[Q] [Problem] How to list parameters in - Xposed General

It's quite a simple one I hope. Also, apologies for adding noise to the forum, but I couldn't find any detailed documentation or many tutorials.
I'm making use of findAndHookMethod for a little test project of mine. The problem is, the method which I am hooking has custom classes in its parameters.
Obviously I don't have access to these classes in terms of having the source code imported, so my first thought was just to list the paramaters as Object.class, but this didn't work.
What (if any) are the solutions? Thanks!
P.S.
In case I worded it badly. Say I have method to be hooked...
public void methodThatDoesSomething(ThisCustomClass nameOfParameter)
How do I use findAndHookMethod when listing parameters, as ThisCustomClass.class is not within the scope of my project

Use a string with the class' full name, e.g. "com.hooked.package.ThisCustomClass".

Related

[DEV] First step of reserve engineering libcamera (Work in progress)

Hi all,
I'm working on reserve engineering libcamera for Tattoo, based on libcamera2 by NCommander. Thanks to nopy for many help.
HTC have changed a lot in their kernel, and left LOTS of useless or temporary codes not to be cleaned up. Right now, camera codes in the kernel are very clean and tidy and mainly ported from AOSP-donut kernel. Interfaces of /dev/msm_camera/control0, config0, and frame0 are successfully generated. As you know, HTC kernel implemented the /dev/msm_camera/msm_camera0 interface to communicate with requests from user space. I'm not sure why HTC did such a hack. The reason why I ported camera codes from AOSP-donut relies on the fact that most of camera working ROMs for other headsets like Dream or Sapphire did this, even if these ROMs are powered by 2.6.32 or even 2.6.34 kernels.
I've sticked to HTC camera driver in the kernel. Please check out my github.
Here is the explanation of the relationship between libcamera, libqcamera and the kernel, written by NCommander.
This is my first step to reserver engineering work on libcamera. Camera does NOT work yet.
The current logcat and klogtail have been attached here, Donut version as well. Thanks to MrGland, salva.tejero, and kicmi.
If anyone is interested in hacking for Tattoo, just let know. I'll invite you to cooperate with us.
Regards,
do you want try my kernel?
it have a problem with wifi...but the camera and media driver are correctly loaded...
if u want i can send it via pm
i have fix the GL problem on my rom...i haven't a tatto...but if u want i can see again the problem with your rom.
i'm just thinkg to restart my rom from zero. I have already downloaded the froyo source and i'm starting to compile the source and add my personal kernel...
said me if u want collaborate to made a new 2.2 rom
W/dalvikvm( 613): threadid=10: thread exiting with uncaught exception (group=0x400207d8)
I am by no means a c++ expert, but I started learning it last week. A uncaught exception needs catching so that the whole thread does not terminate, you can deal with them using catch(), unless it is a hardware exception
I think you two have the best chance of making a working froyo rom if you work together based on using your roms. I use fyodors 1.6 rom daily
I believe this too.
I prefer fyodor's rom though cause with his roms I never had problems on booting. Ikxdf' s roms from the other side don't boot on my device(except abusu 2.01 and capcake 1.01)
you two (ikxdf,cn.fyodor) are supermans make a team mix up your files and your skills, make a great panfyodorcake ROM and we, tattoo users will be so happy Good Luck
E: omg sry kiljacken and HCDR.Jacob ale supermans too
cn.fyodor said:
I've dived into the source files, and found there was a __NULL__ "config_defaults" array of structure in egl.cpp file. This array was used in eglChooseConfig function, which is heavily related with my issue. I'm not sure what the codes did since not familiar with C++ programming. I've googled a lot, but no luck.
I need C++ experts to read the opengl codes in Froyo system and find the reason why 'No configs match configSpec' error comes up. Thanks in advance.
Regards,
Click to expand...
Click to collapse
If you send me that file or gives me the path to it in the Android source code I'll gladly take a look at it...
If you send me that file or gives me the path to it in the Android source code I'll gladly take a look at it...
Click to expand...
Click to collapse
Same here...
ikxdf said:
do you want try my kernel?
it have a problem with wifi...but the camera and media driver are correctly loaded...
if u want i can send it via pm
i have fix the GL problem on my rom...i haven't a tatto...but if u want i can see again the problem with your rom.
i'm just thinkg to restart my rom from zero. I have already downloaded the froyo source and i'm starting to compile the source and add my personal kernel...
said me if u want collaborate to made a new 2.2 rom
Click to expand...
Click to collapse
Hi, ikxdf
Glad to see you in this dev thread. My kernel can drive the camera correctly, but I haven't verified it yet. Feel free to send yours to me, I'll test it to check whether it works or not.
speedyracer5 said:
W/dalvikvm( 613): threadid=10: thread exiting with uncaught exception (group=0x400207d8)
I am by no means a c++ expert, but I started learning it last week. A uncaught exception needs catching so that the whole thread does not terminate, you can deal with them using catch(), unless it is a hardware exception
Click to expand...
Click to collapse
Thanks for the info. If it's a hardware exception, there must be some bugs in my customized kernel. However, to be honest, I really don't know how to debug the C++ codes.
kiljacken said:
If you send me that file or gives me the path to it in the Android source code I'll gladly take a look at it...
Click to expand...
Click to collapse
Thanks. The top path is frameworks/base/opengl. This exception error was thrown by the ./java/android/opengl/GLSurfaceView.java and the eglChooseConfig function is defined in ./libagl/egl.cpp. Hope you find something useful to debug it.
My greetings,
are the best in the tattoo improving.
Thanks to all the people who try to improve the tattoo...
let´s go friends
cn.fyodor said:
Hi, ikxdf
Glad to see you in this dev thread. My kernel can drive the camera correctly, but I haven't verified it yet. Feel free to send yours to me, I'll test it to check whether it works or not.
Thanks for the info. If it's a hardware exception, there must be some bugs in my customized kernel. However, to be honest, I really don't know how to debug the C++ codes.
Thanks. The top path is frameworks/base/opengl. This exception error was thrown by the ./java/android/opengl/GLSurfaceView.java and the eglChooseConfig function is defined in ./libagl/egl.cpp. Hope you find something useful to debug it.
Click to expand...
Click to collapse
I've looked much at the files and i have fund that the error you get is caused when an app gives some info about a configuration and EGL can't find a config that matches that information...
Does this error happen in the camera app??
cn.fyodor said:
Hi, ikxdf
Glad to see you in this dev thread. My kernel can drive the camera correctly, but I haven't verified it yet. Feel free to send yours to me, I'll test it to check whether it works or not.
Thanks for the info. If it's a hardware exception, there must be some bugs in my customized kernel. However, to be honest, I really don't know how to debug the C++ codes.
Thanks. The top path is frameworks/base/opengl. This exception error was thrown by the ./java/android/opengl/GLSurfaceView.java and the eglChooseConfig function is defined in ./libagl/egl.cpp. Hope you find something useful to debug it.
Click to expand...
Click to collapse
The Exception has been thrown from JAVA because num_config[0] has not been populated by eglChooseConfig. This output parameter it's populated at the last line of eglChooseConfig.
I don't know the architecture of android and egl stuff, what i can reccomend to you is to use the LOGE macro to write in console the list of attibute (attrib_list parameter) and try to see in which point the function returns (using LOGE macro opportunely).
From what i can understand, this function tries to match the list of attributes passed as parameter(attrib_list) with global array of configurations (gConfigs), which contains 8 configurations (every configuration is an array of attributes).
Java makes 2 calls to eglChooseConfig, the first is to retrieve the number of configurations that matches the attribute list, if this number is >0 create an empty array and re-call eglChooseConfig to get the array itself populated, otherwise throws the exception you have showed in your log.
ivendor said:
The Exception has been thrown from JAVA because num_config[0] has not been populated by eglChooseConfig. This output parameter it's populated at the last line of eglChooseConfig.
I don't know the architecture of android and egl stuff, what i can reccomend to you is to use the LOGE macro to write in console the list of attibute (attrib_list parameter) and try to see in which point the function returns (using LOGE macro opportunely).
From what i can understand, this function tries to match the list of attributes passed as parameter(attrib_list) with global array of configurations (gConfigs), which contains 8 configurations (every configuration is an array of attributes).
Java makes 2 calls to eglChooseConfig, the first is to retrieve the number of configurations that matches the attribute list, if this number is >0 create an empty array and re-call eglChooseConfig to get the array itself populated, otherwise throws the exception you have showed in your log.
Click to expand...
Click to collapse
I think you're right...
I think it would be important for all of us, to have a rom 100 % funcional 2.1 or 2.2 without the camera, and before fix the camera...i think
If you make a team i havent doubt could be able to make it real
thanks for all
capito djjkd said:
I think it would be important for all of us, to have a rom 100 % funcional 2.1 or 2.2 without the camera, and before fix the camera...i think
If you make a team i havent doubt could be able to make it real
thanks for all
Click to expand...
Click to collapse
why?
because the devs maybe could stop developing, because they are satisfied of the working camera?
i don't think so. if they could get the camera working, there isn't a long way anymore to a 100% functional 2.1/2.2 ROM.
I hope this comes true, good luck to the devs!!!!!!
ivendor said:
The Exception has been thrown from JAVA because num_config[0] has not been populated by eglChooseConfig. This output parameter it's populated at the last line of eglChooseConfig.
I don't know the architecture of android and egl stuff, what i can reccomend to you is to use the LOGE macro to write in console the list of attibute (attrib_list parameter) and try to see in which point the function returns (using LOGE macro opportunely).
From what i can understand, this function tries to match the list of attributes passed as parameter(attrib_list) with global array of configurations (gConfigs), which contains 8 configurations (every configuration is an array of attributes).
Java makes 2 calls to eglChooseConfig, the first is to retrieve the number of configurations that matches the attribute list, if this number is >0 create an empty array and re-call eglChooseConfig to get the array itself populated, otherwise throws the exception you have showed in your log.
Click to expand...
Click to collapse
I commented out the setEGLConfigChooser() stmt. in Camera/src/*/ui/GLRootView.java source file to use the GLES default config for camera. Although the 'no config match...' exception didn't come up, camera didn't snapshot any images as if the sensor didn't open. Check out the attachment below.
If the setEGLConfigChooser stmt. was added, in eglChooseConfig function, both possibleMatch and num_config will be 0. I'm trying to find the low-level reason.
The setEGLConfigChooser() in Camera/src/*/ui/GLRootView.java source file is defined:
public void
setEGLConfigChooser (int redSize,
int greenSize, int blueSize, int alphaSize, int depthSize, int stencilSize).
All we want (i think) is the correct values for the parameters. Ok at page
http://brandnewreality.com/blog/android-egl-querying-your-gl-driver
there is a java program to query from a donut tattoo the configs....
Now we can correct the parameters at setEGLConfigChooser function.
I hope that this helps us...
seg
segway_ said:
The setEGLConfigChooser() in Camera/src/*/ui/GLRootView.java source file is defined:
public void
setEGLConfigChooser (int redSize,
int greenSize, int blueSize, int alphaSize, int depthSize, int stencilSize).
All we want (i think) is the correct values for the parameters. Ok at page
http://brandnewreality.com/blog/android-egl-querying-your-gl-driver
there is a java program to query from a donut tattoo the configs....
Now we can correct the parameters at setEGLConfigChooser function.
I hope that this helps us...
seg
Click to expand...
Click to collapse
Wont this method you are proposing hard coding the values?Shouldnt these be set by the user?There must be another class with the default values and which saves the user defined values.
Look at the code:
http://android.git.kernel.org/?p=pl...0f823229da7569a51367f20c0c9d048d1cba;hb=froyo
175 private void initialize() {
176 mFlags |= FLAG_INITIALIZED;
177 setEGLConfigChooser(8, 8, 8, 8, 0, 4);
178 getHolder().setFormat(PixelFormat.TRANSLUCENT);
179 setZOrderOnTop(true);
Click to expand...
Click to collapse
Is it hard coded?
seg
Well the values are hard coded.. but at the look of it I guess the hardware need these hard coded values to initialise. Good point seg.

[Q] Trying to develop something relatively simple, but tripped up obfuscated methods

I'm in a situation such that I need to change a method so that it always returns true. This should be too hard, I'm fairly certain I know the class, the packages containing the class but the contents of only the class itself are obfuscated.
I know there is a method "findMethodBestMatch" that Xposed provides, but the method I'm looking for could really be called any number of things.
Is there anything that when given the correct LoadPackageParam, or when I know the exact class (correct package names containing it too) that I could see the real package structure with non-obfuscated names, or I could see all the real method names?
Or am I over thinking this? In other words, is obfuscation purely just to try to make things harder to understand but I could still hook something like "a.b.c.e.z.blah"?
I don't have a great understand of Xposed, so if anything needs to be explained more clearly I'd be happy to reword

How to create JSON Service fastly through Arrray.com

Hi guys,
my name is Fabio Falanga and I want to introduce an idea that I developed with my friend Dario Carella.
Our idea was to create something that could simplify creation of web services could be used in our Android app, which is useful especially in the early stages of developing an app, where you do not yet provide a complete backend .
The idea is to have to devote himself to the Android code omitting start writing the backend of our app (plus point is if you do not have the skills or if you do not have time to make it happen, but you want to present a prototype in short).
Through the portal arrray.com you can create JSON service accessible from the mobile (or even from the web) in a completely free way. Simply insert the JSON document that you want to use, the name, a description (optional), tags (optional) and save the entry.
Once this is done we will be given a url address containing a token with which we can then make changes to the document, which will be public but not editable by anyone (just who will have the token can do so). In this way you can also create projects in teams. We preferred this approach to prevent users another tedious registration.
Once the insertion, just make an HTTP request from our Android app api.arrray.com/ID address (url provided following the creation of arrray.com). Requests must be made in reading as is normal REST through the GET method. In doing so we will have our backend ready to use, according to our specifications and without having to use any programming language, if not the knowledge of the JSON format.
We are open to suggestions of any kind (note that arrray is at a preliminary stage of development, many tasks are already in the queue: P).
I hope that arrray can be useful for the realization of your app with Web Service,
Fabio

[Q&A] [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app

Q&A for [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!
CAPs required for editing registry
snickler said:
You won't achieve any sort of interop-unlock with such an app. The Messaging+ app uses capabilities specific to chat that are restricted. Just because an app uses the interopservices capability, does not mean that it has rights to write to the specific portion of the registry needed to provide interop-unlock. There are a few threads out there that discuss this already
Click to expand...
Click to collapse
I am curious what CAP is required for editing the registry?
gingerjoke said:
I am curious what CAP is required for editing the registry?
Click to expand...
Click to collapse
You at least need ID_CAP_INTEROPSERVICES or ID_CAP_OEM_DEPLOYMENT at the minimum. There are many threads that detail that interop unlock canNOT be achieved unless we have an RPC Service that runs under the SYSTEM account. The MaxUnsignedApp reg value is locked down so that it can only be edited in the way that I just spoke of.
No app on the marketplace, no modifying a store app will achieve this. We were just VERY lucky with Samsung in the beginning.. That's all.
More generally true: there are lots of CAPs (such as OEM_DEPLOYMENT) that permit editing specific parts of the registry. There is *NO* capability that allows you to edit all of it (in theory ID_CAP_BUILTIN_TCB should, through minor additional work, but in practice that cap doesn't seem to do anything for an app).
ID_CAP_INTEROPSERVICES does not give registry access, or at least not any meaningful amount. All that it gives is the ability to call into RPC servers and drivers. *IF* one of those services exposes an externally-callable API for editing the registry - as one of Samsung's (FCROUTER?) does, or at least did - then you can use that to edit the registry. So in that specific case, INTEROPSERVICES indirectly makes it possible to edit the registry, but it doesn't inherently do anything of the sort.
GoodDayToDie said:
More generally true: there are lots of CAPs (such as OEM_DEPLOYMENT) that permit editing specific parts of the registry. There is *NO* capability that allows you to edit all of it (in theory ID_CAP_BUILTIN_TCB should, through minor additional work, but in practice that cap doesn't seem to do anything for an app).
ID_CAP_INTEROPSERVICES does not give registry access, or at least not any meaningful amount. All that it gives is the ability to call into RPC servers and drivers. *IF* one of those services exposes an externally-callable API for editing the registry - as one of Samsung's (FCROUTER?) does, or at least did - then you can use that to edit the registry. So in that specific case, INTEROPSERVICES indirectly makes it possible to edit the registry, but it doesn't inherently do anything of the sort.
Click to expand...
Click to collapse
Finally found RPC service in NdtkSvc.dll
But requires InteropServices Capability
Here is list of functions works as "SYSTEM".
CopyFileEx()
NdrServerCall2()
CreateThreadpoolWait()
SetThreadpoolWait()
CloseThreadpoolWait()
SetEvent()
SetServiceStatus()
CreateEventW()
RegisterServiceCtrlHandlerW()
CloseHandle()
OpenProcessToken()
FindFirstFileW()
CopyFileExW()
GetCurrentProcess()
CreateDirectoryW()
RegCreateKeyExW()
RegQueryValueExW()
IsCharAlphaNumericW()
LookupPrivilegeValueW()
FindClose()
RemoveDirectoryW()
RegOpenKeyExW()
FindNextFileW()
AdjustTokenPrivileges()
InitiateSystemShutdownExW()
DeleteFileW()
RegCloseKey()
RegSetValueExW()
RpcServerUnregisterIfEx()
RpcServerInqBindings()
RpcEpRegisterW()
RpcServerUseProtseqW()
RpcBindingVectorFree()
RpcServerRegisterIf3()
RpcEpUnregister()
ResetPhoneEx()
EncodePointer()
DecodePointer()
QueryPerformanceCounter()
GetCurrentThreadId()
GetSystemTimeAsFileTime()
GetTickCount64()
But I'm confused about how to write a code for as RPC Client or using any DllImport functionality. ?
Can someone provide me at least demo/example code of RPC client ?
... Whoa, that is a seriously valuable list of APIs. Those are callable as SYSTEM, without any restrictions except the caller needing ID_CAP_INTEROPSERVICES? Either I've been out of the loop longer than I thought or this should have been discovered long ago (is it new to some not-yet-widely-available version?) You cannot *trivially* get root this way - it doesn't, for example, include the APIs you would need to inject arbitrary code into a SYSTEM process or similar - but you can certainly do things like write an arbitrarily powerful file-and-registry browser. With that, you can do a hell of a lot of other stuff, stuff that even Samsung's RPCComponent didn't permit.
MS RPC is documented on MSDN here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa378651(v=vs.85).aspx
It includes a full API reference, lots of guidance on development, and a tutorial. The tutorial looks pretty well-written, and is probably a better place to start than the API reference unless you know more about RPC at the moment than I do.
However, this documentation is aimed at "normal" implementations, where the client has, if not the server's source code, at least the interface definition. You have to know the UUID (probably easily findable though I'm not sure where) and the function interfaces (in a reasonable level of detail). Black-boxing that is going to be one of the harder tricks, I think, though somebody may have written one or more tools to make it easier.
EDIT: I can't find NdtkSvc, or its binary, on my phone. It's either OEM-specific or (more likely) requires a particular OS update/upgrade. What version did you find it in?
EDIT2: How'd you get the list of APIs it serves? Do you have the IDL file for the RPC server? That would help a ton; if you have that, we're good to go.
EDIT3: Don't forget you can PM people if you don't want to put this stuff out in public.
@GoodDayToDie
Hi, Sorry for the late reply.
It is only specific for Lumia.
NdtkSvc.dll known as "Nokia Device Toolkit Service".
"C:\Windows\System32\NdtkSvc.dll"
Yes, ID_CAP_INTEROPSERVICES cap is everything here too on Lumia.
Here is a one of the example which same "Nokia.SilentInstaller.Runtime" does that on RPC Access,
Code:
static bool NRSCopyFile(String sourcePath, String destPath);
works without any "RESTRICTIONS", with any "PARTITION".
Even possibilities to "REPLACE" the hidden/non-accessible Registry "HIVE" Files.
Such as,
"C:\Windows\System32\Config\ProvisonStore"
But unfortunately they are all in simply zip file having a signed.
We can't modify and place back them such HIVE/POLICY files, sad
So what i did it so far,
-Modified "DeviceReg.exe" with hex-editor and replaced to "C:\PROGRAMS\DEVICEREG\DeviceReg.exe". (signature getting a braked)
-Replaced "PolicyFiles". (signature getting a braked)
It's frustrating to me, It's shame for me that i cant do anything having a full FS Access, lol.
Such files and System binaries are fully signed with the new 8.1 "Policy Engine".
but i think .dll files doesn't required to be signed to run in System chamber.
Well, Time to write a some RPC library
Thanks.
Edit: I don't know about which update is required, I think it is from WP8.0 GDR1. At least WP8.1 GDR1 or above.
but the "NdtkClient.dll" is available since WP8.0 GDR1 in "Extras+Info" App.

[Q] Idea about how to get values from a table

Hello!
As some could see in my other topic, I'm learning about android studio to make an app with some maths to help me with my job.
Well, in one specific case, I need to search and get values in a table, based in a reference. Its basically like the VLOOKUP/HLOOKUP function in Excel.
My doubt is the ideal way of doing that, is there any kind of table inside the android studio, like a container or something ? Or I should use a data base ?
Below is the same math, on excel, that is the base that I'm creating the app for android, in this case is a simple table, but in some cases are many values:
The attachment 001.png is the list where I select the materials Standard, and then I get the 2 values σt and σe from the table.
The attachment 002.png is the table I am looking for the values:
Sorry about this kind of question, but I'm just reading a lot, looking for tips leading me to an ideal way of doing it, but its a little hard in the beginning.
Thanks in advanced.
Barata
Conversion
Hey from your question , I undestood that you are looking for ready table to give values.
As i see you are getting values in excel.
1) There is no direct conversion table available into android studio.
2) You can use library project import if you require familiar conversion tables.
3) If in excel you make your own conversion method . apply same into Anddroid studio.
What more , share your method or query breif.
Hello,
Thanks for replying satyampv,
Actually my doubt isnt about conversion, I said about excel because I'm used to work with it. And its so easy to use vlookup there that I was wondering if would have something like it on android studio .
If I have to put some huge table in a database here on android, it's ok, I accepted that I would have to do it. But the doubt is if I really have to use a database, or if exists other way to look up for values in a table. Like you said "2) You can use library project import if you require familiar conversion tables.", is that an alternative for a database ?
Or should I just forget those "normal tables" from my mind and use SQL lite ? Because is just to look for values, just read, I don't need to write neither do any changes in the table after it's created.
Thanks in advanced, again.
barata

Categories

Resources