking them to hack a developers work....
In general what youre asking is such a niche request for a niche function that almost no one uses....
Ive literally never enabled that ever in a decade of Android , let alone thought "id like to custom it"
Ask the dev...