[MOD]Native Hotspot Hack[ALL OTAs + LP][Odex][DeOdex] - Sprint LG G2

HUGE Thanks to Metalboy94 for his vigorous attempts to get this working for us Sprint users. He doesn't even own a Sprint device, so please show him some love!
How to Install
- Download File based on ROM type.
- Flash File via TWRP or Philz recovery.
- Wipe Cache/Davlik.
- Reboot System
- Upon boot, update Profile/PRL and reboot again to ensure functionality.
- Profit!
Mirrors
Mediafire
Contributors
Justinswidebody, Bullghost, Metalboy94, Ascertion, SaintZ93, Lefty1409,
Tabp0le
Version Information
Status: Stable
Created 2013-12-25
Last Updated 2015-4-28

Mine.

Yay time to paypal
Sent from my LG-LS980 using XDA Premium 4 mobile app

Errr
Sent from my LG-LS980 using XDA Premium 4 mobile app

fatboypup said:
Errr
Sent from my LG-LS980 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Are you on v8 based ROM?
I just tried the same zip and it's working for me.
Sent from my LG-LS980

Ascertion said:
HUGE Thanks to Metalboy94 for his vigorous attempts to get this working for us Sprint users. He doesn't even own a Sprint device, so please show him some love!
Click to expand...
Click to collapse
And thanks to you for all your testing! Any chance we can get an odexed version for those of us still running the stock ROM? (I'll look into converting deodexed to odexed, but no experience w/ it yet).
Great job guys! Merry Christmas!

Errr **** im on the odex rom time to flash to ice
Sent from my LG-LS980 using XDA Premium 4 mobile app

fatboypup said:
Errr **** im on the odex rom time to flash to ice
Sent from my LG-LS980 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Lol. I'd recommend flashing the v1.1 test. Page 5 of IceROM. Then the Email fix. 100% awesome combo.
Sent from my LG-LS980

Ascertion said:
Lol. I'd recommend flashing the v1.1 test. Page 5 of IceROM. Then the Email fix. 100% awesome combo.
Sent from my LG-LS980
Click to expand...
Click to collapse
will do

Guide - Make your own native hotspot mod
I will try to keep it as simple as possible.
1. Decompile /system/framework/services.jar (or services.odex) with your favorite smali tool.
2. Inside the folder where you decompiled it, go to com/android/server/connectivity and open TetherNetwork.smali with a text editor (preferably Notepad++).
3. Replace the following:
Code:
.line 118
const/4 v0, -0x1
with
Code:
.line 118
const/4 v0, 0x1
and
Code:
.line 718
const/4 v0, -0x1
with
Code:
.line 718
const/4 v0, 0x1
and
Code:
.method public isTetherNetworkAvail()Z
.locals 1
.prologue
.line 331
iget-object v0, p0, Lcom/android/server/connectivity/TetherNetwork;->mTetherNetworkDataTrans:Lcom/android/server/connectivity/TetherNetworkDataTransition;
if-eqz v0, :cond_0
.line 332
iget-object v0, p0, Lcom/android/server/connectivity/TetherNetwork;->mTetherNetworkDataTrans:Lcom/android/server/connectivity/TetherNetworkDataTransition;
invoke-virtual {v0}, Lcom/android/server/connectivity/TetherNetworkDataTransition;->isPamPdnDataProfileEnabled()Z
move-result v0
.line 334
:goto_0
return v0
:cond_0
const/4 v0, 0x1
goto :goto_0
.end method
with
Code:
.method public isTetherNetworkAvail()Z
.locals 1
.prologue
.line 331
const/4 v0, 0x1
return v0
.end method
BONUS: If you want to be sure you removed (at least aesthetically) the tethering plan dialog, replace:
Code:
invoke-direct {p0, v0, v1}, Lcom/android/server/connectivity/TetherNetwork;->showDialog(Landroid/content/Context;I)V
with
Code:
#invoke-direct {p0, v0, v1}, Lcom/android/server/connectivity/TetherNetwork;->showDialog(Landroid/content/Context;I)V
4. Recompile services.jar/odex(odexed ROM users, there are a few guides on XDA on how to use dexopt-wrapper to recompile framework stuff with odexes)
5. Push it back to the phone (make sure you set the right permissions)
6. Reboot and enjoy.

Will this work with a stock rooted rom? I just flash it?
Will definitely donate.. Ive been wanting this since day 1.
Sent from my LG-LS980 using xda app-developers app

Omg thank you!!

o0adam0o said:
Will this work with a stock rooted rom? I just flash it?
Will definitely donate.. Ive been wanting this since day 1.
Sent from my LG-LS980 using xda app-developers app
Click to expand...
Click to collapse
Nope
Sent from my LG-LS980 using xda premium

mchlbenner said:
Nope
Sent from my LG-LS980 using xda premium
Click to expand...
Click to collapse
I'm working on a version that will work w/ the stock rom, but being somewhat of a n00b to all this, I'm currently stuck trying to re-odex the classes.dex file I obtained from smali. I don't have a fully rooted device (only root adb shell via g2_security), so I don't have busybox on my phone in order to run dexopt-wrapper .... I also don't have a nandroid since I haven't rooted, so I'm a bit weary of [semi]bricking my phone if I don't get this just right ... trying to follow some tutorials online. Anyone else here have experience editing services.odex files?

I'm working on it. Give me a few
Sent from my LG-LS980 using XDA Premium 4 mobile app

James7Bond007 said:
I'm working on a version that will work w/ the stock rom, but being somewhat of a n00b to all this, I'm currently stuck trying to re-odex the classes.dex file I obtained from smali. I don't have a fully rooted device (only root adb shell via g2_security), so I don't have busybox on my phone in order to run dexopt-wrapper .... I also don't have a nandroid since I haven't rooted, so I'm a bit weary of [semi]bricking my phone if I don't get this just right ... trying to follow some tutorials online. Anyone else here have experience editing services.odex files?
Click to expand...
Click to collapse
I think you can sideload busybox and then use dexopt-wrapper.. Would be a lot easier then trying to do it from PC. That said, I'm sure someone is working on it already, but if not, I'll try doing it after work tomorrow.

souleman said:
I think you can sideload busybox and then use dexopt-wrapper.. Would be a lot easier then trying to do it from PC. That said, I'm sure someone is working on it already, but if not, I'll try doing it after work tomorrow.
Click to expand...
Click to collapse
That worked fine ... I now have a hacked services.odex, so theoretically I could just replace it with my existing one and I'd be good to go. Only problem is that when I decompiled the hacked services.odex and compared what I got with what I had in the decompiled original services.odex file, there are over 400 files that are now different (I was hoping for just the TetherNetwork.smali to have changed). Ah well, I think I'll be a bit patient and try to figure out the reason for all the differences while waiting for justinswidebody.
Update: reason for the files being different was there are now extra comments in the smali files for the deodexed version ... so maybe it's time to give this thing a shot!

What did you use to odex? I keep getting errors
Sent from my LG-LS980 using XDA Premium 4 mobile app

Great work. Looking forward to seeing native hotspot mod on the stock rom.
Sent from my LG G2 LS980 using Tapatalk

justinswidebody said:
What did you use to odex? I keep getting errors
Click to expand...
Click to collapse
I used the tools from here:
http://dl.xda-developers.com/attach...3/6/8/1/4/0/8/all_for_deodexing_reodexing.zip
I used this line to decompile services.odex:
java -jar ..\baksmali-2.0.2.jar -d . -x services.odex
and then edited the smali file per MetalBoy's instructions.
After running
java -jar ..\smali-2.0.2.jar out
...to create the .dex file, I used 7zip to put the classes.dex file into services.jar. I then copied the new services.jar to the phone and ran:
dexopt-wrapper ./services.jar ./services.odex
...and received the lines you're supposed to (according to http://forum.xda-developers.com/showthread.php?t=1208320):
--- BEGIN '/system/framework/android.policy.jar' (bootstrap=0) ---
--- waiting for verify+opt, pid=7194
--- would reduce privs here
--- END '/system/framework/android.policy.jar' (success) ---
...I then did the line:
dd if=/system/framework/services.odex of=./services.odex bs=1 count=20 skip=52 seek=52 conv=notrunc
and verified the response was:
20+0 records in
20+0 records out
20 bytes (20B) copied, 0.002042 seconds, 9.6KB/s
...I then used baksmali-2.0.2 to decompile the odex'ed services.odex and KDiff3 to compare the hacked service.odex to the original to verify everything was kosher.
The wife said I can use her phone to try this out on, so ... here goes nothing!
Update: well, it didn't work ....phone didn't boot up (just a black screen with pulsating LED). But at least I didn't brick her phone. At first when I ran adb shell I didn't get a root shell, which got the heart racing a bit since I was thinking WTF am I going to do to restore the services.odex backup I had made. I then tried an adb reboot recovery and that gave me the root shell again. Phew! I think I'm a bit [way] in over my head, but at least I can go to bed without worrying about a bricked phone / staying up all night to learn how to use LG's flash tools (coming from the Samsung GS2, it seemed a lot easier to just boot into download mode and flash ROMs with Odin)

Related

[MOD] Services.jar mod to allow BLN on stock Mms.apk

Hi,
The credits of this mod goes the author montymintypie who made the modification to the services.jar for the GT-I9000.
I only ported the modification's to the GT-I9100 and made a version for both odex and deodex rom's.
Files:
ONE.PT.XXKG6.Services.Patch.BLN.zip
ONE.PT.XXKG6.Services.Patch.BLN.DEODEX.zip
KH3:
ONE.PT.XXKH3.Services.Patch.BLN.zip
XWKI4
ONE.PT.XWKI4.Services.Patch.BLN.zip
ONE.PT.XWKI4.Services.Patch.BLN.DEODEX.zip
liblights are included, be sure to use a kernel that suports BLN and Neldar's BLN app.
Thanks for sicopat for tracking the original author, montymintypie.
Big thanks ,Work finally
Nice to see someone has managed to get this working for the I9100. Very useful
Just got my first Sammy. Come from moto and HTC... Pray tell, what is BLN?
Sent from my GT-I9100 using Tapatalk
alias_neo said:
Just got my first Sammy. Come from moto and HTC... Pray tell, what is BLN?
Sent from my GT-I9100 using Tapatalk
Click to expand...
Click to collapse
The two soft keys at the side of the home button light up when the screen is off, just to show you have a notification
dh2311 said:
The two soft keys at the side of the home button light up when the screen is off, just to show you have a notification
Click to expand...
Click to collapse
Ah ok, mine doesn't do that stock, iv been baffled since I got the phone yesterday that it doesn't have a notification led.
It took me about 5 minutes just staring aimlessly at my phone wondering where my buttons where, when then suddenly I turned the screen on and they lit up.
Soon as I ascertain how easily I can mod the phone and get it to rooted stock uk, and easily back to the stock voda uk it has on it now, I will. It is only a day old after all.
Sent from my GT-I9100 using Tapatalk
Works as advertised. Time to uninstall NoLED on my Galaxy S2...
alias_neo said:
Ah ok, mine doesn't do that stock, iv been baffled since I got the phone yesterday that it doesn't have a notification led.
It took me about 5 minutes just staring aimlessly at my phone wondering where my buttons where, when then suddenly I turned the screen on and they lit up.
Soon as I ascertain how easily I can mod the phone and get it to rooted stock uk, and easily back to the stock voda uk it has on it now, I will. It is only a day old after all.
Sent from my GT-I9100 using Tapatalk
Click to expand...
Click to collapse
Nice story bro.
gusoldier said:
Nice story bro.
Click to expand...
Click to collapse
Rofl xD
Sent from my GT-I9100 using Tapatalk
Can you post a link to the original thread or the changes made to services.jar? Just out of curiosity..I want to know where and what changes are made...
Thanks for finding it, needless to say is very useful. Again thank you!
Works perfectly on Criskelo V10
ONLY thing I miss now, is full compatabillity with scrolling widgets with TW
Not work for me on Litening 5.0 . Now no notification for new SMS. How can I back to original? Tks!
Check the files inside the ZIP you've downloaded and take the same files out of the ZIP of the ROM you're running. Now push those files to your device using the 'adb push' command
Sent from my sgs2
Should this work without any other changes except BLN Pro and correct liblights?
I've done it manually, so exchanged both files on my Litening 5 but seems not to work!? Ideas why?
Use Odex Version for Litening 5, this one is working fine!
Modifications to Services.jar from montymintypie
Modification of the file : services/com/android/server/NotificationManagerService.smali b/smali/com/android/server/NotificationManagerService.smali
Code:
diff -urN a/smali/com/android/server/NotificationManagerService.smali b/smali/com/android/server/NotificationManagerService.smali
--- a/smali/com/android/server/NotificationManagerService.smali
+++ b/smali/com/android/server/NotificationManagerService.smali
@@ -2064,7 +2064,7 @@
:goto_0
iget-boolean v4, p0, Lcom/android/server/NotificationManagerService;->mScreenOn:Z
- if-nez v4, :cond_0
+ [B]#if-nez v4, :cond_0[/B]
iget-object v4, p0, Lcom/android/server/NotificationManagerService;->mLedNotification:Lcom/android/server/NotificationManagerService$NotificationRecord;
@@ -2114,7 +2114,7 @@
iget-boolean v4, p0, Lcom/android/server/NotificationManagerService;->mScreenOn:Z
- if-nez v4, :cond_3
+ [B]#if-nez v4, :cond_3[/B]
.line 1147
iput-boolean v7, p0, Lcom/android/server/NotificationManagerService;->mPendingPulseNotification:Z
please, add credits to montymintypie in first post
sicopat said:
Modifications to Services.jar from Nedlar himself (author of BLN Control)
Modification of the file : services/com/android/server/NotificationManagerService.smali b/smali/com/android/server/NotificationManagerService.smali
Code:
diff -urN a/smali/com/android/server/NotificationManagerService.smali b/smali/com/android/server/NotificationManagerService.smali
--- a/smali/com/android/server/NotificationManagerService.smali
+++ b/smali/com/android/server/NotificationManagerService.smali
@@ -2064,7 +2064,7 @@
:goto_0
iget-boolean v4, p0, Lcom/android/server/NotificationManagerService;->mScreenOn:Z
- if-nez v4, :cond_0
+ [B]#if-nez v4, :cond_0[/B]
iget-object v4, p0, Lcom/android/server/NotificationManagerService;->mLedNotification:Lcom/android/server/NotificationManagerService$NotificationRecord;
@@ -2114,7 +2114,7 @@
iget-boolean v4, p0, Lcom/android/server/NotificationManagerService;->mScreenOn:Z
- if-nez v4, :cond_3
+ [B]#if-nez v4, :cond_3[/B]
.line 1147
iput-boolean v7, p0, Lcom/android/server/NotificationManagerService;->mPendingPulseNotification:Z
please, add credits to nedlar in first post
Click to expand...
Click to collapse
Hi there sicopat,
I never took any credits from anyone. As said in first post, the credits DO NOT belong to me but to the original author.
The implementation that I used had more changes to the code. I am glad that Neldar himself came up with a better solution.
Please see attached file.
Please correct your statement.
Thank you,
Best regards.
no.one.writeme said:
Hi there sicopat,
I never took any credits from anyone. As said in first post, the credits DO NOT belong to me but to the original author.
The implementation that I used had more changes to the code. I am glad that Neldar himself came up with a better solution.
Please see attached file.
Please correct your statement.
Thank you,
Best regards.
Click to expand...
Click to collapse
I know you didn't take the credit for you And my mistack it wasn't Nedlar who made the above modification to Services.jar
I tried the modification above and it worked well
YOU ARE THE ONE WHO TRIED WITH SUCCESS THIS I9000 MOD,
thanks for that
sicopat said:
I know you didn't take the credit for you And my mistack it wasn't Nedlar who made the above modification to Services.jar
I tried the modification above and it worked well
YOU ARE THE ONE WHO TRIED WITH SUCCESS THIS I9000 MOD,
thanks for that
Click to expand...
Click to collapse
Thanks for tracking the original author. Credits updated on first post.
Best regards.
@no.one.writeme
Can you also tell in the first post that the attached files are updated?
Otherwise people will ask if the files contain the updated services.jar.
Great work. Creating Nandroid as we type...
mccune said:
@no.one.writeme
Can you also tell in the first post that the attached files are updated?
Otherwise people will ask if the files contain the updated services.jar.
Great work. Creating Nandroid as we type...
Click to expand...
Click to collapse
Hi,
The attached services.7z file is the original file of which I based the port I made. I believe it from a XXJVQ firmware from the SGS Galaxy S.
The MOD files for the SGS II are only in the first post.
Best regards,

[MOD][SecPhone] Enable Call Recording on Jelly bean

This is a simple howto enable Call recording on the Galaxy S3 Firmewares for Jelly bean Roms.
If you take a look at the source code, you will notice that call rec is default enabled for some Countries (KOR,JAP...), what i did is just enabling it after all CSC checks.
You need to decompile SecPhone.apk, use my repacked Apk_Manager (it should work for any ICS file 4.0.3/4.0.4/4.1.1).
Open "SecPhone.apk\smali\com\android\phone\PhoneFeature .smali", go to "makeFeature()V" method, and make the changes :
Code:
.line 792
invoke-static {}, Lcom/android/phone/PhoneFeature;->makeFeatureForJapan()V
.line 796
:cond_d
invoke-static {}, Lcom/android/phone/PhoneFeature;->makeFeatureForUsa()V
.line 797
[COLOR=Green] ++sget-object v0, Lcom/android/phone/PhoneFeature;->mFeatureList:Ljava/util/HashMap;
[/COLOR] [COLOR=Green] ++const-string v2, "voice_call_recording"
[/COLOR] [COLOR=Green] ++const/4 v4, 0x1
[/COLOR] [COLOR=Green] ++invoke-static {v4}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
[/COLOR] [COLOR=Green] ++move-result-object v3
[/COLOR] [COLOR=Green] ++invoke-virtual {v0, v2, v3}, Ljava/util/HashMap;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;[/COLOR]
return-void
Compile and enjoy.
Attached cwm patch works on Deodexed LI2 Roms only.
Nice.
Tried it and it worked properly. Great work as always.
great mod,
mate, can you please provide a CWM recovery path for DLI1 firmware too?
thanks
This only works for stock roms right? SlimBean for instance has no SecPhone.asp.
Hy wanam,
please could you make a XXDLI5 version ?
I tried the apk manager but when decompiling i get errors....
First time doing this and I get a "java not installed"
where do I put this thing to get java working when It IS installed on my PC??
Thanks.
Hy wanam,
i extracted the secphone.apk from your wanamlite 3.3 and put it in mey kristofpetho JB 1.6 rom and works perfect. So not need anymore
MasterTB said:
First time doing this and I get a "java not installed"
where do I put this thing to get java working when It IS installed on my PC??
Thanks.
Click to expand...
Click to collapse
Is your java set up correctly? is it in your path?
apk manager is best used in the root of c drive
That's what I thought and there's where I put it but I still get the error. Win7 32bits and 64bits...
Same issue on both pc's.
MasterTB said:
That's what I thought and there's where I put it but I still get the error. Win7 32bits and 64bits...
Same issue on both pc's.
Click to expand...
Click to collapse
dirty fix:
install BOTH 32 bit & 64 bit version...one should go in programs, the other should auto install in x86 programs
no guarantees....
java doesnt seem to like w7 64bit..it messes around with folder locations and reg entries
Hi, I can't understand how to "use" (install) this Apk_Manager so I can decompile SecPhone.apk. Do you install it on the S3? on the computer?? How? I just can't get it working. Sorry & Thanx for the hepl!
Can you please provide a CWM recovery path for DLI7 firmware too? Thank's
bhavadas said:
Hi, I can't understand how to "use" (install) this Apk_Manager so I can decompile SecPhone.apk. Do you install it on the S3? on the computer?? How? I just can't get it working. Sorry & Thanx for the hepl!
Click to expand...
Click to collapse
same doubts.
OP can you plz elaborate a bit more for noobs like me ?
bhavadas said:
Hi, I can't understand how to "use" (install) this Apk_Manager so I can decompile SecPhone.apk. Do you install it on the S3? on the computer?? How? I just can't get it working. Sorry & Thanx for the hepl!
Click to expand...
Click to collapse
NOT install just unzip on your PC C:drive
put you need to modify apk on the place-apk-here-for-modding
click script
Here is XXDLI7 latest JB leak deodexed and moded SecPhone.apk with call recording.
Thank's to Wanam.
ausdim said:
Here is XXDLI7 latest JB leak deodexed and moded SecPhone.apk with call recording.
Thank's to Wanam.
Click to expand...
Click to collapse
Doesn't work
Sent from my GT-I9300 using xda premium
M_aqui said:
Doesn't work
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
Working good.
You are doing something worng.
This is for deodexed roms.
If you have odexed dont forget to delete SecPhone.odex
Sent from my GT-I9300 using Tapatalk 2
ausdim said:
Working good.
You are doing something worng.
This is for deodexed roms.
If you have odexed dont forget to delete SecPhone.odex
Sent from my GT-I9300 using Tapatalk 2
Click to expand...
Click to collapse
You're right, I forgot to delete SecPhone.odex
Thank's :good:
Nice work wanam! does it work on CM10? Or CM9 for your ICS fix?
Its not working for me, maybe my mistake, I try it again..
Sent from my GT-I9300 using xda app-developers app

[Security Fix - Update] USSD Codes can remotly wipe your data

In the www the info is spread that its possible to remote whipe devices with USSD codes. More info here:
Remote wipe attack not limited to Samsung phones, Android dialer may be to blame
and here:
http://dylanreeve.posterous.com/remote-ussd-attack
I immediatly took a look at our sense code on smali level and "fixed" that issue. I put that fixed into quotes because of follwing things:
Just because your Imei shows when executing this "security test" doesnt automatically mean your phone is vulnarable:
Code:
.method static handleChars(Landroid/content/Context;Ljava/lang/String;ZLandroid/widget/EditText;Landroid/content/res/Resources;)Z
.locals 2
invoke-static {p1}, Landroid/telephony/PhoneNumberUtils;->stripSeparators(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-static {p0, v0, p2, p4}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handleIMEIDisplay(Landroid/content/Context;Ljava/lang/String;ZLandroid/content/res/Resources;)Z
move-result v1
if-nez v1, :cond_0
invoke-static {p0, v0}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handlePinEntry(Landroid/content/Context;Ljava/lang/String;)Z
move-result v1
if-nez v1, :cond_0
invoke-static {p0, v0, p3, p4}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handleAdnEntry(Landroid/content/Context;Ljava/lang/String;Landroid/widget/EditText;Landroid/content/res/Resources;)Z
move-result v1
if-nez v1, :cond_0
invoke-static {p0, v0}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handleSecretCode(Landroid/content/Context;Ljava/lang/String;)Z
move-result v1
if-eqz v1, :cond_1
:cond_0
const/4 v1, 0x1
:goto_0
return v1
:cond_1
const/4 v1, 0x0
goto :goto_0
.end method
The handlechars method is called when text/numbers are entered via the dialpad. In this method you can see four submethods:
handleIMEIDisplay
handlePinEntry
handleAdnEntry
handleSecretCode
Means that the display of imei and executing the USSD Codes
(handleSecretCode method) is handled in different methods.
In the handleSecretCode there are a few hadcoded commands that are executed, like:
com.android.phone.NetworkModeSelectionActivity or com.android.phone.CallFeaturesSetting
which arent dangerous, there are two sendBroadcasts commands though
which are sending the command with a android.provider.Telephony.SECRET_CODE intent
One of those is limted to commands that are starting with
*#*#
Click to expand...
Click to collapse
or ending with
*#*#
Click to expand...
Click to collapse
. So if USSD commands are always starting with
*
Click to expand...
Click to collapse
, which is also said in the article, that one isnt dangerous.
Please read the update at the bottom.
The other one is just executed when the phonetype is 2:
Code:
const/4 v10, 0x2
const/4 v5, 0x1
.....
invoke-virtual {v3}, Landroid/telephony/TelephonyManager;->getPhoneType()I
move-result v7
The phonetype 2 is:
Phonetype 2
and the broadcast is also sent with the beggining string:
android_secret_code://cdma
Click to expand...
Click to collapse
....so this broadcast shouldnt affect us and isnt dangerous as well.
No guaranties that im right with my guess. But for those that are still frightend, do the follwing:
Code:
.method static handleChars(Landroid/content/Context;Ljava/lang/String;ZLandroid/widget/EditText;Landroid/content/res/Resources;)Z
.locals 2
invoke-static {p1}, Landroid/telephony/PhoneNumberUtils;->stripSeparators(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-static {p0, v0, p2, p4}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handleIMEIDisplay(Landroid/content/Context;Ljava/lang/String;ZLandroid/content/res/Resources;)Z
move-result v1
if-nez v1, :cond_0
invoke-static {p0, v0}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handlePinEntry(Landroid/content/Context;Ljava/lang/String;)Z
move-result v1
if-nez v1, :cond_0
invoke-static {p0, v0, p3, p4}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handleAdnEntry(Landroid/content/Context;Ljava/lang/String;Landroid/widget/EditText;Landroid/content/res/Resources;)Z
#move-result v1
#if-nez v1, :cond_0
#invoke-static {p0, v0}, Lcom/android/htcdialer/widget/SpecialCharSequenceMgr;->handleSecretCode(Landroid/content/Context;Ljava/lang/String;)Z
#move-result v1
if-eqz v1, :cond_1
:cond_0
const/4 v1, 0x1
:goto_0
return v1
:cond_1
const/4 v1, 0x0
goto :goto_0
.end method
its in the HtcDialier.apk,
android/htcdialer/widget/SpecialCharSequenceMgr.smali
this will deactivate the call for the handleSecretCode method where the possible dangerous commands could be executed.
This should work, from my interpretation of the code..I'm not responsible if it doesnt work and your phone data is still vulnarable.
If you comment out the call for the Imei window and start the security test again you will notice though that you imei shouldnt show anymore liek before.
I will attach my already modified version, should work on all 2.17 based roms...and also earlier.
Cheers, Jan
Update:
HTC secret codes for HTC One X
*#*#7780#*#* = factory reset !! BE CAREFUL!
##4772579# = reset GPS - working?
*2767*3855# = factory format !! BE CAREFUL!
*#*#197328640#*#* = service mode? - after two tests seems to be NOT WORKING
Click to expand...
Click to collapse
...would mean that if *#*#7780#*#* will work, theres a risk that this command is sent via the 1st broadcast I explained, means that there could be a danger.
But if you test it you will see that none of those codes affect us in any way.
Great job, you're really fast!
EDIT: installation fails on my HOX.. it asks me if I want to replace this system app and when I say OK it fails installation.
Slaytanic said:
Great job, you're really fast!
EDIT: installation fails on my HOX.. it asks me if I want to replace this system app and when I say OK it fails installation.
Click to expand...
Click to collapse
you need to push it to system/app with adb. You cant install it.
I will create a flashable zip in a few...
EDIT: flashabel zip attached.
When try to install this apk he decline, shoul substitute in the system directly?
---------- Post added at 08:07 AM ---------- Previous post was at 08:05 AM ----------
j4n87 said:
you need to push it to system/app with adb. You cant install it.
I will create a flashable zip in a few...
EDIT: flashabel zip attached.
Click to expand...
Click to collapse
Already answer
j4n87 said:
you need to push it to system/app with adb. You cant install it.
I will create a flashable zip in a few...
EDIT: flashabel zip attached.
Click to expand...
Click to collapse
You're too fast :good: Thanks! I'll donate for your marriage
Great, I done testing by myself yesterday..
My HOX prompt out my IMEI, OMG..
Thanks for the FIX..
You're even faster than Samsumg..
HTC should voices out and fix it ASAP too..
Thanks
This is a little over my head but did the test and my IMEI showed up so I guess im vulnerable, thanks for the fix.
I did the test...Nothing happened, no dialer run, no showing #06, no IMEI appeared, loaded like plain link....Do i need install this fix??
ROM - ViperX 2.7.1, Browser - Opera :cyclops:
TAGTRAUM said:
I did the test...Nothing happened, no dialer run, no showing #06, no IMEI appeared, loaded like plain link....Do i need install this fix??
ROM - ViperX 2.7.1, Browser - Opera :cyclops:
Click to expand...
Click to collapse
read somewhere that only stock browsers are vulnerable. Opera, Chrome, Firefox etc. should be fine...
TAGTRAUM said:
I did the test...Nothing happened, no dialer run, no showing #06, no IMEI appeared, loaded like plain link....Do i need install this fix??
ROM - ViperX 2.7.1, Browser - Opera :cyclops:
Click to expand...
Click to collapse
All HTC Sense devices are affected...this browser thing seems to work just on stock browser though. But keep in mind that those codes ca be sent via sms as well.
Please read my article carefully again, then you can decide on your own if you want to flash this patch or not.
robocik said:
read somewhere that only stock browsers are vulnerable. Opera, Chrome, Firefox etc. should be fine...
Click to expand...
Click to collapse
correct, but as mentioned above those codes could be sent via sms as well.
btw...you are alive! =P
Imo theres really no danger concerning this codes.
the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src="tel:*2767*3855%23" />
Click to expand...
Click to collapse
I didnt tested it myself, but through my code analysis this code should never execute on our sense One X devices.
Please check the updated OP at the bottom.
Just made a quick fix app for those that don't want to alter their dialers - http://forum.xda-developers.com/showthread.php?t=1908170
j4n87 said:
All HTC Sense devices are affected...this browser thing seems to work just on stock browser though. But keep in mind that those codes ca be sent via sms as well.
Please read my article carefully again, then you can decide on your own if you want to flash this patch or not.
Click to expand...
Click to collapse
Nope, it works on chrome too.
I am using an AOSP contacts/dialer hybrid and I see the IMEI when visiting the page linked in OP (through chrome).
Now, I tried to fix the code part in the dialer I use but I get FCs after installing, no matter if I sign the apk or not.
But I trust you fully if you say that there should be no effect on our One X as there is no Facotry Reset code to be run through the dialer.
Also, I have a nandroid around which is never really older than 2 weeks and my apps backup and sync to Drive every other day.
Btw, I attached the apk if you want to have a look.
pandata000 said:
Just made a quick fix app for those that don't want to alter their dialers - http://forum.xda-developers.com/showthread.php?t=1908170
Click to expand...
Click to collapse
planned that as well, but dont have ecplise at work =D.
Good work m8, linked it in the first post above the attachments.
I update the dial but lose the red venon dial, if i run the redvenon zip this invulnerability comes again, right?
samarain said:
I update the dial but lose the red venon dial, if i run the redvenon zip this invulnerability comes again, right?
Click to expand...
Click to collapse
Yepp
Sent from my HTC One X using xda premium
Great work Jan! I knew someone in XDA will fix the problem
Flashed .zip file via CWM, after rebooting my phone I went to this http://dylanreeve.com/phone.php page to check if this working, the IMEI thing poped up anyway. Does this thing works? How can I check that?
ViTAMiNCHEG said:
Flashed .zip file via CWM, after rebooting my phone I went to this http://dylanreeve.com/phone.php page to check if this working, the IMEI thing poped up anyway. Does this thing works? How can I check that?
Click to expand...
Click to collapse
please reread the OP.
Samsung have the same problem
Anyway thx for the fix
Sent from my HTC One X using XDA Premium App

[MOD/ HOW TO] Enable WiFi Tethering

THIS IS FOR THE BRAVE PEOPLE ONLY!!!
I deodexed my own system in order to do this modification.
I replaced the files manually using an on device file explorer.
I do not recommend doing this if you aren't comfortable dealing with smali.
I got tethering working by modifying:
TetheringProvision.apk
/com/sec/tetheringprovision/TetheringProvisionActivity$5.smali
--return -1 instead of 0
Code:
.line 990
iget-object v0, p0, Lcom/sec/tetheringprovision/TetheringProvisionActivity$5;->this$0:Lcom/sec/tetheringprovision/TetheringProvisionActivity;
[COLOR=Red]-- const/4 v1, 0x0
[/COLOR][COLOR=YellowGreen]++ const/4 v1, -0x1[/COLOR]
#calls: Lcom/sec/tetheringprovision/TetheringProvisionActivity;->sendResult(I)V
invoke-static {v0, v1}, Lcom/sec/tetheringprovision/TetheringProvisionActivity;->access$800(Lcom/sec/tetheringprovision/TetheringProvisionActivity;I)V
Click to expand...
Click to collapse
&&
/com/sec/tetheringprovision/TetheringProvisionActivity$TetheringPlanCheckTask.smali
--change auth links to localhost
Code:
.line 1081
const-string v0, "[COLOR=Red]127.0.0.1[/COLOR]"
iput-object v0, p0, Lcom/sec/tetheringprovision/TetheringProvisionActivity$TetheringPlanCheckTask;->ATTTetheringPlanCheckURL:Ljava/lang/String;
.line 1082
const-string v0, "[COLOR=Red]127.0.0.1[/COLOR]"
iput-object v0, p0, Lcom/sec/tetheringprovision/TetheringProvisionActivity$TetheringPlanCheckTask;->ATTMHSPlanCheckURL:Ljava/lang/String;
Click to expand...
Click to collapse
It fails the authentication quickly and anonymously by calling localhost (127.0.0.1) and allows hot spot enabling after.
The modified APK is attached. Rename existing APK and ODEX file to .BAK then place modded APK in system/app and reboot.
UPDATE: The attached APK is out of date and obsolete. See my dev-resources thread for an updated deodexed system installer based on the newest system release that includes this mod.
I'm content with just using Foxfi/PDANet, haha. Works fine, i tested it last night
nice, thanks for the info OP!
breakingspell said:
I'm content with just using Foxfi/PDANet, haha. Works fine, i tested it last night
Click to expand...
Click to collapse
Does the S4 need to be rooted to use Foxfi/pdanet?
newbie101 said:
Does the S4 need to be rooted to use Foxfi/pdanet?
Click to expand...
Click to collapse
Supposedly not, that's their selling point.
I guess I'm not that familiar with .smali but how did you get root permission?
Sent from my SAMSUNG-SGH-I337 using xda premium
n311.dunkle said:
I guess I'm not that familiar with .smali but how did you get root permission?
Sent from my SAMSUNG-SGH-I337 using xda premium
Click to expand...
Click to collapse
Really man? How did he root? Spend 30 seconds looking at the forum.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
geoldr said:
Really man? How did he root? Spend 30 seconds looking at the forum.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
Click to expand...
Click to collapse
Harsh much? The "original" Android development forum had one topic and one sticky. I didn't even think to look there. My bad but seriously I hate when people post rude comments that don't even answer the question asked. Keep it to yourself if you don't feel like being helpful.
Sent from my SAMSUNG-SGH-I337 using xda premium
Since you modified the apk already we should be able to push the apk into the system and change the permissions using a root Explorer. Even if you mess up this apk won't brink anything. The worst case is your tethering just won't work. You can even just rename the old system files to .bak just incase.
Can you post up the modified apk...
Sent from my SAMSUNG-SGH-I337 using xda premium
breakingspell said:
I'm content with just using Foxfi/PDANet, haha. Works fine, i tested it last night
Click to expand...
Click to collapse
I jut tried the free version to see if it would work, and it did not work for me.
BigDogPooh said:
Since you modified the apk already we should be able to push the apk into the system and change the permissions using a root Explorer. Even if you mess up this apk won't brink anything. The worst case is your tethering just won't work. You can even just rename the old system files to .bak just incase.
Can you post up the modified apk...
Sent from my SAMSUNG-SGH-I337 using xda premium
Click to expand...
Click to collapse
Posted modded APK in OP.
alwayslearning said:
I jut tried the free version to see if it would work, and it did not work for me.
Click to expand...
Click to collapse
You installed PDAnet from their website, right? The Foxfi branded version is blocked for AT&T customers on the play store
breakingspell said:
You installed PDAnet from their website, right? The Foxfi branded version is blocked for AT&T customers on the play store
Click to expand...
Click to collapse
yes I did, I only installed FoxFi off the PDA site because it could be tired before you buy. Has anyone else gotten the free one to work? Or do you need to have the full version?
alwayslearning said:
yes I did, I only installed FoxFi off the PDA site because it could be tired before you buy. Has anyone else gotten the free one to work? Or do you need to have the full version?
Click to expand...
Click to collapse
The free version works fine for me, no extra configuration or anything. Are you rooted?
breakingspell said:
The free version works fine for me, no extra configuration or anything. Are you rooted?
Click to expand...
Click to collapse
no I am full stock, but I do need this to work. I will re-download and re-install to see if that works.
alwayslearning said:
no I am full stock, but I do need this to work. I will re-download and re-install to see if that works.
Click to expand...
Click to collapse
I'm rooted, but PDAnet never requested root access. Does it give you a specific error or message?
breakingspell said:
I'm rooted, but PDAnet never requested root access. Does it give you a specific error or message?
Click to expand...
Click to collapse
it just stops and says "unfortunately, FoxFi has stopped
I think you guys should make a discussion thread for FoxFi in another section.
Please keep discussion here in regard to the posted mod.
breakingspell said:
I'm rooted, but PDAnet never requested root access. Does it give you a specific error or message?
Click to expand...
Click to collapse
okay, I got it to work :good:
I had gone to the FoxFi website like it said in the store, I now went to PDANet+ site and downloaded the bundle and it worked, thanks for the tip this will help a lot until the custom ROMs come out.
Thanks for this. I will def try it out when I get my phone. can't wait to start hacking it.

[DEVS][Safestrap][How-To] Reboot To Safestrap Recovery Via Power Menu

So First; we must thank @Hashcode for hos wonderful Safestrap Recovery That allows us to flash custom ROMs even though we have a locked Bootloader
In this Guide I will show you how to edit your power menu to change the reboot recovery from going to the recovery partition to going to Safestrap
This is independent of the safestrap app, IF AND ONLY IF the safestrap image is on the phone already
This is only for devs who want to incorporate this into their rom and I will not be answering questions on how to do this as even a beginner dev can manage this
I only ask that credit be given to @Hashcode, @Goldie @RErick and AllianceROM and that the supplied script not be changed or modified in anyway,
This is being shared freeley and a little thanks goes a long way
First thing is first
You will need to Decompile android,policy,jar
Look for globalactions$99$1.smali
Inside this smali file you will need to find
.method public onClick(Landroid/content/DialogInterface;I)V
and then look for this set of lines its at the very top
Code:
const/4 v2, 0x1
const/4 v3, 0x0
sget v0, Lcom/android/internal/policy/impl/GlobalActions$SinglePressAction;->rebootMode:I
const/4 v1, -0x1
if-le v0, v1, :cond_0
sget v0, Lcom/android/internal/policy/impl/GlobalActions$SinglePressAction;->rebootMode:I
Directly underneath that last line above add these lines
Code:
const/4 v1, 0x3
if-eq v0, v1, :cond_4
Now, at the very bottom of the same method, directly above the line that says
Code:
goto :goto_1
You will add these lines
Code:
goto :goto_1
:cond_4
const-string v1, "su -c /system/bin/recrbt.sh"
invoke-static {}, Ljava/lang/Runtime;->getRuntime()Ljava/lang/Runtime;
move-result-object v2
invoke-virtual {v2, v1}, Ljava/lang/Runtime;->exec(Ljava/lang/String;)Ljava/lang/Process;
Thats it for the jar file. Save and recompile and then I have attached a zip with the needed script inside that needs to be placed in
/system/bin and permissions set to 0755
Or if on a clean flash, dont worry about permissions.
:good:
Great job :thumbup:
Sent from my SCH-I545 using XDA Premium 4 mobile app
Surge1223 said:
Great job :thumbup:
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Thanks Bro!
This is one of those things that will benefit the entire community and shouldnt be kept to
ourselves. This shouldnt be an Alliance exclusive as much as I want it to be.:good:
Surge1223 said:
Great job :thumbup:
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Oh, and you need to get an AllianceROM dev signature like the rest of us:highfive::good:
Nice write up, appreciate this...I never implemented the 4-way reboot method just because of Safestrap. Appreciate you sharing
Edit: Just put this together and tested, works as advertised...thanks again. Interesting that the OS asks for root privileges for this action.
Excellent write up!
If this was implemented into Roms what effect would it have on DE users who are not strapped to SS?
awesome ryan and u shared!!
ps it wont work for dev editions u gotta get creative and have both in there
BeansTown106 said:
awesome ryan and u shared!!
ps it wont work for dev editions u gotta get creative and have both in there
Click to expand...
Click to collapse
Did younever get that figured out?
oh, a crafty dev could also make TWO ROMs. The only difference being the ap jar
RErick said:
Did younever get that figured out?
oh, a crafty dev could also make TWO ROMs. The only difference being the ap jar
Click to expand...
Click to collapse
OR....:sly:
Sent from my SCH-I545 using XDA Premium 4 mobile app
Surge1223 said:
OR....:sly:
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Hey! I need that! Optimize ftw!
NIce on RErick!!
This is sweet. Thank you.
Wanted to add, I did this on a S4 and worked perfectly.
Just wondering if this would work on a aosp rom made for s4 safestrap. I got it to work on tw for safestrap. Just wondering if any one has tried.
Surge1223 said:
OR....:sly:
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
If you don't mind me asking, what Optimize System script are you using and also could you possibly share that script?
Nice
Good deal. Thanks for this. Gonna get this working today on DB

Categories

Resources