I need to hook runInstall from Pm.java (android commands)
https://android.googlesource.com/pl...1/cmds/pm/src/com/android/commands/pm/Pm.java
I used
Code:
XposedHelpers.findAndHookMethod(pmCommandsClass, "runInstall",
installBackgroundHook);
public static final String PMCOMMANDS = "com.android.commands.pm.Pm";
public Class<?> pmCommandsClass = XposedHelpers.findClass(
PMCOMMANDS, null);
but I got ClassNotFoundError..
Edit: I found that there is a IXposedHookCmdInit (and I probably need it). But how to use it? @rovo89?
pyler said:
Edit: I found that there is a IXposedHookCmdInit (and I probably need it). But how to use it? @rovo89?
Click to expand...
Click to collapse
If you check further, you will see that IXposedHookCmdInit is deprecated. As the comment says, you need to create a flag file if you want to hook tools, but it's strongly discouraged (and all of your users would have to do the same). I only kept this class because I use the "am" tool for testing low-level framework changes, so I don't have to restart the whole system. So consider it a debugging feature, not meant for end-users.
There are often better places that you should hook instead. In your case, you might want to hook the PackageManagerService, as "pm" is just the frontend.
Uhm.
I wanted to block installation in the background using "pm install file.apk" and hooking runInstall from Pm.java was the best way.
In PackageManagerService#installPackage I cant find out if installations is started using "pm" :/ Any good idea for workaround?
Well, "pm" is a shell script, so you could maybe modify it directly, without Xposed.
Or you do something similar to installPackageWithVerification():
Code:
final int uid = Binder.getCallingUid();
final int filteredFlags;
if (uid == Process.SHELL_UID || uid == 0) {
if (DEBUG_INSTALL) {
Slog.v(TAG, "Install from ADB");
}
filteredFlags = flags | PackageManager.INSTALL_FROM_ADB;
} else {
filteredFlags = flags & ~PackageManager.INSTALL_FROM_ADB;
}
Instead of (or in addition to) this, you could also retrieve the PID to get more information about that process. But maybe it's enough to check for that INSTALL_FROM_ADB flag.
Yes, this way may work. Thanks now, I am going to try it.
This Toolkit for creating deodex firmware from android runtime (ART).
Changelog (v5.5) from 21/04/2017:
SamsungInCallUI.apk deodexing without errors. For it i developed and implemented the method of heavy deodexing for SamsungInCallUI.apk
You must specify the path to the full stock /system directory to create script commands for all symlinks, not just for libraries.
Full support Android Lollipop/Marsmallow/Nougat. Automatic detection android version (Lollipop/Marsmallow/Nougat)
More optimizations
Detected and fixed small errors
New version v5.5 here
Changelog (v5.0) from 08/12/2016:
Support Android Lollipop/Marsmallow/Nougat
Automatic detection android version (Lollipop/Marsmallow/Nougat)
More optimizations
Fixed errors
Version v5.0 here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
New version v4.1 here
Changelog (v4.1) from 09/03/2016:
Fixed a bug in the processing of non-standard sequence file build.prop
Changelog (v4.0) from 23/11/2015:
1. Added full support for Android M
2. More optimizations
Changelog (v3.5) from 20/07/2015:
1. Added full support for processor architectures:
arm
arm64
x86
x64
mips
mips64
2. More optimizations
Archive changelog:
Changelog (v3.2) from 02/07/2015:
1. Fixed copy folders without .apk, like mcRegistry to result folder (app, priv-app)
2. New oat2dex.jar v0.83 with full support Android 5.1.1 (thanks @_riddle) and with last smali/baksmali
Changelog (v3.1) from 26/04/2015:
1. For 64-bit stock only added checkbox "Copy to result, not deodexed arm folders, if any, in addition to deodexed arm64 folders".
If user checked it, then arm folders for framework and apks, that have arm and arm64 will be copied to result.
2. mcRegistry folder and file such FFFFFFFF000000000000000000000001.drbin now copied to result
3. Checkbox "copy only real libs" - deleted
Changelog (v3.0) from 25/04/2015:
1. Added full support arm64
2. The program has become even more intelligent and gives a more correct result(see example of log)
Changelog (v2.6):
1. Added support arm64
2. New oat2dex.jar (v07) with smali/baksmali v2.0.5
Changelog (v2.5):
1. You may drag and drop /system folder from Windows Explorer to SVADeodexerForArt.exe form.
2. If you double click on "select path to stock /system directory" combobox, then tool will be search all /system folders of stock Lollipop firmwares on computer (use carefully - it may take 4-5 minutes)
3. Fixed small errors (for example: tool now will see links to libs with "systemfile" attr).
Improved performance, the program has become more intelligent and gives a more correct result.
And in the log contains information that will be useful for developers.
Example of log SVADeodexerForArt.exe
Code:
64-bit Deodexer for Android Runtime (Version 3.5 от 20/07/2015) © Valery Studenikin, 2015
Path to stock /system directory: F:\TEMP\S6 Duos\G9200\firmware\G9200ZCU1AOFE_G9200CHC1AOFE_CHC\system
Android 5.0.2: SM-G9200, LRX22G.G9200ZCU1AOFE, changelist 4635752, Sun Jun 28 20:45:21 KST 2015
Processor architecture: \arm64\
Files deodexed succesfully: 365, with errors: 0. CPU time: 00:05:57 (357,134 sec.)
The necessary links for applications libraries:
symlink("/system/lib/libaed.so", "/system/app/AdvSoundDetector2015/lib/arm/libaed.so");
symlink("/system/lib/libfdb.so", "/system/app/AdvSoundDetector2015/lib/arm/libfdb.so");
symlink("/system/lib/libSamsungBCPP.so", "/system/app/AdvSoundDetector2015/lib/arm/libSamsungBCPP.so");
symlink("/system/lib/libasf_fileshare.so", "/system/app/AllshareFileShare/lib/arm/libasf_fileshare.so");
symlink("/system/lib/libasf_fileshareserver.so", "/system/app/AllshareFileShareServer/lib/arm/libasf_fileshareserver.so");
symlink("/system/lib/libasf_mediashare.so", "/system/app/AllshareMediaShare/lib/arm/libasf_mediashare.so");
symlink("/system/lib/libbluetooth_jni.so", "/system/app/Bluetooth/lib/arm/libbluetooth_jni.so");
symlink("/system/lib64/libnfc_nci_jni.so", "/system/app/NfcNci/lib/arm64/libnfc_nci_jni.so");
symlink("/system/lib64/libjni_pacprocessor.so", "/system/app/PacProcessor/lib/arm64/libjni_pacprocessor.so");
symlink("/system/lib/libmorpho_panorama_wa_for_viewer.so", "/system/app/Panorama360Viewer_Zero/lib/arm/libmorpho_panorama_wa_for_viewer.so");
symlink("/system/lib/libmorpho_sensor_fusion_for_viewer.so", "/system/app/Panorama360Viewer_Zero/lib/arm/libmorpho_sensor_fusion_for_viewer.so");
symlink("/system/lib/libcommonpawrapper.so", "/system/app/RootPA/lib/arm/libcommonpawrapper.so");
symlink("/system/lib/libnmsp_sk_speex.so", "/system/app/SamsungChineseIMEv9/lib/arm/libnmsp_sk_speex.so");
symlink("/system/lib/libapa_jni.so", "/system/app/SapaMonitor/lib/arm/libapa_jni.so");
symlink("/system/lib64/libgkdp_sv_engine.so", "/system/app/SCService/lib/arm64/libgkdp_sv_engine.so");
symlink("/system/lib64/libscservice_jni.so", "/system/app/SCService/lib/arm64/libscservice_jni.so");
symlink("/system/lib/libDioDict3EngineNativeFrame.so", "/system/app/SecDict2Zero/lib/arm/libDioDict3EngineNativeFrame.so");
symlink("/system/lib/libdioiculemma.so", "/system/app/SecDict2Zero/lib/arm/libdioiculemma.so");
symlink("/system/lib/libjma.so", "/system/app/SecDict2Zero/lib/arm/libjma.so");
symlink("/system/lib/libnltk.so", "/system/app/SecDict2Zero/lib/arm/libnltk.so");
symlink("/system/lib/libstlport_shared.so", "/system/app/SecDict2Zero/lib/arm/libstlport_shared.so");
symlink("/system/lib64/libprintspooler_jni.so", "/system/app/SPrintSpooler/lib/arm64/libprintspooler_jni.so");
symlink("/system/lib/libTui.so", "/system/app/TuiService/lib/arm/libTui.so");
symlink("/system/lib64/libdefcontainer_jni.so", "/system/priv-app/DefaultContainerService/lib/arm64/libdefcontainer_jni.so");
symlink("/system/lib64/libPlatformStrings.so", "/system/priv-app/HealthService/lib/arm64/libPlatformStrings.so");
symlink("/system/lib64/libSensorNativeProtocol.so", "/system/priv-app/HealthService/lib/arm64/libSensorNativeProtocol.so");
symlink("/system/lib/libsecipx.so", "/system/priv-app/OutOfFocusViewer_WQHD_K/lib/arm/libsecipx.so");
symlink("/system/lib/libSisoJpegCodec.so", "/system/priv-app/OutOfFocusViewer_WQHD_K/lib/arm/libSisoJpegCodec.so");
symlink("/system/lib/libSRIB_FocusShot.so", "/system/priv-app/OutOfFocusViewer_WQHD_K/lib/arm/libSRIB_FocusShot.so");
symlink("/system/lib64/libPedometer.so", "/system/priv-app/SHealth4/lib/arm64/libPedometer.so");
symlink("/system/lib64/libPlatformStrings.so", "/system/priv-app/SHealth4/lib/arm64/libPlatformStrings.so");
symlink("/system/lib64/libsaiv.so", "/system/priv-app/SHealth4/lib/arm64/libsaiv.so");
symlink("/system/lib64/libSensorNativeProtocol.so", "/system/priv-app/SHealth4/lib/arm64/libSensorNativeProtocol.so");
symlink("/system/lib64/lib_stressanalyzer_v03_jni.so", "/system/priv-app/SHealth4/lib/arm64/lib_stressanalyzer_v03_jni.so");
symlink("/system/lib/libCreateSceneMap.so", "/system/priv-app/VirtualTourViewer_WQHD_lightTheme/lib/arm/libCreateSceneMap.so");
symlink("/system/lib/libqjpeg_secvision.so", "/system/priv-app/VirtualTourViewer_WQHD_lightTheme/lib/arm/libqjpeg_secvision.so");
Attention: framework deodexed only for 64-bit (32-bit version not deodexed and not was copied to result)
List of apks that have 32-bit and 64-bit versions (deodexed only for 64-bit):
/system/app/WebViewGoogle.apk
List of deodexed apks that have only 32-bit version (don't have 64-bit):
/system/app/AdvSoundDetector2015.apk
/system/app/AllshareFileShare.apk
/system/app/AllshareFileShareServer.apk
/system/app/AllshareMediaShare.apk
/system/app/Bluetooth.apk
/system/app/Panorama360Viewer_Zero.apk
/system/app/RootPA.apk
/system/app/SamsungChineseIMEv9.apk
/system/app/SapaMonitor.apk
/system/app/SBrowser_3.0.38.apk
/system/app/SCONE_Android_ProxyService_Lib.apk
/system/app/SecDict2Zero.apk
/system/app/TuiService.apk
/system/priv-app/ChineseLanguagePack.apk
/system/priv-app/EnglishLanguagePack.apk
/system/priv-app/KoreanLanguagePack.apk
/system/priv-app/OutOfFocusViewer_WQHD_K.apk
/system/priv-app/S-Voice_Android_new.apk
/system/priv-app/SVoice_PLM_Service.apk
/system/priv-app/TouchWizHome_ZERO.apk
/system/priv-app/VirtualTourViewer_WQHD_lightTheme.apk
/system/priv-app/VoiceWakeUp.apk
List of originally deodexed (within stock firmware) files, are left as they were originally:
/system/framework/cneapiclient.jar
/system/framework/com.qti.dpmframework.jar
/system/framework/com.quicinc.cne.jar
/system/framework/com.samsung.device.jar
/system/framework/dpmapi.jar
/system/app/FactoryCamera_FB.apk
/system/app/minimode-res.apk
/system/app/MirrorLink.apk
/system/app/SecFactoryPhoneTest.apk
/system/app/secvisualeffect-res.apk
/system/priv-app/AutomationTest_FB.apk
/system/priv-app/AutoPreconfig.apk
/system/priv-app/DeviceKeystring.apk
/system/priv-app/DeviceTest.apk
/system/priv-app/HwModuleTest.apk
/system/priv-app/KLMSAgent.apk
/system/priv-app/serviceModeApp_FB.apk
/system/priv-app/ServiceModeApp_RIL.apk
/system/priv-app/SMCore.apk
/system/framework/core-libart.jar
1. Download for 32-bit systems (v3.5 from 20-07-2015): View attachment SVADeodexerForArtx32.zip
2. Download for 64-bit systems (v3.5 from 20-07-2015): View attachment SVADeodexerForArtx64.zip
This tool uses oat2dex.jar (v0.83) (thanks @_riddle).
If _riddle issues new version of oat2dex.jar - you must change it in zip archive and rename as oat2dex.jar.
Click to expand...
Click to collapse
@svadev
Very interesting work, but requires polishing. Unfortunately apks doesn't work after replacing originals and removing arm folder (I've tried replacing these singly, because I have KNOX 0x0 and replacing the whole ROM with framework was to risky for me)
E.g. @sorg's deodexed Lollipop ROM (G900FXXU1BNL2) works fine, I mean every single app I tested works fine after replacing
EDIT:
Have you applied the patch for ART?
https://code.google.com/p/smali/issues/detail?id=225
EDIT2:
Version 2.x works like a charm
Only trying to get framework files working right now, and I am getting bad checksum messages in logcat examples:
Code:
[ 12-15 16:28:15.507 2937: 2937 W/dex2oat ]
Failed to open .dex from file '/system/framework/core-libart.jar': Failure to verify dex file '/system/framework/core-libart.jar': Bad checksum (e7501d3a, expected fc15f069)
[ 12-15 16:28:15.507 2937: 2937 W/dex2oat ]
Failed to open .dex from file '/system/framework/conscrypt.jar': Failure to verify dex file '/system/framework/conscrypt.jar': Bad checksum (a8732526, expected 0f5300f6)
[ 12-15 16:28:15.517 2937: 2937 W/dex2oat ]
Failed to open .dex from file '/system/framework/okhttp.jar': Failure to verify dex file '/system/framework/okhttp.jar': Bad checksum (06a896a1, expected 40fc93a6)
[ 12-15 16:28:15.527 2937: 2937 W/dex2oat ]
Failed to open .dex from file '/system/framework/bouncycastle.jar': Failure to verify dex file '/system/framework/bouncycastle.jar': Bad checksum (ee1833bd, expected 2bd04bc7)
_alexndr said:
@svadev
Very interesting work, but requires polishing. Unfortunately apks doesn't work after replacing originals and removing arm folder (I've tried replacing these singly, because I have KNOX 0x0 and replacing the whole ROM with framework was to risky for me)
E.g. @sorg's deodexed Lollipop ROM (G900FXXU1BNL2) works fine, I mean every single app I tested works fine after replacing
EDIT:
Have you applied the patch for ART?
https://code.google.com/p/smali/issues/detail?id=225
Click to expand...
Click to collapse
@_alexndr, @tdunham - thanks tor testing.
I will be to work to detect error .
tdunham said:
Only trying to get framework files working right now, and I am getting bad checksum messages in logcat examples:
Code:
[ 12-15 16:28:15.507 2937: 2937 W/dex2oat ]
Failed to open .dex from file '/system/framework/core-libart.jar': Failure to verify dex file '/system/framework/core-libart.jar': Bad checksum (e7501d3a, expected fc15f069)
[ 12-15 16:28:15.507 2937: 2937 W/dex2oat ]
Failed to open .dex from file '/system/framework/conscrypt.jar': Failure to verify dex file '/system/framework/conscrypt.jar': Bad checksum (a8732526, expected 0f5300f6)
[ 12-15 16:28:15.517 2937: 2937 W/dex2oat ]
@
Failed to open .dex from file '/system/framework/okhttp.jar': Failure to verify dex file '/system/framework/okhttp.jar': Bad checksum (06a896a1, expected 40fc93a6)
[ 12-15 16:28:15.527 2937: 2937 W/dex2oat ]
Failed to open .dex from file '/system/framework/bouncycastle.jar': Failure to verify dex file '/system/framework/bouncycastle.jar': Bad checksum (ee1833bd, expected 2bd04bc7)
Click to expand...
Click to collapse
@tdunham
I have carefully checked my program algorithm, but not find any error.
Please, try set "Extract dex-files only" checkbox and then manually deodex (with patched smali/backsmali) framework and then test it.
if it will work - then original packed in oat files is not dex but odex.
tdunham said:
Only trying to get framework files working right now, and I am getting bad checksum messages in logcat examples [...]
Click to expand...
Click to collapse
Same case as in my attached logcat
Code:
Suppressed: java.io.IOException: Failure to verify dex file '/system/priv-app/SecMms_Candy/SecMms_Candy.apk': Bad checksum (fa8a09fd, expected b0e743d0)
EDIT
@svadev
Have you read this? (post #54)
http://forum.xda-developers.com/showthread.php?p=57316935
_alexndr said:
Same case as in my attached logcat
Code:
Suppressed: java.io.IOException: Failure to verify dex file '/system/priv-app/SecMms_Candy/SecMms_Candy.apk': Bad checksum (fa8a09fd, expected b0e743d0)
Click to expand...
Click to collapse
Yes, i understand it. But my output dex is valid.
Well, once again I see my algorithm ...
_alexndr said:
Same case as in my attached logcat
Code:
Suppressed: java.io.IOException: Failure to verify dex file '/system/priv-app/SecMms_Candy/SecMms_Candy.apk': Bad checksum (fa8a09fd, expected b0e743d0)
EDIT
@svadev
Have you read this? (post #54)
http://forum.xda-developers.com/showthread.php?p=57316935
Click to expand...
Click to collapse
Yes, therefore, me please - try set "Extract dex-files only" checkbox and then manually deodex (with patched smali/backsmali)
for example, SecMms and then test it.
If it will be work - then me will correct my program
svadev said:
Yes, therefore, me please - try set "Extract dex-files only" checkbox and then manually deodex (with patched smali/backsmali)
for example, SecMms and then test it.
If it will be work - then me will correct my program
Click to expand...
Click to collapse
Try to use this jar for boot.oat
There are odex files for each jar from framework in output folders.
Files from odex folders beksmaled well.
Share the jar.
java -jar bootoat2dex.jar boot.oat
It will output to 2 folders odex and dex(de-optimized)
I have tested pack these dex to original jar and push into device,
device can boot normally.
Click to expand...
Click to collapse
Post #12 with attached jar.
https://code.google.com/p/smali/issues/detail?id=225
Golv said:
Try to use this jar for boot.oat
Post #12 with attached jar.
https://code.google.com/p/smali/issues/detail?id=225
Click to expand...
Click to collapse
I try it, but it not works with boot.oat for g900fd.
All I figured out why it doesn't work.
Yes, dex-files packed into the oat is ODEX-files. And they need to pass through baksmali and smali. But since there are no properly working smali/baksmali, you have to wait until they appear. As soon as a new version of smali/baksmali - I will make a new, properly working version.
svadev said:
I try it, but it not works with boot.oat for g900fd.
. But since there are no properly working smali/backsmali, you have to wait until they appear. As soon as a new version of smali/backsmali - I will make a new, properly working version.
Click to expand...
Click to collapse
But patched 203 smali/baksmali works very well with this decompress odex.
Golv said:
But patched 203 smali/baksmali works very well with this decompress odex.
Click to expand...
Click to collapse
You may try it with my "extract only", for example, for android.policy, then backsmali and smali and compare it and you will see difference
svadev said:
Yes, therefore, me please - try set "Extract dex-files only" checkbox and then manually deodex (with patched smali/backsmali)
for example, SecMms and then test it.
If it will be work - then me will correct my program
Click to expand...
Click to collapse
Unfortunatelly, it does not work also after deodexing extracted files (I've used patched by @ sorg (bak)smali tools)
Code:
baksmali-art -a 21 -x SecMms_Candy.apk.dex -o SecMms_Candy
smali-art -a 21 SecMms_Candy -o classes.dex
(bak)smali-art.bat are simply my *.bat files which calls sorg's patched jar files (java -jar [filename].jar %1 %2 %3 .... etc)
_alexndr said:
Unfortunatelly, it does not work also after deodexing extracted files (I've used patched by @ sorg (bak)smali tools)
Code:
baksmali-art -a 21 -x SecMms_Candy.apk.dex -o SecMms_Candy
smali-art -a 21 SecMms_Candy -o classes.dex
(bak)smali-art.bat are simply my *.bat files which calls sorg's patched jar files (java -jar [filename].jar %1 %2 %3 .... etc)
Click to expand...
Click to collapse
the fact of the matter is that if backsmali (with pached backsmali) sorg's classes.dex and my classes.dex for secmms and compare it you can see difference.
And soon will become clear
svadev said:
@tdunham
I have carefully checked my program algorithm, but not find any error.
Please, try set "Extract dex-files only" checkbox and then manually deodex (with patched smali/backsmali) framework and then test it.
if it will work - then original packed in oat files is not dex but odex.
Click to expand...
Click to collapse
Ok, I tested with "Extract dex-files only".
Only tested with 31 files from boot.oat.
ALL 32 output files from boot.oat are not odex, they are dex. I can rename each one to classes.dex, insert into original jar and they decompile fine so they are not odex.
tdunham said:
Ok, I tested with "Extract dex-files only".
Only tested with 31 files from boot.oat.
ALL 32 output files from boot.oat are not odex, they are dex. I can rename each one to classes.dex, insert into original jar and they decompile fine so they are not odex.
Click to expand...
Click to collapse
Why 31?
framework.jar - has two classes.dex and classes2.dex
svadev said:
Why 31?
framework.jar - has two classes.dex and classes2.dex
Click to expand...
Click to collapse
boot.oat contains files for more than just framework.jar though....if I've understood things correctly..
Ticklefish said:
boot.oat contains files for more than just framework.jar though....if I've understood things correctly..
Click to expand...
Click to collapse
Yes, 31+1=32
svadev said:
Yes, 31+1=32
Click to expand...
Click to collapse
Oh, I see...sorry, I misunderstood your post. Ignore me!
baksmali with art patch not works correctly
I wrote a short module, to start my mods that would intercept and detect the keys being pressed.
I have done this many times before on other phones, S2, and S5. The S5 was on Lollipop, and the class PhoneWindowManager.smali was in a different spot than it is on MM.
However, I found the PhoneWindowManager.smali class in marshmallow source, added the class path to the module. Everything compiles, Xposed log says its loading my module, and everything looks great.
However, my "beforeHookedMethod" is never firing. I can tell because I put a simple XposedBridge.log() inside the method.
Is there something fishy I need to do with Marshmallow? Also, Xposed log says SE linux is enforcing, could this be the issue?
here is my code for the module:
Code:
if (loadPackageParam.packageName.equals("android")) { //Change this to android for package name, then use that packages class loader. null does not work for class loader.
Class<?> PhoneWindowMgr = XposedHelpers.findClass("com.android.server.policy.PhoneWindowManager", loadPackageParam.classLoader);
XposedHelpers.findAndHookMethod(PhoneWindowMgr, "interceptKeyBeforeQueueing", KeyEvent.class, Integer.TYPE, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("Intercept key. Keycode: " + ((KeyEvent)param.args[0]).getKeyCode());
}
});
}
Nothing is logged when I press the buttons on my device..
Hi,
I have Asus Zenfone Max Pro M1 with StockMod Pie with Magisk v20.3 Stable
Magisk Manager has been renamed to Manager
Safety Net Check has been successful always, both *ctsProfile & basicIntegrity"
On same, have been using an Indian Bank - IDBI Bank GoMobile+ app for last few months and things have been all fine. The app has been selected under Magisk Hide.
I do use other bank/fintech apps too like GooglePay etc and they work fine.
But since yesterday this GoMobile+ app is saying phone rooted and not working. It seems that with recent update of 30th Jul they have introduced some additional check.
Taking bit of inspiration from @rithvikvibhu message in earlier thread I tried to decompile the latest apk to jar and use jd-gui to see if can find something related to root
com.scottyab.rootbeer and within same I see following
Code:
package com.scottyab.rootbeer;
public final class b {
public static final String[] a = new String[]
{ "com.noshufou.android.su",
"com.noshufou.android.su.elite",
"eu.chainfire.supersu",
"com.koushikdutta.superuser",
"com.thirdparty.superuser",
"com.yellowes.su",
"com.topjohnwu.magisk" };
public static final String[] b = new String[]
{ "com.koushikdutta.rommanager",
"com.koushikdutta.rommanager.license",
"com.dimonvideo.luckypatcher",
"com.chelpus.lackypatch",
"com.ramdroid.appquarantine",
"com.ramdroid.appquarantinepro",
"com.android.vending.billing.InAppBillingService.COIN",
"com.chelpus.luckypatcher" };
public static final String[] c = new String[]
{ "com.devadvance.rootcloak",
"com.devadvance.rootcloakplus",
"de.robv.android.xposed.installer",
"com.saurik.substrate",
"com.zachspong.temprootremovejb",
"com.amphoras.hidemyroot",
"com.amphoras.hidemyrootadfree",
"com.formyhm.hiderootPremium",
"com.formyhm.hideroot" };
public static final String[] d = new String[]
{ "/data/local/", "/data/local/bin/", "/data/local/xbin/", "/sbin/",
"/su/bin/", "/system/bin/", "/system/bin/.ext/", "/system/bin/failsafe/",
"/system/sd/xbin/", "/system/usr/we-need-root/",
"/system/xbin/", "/cache", "/data", "/dev" };
public static final String[] e = new String[]
{ "/system", "/system/bin", "/system/sbin", "/system/xbin",
"/vendor/bin", "/sbin", "/etc" };
private b() throws InstantiationException {
throw new InstantiationException("This class is not for instantiation");
}
Now am not using any of these apps atleast. So what can be the reason here? I don't want to go with the option of signing modified apk.
Also anything else to be searched in jar file? I tried searching isrooted etc but couldn't find. Even tried searching for rootbeer but nothing came.
Pls help and suggest what can be possible solutions.
I installed Rootbeer Sample app and selected it in Magisk Hide and upon running same, it says Not Rooted. Everything passes with green except "Busybox Binary"
Also I tried analyzing logcat over adb and read following
Code:
[ 08-02 19:40:11.629 27679:27830 V/RootBeer ]
c: a() [184] - /system/xbin/busybox binary detected!
PS: I am using apk to jar and using the above tools for the first time. So may be missing few more options/search etc
SOLUTION: Read post 2, in my case there was an old remant of BusyBox which was creating the issue.
For others having issue in using IDBI GoMobile+, pls check that you don't have any of the above apps (mentioned under spoiler)
Problem Solved
Ok, so after few hours of reading and playing around with tweaks etc found that issue was following:
there was an old remnant of busybox binary - may be installed as part of ROM or some package. This BusyBox was in /system/xbin/
Seems that this was over and above the systemless busybox installed via Magisk.
Now, it seems for some reason, only in the last app update, this system busybox presence was also flagged as ROOTED
I got this idea, from @tamer7's post. Basis same, went to TWRP and flashed Busybox-CLEANER.zip by @YashdSaraf
Rebooted and openedd RootBeer Sample and got all green. I then went to the bank app and here too no nag message of "being rooted" YAY
"com.topjohnwu.magisk" is also in the list of apps to be checked. Magisk Manager uses the same package name.
BlueJeans said:
"com.topjohnwu.magisk" is also in the list of apps to be checked. Magisk Manager uses the same package name.
Click to expand...
Click to collapse
Thanks for the feedback, but as mentioned have already renamed the Magisk Manager to Manager and so the package name is changed
Solved
The issue is resolved, thanks to threads on xda, infosecinstitute, medium etc