Related
http://forum.xda-developers.com/showthread.php?t=725692 <- new dump app.
EXPIRED
Please hold on for next release, this one has expired.
Andro Shark is an android packet sniffing app. It dumps all (wifi and/or 3g) traffic into a standard pcap file in /sdcard/androshark. This file can be read with wireshark, or any other application able to read pcap files.
This is the March 3rd version. This is the first public beta, so expect bugs. I will not be held responsible for damage or loss due to any software. My standard license applies, http://www.andirc.net/2010/04/standard-license-agreement.html.
To use Andro Shark you must agree to the above license.
Feedback/feature requests appreciated.
jcase said:
Andro Shark is an android packet sniffing app. It dumps all (wifi and/or 3g) traffic into a standard pcap file in /sdcard/androshark. This file can be read with wireshark, or any other application able to read pcap files.
This is the March 3rd version. This is the first public beta, so expect bugs. I will not be held responsible for damage or loss due to any software. My standard license applies, http://www.andirc.net/2010/04/standard-license-agreement.html.
To use Andro Shark you must agree to the above license.
Feedback/feature requests appreciated.
Click to expand...
Click to collapse
Does it need root?
Sorry, yes requires root.
crap oh well, thanks. Hopefully they can root 2.1 leaks soon.
No root here so I can't test it, but just a few thoughts.
Is there a way to specify a capture filter in the program? Something ala libpcap's filters "IP 192.168.1.1".
Does it get killed by the task manager if left idle for a while?
Any way to view the .pcap output on the device?
nindoja, Its based on tcpdump, and if memory manager kills it tcpdump keeps running. Its a bug and I have fixed it. I just need to get it all packaged an uploaded sometime.\
Burko,
After i have the capture part done, I will look into that.
hmmm great potential, but i think something is broken with mine keeps stopping each time I try to get to the browser, maybe I'm doing something wrong
pk198105 said:
hmmm great potential, but i think something is broken with mine keeps stopping each time I try to get to the browser, maybe I'm doing something wrong
Click to expand...
Click to collapse
Possibly, I will update it this weekend. Possibly ad the ability to browse packets, or filter packets. Depends on my time. Do you happen to have autokiller or any memory management app setup?
Please report your device, and ROM back to me.
Any OS version requierements? It always says that this app cannot be installed. I have root of course and a 1.6 version.
m4dm4n123 said:
Any OS version requierements? It always says that this app cannot be installed. I have root of course and a 1.6 version.
Click to expand...
Click to collapse
Posted version is for 2.1 for now, which device? Will be updating for 1.5 and up.
HTC Magic 32a, currently running CM 4.2.15.1. Although there will be soon CM 2.1 version, I am looking forward seeing your app for <2.1 OS versions.
Seems to be working great on my N1. Very useful. Verified the dumped data in Wireshark.
blunden said:
Seems to be working great on my N1. Very useful. Verified the dumped data in Wireshark.
Click to expand...
Click to collapse
Shocked people are actually using this lol.
Guess i have to actually polish it?
I will hop on it soon as I release my adblocker (this weekend?).
Polish it ? Distribute it. Dude, you would be the first to make an packet capture app (that uses tcpdump of course).
Hi just tried it on my hero with 2.1 - I get "Could not open /sdcard/AndroShark.apk as APK file" when I try to install it with Astro - any ideas?
PhatCrack said:
Hi just tried it on my hero with 2.1 - I get "Could not open /sdcard/AndroShark.apk as APK file" when I try to install it with Astro - any ideas?
Click to expand...
Click to collapse
well just tried it with astro and it works! try downloading again. tested with HTC Hero NeORoM 2.1
nicandris said:
well just tried it with astro and it works! try downloading again. tested with HTC Hero NeORoM 2.1
Click to expand...
Click to collapse
Installed NeORoM and now it works - thanks
Works perfectly
Hi,
FYI, I tested it and it works perfectly on my rooted Desire.
Thanks for your work!
As you requested some ideas for new features:
Widget On/off (like for GPS, Wifi, ...)
Checkbox to append the datetime (several sessions without the need to rename the previous one)
Cheers,
W.
hello, great app =) maybe you can add the option to filter MSN conversations =)
cumps from portugal
androidpt->
aa
thanks for the guide! ive been looking all over for something like this
its totally worth switching to android now with the market apps
Guide Stuck! Thanks for this.
usb outlook sync
here's a possible usb sync solution for outlook users; it's pretty expensive though ($40, 15 day trial version), and I haven't tried it since my vouge is not activated atm.
http ://www .companionlink.com/androidusb/ol-android-usb.html
(spaces in link for newbie post)
Would this work with the vogue's usb driver?? I know i've read about issues with only parts of the usb driver being implemented.
Anyway there's a trial if anyone's interested. I'm still holding out for a "reverse tethering" solution so I can access the internet on my vogue over usb or bluetooth. There's another thread on here about that.
Great work on the guide. I'm sure I might be using it when I upgrade to a new phone in the near future
this is a great guide, thanks. i am due for upgrade around december and think that i will keep my 6900 in service- not sure as to what she will do,but ill figure out something
this gives me the opportunity to keep her at full service.
thanks again
What are you guys doing for a calendar.
Was there ever a way discovered to use the google calendar?
aa
I'm having trouble with Titanium Backup. It keeps on saying that the emulator needs to be rooted to be used, so how would I get it to work?
th3lolz said:
In the comments on my site trackstarboi said that this was good, but I have yet to try it:
http://www.androlib.com/android.application.jp-co-johospace-jorte-iwqp.aspx
Click to expand...
Click to collapse
I recently found ancal http://code.google.com/p/ancal/wiki/AnCal
and it seems to be working for me. I've tried jorte, didn't care for it.
It would still be ideal to use the google calendar, because of the widgets it has etc.
th3lolz said:
6. The apps you backup will be backed up to /sdcard/backups/apps/
7. You can use one of the following adb commands to pull these files from the emulator:
adb pull /sdcard/backups/apps/ /AndApps
This will download all of your backed up apps to a folder on your root drive called AndApps
or
adb pull /sdcard/backups/apps/<NAME OF APK>.apk /AndApps/<NAME OF APK>.apk
This will copy a single apk of your choosing to /AndApps/
Click to expand...
Click to collapse
I don't quite get this part, where do i put in adb pull /sdcard/backups/apps/ /AndApps
my emulator is stuck on the boot screen....im running the one from the accessmarket.rar
If anyone is using this on a Mac, I would love to know how you go about setting it up and using this accessmarket.avd
I can run the emulator but I can't seem to be able to figure out how to Import? this package
aa
aa
aa
aa
Good work
Thanks for the guide. Very helpful.
th3lolz said:
You have to place it in the directory stated by the sdk documentation for Mac:
If it works for you, post it here and I'll update the guide for mac users too. I'm not really sure what you'd do with the .ini though, perhaps a mac user can tell you that (or you could create an avd through SDK setup and upload your avd folder so I can look at it)
Click to expand...
Click to collapse
Thank you for the reply. I did copy the avd to my .android folder on Mac, but the emulator doesn't see it. I am a fairly new Mac user as well, so not too much help from here
aa
General information on Xposed has been moved to this thread: http://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053
The FAQ has been moved to this thread: http://forum.xda-developers.com/xposed/-t2735540
Questions, suggestions, bug reports and so on can be posted in the Xposed General forum (for the installer/framework/development only) and in the Xposed Framework modules forum (for anything module-related).
Sounds interesting.I hope that you make a apk that simplifies things for simple user like rom control in AOKP
Keep up the good work my friend
That's great, decompiling/compiling apks is not really my cup of tea lol thanks rovo89
May be useful for my themes, keep working on it
Very interesting... Will try soon.
This looks like a really great idea and could help reduce the need for dev's being pestered by users for mod's every time a new rom is leaked/released, well done sir, hope to see this take off
I will definitely have a swing at this over the next few days. This looks like fun!
**This message will self-destruct**
Thanks for the "thanks" everyone. I decided to create an installer first before looking into the other things. This way, I hope a few people can test whether it works on their device (see first post for the APK).
Some notes about this:
The installer holds the app_process executable and the XposedBridge.jar as assets and can install it to the correct locations (root permissions required!).
It will automatically create a backup of /system/bin/app_process at /system/bin/app_process.orig, which can be restored either via the app or via shell (e.g. adb, works in recovery as well).
I have only tested it on ICS (LPQ Stock). Honestly, I do not have the time to test it with anything below that. If somebody wants to do this, I can help you to get started with the code. app_process was not changed very often, so chances are rather good that it will work with only few changes.
The installer requires SDK15 (4.0.3) for the same reason.
Improvements for any part of the code are welcome! It should be easy to use for both users and developers.
(Un-)Installing the installer app alone does not change anything (at least not now). Please use the buttons inside the app.
The next step should now really be to load modules dynamically, I hope I can use standard installable APKs for that (although the framework will probably request enabling confirmation for technical and security reasons).
siberian tiger said:
I hope that you make a apk that simplifies things for simple user like rom control in AOKP
Click to expand...
Click to collapse
From what I read, Rom Control seems to be something like the Settings app for ROM-specific stuff? I am not so sure yet whether I want to implement generic settings in the framework.
Having a standard interface for setting loading/saving (like or using Android's Shared Preferences) would probably make sense. But the settings themself can be very different from module to module, so I would rather let those bring their own settings menus.
What I did though was to implement an installer. My idea how it should ideally work for end users:
Install the Xposed Installer
Click the "Install/Update" button in the installer
Install one or more modules
Configure the modules (if necessary)
Have fun!
Where "install" would mean that you can download the app from the Play Store or a website and install it with the usual package manager. At least for steps 1 and 2, this is working already. For the others, I have to see.
Dynamic module loading is implemented now as well. Modules are normal apps with a special metadata tag and an asset describing which classes to load. You can look at my modifications for examples how this works. I think it is quite simple to develop and use.
I feel that Xposed is quite stable right now. It should be very easy to install both the framework and the modules without any knowledge about modding.
Also for developers, creating a new module is not too complicated. If anyone wants to give it a try, I'm happy to help you getting started. I'm convinced that Xposed is great alternative to APK modifying, but it will not work without developers creating modules for it.
Speaking of modules, I have published one for the famous CRT off effect: http://forum.xda-developers.com/showthread.php?t=1583963
The source code is also available at Github. See how it has less than 40 lines (and only about 10 LOC)? I think that this is awesome!
I was not able to install it as normal app hence pushed them to system/app using root explorer.
It works perfectly on XXLPS SENSATION ROM ICS V 3.2
Sent from my GT-I9100 using Tapatalk
OK you got me interested
What is currently holding me back is a lack of "documentation" about how to go about doing things...
Is there any reference info (even source code comments) that I should have a read of?
Or perhaps a little worked-through guide as to how you made the screen-off or red-clock one, complete with the "thinking" behind it all, just to learn the thought process.
This seems potentially hugely useful for me, just need to know what it can do!
Diliban said:
I was not able to install it as normal app hence pushed them to system/app using root explorer.
Click to expand...
Click to collapse
Really? Oh. Did you get any error message? I assume you have allowed installation of non-market apps?
@pulser_g2: Feedback taken! Until now, I focused on bringing Xposed to a level where it is actually doing something useful for end-users.
As there are some steps that can not be documented easily in the source code (e.g. how you mark an app as Xposed module), I will recreate a tutorial how you can create the clock example. I will try to give many details not only what to do, but also how you can know that you need to do this.
TUTORIAL - How to create an Xposed module
The tutorial has been moved to https://github.com/rovo89/XposedBridge/wiki/Development-tutorial
this is one of the most amazing projects made lately.
You are unleashed the best way to handle mods and possible some hacks.
very great work, robo89
Great concepts mate. Very powerful.
Wouldnt this also expose a device to malicious coders?
If a device has this implemented then is it possible that a simple theme could contain something nasty.
Not trying to stop progress of this project just throwing this out there for consideration.
----------------------
GTI9100 KK5
aceofclubs said:
Wouldnt this also expose a device to malicious coders?
If a device has this implemented then is it possible that a simple theme could contain something nasty.
Not trying to stop progress of this project just throwing this out there for consideration.
Click to expand...
Click to collapse
This is an absolutely valid thought.
In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?
So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.
And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.
Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.
As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
rovo89 said:
This is an absolutely valid thought.
In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?
So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.
And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.
Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.
As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
Click to expand...
Click to collapse
It is so refreshing to see someone take such a mature approach as this.
I greatly appreciate your time on that tutorial, and I will take a proper read through it while working it out myself later... (on vacation right now, this seems like a good thing to try if it rains )
Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/
pulser_g2 said:
Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/
Click to expand...
Click to collapse
Maybe.. I could rather easily implement something in hookMethod that checks the method to be hooked against a whitelist defined in an asset in the module (which could of course contain wildcards). Then when you enable a module, I could display this whitelist, with a warning if it includes some very central classes/packages/methods (but how to create such a list?).
However, this cannot control the following:
What you do inside the handling method. If you change anything in SystemUI (and that might be only the battery icon or the clock color), this method will be executed in the context of the SystemUI, which has a large set of Android standard permissions.
Calling any methods of the framework and modifying any available variables, as this can be done via standard reflection.
Basically anything that is not handled through XposedBridge, but using standard techniques.
Wanted to install the framework, but i am getting:
sh: /data/data/de.robv.android.xposed.installer/cache/install.sh: no such file or directory
What am i doing wrong ?
After weeks of hard work we (Setmov and uncle Fab) proudly present you the first Una ROM for the galaxy Grand I9082, based on 4.1.2 XXAMF7.
DISCLAIMERAs usual, your phone your responsability, we won't take any responsability if it flies out of the window or if your girlfriend/boyfriend runs away with it.
PLEASE, DO READ OP COMPLETELY AND CAREFULLY BEFORE ASKING ANY QUESTIONS, ANSWERS TO MOST PROBLEMS ARE THERE
WHAT IS UNA?Una is a new concept that takes security to a new level.
Are you tired of seeing so much blatant, outrageous and shameless invasion of your privacy and data mining hidden behind nice sentences like "enhanced use experience" or "complete integration with the system"? We decided to develop secure ROMs where privacy means just that – Private!.
It’s free of charge, we are a non profit structure and we are not here to make big bucks.
WHAT UNA ISN'TUNA isn't a way to help you to stealthily buy massive destruction weapons to foment a coup d'etat in your favorite banana republic or to prepare the third world war:silly:.
UNA secures what leaves from your phone (ie your personnal data doesn't leak and no app can look over your shoulder to spy your activities), but it can't competely secure what comes into your phone.
Why is that?
Because it's just not possible to fully secure a phone from what comes into it, and anyone claiming to be able to do it is either a liar, or an ignorant, or both.
There are too many attacks, some not well documented, if documented at all, and some unknown to the public, and there are too many ways to hack a phone, especially if the user doesn't use his/her common sense.
If you are the type of person that installs apps from shaddy source and/or warez web sites (sites offering cracked paid apps) chances are that at some point you will unknowingly install a malware or a spyware. The same applies if you click on any link, specially on SMS' and emails, if you let any pop out window appear or if you don't protect your lockscreen with a password/pin/pattern and let anyone get physical access to your phone.
A bit of judgment and common sense can save you a lot of trouble, but there's unfortunately nothing UNA can do about it.
Then, if you use your phone to call through GSM your provider will know where you are. If he didn't you wouldn't be able to make any call, the signal has to find you and there's nothing UNA or anyone can do about it.
The only way to prevent that is to disable the phone functions (but then your phone will turn into a wifi only device) and reenable them when needed, head to the scripts section to learn how to do it.
Last but not least, bear in mind that the agencies have armies of tech savvy henchmen and 10 storeys computers, and tricks we can't even imagine, so think twice and use your brain before you attempt to outsmart them...
UNA IS FOR YOU IF:. You are willing to learn how to use an unconventional ROM and generally speaking to understand how things work, even if it sometimes requires a little effort to fix this or that little problem (bear in mind that it took us a lot of work to develop Una to where it is now),
. You don't mind a few little occasional bugs here and there that come from all the restrictions the ROM contains,
. You want to take back ownership of your phone from google’s claws.
UNA IS NOT FOR YOU IF:. All that you care about is the latest gimmick in the latest OS,
. You can't live without the google’s apps,
. You are the kind of person that never reads through the OP and only scroll down to the download section, and then complain that things don't work and/or ask stupid questions in which are answered OP. An example? One guy makes a mod and writes clearly in OP that it's specifically for 4.2.2. Then some people complain: "it doesn't work on 4.4.2"...
If you are that type of person, please do yourself and us both a favour, and close this window now.
ARE WE PARANOID TIN FOIL HATS? OR TERRORISTS? OR CARTEL BOSSES?Nope, we only are people that don't see why we shouldn't be in control of our phones. Or why our phones can be wiped remotely, why apps or updates or who knows what can be downloaded and installed without asking for our consent, why SMS' can be sent without us to know, why we should pay for the bandwidth used for data mining and unwanted downloads, and why all those activities should deplete our battery and kill our RAM.
You think we are overreacting here?
You don't have to take our word for it, just download and install Network Log from here:
https://f-droid.org/repository/browse/?fdfilter=network+log&fdid=com.googlecode.networklog
Give it root permission, start logging and open some web pages. Come back to Network Log after a few minutes and see for yourself, you'll be surprised (or maybe horrified?) to find out that your android system, your settings, your kernel etc. connect to all sorts of funny IPs, including and foremost google’s.
Now you see what we mean?
It's time to go for Una
UNA'S FEATURES. Rooted.
. Deodexed.
. Zipaligned.
. Busybox and sqlite installed.
. Init.d support and scripts.
. Auto start disabled for most apps.
. About 120 system apps, 40 framework jars, 30 permissions xmls and 25 libs removed, plus files here and there.
. Very low RAM and CPU consumption, more than 8 hours screen time with the WIFI on, 1% battery decrease every 10-12 hours while in stand by.
. Heavily and extensively modified system, in order to make it secure and prevent it from leaking your data.
. App Settings, Firewall and Xprivacy built-in, and already applied out of the box to make sure you are well protected.
. Xprivacy is a fantastic tool but it has one big limitation, it can't restrict the Android System from accessing your serial numbers and leaking it. For that reason these IDs have been edited as follows:
build.serial (androidboot.serialno) and ro.serialno are both set to "1",
android id is set to "android",
net.hostname is set to "1".
. Wlan serial number set to "00000001" (this number identifies you everytime you connect to the internet, and Xprivacy can't do anything about it).
. USB ID (iSerial) set to 1.
. Unreadable cp access.
. Vulnerabilities patched thanks to Master Key Multi Fix and Fake ID Fix.
. ADB disabled (can be re-enabled, see below).
. By default ADB, all google access (including youtube, blogspot and google search) and the Media Storage are disabled. You can re-enable some or all of them, instructions are in the "HOW TO USE THE ROM" section.
. Plenty of under the hood modifications to make the ROM fast and fluid.
. Multi-purpose navigation keys.
. Call button in contacts.
. Because secure doesn't mean ugly, the whole ROM has been themed with a beautiful green color (if there are enough requests other themes will follow), transparency, and Lollipop HD wallpapers.
. KK style pop-up toasts.
. Multiwindows have been revamped, they are no longer only static in Samsung style but now they can float and be resized too, like on a computer.
. All apps can be opened in floating mode.
. Possibility to choose between different multiwindows layouts in KK's style.
. Heaps of hand picked and carefully scrutinized open source apps.
There are 2 non open source apps (Greenify and Quick Pic) but they are safe, believe me, I have thoroughly examined them. Still, you can always uninstall them if you feel like it.
In time we will develop our own apps, but first we want to see how people respond to the Una concept...
Installed apps/tools. 920 Editor, to create and edit scripts or text files.
. AF+ Firewall.
. Alarm clock.
. APG, to encrypt messages.
. App Settings, to restrict apps' permissions, change DPI on a per app basis and more.
. Arity, a calculator.
. Conversations, a secure and encrypted chat, modded by uncle Fab for increased security.
. Fdroid, an alternative to the Play Store, and all the apps are open source!
. Floating stickies, to make small notes on the fly.
. FTP Server, to copy files to/from your phone wirelessly.
. Ghost Commander, a very powerful dual panel root file manager.
. Gravity Box, a theming engine.
. Greenify, to make apps behave by hibernating them when not in use.
. K9 Mail, an email client.
. Kernel Adiutor, if you feel like playing with kernel tweaks (but you have to know what you are doing).
. Lightning, a fast and light weight browser.
. Multiwindows Manager.
. Network Log, to check where your apps connect and chase unwanted connections.
. Open Camera.
. Tor (Orbot) for Android, modded by uncle Fab for increased security.
. Orweb, a browser designed to work along with Tor.
. OS Monitor, to monitor and kill your phone's processes, and more.
. Pale Moon, based on Firefox for Android, for a full desktop experience with Mozilla add-ons preinstalled for enhanced security.
. PDF Reader.
. Preferences Manager, to edit the otherwise difficult to read shared_prefs files in data/data.
. Quick Dic, a good selection of free dictionaries.
. Quick Pic, a Gallery app.
. Rmaps, a maps app where you can download maps from various sources for offline use.
. Search Light, a torch.
. Terminal Emulator, fire up your commands and show your phone who is the boss!
. Text Secure, a secure and encrypted SMS app, modded by uncle Fab for increased security.
. Tint Browser, another fast web browser.
. Urecord, to record sounds with different sample rates.
. USB Mass Storage Enabler, to connect your phone to any computer (note that it only mounts the external SD).
. Viper4Android FX, a powerful sound enhancer.
. Viper4Android XHiFi, some more sound enhancements.
. VLC, a video and music player favourite.
. WI-Fi Privacy Police, to secure your connections even better than they already are.
. Xposed Installer, a great framework that enables apps like App Settings or Xprivacy to work.
. Xprivacy, last but not least, the best privacy app.
WHY IS THIS ROM 4.1.2 BASED AND NOT 4.2.2?
Because Samsung did a complete failure with its 4.2.2 version for Galaxy Grand.
High RAM consumption, no floating windows, bugs.
Plus, the newer the android version the more spying there is, despite google's sweet talk about "enhanced user's experience", the infamous Fused Location being a good example.
INSTALLATIONAs usual, make a backup first!
Do backup your contacts and whatever is important because all your apps and data will be erased (your sd card contents won't be deleted though).
Do backup your /system/csc folder, in case you need it for later.
Do backup your efs folder (VERY IMPORTANT).
Open an android terminal from your phone, first type "su" (without the quotes), enter, then type:
busybox dd if=/dev/block/mmcblk0p17 of=/sdcard/efs.img
This will create an efs backup caled efs.img in your sd card.
If you need to restore it type:
busybox dd if=/sdcard/efs.img of=/dev/block/mmcblk0p17
Before you install the ROM, download Philz recovery from here:
http://forum.xda-developers.com/showthread.php?t=2452985
We chose Philz since AFAIK it's the only one that allows you to lock you recovery with a password (highly recommended, if your recovery is not password protected it wouldn't take more than 2 minutes for someone to disable your pattern or pin protected lockscreen and access all your personal data on the phone).
Philz' installation instructions
You need to have Samsung drivers installed.
Boot your phone into download mode (press volume down and power at the same time).
Open Odin 3.07 and connect your phone.
Click on the PDA slot, navigate to where the Philz recovery is located and select it.
DOUBLE CHECK AND MAKE SURE THAT "RE-PARTITION" IS UNTICKED (only "Auto Reboot" and "F.Reset Time" should be selected).
Click start and wait while Odin flashes Philz.
If everything went well your phone will now auto-reboot into the system. Go into recovery, you should see your brand new Philz.
If you are still on stock recovery then repeat the above steps, but this time untick “Auto Reboot” in Odin.
When in recovery, if before you reboot you see a text on the screen displaying “yes – disable flash recovery”, select it to avoid stock recovery overwriting Philz.
Now, download Una from here (scroll down until you get to the download section):
http://unaos.com/
Unzip the ROM and copy it to the backup folder that is inside the clockworkmod folder in your sd card (if there's no backup folder create it by choosing "mkdir" in Ghost Commander).
Boot into recovery.
Go to restore from sdcard, choose 2015-03-23.10.56.05, and go for it!
Once it's done reboot, congratulations, you have installed Una ROM on your phone!
The screenlock password is 23052015
IMPORTANT!!!I haven't tried the latest 4.2.2 ROMs and I don't know if they have Knox or not (the earlier versions hadn't).
If they have it and if you are on such a ROM you'll have to choose custom restore and uncheck boot in the menu, because since the bootloader you have is Knoxed you may get a brick if you downgrade it to a pre-Knox version, don't play with that!
If you choose to proceed, you do so at your own risk, but in any case look first on the internet to find out if it's doable.
If it doesn't work for you then I'm sorry, you are out of luck, shame on you Knox...
If it works please report it here so that other people will know, thanks in advance!
HOW TO USE THE ROM. Swipe down to access the applications drawer.
. Swipe up to open the notifications.
. Go to settings and set a stong password/pin/pattern protected lockscreen (recommended), default password is 23032015.
. Go in recovery and set a recovery password (recommended).
. Long pressing on the menu key toggles expanded desktop (full screen, no more navigation bar and no more status bar).
. Double pressing the menu key kills and hibernates the current application.
. Long pressing the recent key brings you back to the last application (convenient to switch from one app to another).
. Between the home and the back key there's a supplementary key that can display up to 12 apps (editable in gravity box).
Double pressing that key shows the sound panel, long pressing it shows the reboot menu (note that there's an option to take screenshots in the reboot menu).
. When you open an app you'll see a cascade icon at the top or the bottom right, press it and the app will turn into a floating window like on a computer. Now, open the notifications and check the 4 icons at the top, click any of them and the currently opened floating window (s) will be reorganised according to the layout you chose.
. Go to /system/etc/security/cacerts, check the certificates that are there (you'll find the certificate's name approximately by the middle of the file), and erase the ones you don't need/like.
When you want to transfer files to/from your phone open the USB Mass Storage Enabler app and enable mass storage, that's it. When you are done, don't forget to eject your phone from the computer and to reenable MTP from the app.
. When you install a new application, by default it will be fully restricted in both Xprivacy and the Firewall.
Before you open the newly installed app wait until the Xprivacy icon appears in the status bar, then and only then can you open it.
Most likely the app will crash.
Go to Xprivacy, open its settings and then usage data, you will see what restrictions caused the crash. Re enable some, provided that they are not too invasive.
Many apps require "load.Library" to be allowed in the shell section, that's ok.
Others may need to access the sd card, that's in the storage section and it's ok to allow it for apps that really need to access the storage, like players, cameras or file managers (for other apps try to keep it restricted).
Root apps obviously need "su" and/or 'sh", and sometimes "exec", in the shell section.
Always try to enable as few fields as possible, and bear in mind that data requested by an app is not necessarily needed for that app to work (especially true for identification, internet and mcc/mmc access).
Lastly, give the app internet access in the Firewall if, and only if, it needs it, and restrict some more permissions in App Settings.
If you can't tame the app consider uninstalling it and look for a similar one that has less built-in spyware.
SCRIPTS. As said above, by default ADB, all google access (including youtube, blogspot and google search) and the Media Storage are disabled.
If you want to re-enable some or all of them, open the folder on your home screen called "scripts". Click on the desired script and it will be automagically executed.
If you choose to enable/disable google access you ll have to go to the Firewall to reapply its script. Open the firewall, go to settings, choose set custom script, click OK.
. You will see more scripts to disable/enable the Bluetooth, the FM Radio and the Phone.
If you disable the Phone and later want to re-enable it do as follows:
untick App Settings in Xposed's modules section, re-enable Phone, reboot, then enable App Settings again.
. Some scripts will enable you to backup/restore your efs partition and flash a recovery.img (to restore or flash an .img, make sure it's in your internal sd and execute the script).
. Other scripts can enable/disable am and pm, but don't play with it unless you know what you're doing.
. You can uninstall the Wallpaper Chooser and the Media Storage if you want, or keep them disabled and resurrect them when needed.
. If you are very privacy concerned you should consider using the "uncle's phone lite" mod because it enables you to call with only the Phone and the Telephony Provider apps (CSC, Contacts, Contacts Storage, Logs Provider and STK are completely de-activated). That's the method I use to make calls, but you have to know that the dialler forces close after you complete the call (not a big deal in my opinion but still, I may look into it one of these days). You'll find the mod in the add-ons section.
BUGS. For some reason the ADW Launcher doesn't allow transparency in the navigation bars while in portrait, I'm working on that.
. You can't download anything from Lightning and Tint Browser, that's because the Download Manager and the Download UI have been uninstalled. If you need to download something, copy the link and paste it in Pale Moon, it has its own download engine.
. Part of the lockscreen and the dialer don't show in landscape mode, it's because the DPI has been modified in order multi layouts floating windows to work.
. All the installed apps work, but other apps you install may crash. I call that kind of apps "google’s henchmen", they only work if the play store services or the bla bla app are installed and of course they won't on Una since all that garbage has been removed.
If I install your app, why do you want to force me to install your boss' app too? Forget about those apps and search Fdroid, you'll find what you need...
. Depending the way you use your phone you may have to fine tune Xprivacy and reenable some permissions, I'm sorry for the inconvenience but it's impossible to set Xprivacy for all users since we all have different ways to use our phone.
ADD-ONS. Uncle's themed Sony keyboard, flash it in recovery. It's not open source and that's why it's not included in the rom by default, but it's my every day keyboard because it works fine and because I themed it to make it look nice.
. HD Wallpapers
. Universe Wallpapers
http://unaos.com/addons
If there are many users' requests then I'll upload the following:
. Uncle's phone lite (with clipboard and dialer) for hardcore users. It's safer than using the regular phone configuration, but the dialer forces close when you hang up the call. Flash it in recovery, wipe dalvik-cache, reboot.
. Completely disable internet access for the Android System. Lightning and Tint Browser won't connect anymore since they use the same web engine as the Android System (that is anyway not very safe in 4.2.2), but Pale Moon still works thanks to its build-in web engine. Flash it in recovery, wipe dalvik-cache, reboot.
UPDATES?There will be some, but no ETA, you'll have to be patient because now we have to design and release Una for three other phones.
Still, any suggestions/comments/bug reports are welcome, help us to improve Una!
FEATURES REQUESTYeah, sure, we'll see what we can do but we don't promise anything
That's all for now, enjoy the ROM!!!
The Una team
CREDITSBig thanks to:good::
F-Droid
M66B (Xprivacy)
Rovo89 (Xposed)
Tungstwenty (App Settings, Master Key, Fake ID Fix)
Ukanth (AF+Firewall)
Jecelyin (920 Editor)
Kraigsandroid (Alarm Klock)
Thialfihar (APG)
Arity (Arity calculator)
Siacs (Conversations)
Ppareit (FTP)
Ghost Squared (Ghost Commander File manager)
Mohammad Adib (Floating Stickies)
C3C076(Gravity Box)
Oasisfeng (Greenify)
K-9 Dog Walkers (K9 Mail)
Grarak (Kernel Adiutor)
Anthonycr (Lightning)
Xperiacle (Multiwindows Manager)
Pragmatic Software (Network Log)
Mdwh2(Open Camera)
The Guardian Project (Orbot and Orweb)
Eolwral (OS Monitor)
Moon Child and Cyansmoker (Pale Moon)
Droidapps (PDF Reader)
Androguide.fr (Pimp My Rom script)
Simon Marquis (Preferences Manager)
Thad Hughes (Quick Dic)
Q-Supreme team (Quick Pic)
Robert.Developer (Rmaps)
Search Light (Search Light)
Jackpal (Terminal Emulator)
Anasthase (Tint Browser And Tint Browser Adblock Addon)
Thomasebell (Urecord)
Mohammad Abu-Garbeyyeh (USB Mass Storage Enabler)
Zhuhang (Viper4Android FX and Viper4Android XHiFi)
Videolan.org (VLC)
Brambonne (Wi-Fi Privacy Police)
Did I forget someone?
If that's the case let me know and I'll put your name here.
reserved
No screens?
ishmeet1995 said:
No screens?
Click to expand...
Click to collapse
Here you go
I like the effort but there are seriously some thinks you may not know what you are talking about, maybe because lack of knowledge.
Did I mention that I found google’s DNS in Tor (Orbot)? Pretty bad but fear not, I've patched it...
Click to expand...
Click to collapse
Most DNS lookups are local to the exit node with occasional use of Google DNS, changing a DNS itself is no guarantee for more security since the data needs to be anonymize too, that's possible if we use I2P together with TOR (because it's impossible to surf the web secure since not all provider/sites using a strong encryption for all stuff like content, external content and the whole site).
Open source vs closed
Click to expand...
Click to collapse
Well, mostly I agree open not automatically means it's safe at any time (see opensll and other popular projects) but here it would be help to see some source because you talking about trust and how can we trust you without looking in the code? Is there are proof for all your changes you done?
I've explored deep into the hidden depths of this Samsung ROM, and I didn't find anything questionable (but I had already removed around 150 apps, so there wasn't much left) from Samsung's side
Click to expand...
Click to collapse
How you do that if you don't have the source for e.g. the radio modem or other closed parts from a stock rom? Via reverse engineering? - You must have spent a lot of time for this ... I was not able to do it and not even any expert here on xda, it's impossible to one man to reverse and understand all stuff it would take years, even with good tools like IDA and 20 years of knowledge. You can maybe, maybe! only see some parts ... but not inspecting all aspects and since there is no reference I guess nobody can't say what's really secure.
Encrypting would only attract suspicion - why does he encrypt his messages? He must have something to hide!
Click to expand...
Click to collapse
Sure you have no idea what you talking about, this shows it. It's not about "..but I have nothing to hide!" it's a common thing, maybe you should read this first.
To tag something with secure is very easy but to proof that without anything is almost impossible. One of the benefit you mentioned is to hardening the OS but that also could be done with scripts/binary's or other stuff without downloading the whole rom, xda is full of it - but sadly most of all "security" things here are never really tested or under the scope from known experts. - but people always believe in the hype and the myths!
Don't get me wrong but maybe you think about it and release something we all can work with (especially the changes only as a diff or something).
CHEF-KOCH said:
I like the effort but there are seriously some thinks you may not know what you are talking about, maybe because lack of knowledge.
Most DNS lookups are local to the exit node with occasional use of Google DNS, changing a DNS itself is no guarantee for more security since the data needs to be anonymize too, that's possible if we use I2P together with TOR (because it's impossible to surf the web secure since not all provider/sites using a strong encryption for all stuff like content, external content and the whole site).
Well, mostly I agree open not automatically means it's safe at any time (see opensll and other popular projects) but here it would be help to see some source because you talking about trust and how can we trust you without looking in the code? Is there are proof for all your changes you done?
How you do that if you don't have the source for e.g. the radio modem or other closed parts from a stock rom? Via reverse engineering? - You must have spent a lot of time for this ... I was not able to do it and not even any expert here on xda, it's impossible to one man to reverse and understand all stuff it would take years, even with good tools like IDA and 20 years of knowledge. You can maybe, maybe! only see some parts ... but not inspecting all aspects and since there is no reference I guess nobody can't say what's really secure.
Sure you have no idea what you talking about, this shows it. It's not about "..but I have nothing to hide!" it's a common thing, maybe you should read this first.
To tag something with secure is very easy but to proof that without anything is almost impossible. One of the benefit you mentioned is to hardening the OS but that also could be done with scripts/binary's or other stuff without downloading the whole rom, xda is full of it - but sadly most of all "security" things here are never really tested or under the scope from known experts. - but people always believe in the hype and the myths!
Don't get me wrong but maybe you think about it and release something we all can work with (especially the changes only as a diff or something).
Click to expand...
Click to collapse
I’m sorry you feel that way. Did you install the rom at all?
Dear Dev,
Thanks for the ROM for our grand community, but after 5.0 Lollipop do you think people will shift to 4.1 ICS again?
Anyways very nice effort for great customization.
:good::good::good::good::good:
unclefab said:
UNA IS FOR YOU IF:. You are willing to learn how to use an unconventional ROM and generally speaking to understand how things work, even if it sometimes requires a little effort to fix this or that little problem (bear in mind that it took us a lot of work to develop Una to where it is now),
. You don't mind a few little occasional bugs here and there that come from all the restrictions the ROM contains,
. You want to take back ownership of your phone from google’s claws.
UNA IS NOT FOR YOU IF:. All that you care about is the latest gimmick in the latest OS,
. You can't live without the google’s apps,
. You are the kind of person that never reads through the OP and only scroll down to the download section, and then complain that things don't work and/or ask stupid questions in which are answered OP. An example? One guy makes a mod and writes clearly in OP that it's specifically for 4.2.2. Then some people complain: "it doesn't work on 4.4.2"...
Click to expand...
Click to collapse
hemant4409 said:
Dear Dev,
Thanks for the ROM for our grand community, but after 5.0 Lollipop do you think people will shift to 4.1 ICS again?
Anyways very nice effort for great customization.
:good::good::good::good::good:
Click to expand...
Click to collapse
I think everything is quite well explained and your question answered in the OP. Thank you for your interest.
hemant4409 said:
Dear Dev,
Thanks for the ROM for our grand community, but after 5.0 Lollipop do you think people will shift to 4.1 ICS again?
Anyways very nice effort for great customization.
:good::good::good::good::good:
Click to expand...
Click to collapse
No ..never
Edit: and 4.1 is not ICS
I expected that kind of reply, from you or from one of the forum's security experts, the same people that ignored me when I offered to share knowledge and to give advices/opinions on the security thread.
CHEF-KOCH said:
Most DNS lookups are local to the exit node with occasional use of Google DNS, changing a DNS itself is no guarantee for more security since the data needs to be anonymize too, that's possible if we use I2P together with TOR (because it's impossible to surf the web secure since not all provider/sites using a strong encryption for all stuff like content, external content and the whole site). .
Click to expand...
Click to collapse
I m not the guy that developed Tor, what you are talking about is his business, not mine.
All what i did was to change google's DNS in Tor's code, period.
Well, mostly I agree open not automatically means it's safe at any time (see opensll and other popular projects) but here it would be help to see some source because you talking about trust and how can we trust you without looking in the code? Is there are proof for all your changes you done?
Click to expand...
Click to collapse
Nobody needs to trust me.
As I wrote in OP (did you read it?):
You don't have to take our word for it, just download and install Network Log from here:
https://f-droid.org/repository/brows...ode.networklog
Give it root permission, start logging and open some web pages. Come back to Network Log after a few minutes and see for yourself, you'll be surprised (or maybe horrified?) to find out that your android system, your settings, your kernel etc. connect to all sorts of funny IPs, including and foremost google’s.
Now you see what we mean?
It's time to go for Una
Click to expand...
Click to collapse
Install the ROM, and see by yourself how it behaves.
Another thing is that all the installed apps in the ROM are open source, apart from 2 that I have reverse engineered, inspected and restricted (Greenify and Quick Pic), and as I said in OP people are fee to uninstall them.
To be honest, on my daily ROM I do use some closed source apps that are very good, that only have legit permissions, that don t spy on me whatsoever, and that dont connect anywhere.
But sadly I couldn t include them in this ROM, because I knew that if I had done it people like you would have criticized me.
How you do that if you don't have the source for e.g. the radio modem or other closed parts from a stock rom?
Click to expand...
Click to collapse
Radio modem and the like are closed source, and I never said that I did anything there.
But that s the same in an AOSP or CM ROM, and the only way to overcome that problem is either replicant (but they don support many devices) or baseband isolation.
I have full baseband isoltaion on my daily ROM, but hey, do you think that i could make such a ROM for public release? Do you think that people would like a ROM that transforms their phone in a wifi only device, and need to connect to a modem to have data connection and to call or receive sms'?
Still, people can achieve baseband isolation on this Una Rom, instructions are in OP.
Anyway, all what I said, again in OP is that :
spying that is present on AOSP too since it's google’s material as well (compare the apps' permissions and the network connections in an AOSP/custom ROM and in a stock ROM, it's more or less the same, or better, look at the code).
You can't do everything you want on a closed source ROM (I bet you can't on AOSP either), but to edit and clean the system you don't need the full source code.
Click to expand...
Click to collapse
You see?
I have removed over 100 system apps, dozens of jars, some xmls and libs, then I have cleaned the remaining apps and jars, then I have set very carefully and very restrictivey the firewall, App Settings and Xprivacy, then I have applied other security related tweaks and yes, Una is secure.
No more data mining, no more unwanted internet connections to google, amazon and who knows where, if that s not secure for you then I don t know what can be called secure.
To tag something with secure is very easy but to proof that without anything is almost impossible
Click to expand...
Click to collapse
.
Once more, you don t need to trust me.
Install the ROM, open Network Log, look at the Task Manager etc., and see what happens.
maybe you think about it and release something we all can work with (especially the changes only as a diff or something).
Click to expand...
Click to collapse
Why do you need to get anything from someone like me?
You said that I don t know what I am talking about, that I have a lack of knowledge etc., so why would such an expert like you benefit from it?
By the way, did you try the ROM?
BTW again, thanks for the link but sorry, I still don't feel concerned.
I don t use my phone for bank transactions, I m not working on big secret projects, I have blocked adds in the host files and I never get any spam.
Still, thanks for remembering me about encryption, I had forgotten to add in the encryption chapter in OP that Una has encryption apps (APG, Conversations, K9 Mail, Text Secure).
@hemant4409
First, the galaxy Grand will never get Lollipop from Samsung.
From custom ROMs, maybe, but that s not the point.
If people like more gimmicks and fancy transitionts than security it s their problem....
Congrats to all your work and the time spent on the Security subject and thanks for taking the time to share your work. This is the first time I see such a custom rom on XDA (on Internet I'd say) so I wanted to express my gratitude.
Hats off.
You provide a lot of information about security and privacy and the first question is 'No screenshots?' lol
Primokorn said:
Congrats to all your work and the time spent on the Security subject and thanks for taking the time to share your work. This is the first time I see such a custom rom on XDA (on Internet I'd say) so I wanted to express my gratitude.
Hats off.
You provide a lot of information about security and privacy and the first question is 'No screenshots?' lol
Click to expand...
Click to collapse
Here's screenshots
http://forum.xda-developers.com/showpost.php?p=59640778&postcount=4
oskar01 said:
Here's screenshots
http://forum.xda-developers.com/showpost.php?p=59640778&postcount=4
Click to expand...
Click to collapse
OMG!! He was kidding:cyclops:
I’m sorry you feel that way. Did you install the rom at all?
Click to expand...
Click to collapse
I'm dl'ed the rom and see what whas changed because a friend asked me to make a statement if this rom really secure anything. Btw no need to quote all stuff over and over again and again.
All what i did was to change google's DNS in Tor's code, period.
Click to expand...
Click to collapse
You can't change something you don't have access to or something that is important if we talking about DNS, you can't change the exit nodes. And as mentioned changing a DNS server is no guarantee since they also can log your stuff - it's all about trust, sure - but an OpenNIC without logging (that's proofed) would more help. For more security related stuff about DNS please first read this and this. DNS is not secure anymore, no matter which provider and according to the NSA they have some techniques to identify and infiltrate some servers.
Nobody needs to trust me.
As I wrote in OP (did you read it?):
Click to expand...
Click to collapse
Sure, nobody force anyone to install and use your stuff, that's what I'm not saying - but to say x and y was removed or changed is very hard to trust without anything except your words. It's no offensive at all.
Another thing is that all the installed apps in the ROM are open source, apart from 2 that I have reverse engineered, inspected and restricted (Greenify and Quick Pic), and as I said in OP people are fee to uninstall them.
Click to expand...
Click to collapse
I simply not care about the apps, no matter if it contains malware or not, as long they not have any root access or internet connection is simply has no effect. Most apps today do not want to destroy the hardware, they just want to collect and grap your private data and send them back if you turn wifi on (which makes t harder, because without deep package inspection you won't ever notice that there are some wired behaviors with app xy.
... people like you would have criticized me.
Click to expand...
Click to collapse
If you just one of the people that can't handle valid arguments or is unable to accept any other arguments we can just stop the whole discussion. - What I've learned from xda is that some people are unable to discuss and calling the moderator instead (for no reasons). It's not against your work, it's to inform and to show others if it's really offers that what you promise here or not. I really hope you understand it.
But that s the same in an AOSP or CM ROM,..
Click to expand...
Click to collapse
No it's not some roms use (outdated) open source modem sources, like CM which is always a big discussion because people "always" complaining about signal related stuff and possible battery drains. Or in other words some people say that with a stock modem/radio they have a better signal compared to CM.
I have removed over 100 system apps, dozens of jars, some xmls and libs, then I have cleaned the remaining apps and jars, then I have set very carefully and very restrictivey the firewall, App Settings and Xprivacy, then I have applied other security related tweaks and yes, Una is secure.
Click to expand...
Click to collapse
Installing security apps is the last line of defense, not the first. Read more about here. I guess you not touched the network code (because it's closed) so that won't change anything at all.
Install the ROM, open Network Log, look at the Task Manager etc., and see what happens.
Click to expand...
Click to collapse
Same again that won't change something on application layer, tor is also affected.
.. so why would such an expert like you benefit from it?
Click to expand...
Click to collapse
I not use it, as said a friend asked me because he usually like your work.
.. I have blocked adds in the host files and I never get any spam.
Click to expand...
Click to collapse
Blocking ads via hosts file not works if you change your mobile connection from e.g. 2G/3G/wifi/lan since on most roms the hosts never gets a re-apply. If you not getting any ads you are a lucky boy but it's very decency on which www your are or which addon you use. If you use Firefox/Plae Moon just use uBlock and configurate the filter list (so no ads at all too) but that not works for apps (but there are also minminguard or adaway [hosts] for it. Sad think about the hosts seems that it coasts more battery and usually takes longer to boot - but okay, anyway matter of taste which stuff you prefer.
Text Secure
Click to expand...
Click to collapse
Better link or integrate the SMSSecure it's based on Text Secure but encrypts SMS (since Text Secure removed that for some reasons).
.. security related tweaks
Click to expand...
Click to collapse
Which one? TCP/IP stack hardening, protocol changes like only forcing to use latest TLS or what? You see some important details are missing.
I expected that kind of reply, from you or from one of the forum's security experts, the same people that ignored me when I offered to share knowledge and to give advices/opinions on the security thread.
Click to expand...
Click to collapse
Yes, I reply'ed to this thread but my answer was way to long so I got a loading problem (the reasons I asked a mod to remove my post). I'm working on something but it's not fully done yet. The problem is that it will be the longest post here on XDA ever (if I release it here - I'm not really a xda fan) and it's very complicated so there will be a lot of people that may possible will never understand all stuff.
So, sorry if you feel that I "ignored" your post. But feel free to visit my Github stuff or just visit infosec institute to read my other stuff.
So the main question is here if you show us your mods or not? Or if you plan to release a "hardening package" or not? That's all I want to talk about.
@CHEF-KOCH
You came out of the blue on this thread, basically saying that I'm a moron that doesn't know what he's talking about and implying that this ROM is garbage, then you said you will download the rom and make a statement about whether it's secure or not.
And...?
Nothing, but you edited your post with the following:
So the main question is here if you show us your mods or not? Or if you plan to release a "hardening package" or not? That's all I want to talk about.
Click to expand...
Click to collapse
Is that fair?
Seriously, what would you think and what would you do if you were me?
If this ROM is garbage, prove it.
Otherwise, go polluting another thread...
unclefab said:
@CHEF-KOCH
You came out of the blue on this thread, basically saying that I'm a moron that doesn't know what he's talking about and implying that this ROM is garbage, then you said you will download the rom and make a statement about whether it's secure or not.
And...?
Nothing, but you edited your post with the following:
Is that fair?
Seriously, what would you think and what would you do if you were me?
Click to expand...
Click to collapse
Don't bother with @CHEF-KOCH. He just want you to share your knowledge with him, so he can "use" it and make you look like an idiot! Also, he is a liar, he didn't come here because of a "friend" but because of my post on your security thread. When he had some strange "loading issues" I also asked him very politely where was the problem....he never bother to reply, and he deleted the post, so what kind of person he is? He is a hater, and a spitter and "no constructive help" from him, so don't lose your time with him!
I'm giving up, useless to talk here.
CHEF-KOCH said:
I'm giving up, useless to talk here.
Click to expand...
Click to collapse
Thank you mister know it all, and please don t come back, there are plenty of other threads to pollute...
Too bad that you couldn t prove that this rom is garbage
And too bad that you are too arrogant to admit that you were wrong when you implied that I m an idiot and that this rom is garbage...
i can only post one :thumbup: per post , but if i could then ........... :thumbup::thumbup::thumbup: , at least some knowledgeable people are trying.
"all I can really do , is stay out of my own way and let the will of heaven be done"
Awesome thread
I do not have Grand but my brother has it. I was searching a rom for him and found your thread. I must say I did not find any thread like you in at least Samsung area. You people did a great work. Security is a great concern and if you secure the system then it itself become light weight because you take out spyware craps out of it. I appreciate your work. Good job man. Pleas e develop something in Note 3 LTE section as well.
Alright everyone, I'm Trailblazer101, an Android Developer who likes to take advantage of, and make better, the unique features of the phones I purchase. I started off with the Samsung Continuum back in 2010, which had a ticker ahead of its time, and went from there. I work 2 jobs, so time is tight sometimes, but I still manage to work on these things, a fun passion/hobby.
Status Updates
Code:
5/12
--- I got my patch working, and tested it out with a simple demo that takes advantage of the new capabilities. I've posted a Guide below!
5/10
--- Now that Verizon users have root, I will begin testing this myself :) Thanks to those who helped me figure out what we'd have to do, so I can get started right off the bat! I'll keep you posted.
What is this?!!
Okay, so by default the Feeds that you can make are restricted to the capabilities of a RemoteView. This severely limits what you can do with the Feed. Take a look here to see what exactly is supported, by default: http://stackoverflow.com/a/16089389
However, any Samsung App (which includes a few signed by Samsung on the Galaxy Apps Exclusives page) has the ability to put whatever it wants on the screen, just like a regular App. I've now extended that invitation on over to you/us!
Guide
The steps to take advantage of this is a little convoluted, so let me break it down for you easy!
STEP 1:
You have to flash my patch to allow this development to actually work. You can download it here: View attachment Trailblazer101_S6Edge_Advanced_Feeds_Patch.zip. Then flash it using FlashFire, or extract the zip and put everything where it needs to go, making sure to set the permissions appropriately!
STEP 2:
Now you can start developing your new Custom Feed! I would suggest using my simple demo project as your base, and going from there! You can find that here: View attachment EdgeScreen-BACKUP.zip. Extract it and take a look at the source!
STEP 3:
From here on out is where things get tricky... Without changing a thing, if you build from source and try to debug, it won't work. Why? Because the API that Samsung gives developers, like us, is different than the one they use for themselves. So Here's what you gotta do-- without changing a thing, build the Project. The best way to do that without debugging within Android Studio is to go to Gradle Projects -> :app -> Tasks -> build -> assembleDebug. This'll make the built apk and put it within "..\.EdgeScreen-BACKUP\app\build\outputs\apk\app-debug.apk".
STEP 4:
I'm assuming you have the latest Java Development Kit, and Android SDK, installed and configured properly, with their paths in the PATH variable, accordingly. You should also know how to use apktool for decompilation, at least a little I've compiled a toolkit folder based off of the test Project I shared above, which includes apktool, the NEW Samsung API files, the original built apk, and the already modified decompiled source/apk. You can download that here: View attachment Decompilation_Data.zip. Then, open a Command Prompt window and "cd" to the extracted folder.
STEP 5:
Decompile the built apk, which should be the same as the one in the extracted folder, using apktool like this:
Code:
.\apktool\apktool d -f TestFeed_orig.apk
STEP 6:
Compare the decompiled folder "TestFeed_orig" with my already modified "TestFeed_modded" one. I suggest using WinMerge! You'll see that the 'TestFeed_orig\smali\com\samsung\android\sdk' folder is very different. That's what I was talking about before, how Samsung Feeds have more options in their API. So delete the 'TestFeed_orig\smali\com\samsung' folder, and replace with the one in the '---SAMSUNG API---' folder.
STEP 7:
Continue comparing the two folders. Basically the rest of the changes are just getting our application to call the new Samsung API properly, instead of the stubs I was using in the Project. There aren't many changes you have to make, but they're all important!
STEP 8:
Once the two folders are the same, recompile it using apktool, like so:
Code:
.\apktool\apktool b TestFeed_orig
STEP 9:
Sign the new compiled apk stored in 'TestFeed_orig\dist' using your signing key. You can make your own, then use it to sign the app, following the instructions here: Official Instructions for Manual Signing.
STEP 10:
Install the newly signed apk, and enable the Feed by going to: Settings-> Edge screen -> Information stream -> Manage Feeds -> *ENABLE* FeedsCocktailExample! You may have to restart, or just hit 'reorder' in the top left. That sometimes fast-triggers it. Now turn off the screen, do the Feed Gesture to get it to turn on, and you should see our Custom Feed! It doesn't look like much, but it's using a custom view, HorizontalTextView, that would not work otherwise.
From here the options are endless. You can follow these steps and my Sample Project to play a video for a feed, if you wanted! Whatever strikes your fancy!
If you followed these steps and appreciate the help, show this thread some love, and maybe. Well i'd say buy me a beer, but it'll probably go to textbooks instead
Developer/Advanced Information!
We can make our own Feeds no problem, without root, they are just forced to use a RemoteView directly, which for all intents and purposes, is a pain in the kiester. Instead, it would be a lot nicer/convenient, without even mentioning the more advanced functionality we could bring, to use our own Views. However the version of SlookCocktailManager.UpdateCocktail that allows this is only found within a more advanced API, one I/no typical user don't have access to directly. BUT, I can still access it by decompiling for example the Edge RSS app from the Samsung AppStore, and putting/replacing the "sdk" folder from that into my own decompiled app, and recompiling. Easy enough, with apktool! (Of course with the headache of adding in my own temporary shell classes, in the project, so that I can actually write the calls, and just change the reference within the smali code once that sdk is replaced) The problem is, even when you do this, and it builds fine, installs great, and even begins initializing properly, we get an error from within CocktailBarService, the file I'm having you replace. More specifically, I tracked down the actual problem, and it comes back to "CocktailWhiteList", a class within CocktailBarServices, then checks the signature of the calling application, our Custom Feed, and sees if it comes from Samsung. This none of my expertise can fix, without being rooted, but trust me I tried. Now that we are rooted I was able to patch said apk, and get my own apps to work! Hurray!
cocktailbar service crashes when going into 'edge screen' option in settings menu.
logcat attached
Edit: sorry didn't rename cocktail bar (cocktailbarservice_signed to cocktailbarservice)
now it doesn't visibly crash, it just wont let me go into 'edge screen' option in settings menu
new log cat uploaded
This man looks promising! You have my S6 edge as soon as I have an official TWRP with working backup and restore
ktetreault14 said:
This man looks promising! You have my S6 edge as soon as I have an official TWRP with working backup and restore
Click to expand...
Click to collapse
I will help as well, when these tools are out for us..
Thanks for bringing cool stuff like this to the phone at this early date!
ktetreault14 said:
This man looks promising! You have my S6 edge as soon as I have an official TWRP with working backup and restore
Click to expand...
Click to collapse
How deep are you willing to go? Because it would be awesome if you could clear dalvik-cache, since I see this, right off the bat:
Code:
: Failed to find OatDexFile for DexFile /system/priv-app/CocktailBarService/CocktailBarService.apk ( canonical path /system/priv-app/CocktailBarService/CocktailBarService.apk) with checksum 0xfbfcb9f7 in OatFile /data/dalvik-cache/arm64/[email protected]@[email protected]@classes.dex
EDIT: could you also make sure that you set the right permissions for the apk? I'm getting the impression that they might be off with:
Code:
msg=audit(1429397519.049:355): auid=4294967295 uid=10001 gid=10001 ses=4294967295 subj=u:r:untrusted_app:s0 pid=12605 comm="ktailbarservice" reason="memory violation" sig=11
EDIT2: We might have to disable SELinux... That's rather unfortunate/puts a rather large damper on things, until custom kernels come out at least... After starting a root shell, can you try:
Code:
setenforce 0
I don't know if it'll work, but if that goes through successfully try and launch the Edge Settings Screen again!
EDIT3: Do'h. It may have been something really simple *crosses fingers* Could you please re-download the CocktailBarService, and try doing the same thing you did last time, with right permissions, and maybe a dalvik-cache wipe if it doesn't work!?
Tried the new apk you uploaded. Getting a force close still when trying to open. I changed SELINUX to permissive, wiped dalvik, even tried deleting arm64 folder as well. No luck.
04-19 00:25:09.907 E/AndroidRuntime(15867): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.samsung.android.app.cocktailbarservice/com.samsung.android.app.cocktailbarservice.settings.EdgeScreenSettingsMain}: java.lang.SecurityException: Permission Denial: get/set setting for user asks to run as user -2 but is calling from user 0; this requires android.permission.INTERACT_ACROSS_USERS_FULL
Was searching through logcat and found this. May this have something to do with the issue?
wase4711 said:
I will help as well, when these tools are out for us..
Thanks for bringing cool stuff like this to the phone at this early date!
Click to expand...
Click to collapse
Don't mean to hijack thread, but "Tool" is already available here:
NB: Chrome and IE don't translate into "Save file" - Use Mozilla which does > copy to phone and flash.
https://blck.io/twrp-2.8.6.0-zeroltetmo.img
Perfectly working on T-Mobile S6 Edge
Will
RoM_Addict said:
Don't mean to hijack thread, but "Tool" is already available here:
NB: Chrome and IE don't translate into "Save file" - Use Mozilla which does > copy to phone and flash.
https://blck.io/twrp-2.8.6.0-zeroltetmo.img
Perfectly working on T-Mobile S6 Edge
Will
Click to expand...
Click to collapse
that version doesn't work properly for me and many others; waiting for an "official" version from the TWRP folks..
trailblazer101 said:
How deep are you willing to go? Because it would be awesome if you could clear dalvik-cache, since I see this, right off the bat:
Code:
: Failed to find OatDexFile for DexFile /system/priv-app/CocktailBarService/CocktailBarService.apk ( canonical path /system/priv-app/CocktailBarService/CocktailBarService.apk) with checksum 0xfbfcb9f7 in OatFile /data/dalvik-cache/arm64/[email protected]@[email protected]@classes.dex
EDIT: could you also make sure that you set the right permissions for the apk? I'm getting the impression that they might be off with:
Code:
msg=audit(1429397519.049:355): auid=4294967295 uid=10001 gid=10001 ses=4294967295 subj=u:r:untrusted_app:s0 pid=12605 comm="ktailbarservice" reason="memory violation" sig=11
EDIT2: We might have to disable SELinux... That's rather unfortunate/puts a rather large damper on things, until custom kernels come out at least... After starting a root shell, can you try:
Code:
setenforce 0
I don't know if it'll work, but if that goes through successfully try and launch the Edge Settings Screen again!
EDIT3: Do'h. It may have been something really simple *crosses fingers* Could you please re-download the CocktailBarService, and try doing the same thing you did last time, with right permissions, and maybe a dalvik-cache wipe if it doesn't work!?
Click to expand...
Click to collapse
Hi trailblazer, I set the permissions the same as the original apk ,
right lets try again: I've downloaded the new version and set permissions, wiped dalvik-cache but when trying to disable SELinux i get
tmp-mksh: 0 : not found.
and when going into 'edge screen' settings i get unfortunsatly cocktailbar service has stopped.
Catlog attached:
I used this to modify SELINUX. For anyone else who is helping out, try this.
[4/19] QuickLaunch Demo And Advanced Feed Development Request For Rooted Users
b-reezy said:
I used this to modify SELINUX. For anyone else who is helping out, try this.
Click to expand...
Click to collapse
I sent you a PM! I explicitly declared that permission for each activity, so let's see how it goes now! I put the same apk I sent you now on the OP, so the other testers can try it! In the mean-time, I do have something real for you guys to play with! It's the QuickLaunch window, customizable and all (from hitting the Feeds Settings Icon). I'll put that in the OP with the tag "WORKS(Kinda)"!
One thing, which is a big reason why I'm trying to do it this way-- clicking the icons launches the app, it just doesn't turn the screen back on! I've tracked it down, and it seems as if when the Feed Screen is on, it has the SCover flag set to on, manually, but when a user clicks a button from another Feed, it turns that flag back off, thus turning the screen back on. The easiest/cleanest way for us to do that too would be our Custom Feed Panel implementing the same OnClickHandler that the others do, just can't without doingwhat we're trying to do!
EDIT: Please still use the QuickLaunch apk with the tag "Signed" though for testing the replacement of CocktailBarService! My new one just does it the bad way, and had to get rid of the code for trying the good.
(There's other ways to turn the screen on, but the way I'm trying to do it does it easily, and allows for more advanced functionality!)
FOR DEVELOPERS:
If you are interested in taking what I have and running with it/collaborating, I am more than willing to send all sources of what I have so far, my resources that I've been using, along with all information gathered so far. Just ask!
Hopefully this will become available for non-rooted. I am DIEING to get more functionality out of the Edge API for this phone. The feed is an awesome option, but having to swiping finger is a pain in the @$$. A double tap on the edge or an automatic turn on would be AWESOME when Texts or missed calls are there.
b-reezy said:
I used this to modify SELINUX. For anyone else who is helping out, try this.
Click to expand...
Click to collapse
BTW.. can be disabled in the kernel source also.. I did that in m8 times
trailblazer101 said:
I sent you a PM! I explicitly declared that permission for each activity, so let's see how it goes now! I put the same apk I sent you now on the OP, so the other testers can try it! In the mean-time, I do have something real for you guys to play with! It's the QuickLaunch window, customizable and all (from hitting the Feeds Settings Icon). I'll put that in the OP with the tag "WORKS(Kinda)"!
One thing, which is a big reason why I'm trying to do it this way-- clicking the icons launches the app, it just doesn't turn the screen back on! I've tracked it down, and it seems as if when the Feed Screen is on, it has the SCover flag set to on, manually, but when a user clicks a button from another Feed, it turns that flag back off, thus turning the screen back on. The easiest/cleanest way for us to do that too would be our Custom Feed Panel implementing the same OnClickHandler that the others do, just can't without doingwhat we're trying to do!
EDIT: Please still use the QuickLaunch apk with the tag "Signed" though for testing the replacement of CocktailBarService! My new one just does it the bad way, and had to get rid of the code for trying the good.
(There's other ways to turn the screen on, but the way I'm trying to do it does it easily, and allows for more advanced functionality!)
FOR DEVELOPERS:
If you are interested in taking what I have and running with it/collaborating, I am more than willing to send all sources of what I have so far, my resources that I've been using, along with all information gathered so far. Just ask!
Click to expand...
Click to collapse
Liking the Quicklaunch app , are you still needing testers? or have you got all the info you need?
Alex-V said:
BTW.. can be disabled in the kernel source also.. I did that in m8 times
Click to expand...
Click to collapse
Exactly and imo its better if its done this way..
for anyone interested
you need to edit the security/selinux/selinuxfs.c file from source
FIND:
Code:
selinux_status_update_setenforce(new_value);
#else
ADD RIGHT BELOW "#else":
Code:
new_value = 0;
So it becomes:
Code:
selinux_status_update_setenforce(new_value);
#else
new_value = 0;
or use this one (from the G925F source)
friedrich420 said:
Exactly and imo its better if its done this way..
for anyone interested
you need to edit the security/selinux/selinuxfs.c file from source
FIND:
Code:
selinux_status_update_setenforce(new_value);
#else
ADD RIGHT BELOW "#else":
Code:
new_value = 0;
So it becomes:
Code:
selinux_status_update_setenforce(new_value);
#else
new_value = 0;
or use this one (from the G925F source)
Click to expand...
Click to collapse
yeah.. that's the one I used.. I'm still for and back to root or not..means for me.. develop roms and kernels ..or use it as it is.. lol..
friedrich420 said:
Exactly and imo its better if its done this way..
for anyone interested
you need to edit the security/selinux/selinuxfs.c file from source
FIND:
Code:
selinux_status_update_setenforce(new_value);
#else
ADD RIGHT BELOW "#else":
Code:
new_value = 0;
So it becomes:
Code:
selinux_status_update_setenforce(new_value);
#else
new_value = 0;
or use this one (from the G925F source)
Click to expand...
Click to collapse
Hii my friend, i also still , have a non rooted S6 Edge :thumbup:
Hey guys, I finished the QuickLaunch Feed and posted it in the Apps Folder here:
Click Me!
I did manage to get it to turn the screen on, then, with the clicking of the shortcuts, and it still launches it once unlocked (if you have a lockscreen). I am going to begin work on a music player Feed, now
I will continue development on more advanced Feeds, and also delve into enhancing the edge in other ways, once we Verizon users get root (or until I win the lottery and get a Sprint version ). I see all these great opportunities to make it better, I just can't do anything with it until I'm rooted, since this didn't go as well as I planned. Where we are stuck at now is this, and where it would be too much of a pain for me to do without a phone of my own to test one:
We need to re-sign the system with a signature key we have access to. This includes framework, apps, and the priv-apps signed with the samsung key. Then I can go about doing what I wanted to do, but otherwise, it's a no go.
A developer who does have a Sprint or T-Mobile version with root, I can tell you the information I gathered so far. I have seen where the 'turn screen on gesture' is stored, and all these other great things, I just can't right now
trailblazer101 said:
Hey guys, I finished the QuickLaunch Feed and posted it in the Apps Folder here:
Click Me!
I did manage to get it to turn the screen on, then, with the clicking of the shortcuts, and it still launches it once unlocked (if you have a lockscreen). I am going to begin work on a music player Feed, now
I will continue development on more advanced Feeds, and also delve into enhancing the edge in other ways, once we Verizon users get root (or until I win the lottery and get a Sprint version ). I see all these great opportunities to make it better, I just can't do anything with it until I'm rooted, since this didn't go as well as I planned. Where we are stuck at now is this, and where it would be too much of a pain for me to do without a phone of my own to test one:
We need to re-sign the system with a signature key we have access to. This includes framework, apps, and the priv-apps signed with the samsung key. Then I can go about doing what I wanted to do, but otherwise, it's a no go.
A developer who does have a Sprint or T-Mobile version with root, I can tell you the information I gathered so far. I have seen where the 'turn screen on gesture' is stored, and all these other great things, I just can't right now
Click to expand...
Click to collapse
very nice.. thanks my friend ?
This is just sounding AWESOME! I am on AT&T so will have to wait as well for Root. I was wondering if there is a possability for the edge to just turn on, on its own without the need to swipe the screen? Like when a new notification comes in it will just scroll across the edge (or maybe the icon will blink on and off until you see it and swipe).
I still feel the swipe is to hard to do consistantly and would rather use a double tap or something if the auto on isn't possible.