I'm in a situation such that I need to change a method so that it always returns true. This should be too hard, I'm fairly certain I know the class, the packages containing the class but the contents of only the class itself are obfuscated.
I know there is a method "findMethodBestMatch" that Xposed provides, but the method I'm looking for could really be called any number of things.
Is there anything that when given the correct LoadPackageParam, or when I know the exact class (correct package names containing it too) that I could see the real package structure with non-obfuscated names, or I could see all the real method names?
Or am I over thinking this? In other words, is obfuscation purely just to try to make things harder to understand but I could still hook something like "a.b.c.e.z.blah"?
I don't have a great understand of Xposed, so if anything needs to be explained more clearly I'd be happy to reword
Related
Hi all,
I'm currently in the planning period for an application which will need access to different things containing internet access, read/write contacts, read/write SMS and so on.
The application should be extensible through plugins, so I decided to implement a scripting language.
Since I dont want to write my own engine, I decided to use BeanShell which gives one a scripting platform with Java style code.
The problem is, in these scripts you can import _any_ java class. Since I run the script from my application, they have the same permissions as defined in AndroidManifest.xml.
Now I need a way to guarantee the user that the plugin/script he loads doesn't execute bad code.
Ideas were some sort of certification (I sign every version of every script and only the signed scripts are executable, I sign a single person who can sign his/her scripts, everyone can sign everything and the user has to be shure to trust the person who signed something, person a trusts person b - the user trusts person a so the user trusts person b also [what is it called - assurance web?]). But this creates also problems, if I would sign everything in the worst case (actually the best case for my app ^^) I would have to sign a big amount of scripts and updates which would be crap.
On the other side I know the most "normal users" just click on OK if they see a message a la "It's signed by [person]. Do you trust him?" so this is also somehow crap.
Another idea I had is to implement a permission system a la android itself. So the scripts would have to say what permissions they need and I would have to make shure that they cannot execute something else.
Well, I don't now, I'm not really happy with anything of this. So I wanted to ask you people out there for your opinions about that and for new ideas
Thanks to you all
Sorry for bumping...
No one any idea, suggestion or opinion?
Experimental ways are also welcome
So after that guy figured out the tethering hack for iOS by just changing a few lines of test, I decided to try to find one for Windows Phone 8. I have no idea how it would get on the phone (besides possibly flashing a new rom?), but I went and looked anyway. I mounted the VHD from the SDK and I think that I found something. If you use something like Visual Studio's Find in Files and search for ICSSVC, you'll find some interesting stuff.
First of all, in Microsoft,Net.NetCore.reg, I found this: puu.sh/3J9yS.png That's how I learned about ICSSVC. So then I searched for that and in Microsoft.Net.NetCore.policy.xml there is a bunch of capability stuff. I have no idea what to do past here, and the emulator doesn't have the Internet Sharing option. So, yeah.
MichaelC97 said:
So after that guy figured out the tethering hack for iOS by just changing a few lines of test, I decided to try to find one for Windows Phone 8. I have no idea how it would get on the phone (besides possibly flashing a new rom?), but I went and looked anyway. I mounted the VHD from the SDK and I think that I found something. If you use something like Visual Studio's Find in Files and search for ICSSVC, you'll find some interesting stuff.
First of all, in Microsoft,Net.NetCore.reg, I found this: puu.sh/3J9yS.png That's how I learned about ICSSVC. So then I searched for that and in Microsoft.Net.NetCore.policy.xml there is a bunch of capability stuff. I have no idea what to do past here, and the emulator doesn't have the Internet Sharing option. So, yeah.
Click to expand...
Click to collapse
Unfortunately, this involves dumping phone ROMs and modifying the policies (We don't know how crazy this process will be). Another set back involves the fact that the bootloaders for WP8 are signed which would require the the ROM to be signed with the correct cert, etc.
Basically, this will be extremely painful due to WP8 running a Windows NT Kernel (WP7 uses Windows CE) and all kinds of other obstacles that we haven't discovered yet.
snickler said:
Unfortunately, this involves dumping phone ROMs and modifying the policies (We don't know how crazy this process will be). Another set back involves the fact that the bootloaders for WP8 are signed which would require the the ROM to be signed with the correct cert, etc.
Basically, this will be extremely painful due to WP8 running a Windows NT Kernel (WP7 uses Windows CE) and all kinds of other obstacles that we haven't discovered yet.
Click to expand...
Click to collapse
Also while I was searching, I found a registry entry for 'DeveloperUnlock'. So when you run the program to dev unlock your phone, the program must modify the registry on the phone. I'm pretty sure that it would be possible to replicate that.
MichaelC97 said:
Also while I was searching, I found a registry entry for 'DeveloperUnlock'. So when you run the program to dev unlock your phone, the program must modify the registry on the phone. I'm pretty sure that it would be possible to replicate that.
Click to expand...
Click to collapse
As of now, we can't execute the native EXEs on the phone so we won't know whether we can replicate that or not. I know with talking with HeathCliff74, modifying the policy on WP7 took quite a long time and effort to figure out. I can almost guarantee the policies on WP8 are implemented completely different from WP7 and even a bigger pain to modify
snickler said:
As of now, we can't execute the native EXEs on the phone so we won't know whether we can replicate that or not. I know with talking with HeathCliff74, modifying the policy on WP7 took quite a long time and effort to figure out. I can almost guarantee the policies on WP8 are implemented completely different from WP7 and even a bigger pain to modify
Click to expand...
Click to collapse
I meant the program on your computer that comes with the SDK. I think that it modifies the phones registry to dev unlock it.
MichaelC97 said:
I meant the program on your computer that comes with the SDK. I think that it modifies the phones registry to dev unlock it.
Click to expand...
Click to collapse
You are correct, it does modify the registry to dev unlock it by connecting to a running service on the phone and executing native DLLs. The main DLL that interacts with the phone within the program's folder is an Win32 compiled .DLL rather than a .NET file which would require some disassembly to get an idea of what's going on. It also doesn't help that it is a signed DLL.
Good Evening Guys,
A few quick questions for you this Wednesday evening; looking to make some customizations to my Windows Phone. I would like to alter the word "Goodbye" when the phone turns off to display alternative text.
Question 1: Is anyone familiar where these settings are stored in the root offhand?
Question 2: Can anyone confirm if this is simply text or a prerendered image?
Questin 2: Has anyone ever tried anything like this before?
Best Regards!
Device Type
Almost forgot:
Nokia 1020
OS:8.0.10521.155
Um... we can't even made the smallest of changes to the Lumia file system (outside of the user documents/media folders and the app folders) or registry. Trying to change system stuff like this is pretty out of the question.
Since you ask, though: to the best of my knowledge, nobody has found that even on the Samsung Ativ phones, for which we have most of a working "jailbreak".
The string that is displayed is probably pulled from a .MUI file.
Thanks for the feedback guys. If I make any headway, I will post back. Would love to have the device power down with "Will I dream?" from 2010 The Year We Made Contact.
That would indeed be cool. You've got an uphill battle, though. If it is, in fact, a .MUI file then it's probably signed (MUIs are technically DLLs, and although they are usually just loaded as resource files they can contain executable code so I expect Microsoft signs and enforces signature checks on them). Thus even if you get filesystem write access, it may not work.
A true custom ROM, where you could remove the signature check requirements, would probably work. That's no simple thing to ask for, though!
Shut Down Message
GoodDayToDie said:
That would indeed be cool. You've got an uphill battle, though. If it is, in fact, a .MUI file then it's probably signed (MUIs are technically DLLs, and although they are usually just loaded as resource files they can contain executable code so I expect Microsoft signs and enforces signature checks on them). Thus even if you get filesystem write access, it may not work.
A true custom ROM, where you could remove the signature check requirements, would probably work. That's no simple thing to ask for, though!
Click to expand...
Click to collapse
What is free time for if not to obsess over little niggly things? Thanks for the feedback
It's quite a simple one I hope. Also, apologies for adding noise to the forum, but I couldn't find any detailed documentation or many tutorials.
I'm making use of findAndHookMethod for a little test project of mine. The problem is, the method which I am hooking has custom classes in its parameters.
Obviously I don't have access to these classes in terms of having the source code imported, so my first thought was just to list the paramaters as Object.class, but this didn't work.
What (if any) are the solutions? Thanks!
P.S.
In case I worded it badly. Say I have method to be hooked...
public void methodThatDoesSomething(ThisCustomClass nameOfParameter)
How do I use findAndHookMethod when listing parameters, as ThisCustomClass.class is not within the scope of my project
Use a string with the class' full name, e.g. "com.hooked.package.ThisCustomClass".
I've been trying to hook a method for hours and I'm kind of desperate.
The scenario:
I have a browser app which allows to create shortcuts on your homescreen. The only problem is: They are not renamable. So I thought I write a little xposed module to make this possible.
Steps taken:
Create module base and make it loadable into xposed - check.
Make sure method hook is only called from inside the application - check.
Create a simple dialog with edit stuff - check.
Finding and hooking the correct method in correct class - fail.
The method I am trying to hook is "sendBroadcast(Intent)". The original method is abstract and not hookable.
My first try was to hook the method in "android.content.Context" -> abstract.
I read somewhere that you can hook a subclass so I tried "android.content.ContextWrapper". Turns out this just inherits the method from android.content.Context and is still abstract.
Same goes to "android.app.Activity". So I searched for the Implementation of the sendBroadcast function. I found it in "android.app.ContextImpl" but this also turned out to be just the abstract method call from "android.content.Context".
It can't be that hard to find the right class to hook, right?
I didn't want to use the "hookAllMethods" because it seemed a little overkill for such a small change.
This is my last hook try:
Code:
findAndHookMethod(XposedHelpers.findClass("android.app.ContextImpl", lpparam.classLoader), "sendBroadcast", Intent.class, new XC_MethodHook(){
//... stuff here which I think is correct
}
the browser calls sendBroadcast with only one argument, right?
do you get a NoSuchMethodException, or just can't find the broadcast you want in this method?
Sorry for the late answer.
The error I get is: "IllegalArgumentException: abstract methods cannot be hooked"
odd because it's not an abstract. are there more findAndHookMethod calls before this one? are you sure they work?
because the sendBroadcast hook might not have been called at all if an exception was thrown beforehand
you can test it by XposedBridge.log() right before it