Jump to content
night_mare007

Kraken Eradicator - an ANTI "anti-piracy" fix, for custom roms

Recommended Posts

night_mare007

Kraken Eradicator
an ANTI 'ANTI-PIRACY' fix, for custom roms

the issue: nowadays, many custom rom devs, embed "anti-piracy" protection into their rom ( like AntiPiracySupport by ContentGuard )
this causes the rom to be SLOWER, and adds unwelcome malware-like behavior like echoing sound of a pirate at random, showing icons of "middle finger" or a "Aaar-rrggghhh pirate" on the QS tiles or lockscreen and disables/hurt basic operations of apps like LP, URET PATCHER etc which can be used to simply disable ads ( that CAN NOT be disabled COMPLETELY by adaway etc.. ) or just theme an app through custom patches.
in summery, these rom devs hijack your phone with additional services, sound & images files, making your phone bloated as hell.
Possible solutions & their cons:

thus, A new solution was born: Meet the "Kraken Eradicator"
Pros:

  • it works for Nougat roms(and lower), NO xposed is needed.
  • 100% block/disable any anti-piracy protection, since NO targeted apps (like LP, uret etc ) are being recognized as installed, due to modification of system core files.
    thus, no need to disable various services or install any services disabler-apps for that matter, since the services are not running at all since no targeted apps being recognized.
  • ODEX AND DEODEX SUPPORT EXIST IN SAME FLASHABLE ZIP ! ( Since version 16+)


Cons:

  • *in the MEANTIME* - no support for ODEX roms, it's WIP.
  • can't be updated on daily basis to deal with 0-day changes in nightly updates of roms.
    I.E -> if you're a coder & not a kraken yourself - CONTACT ME - I'M LOOKING FOR PARTNERS IN CODE

 

V17 (ODEX & DEODEX support): DOWNLOAD LINK HERE
Decryption key (NOTE: manually change LAST char to CAPITAL letter):

!bvfSg34FDHBc3h0wz73cu07dRC0TfxAOfs2ScXk8gOq

 

V14 ( ONLY DEODEX support ): DOWNLOAD LINK HERE
Decryption key (NOTE: manually change the char BEFORE THE LAST to CAPITAL letter):

!bAfn0mozdbwzI9xPhIs7L206AMquqDKUctcRJ9H6Ur0


V12 ( ONLY DEODEX support ): DOWNLOAD LINK HERE
Decryption key (NOTE: manually change last char to SMALL letter):

!SBFeXVTF9bNfYzvgpGLfRauV4VVvqc_XJq7g_kR3XIW

* key not working even after changing last letter? -> try to remove the opening exclamation-mark char, if exist.

IMPORTANT NOTES:

  1. YOU MUST BE ROOTED and have TWRP recovery.
  2. ARCH support(i.e kernel type): in the meantime: ARM & ARM64 devices only!
    (thankfully, I haven't seen krakening on roms devices with x86/x86_64, since they barely get custom roms as is)
  3. IN THE MEAN TIME - ONLY DEODEX ROM SUPPORTED.
    (i.e that do NOT have /system/framework/arm or arm64 folders and many OAT files under them.
    ODEX ROMS support is WIP - it will take some time, DO NOT ASK FOR ETA !
    i'm a VERY BUSY MAN, and I CODE IN REALLY SHORT SPARE TIME.
  4. WHEN YOU INSTALL THIS ZIP IN RECOVERY - LET IT WORK FOR AT LEAST 5 MIN !
    the script runs hex pattern search on a ~10mb file... this takes time !
  5. you MUST re-install this zip every time you wipe /system partition, like when manually performing OTA/dirty or semi-dirty flashing of your rom.
    ( i.e NO NEED, to run this script again after dalvik&cache wipe, BUT a dalvik&cache wipe is a MUST after installing this script ! )
  6. YOU MUST WIPE DALVIK&CACHE AFTER YOU INSTALL THIS SCRIPT !
    ( don't say I didn't mentioned that in BOLD ! )

 

UPDATES:

  • 17 Jun 17 - version 17
    • Faster script execution for ODEX roms
  • 16 Jun 17 - version 16
    • !!!! ODEX ROM SUPPORT IS FINALLY HERE !!!!
      • Have your rom dev wrote in the changelog that they've enabled "Dexpreopt" ? -> Now you can eliminate this kraken !
      • Do you have arm or arm64 folder under /system/framework ? -> Now you can eliminate this kraken !
    • DE-ODEX support is still exist... the script works for both ODEX (DexPreOpt enabled) and DEODEX Roms.
      This is true for any future update as well
  • 24 May 17 - version 14
    • added small compatibility with latest kraken's list changes
  • 19 May 17 - version 13
    • It should now work with LESS bugs for arm64 - but i'm unsure if it works for arm as well.
      -> therefor I publish v12 ( good for arm ) as well as v13 ( should have better compatibility for arm64 )
      This change required the addition of 'bash for arm64', so +2Mb to the KrakenE total zip file size. :-(
    • added small compatibility with latest kraken's list changes
  • 8 May 17 - version 12
    • FIX an issue with v11 which was not working for arm64 due too wrong aux tool aarch.
      so now two arch tools attached in the flashable zip for each arm/arm64.
    • Because of above change, zipping compression ratio change to max -> meaning I can't make the flashable zip less then ~1.7MB... which is really nothing to worry about in comparison to your rom's flashable zip of ~1GB size ! :-)
  • 7 May 17 - version 11
    • Smaller aux tools size + more optimized script = total flashable zip size reduced
    • Even less mambo-jambo log output = more human readable log output
  • 4 May 17 - version 10
    • shorter, more human readable log output
    • more robust flashable-restore-file creator
  • 30 Apr 17 - version 9
    • more funky strings, the more krakens are in the deeps and not on your boat !
    • AUTO-BACKUP CREATOR:
      Tried of reflashing /system due too Kraken's changes to the system ? no more !
      now it AUTO creates a flashable-zip under /sdcard named "KrakenE_RESTORE".
      if you wish to revert KrakenE'S changes, simply flash that restoration zip
      Please note that KrakenE script OVERWRITE any previous /sdcard/KrakenE_RESTORE.zip.
      thus, if you care about previous backups, just rename them PRIOR to flashing again KrakenE !
  • 29 Apr 17 - version 8
    • FINALLY ! the script is now a binary !
      * Pros:
      * Cons: My back hurts even more ! -> so NO really any cons for you !
      • Even faster execution of script !
      • Krakens are left REALLY hungry now... good luck with rev-eng my boat !
  • 27 Apr 17 - version 6
    • Script re-written to be more dynamic toward any new kraken's foul strings.
    • WAY FASTER script execution ( now ~15sec (!), before ~3min)
    • still NO ODEX roms support, but now the script is bit more orginized to get such support in the future.
  • 26 Apr 17

    • bah...last update was not working as it should...
      string replacement does really works, since const strings in dex aren't just limited for one place in the code, they can also be used as a field name, other similar string etc..etc...
      so although now I got more dynamic script... I still need to think of a way to bypass that non-singular usage of strings I edit in the dex.
      so, right now, back to square 1, i.e static replacement of string ( call some other weird X string instead of LP/uret etc )  - this solution works good... but is really static, per-rom-release-version, although it uses hex pattern search with "??"...
      T.B.C.... fight against the kraken is NOT done.... i'll continue in my spare time ( which isn't much at all ) to look for the rum.
  • 25 Apr 17

    • It should be compatible with latest 'fuckySnatchers' & 'mThreeLeafClovers' changes.
    • IMPORTANT NOTE: it is only compatible with DEODEX roms, i.e roms that do NOT have optimized "oat" files under /system/framework/arm or arm64 ( which are ODEX roms )
      solution for ODEX rom is WIP.
Edited by night_mare007

Share this post


Link to post
Share on other sites
night_mare007

Reserve for future updates

Edited by night_mare007

Share this post


Link to post
Share on other sites
night_mare007

URET COMMUNITY HELP IS NEEDED !
 

Many android rom nowaday uses DexPreOpt ( =ON ) which causes the rom to be compiled as odex-rom... thus, direct dex editing isn't possible anymore..
generally for this script to work, it needs to make modification to /system/framework/framework.jar's internal classes2.dex.
AND PLEASE NOTE - THIS HAPPENS FROM RECOVERY: ON THE PHONE ITSELF ! ( NO PC IS INVOLVED ! )
nowadays, I can't, because of DexPreOpt was "performed" on the rom.
 

1st let me explain my goal.... I want to edit one of the files under /system/framework...
since the rom is dexpreopt, the file's "jar" is empty of dex files, and instead I got "arm" and "arm64" folders... that BOTH of them - got the odex file of the dex I wish to edit. i.e Oat and Art files.
so, I know that baksmali them to smali - will give me the same result.... so I actually need to deodex only one of them...but after modding, I need to create them both using dex2oat
OK... i've done that - on the phone itself... ( although I uses dextra and not baksmali to extract dex instead of smali )
I also managed to recreate the oat and art files for both arm and arm64... but they're smaller then original... and I barely made hex swap editing on the dex ( e.i 22 -> 44 etc... for around 10-12 times ).
I replaced the new oat&art in the appropriate folder... but system refuses to load...
I guess /system/framework/arm( or arm64)/boot.oat(and boot.art) are the cause for this...
wiping them - didn't helped.
I need somehow to tell the system to recreate boot.oat under dalvik !
but I don't know how !......
so I need to know how can I made changes to dexpreopt rom so it is hybride odex and dexodex...
( no need to dexodex the whole rom... /priv-app and /app under /system - are odex.. and I really don't need to change them...

EDIT1:
I found this guide:
http://www.blackhat.com/docs/asia-15/materials/asia-15-Sabanal-Hiding-Behind-ART-wp.pdf
This tells me how to mod ART based framework.jar WHICH IS DEODEX !
I need to know how to deal with ODEX system.... and don't forget that I run the whole shabend on the phone itself... ( so I can't deodex whole rom on PC ! )

Edited by night_mare007

Share this post


Link to post
Share on other sites
Jasi2169

I have small questions i wont read whole

 

1. What file name you are modifying

2. I think deodex rom is patched successfully ,you want to know how to fix odex one right ??

3. I know you replace hex but in which framework file same as 1st one and what changes you make ,write down all

4. Does original file has classes.dex inside ?

 

For example if file is services.jar does it has classes.dex inside doesnot matter if its 1kb so that we can fix services.odex in oat folder that is important

Share this post


Link to post
Share on other sites
night_mare007
1 hour ago, Jasi2169 said:

I have small questions i wont read whole

 

1. What file name you are modifying

2. I think deodex rom is patched successfully ,you want to know how to fix odex one right ??

3. I know you replace hex but in which framework file same as 1st one and what changes you make ,write down all

4. Does original file has classes.dex inside ?

 

For example if file is services.jar does it has classes.dex inside doesnot matter if its 1kb so that we can fix services.odex in oat folder that is important

Hi Jasi,
Thanks for the reply.

 

  1. on an Deodex rom - I mod /system/framework/framework.jar -> classes2.dex
  2. AFAIK, when a rom is compiled with "DexPreOpt = 1", the output is an ODEX rom.
    so Yes.. I want to mod the file above on an ODEX system, on the phone itself.
    + I do NOT wish to dexodex the WHOLE rom... the less the better.
  3. AFAIK, the changes I make to classes2.dex aren't important to this talk's scope, and please let me explain:
    I know that my modification works on deodex rom, so I know that can successfully hex edit a dex file.
    I got no prob with elaborating how I make the whole deodex hex editing but do not with to detail the specific dex hex-mod changes.
    This is since this is a public forum, I don't wish that the "kraken" ( aka custom rom dev that embed anti-piracy script ) will know what i'm doing.... the less -> the better.
  4. on a ODEX rom ( i.e that was compiled with DexPreOpt =1 ) all the .jar under /system/framework are missing their classesX.dex.
    they are of course found as ART ODEX files under /system/framework/arm and arm64 folder, as 2 files: XXXX.oat XXXX.art.
    so for a 64-bit supported phone with dexpreopt, one JAR with TWO DEX ( say /system/framework/framework.jar -> classes.dex and classes2.dex ) is actually 4 files:
    so for ODEX SYSTEM:
  • /system/framework/framework.jar ( with NO dex files inside at all )
  • /system/framework/arm/boot-framework.art
  • /system/framework/arm/boot-framework.oat
  • /system/framework/arm64/boot-framework.art
  • /system/framework/arm64/boot-framework.oat
  • boot.oat is under /data/dalvik and is being create during 1st boot
    and for DE-ODEX SYSTEM:
  • /system/framework/framework.jar ( with 2 DEX files: classes.dex and classes2.dex )
  • boot.oat is STATIC and found under:
    /system/framework/arm/boot.oat and .art
    /system/framework/arm64/boot.oat and .art
    and in addition is also boot.oat being created during 1st boot under /data/dalvik - but this shouldn't worry us since it takes its data from the orig boot.oat under /system/framework/.

Also, to simple the modding process I know that if one extract the dex from each of the boot-framework.oat, they're the SAME.
that is logical because the OAT file is the ART's ODEX file after dex2oat was performed for each of the different arch.
so only one of the "oat" files is needed to be extracted for its dex... but after modding, dex2oat is needed to be executed twice, one per arch type.

Please Let me try to explain the core of my issue...
What I know to do already:

  1. taking boot-framework.oat -> extracting both classes.dex and classes2.dex from it.
  2. modding the classes2.dex so that anti-piracy script will be neutralized

What I need help with:

Since rom was build with DexPreOpt and is odex, I have trouble getting the system to accept my modification.

  1. I need to recompile both /system/framework/arm/boot-framework.oat and .art
    I need to recompile both /system/framework/arm64/boot-framework.oat and .art
    I think I don't know which parameters I need to input dex2oat to do so.
  2. I need to recompile both /system/framework/arm/boot.oat and .art to include the latest boot-framework.oat under /arm
    I need to recompile both /system/framework/arm64/boot.oat and .art to include the latest boot-framework.oat  under /arm64
    I think I don't know which parameters I need to input dex2oat to do so.

    I know that I can dump the original dex2oat parameters by ASCII looking at the boot.oat files.
    or even better is to dump these command using "dextra -h" command..... you'll see something like:
    Quote

    Key: dex2oat-cmdline    Value: --runtime-arg -Xms64m --runtime-arg -Xmx64m --image-classes=frameworks/base/preloaded-classes --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/core-oj_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/core-libart_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/conscrypt_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/okhttp_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/core-junit_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/bouncycastle_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/ext_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/framework_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/telephony-common_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/voip-common_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/ims-common_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/apache-xml_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/org.apache.http.legacy.boot_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/org.ifaa.android.manager_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/org.dirtyunicorns.utils_intermediates/javalib.jar --dex-file=/home/XXXXXX/out/target/common/obj/JAVA_LIBRARIES/telephony-ext_intermediates/javalib.jar --dex-location=/system/framework/core-oj.jar --dex-location=/system/framework/core-libart.jar --dex-location=/system/framework/conscrypt.jar --dex-location=/system/framework/okhttp.jar --dex-location=/system/framework/core-junit.jar --dex-location=/system/framework/bouncycastle.jar --dex-location=/system/framework/ext.jar --dex-location=/system/framework/framework.jar --dex-location=/system/framework/telephony-common.jar --dex-location=/system/framework/voip-common.jar --dex-location=/system/framework/ims-common.jar --dex-location=/system/framework/apache-xml.jar --dex-location=/system/framework/org.apache.http.legacy.boot.jar --dex-location=/system/framework/org.ifaa.android.manager.jar --dex-location=/system/framework/org.dirtyunicorns.utils.jar --dex-location=/system/framework/telephony-ext.jar --oat-symbols=/home/XXXXXX/out/target/product/mydevice/symbols/system/framework/arm/boot.oat --oat-file=/home/XXXXXX/out/target/product/mydevice/dex_bootjars/system/framework/arm/boot.oat --oat-location=/system/framework/arm/boot.oat --image=/home/XXXXXX/out/target/product/mydevice/dex_bootjars/system/framework/arm/boot.art --base=0x70000000 --instruction-set=arm --instruction-set-variant=cortex-a53 --instruction-set-features=default --android-root=/home/XXXXXX/out/target/product/mydevice/system --include-patch-information --runtime-arg -Xnorelocate --no-generate-debug-info --multi-image --no-inline-from=core-oj.jar --compiled-classes=frameworks/base/compiled-classes-phone

    my rom is ODEX... i.e all the .jar ARE MISSING TRIER DEX !
    -> I CAN'T REUSE that dex2oat command as is above - since it was built on a PC with "DEODEX" jars ( as part of android studio or some other compiler ).

    Lastly, please note that although the system is odex... you might think that I want to only patch the odex files... but I do not...
    I wish to change the core files... so that even after wiping of dalvik folder... the modding retain.

Edited by night_mare007

Share this post


Link to post
Share on other sites
Jasi2169

Give me command to unpack boot.oat let me see mine and see what i can do

 

I can fix all jars and apk which have classes.dex inside even it is odexed but as this files are core they are actually present in boot.oat ,brother chelpus patches boot.oat for patching sig verify to true i dont know how he fix system checks, just send me commands to unpack n pack stuff let me look and see after modifying.

 

 

Share this post


Link to post
Share on other sites
night_mare007
1 hour ago, Jasi2169 said:

Give me command to unpack boot.oat let me see mine and see what i can do

 

I can fix all jars and apk which have classes.dex inside even it is odexed but as this files are core they are actually present in boot.oat ,brother chelpus patches boot.oat for patching sig verify to true i dont know how he fix system checks, just send me commands to unpack n pack stuff let me look and see after modifying.

 

 

to extract oat files, on android phone itself, use dextra

Quote

./dextra -dextract OATFILE

or built-in oatdump:
 

Quote

oatdump --oat-file=/system/framework/arm/boot-framework.oat --export-dex-to=./



on PC use oat2dex
 

Quote

java -jar oat2dex.jar <oat/odex-file/folder> <boot-class-folder>

<boot-class-folder> for ODEX rom, that's where the boot.oat sits... i.e system\framework\arm or arm64
i.e you MUST have the boot.oat inorder to decompile the boot-framework.oat ( if not the ENTIRE framework folder ).

you said:
 

Quote

I can fix all jars and apk which have classes.dex inside even it is odexed but as this files are core they are actually present in boot.oat

AFAIK that is NOT the case with DexPreOpt roms...
boot.oat contains only full dex of 'core-oj.jar' but only some classes and method init of other jar files like our boot-framework.
I fear that it also check the checksum of these other files...so if we manage to create boot-framework.oat & art ( which I did ) it still won't work since there checksum are changed...
thus, so I fear I must compile boot.oat ( under /system/framework/arm and arm64 ) as well !
once more... we should NOT care about dalvik files at all.... these are created FROM THE STATIC /system/framework files.

 

about "packaging" the oat files back... well this is my issue to begin with.

Edited by night_mare007

Share this post


Link to post
Share on other sites
night_mare007

P.S - I guess you use JEB as well to understand what is going on...
just in the last month they publish addon that can help in parsing latest OAT for nougat 7.1.2 ( "OAT: support for version 88" ).
using jeb 2.2.5 - just download latest oatplugin FROM HERE, goto "coreplugins" folder under jeb folder, wipe current version ( for me wasJebOatPlugin-1.0.4.jar ) and copy latest oatplugin to "coreplugins" folder.

then reopen jeb and you can rev-eng the boot-framework.oat and boot.oat

when looking at boot-framework.oat, you might need to rightclick on "unknown dex #2" -> "parse at" -> DEX to see the dex tree.

Edited by night_mare007

Share this post


Link to post
Share on other sites
night_mare007

@Jasi2169 - Eureka !
I managed to manually patch my DexPreOpt rom... now I need to translate my actions into my script ! 

 

What i've done new this time ?

after I got the changes written to the dex, instead of trying to rebuilt the oat... i've simply made the changes ( after looking at hex diff summery file ) DIRECTLY into the boot-framework.oat ( both under arm and arm64 folder ).
I.E I wrote the specific hex change onto
/system/framework/arm/boot-framework.oat
/system/framework/arm64/boot-framework.oat
and that's it ! no other file was changed or modded... ( not boot.oat... not the .art files.. )

so beside the anti anti-piracy hex modding... I also hex change the dex's checksum inside the oat itself... you see, each oat contains 1:1 copy of the deodex dex... so it includes dex's checksum as well...
so if I copy the checksum of the moddeed dex into its place in the oat file... MODDING DONE !

WOW !!!... I don't believe it... the solutions is actually simpler then I thought !
now I need to sit and code all of these changes into the script.

Edited by night_mare007

Share this post


Link to post
Share on other sites
night_mare007
7 hours ago, night_mare007 said:

@Jasi2169 - Eureka !
I managed to manually patch my DexPreOpt rom... now I need to translate my actions into my script ! 

....

WOW !!!... I don't believe it... the solutions is actually simpler then I thought !
now I need to sit and code all of these changes into the script.

I've updated the OP with the latest script... version 16, which is ODEX and DEODEX compatiable !

Share this post


Link to post
Share on other sites
Jasi2169

Great to see there is crc32 checksum what is needs to fixed which is checked by ART system for modification, what i actually wanted to see that the crc32 is written where in  boat.oat only ?

 

Because in dalvik there are some more checks but ART dont have those many checks just crc32 ,also oat files dont need to fix signature but original classes.dex needs fixing it,so directly modding oat is always easy but there instructions gets changed if you compare dex n oat many static/virtual methods having bytes are not found in oat they are changed a bit,i prefer patching dex always rather than oat/odex because this work universally but everytime on all devices oat hexes are not found as you are modifying string so it is easy to be found for all custom roms.

Share this post


Link to post
Share on other sites
night_mare007
4 hours ago, Jasi2169 said:

Great to see there is crc32 checksum what is needs to fixed which is checked by ART system for modification, what i actually wanted to see that the crc32 is written where in  boat.oat only ?

 

Because in dalvik there are some more checks but ART dont have those many checks just crc32 ,also oat files dont need to fix signature but original classes.dex needs fixing it,so directly modding oat is always easy but there instructions gets changed if you compare dex n oat many static/virtual methods having bytes are not found in oat they are changed a bit,i prefer patching dex always rather than oat/odex because this work universally but everytime on all devices oat hexes are not found as you are modifying string so it is easy to be found for all custom roms.

well.. all I can say is that any oat under /system/framework and basically the oat file format itself got 1:1 hex copy of the dex(s) files it is built from.
so direct dex editing is possible without the need of extraction out of the oat ( depends on the level of changes of course ).
I think since my level of modding is not effecting (in anyway) the optimized code within oat, I don't need to change the oat checksum as well.

 

lastly, on ODEX roms, boot.oat is STATIC and found under /system/framework and does NOT contains any of "framework.jar" ( or boot-framework.oat ) dexes.
in addition, during 1st boot, another boot.oat is DYNAMICALLY created, under /dalvik, but does NOT contains any of "framework.jar" dexes. ( only another boot-framework.oat under /dalvik contains the framework.jar dexes ).
on DEODEX roms, boot.oat is NOT exist statically under /system/framework, and is created DYNAMICALLY during 1st boot under /dalvik.
BUT this boot.oat DOES contains "framework.jar" ( or boot-framework.oat ) dexes

so you see - in the deodex case, changing under /data/dalvik only ONE file ( [email protected]@framework.jar.oat) is NOT ENOUGH.
you must also mod ( under /data/dalvik ) "[email protected]@boot.oat" as well.
thus, at least for the deodex case, changing the orig oat files under /system/framework, does lowering the scope of work-needed-to-be-done inorder to mod this frakkish framework.jar file.

lastly, what i'm really proud about my project.. after all the mambo-jambo I do in a bash script, is that I compile my work as bin file for arm ( since twrp for arm64 is arm as well ) but with optimizations, -> thus I can obfuscate the bash code in an excellent way.( AFAIK, rev-eng this one... is a total pain in the a*s )
I could PM you with details about it if you'd like.

  • Like 1

Share this post


Link to post
Share on other sites
night_mare007
5 hours ago, Jasi2169 said:

what i actually wanted to see that the crc32 is written where in  boat.oat only ?

the crc32 & adler32 checksum I fix is only of the dex I mod.
since the oat contains 1:1 copy of that dex, I fix the relevant offset of code within the oat.
just to clarify, I do NOT need to fix the oat's header checksum.

Share this post


Link to post
Share on other sites
Jasi2169
On 6/17/2017 at 6:46 PM, night_mare007 said:

the crc32 & adler32 checksum I fix is only of the dex I mod.
since the oat contains 1:1 copy of that dex, I fix the relevant offset of code within the oat.
just to clarify, I do NOT need to fix the oat's header checksum.

Just for your info if you modify oat/odex anywhere in the partition nothing is checked,but if you modify oaty/odex in /dalvik-cache then system integrity needs to be fixed

 

if you modify classes.dex like UP and LP both does in apk then it need fixing adler,oat does not require fixing anything if it is outside dalvik-cache folder just for your info

  • Thanks 1

Share this post


Link to post
Share on other sites
night_mare007
3 hours ago, Jasi2169 said:

Just for your info if you modify oat/odex anywhere in the partition nothing is checked,but if you modify oaty/odex in /dalvik-cache then system integrity needs to be fixed

 

if you modify classes.dex like UP and LP both does in apk then it need fixing adler,oat does not require fixing anything if it is outside dalvik-cache folder just for your info

I don't agree with you that "nothing is checked" if you mess up with OAT under /system/framework.
what "odex" is for Dalvik.... "OAT" is for "ART".... and I quote THIS SOURCE: "ART pre-compiles apps Dalvik bytecode into native code"

please look at that source.

then you can see that OAT has checksum as well... very much like dex got...
Apparently, the OAT checksum do not take its internal dex content, while it calc its checksum ( the oat I mean ).
that's why I don't need to recalc the checksum for the oat, since I only make changes to the oat's internal dex.

in short... as long as our modding of either dex or oat does not effect the checksum of that file - no need to fix the checksum...
but - only after you recalc the checksum and compare it to the one found in the file's header, you can know for sure if you need to fix it or not.

Also... just so we're clear on the whole "odex" existance in nougat roms...

I guess you would agree with me that files under /data/dalvik-cache/ should be "odex" files ( in the old dalvik term...)... but what-do-you-know... for nougat roms ( or any rom that uses ART instead of Dalvik ) you only got OAT files. ( and .dex which are really dex files)
Also, look under /data/app/APP_NAME/oat folder -> you'll find OAT as well... yes.. you might see *.odex files... but these are NOT dalvik's odex... but Art's OAT !
how to know ? open these "odex" files with notepad++, enable WORD-WARP, and go below the 1st block of "NULNULNULNUL"...
then you'll see the ASCII part of the OAT's header... part of it is the "dex2oat" command that this specific oat file was created by.
also, open that file in jeb to verify its type, or simply use "oatdump" to extract the dex file... that command will NOT work on an Dalvik's Odex file - simple.

 

 

 

 

Share this post


Link to post
Share on other sites
Jasi2169

I Know that from very long dalvik one are dalvik odex and art one are oat though extension is odex.  there is so much oat n odex poat can confuse people,if you see uret android reverser toolkit it shows that and even write magic to find it up, dey magic for odex and elf magic for oat

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Guidelines