Related
*** OTADelusion is no longer available ***
Use fastboot flash update instead - guide.
Code:
[B]*** Disclaimer[/B]
If you wish to follow the instructions in this post, you agree that -
* Your warranty is void.
* I do not offer any guarantees that this will work or that it won't cause any
bad side effects.
* You alone are responsible for any damages or other issues that may arise
directly or indirectly because of this.
This has undergone basic testing on multiple devices running supported ROMs, but
again, there are no guarantees. Use it at your own risk.
In particular, OTA updates have not been tested on rooted devices.
Introduction
What Is This?
The FonePad 7 has a very secure stock ROM that is not vulnerable to any known exploit. But fortunately for us, Asus introduced their own vulnerability in it, which we can take advantage of. This is a guide that will help you root your FonePad 7 using that vulnerability.
How Does It Work?
Overplayed, Cool-Sounding Version
OTADelusion exploits multiple critical security vulnerabilities in the over-the-air update mechanism employed by the FonePad 7 -
The update delta packages are delivered to the device through an unencrypted medium.
The device can be configured to use any DNS server and it does not verify DNS query responses.
The package verification process relies on an asymmetric key-pair whose private key is compromised.
A man-in-the-middle attack is performed while downloading an OTA update by forcing the device to use a rogue DNS server which directs the device to connect to a rogue web server. This web server serves malicious update packages with forged cryptographic signatures. These update packages are designed to install a permanent backdoor in the device, allowing the user full access to it.
Down-To-Earth Version
Someone at Asus forgot the 'S' in 'HTTPS'
Someone at Asus forgot to replace the test Android signing key with their own
1 + 2 = Pwnage
What Do I Need To Use It?
A FonePad 7 running a supported version of the stock ROM (check the section below for a list of supported versions)
A working Wi-Fi connection (this will NOT work on 2G or 3G)
Supported ROM Versions
Go to Settings -> About tablet and check the "Build number" field
3.2.2 - NOT supported. Upgrade to 3.2.4
3.2.4 - Supported (WW and TW)
5.1.6 - NOT supported. I need volunteers to help me test.
5.2.2 - Supported (WW)
5.2.5 - NOT supported. May be added in the future. Check this thread for updates.
Click to expand...
Click to collapse
Installation Instructions
Follow these steps -
Read the disclaimer at the top of this post.
Make sure you're connected to a WiFi connection, NOT 2G/3G.
Go to Settings -> About tablet -> System Update and check for updates.
When you see the update prompt, select "NO"
Go to Settings -> Apps -> scroll to the "All" tab -> CMClient
Press the "Force Stop" button
Press the "Clear Data" button
Repeat the above steps with DMClient in the Apps list
Go to Settings -> WiFi -> long press on your network -> Modify Network and follow these steps -
Set IP Settings to "Static"
Note down the values of DNS 1 and DNS 2 somewhere.
Set DNS 1 to <snip>
Make DNS 2 blank
At this point, your Internet connection will stop functioning correctly. This is intended and temporary.
Repeat step 3. If it shows an error, reboot and repeat this step.
Make sure you get an update called "OTADelusion".
Download and install the update.
After reboot, go back to WiFi settings and restore the previous values of DNS 1 and DNS 2.
You now have root. Enjoy! But also be careful - there is currently no way to de-brick this device if you screw up.
Click to expand...
Click to collapse
Changelog
v0.2 - February 27, 2014
Added v5.2.2 WW.
Works on v3.2.4 WW, v3.2.4 TW, v5.2.2 WW.
v0.1 - January 24, 2014
Initial version.
Works on v3.2.4 WW and TW.
Click to expand...
Click to collapse
Thanks To/Credits
Code:
* XDA members (in alphabetical order) d0p3d, eagleofdeath13, fabiocr, Fuad.kh,
Lord Childe and MEHRDAD595, for testing.
* Chainfire, for SuperSU.
* Asus, for leaving one last security hole.
Status
Running an update server costs actual money, so I won't be able to keep it running indefinitely. I expect to be able to keep it running through 2014 at least, but there are no guarantees. It can go offline at any time. The address mentioned may also change at times. This post will be updated if that happens. Server taken down because there is now an offline method.
Current Server Status: Offline
Thanks for the hard work man, hope you are able to solve the other versions as well. :good:
Hey, just a thinking. If Asus can update the "update" app, maybe you can too, and then send any updates (and modification) you want, no?
If it's possible, we have a big posibility in here i think
eagleofdeath13 said:
Hey, just a thinking. If Asus can update the "update" app, maybe you can too, and then send any updates (and modification) you want, no?
If it's possible, we have a big posibility in here i think
Click to expand...
Click to collapse
It's certainly possible, but a much cleaner solution would be to get a working recovery. The bootloader is locked, but it looks like it's not encrypted. There may be a way to make it accept a custom recovery.
But we need someone who's willing to take the risk of possible bricking and test the recovery on their device.
I think that it could be a good idea to open one of our devices, to see if there's some JTAG (or thing like that) to have a fully trustable backup option.
after rooting my ME372CG, can it download upgrading package automatically and upgrade to newer version firmware?
thanks.
qianw said:
after rooting my ME372CG, can it download upgrading package automatically and upgrade to newer version firmware?
Click to expand...
Click to collapse
It hasn't been tested yet. I would suggest you don't, at least until somebody else confirms that it works.
I do suspect that there is some code in the OTA package that triggers a ROM verification in the bootloader, but I'm not sure.
Either way, if somebody's willing to take the risk, let me know. I can make a modified update package that should reduce the risk of bricking.
Hi, Dr. Psycho
Thank you for your quick reply.
I am using 5.2.2 firmware, so need to waiting for next rooting opportunity..
BTW, after rooting, if can't download upgrading package automatically, is there any way to flash the package manually (if i can download it from somewhere)?
Dr. Psycho said:
It hasn't been tested yet. I would suggest you don't, at least until somebody else confirms that it works.
I do suspect that there is some code in the OTA package that triggers a ROM verification in the bootloader, but I'm not sure.
Either way, if somebody's willing to take the risk, let me know. I can make a modified update package that should reduce the risk of bricking.
Click to expand...
Click to collapse
qianw said:
BTW, after rooting, if can't download upgrading package automatically, is there any way to flash the package manually (if i can download it from somewhere)?
Click to expand...
Click to collapse
The only way is to do what I'm doing with this guide. You'll need to run a fake DNS server and a web server and fool the tablet into downloading your package. If you're on the latest version of the stock ROM, you'll need to either patch the DMClient app or install a self-signed CA certificate (not through Settings, you'll need to copy it to /system).
This thread has a lot of information for those interested, especially in the last ten or so pages: http://forum.xda-developers.com/showthread.php?t=2514714
EDIT: Just realized you might talking about official updates. Those will be downloadable and installable, but we don't know if it'll work. It might brick your device.
What I wrote above was for custom mods.
This will all become much easier if we get a working recovery.
Yes, I mean official ROM upgrading after rooting. Sorry for the confusing.
I am waiting for Android 4.4, I don't know when Asus can release it for ME372CG. I don't want rooting affect ROM upgrading in the future.
Your answer is quite clear, thanks!
Dr. Psycho said:
The only way is to do what I'm doing with this guide. You'll need to run a fake DNS server and a web server and fool the tablet into downloading your package. If you're on the latest version of the stock ROM, you'll need to either patch the DMClient app or install a self-signed CA certificate (not through Settings, you'll need to copy it to /system).
This thread has a lot of information for those interested, especially in the last ten or so pages: http://forum.xda-developers.com/showthread.php?t=2514714
EDIT: Just realized you might talking about official updates. Those will be downloadable and installable, but we don't know if it'll work. It might brick your device.
What I wrote above was for custom mods.
This will all become much easier if we get a working recovery.
Click to expand...
Click to collapse
Hello all!!!
Dr. Psycho, I confirm your solution is working!!!!.... Thank you very much... I bought the device today, based on your solution to root the phone... Thank you again...
Theodore
Thanks! working great here
I noticed that some JP (as opposed to WW and TW) FonePad 7 users are trying to use my server to root. The JP version isn't supported yet (I didn't even know it existed). I can add it if someone with the JP version could help me get some values from their device. It'll only take a couple of minutes. Send me a private message if you're interested.
To check if you're using the JP version, go to Settings -> About tablet and check the "Build number" field. It should say "JP" somewhere in the middle.
Botto00 rooted the original Fonepad and made it Flash capable. There are several Flash browsers (Photon, Flashfox, Puffin), but because the Flash stream is redirected it's not a good viewing experience. I was wondering If you had any plans to incorporate Flash in your rooting method? I've already taken advantage of your root and maybe it's too late anyhow.
Lord Childe said:
I was wondering If you had any plans to incorporate Flash in your rooting method?
Click to expand...
Click to collapse
Have you tried this?: http://forum.xda-developers.com/showthread.php?t=1931699
Lord Childe said:
I've already taken advantage of your root and maybe it's too late anyhow.
Click to expand...
Click to collapse
If I did come up with patches or ROMs, already having root would't be a problem at all. It shouldn't be too hard to make an app that instructs the bootloader to flash a package like DMClient does. Even if it turns out to be difficult, with root access, I can easily hijack the update-checking mechanism with a self-signed CA certificate and a web server, similar to how we're achieving root right now.
I did in fact have plans to make a recovery or at least an app that would act like a minimalistic recovery and let you flash recovery packages. The problem is, I'd need either a test device or a daring volunteer. And time too - I don't have much of that right now.
Dr. Psycho said:
Have you tried this?: http://forum.xda-developers.com/showthread.php?t=1931699
If I did come up with patches or ROMs, already having root would't be a problem at all. It shouldn't be too hard to make an app that instructs the bootloader to flash a package like DMClient does. Even if it turns out to be difficult, with root access, I can easily hijack the update-checking mechanism with a self-signed CA certificate and a web server, similar to how we're achieving root right now.
I did in fact have plans to make a recovery or at least an app that would act like a minimalistic recovery and let you flash recovery packages. The problem is, I'd need either a test device or a daring volunteer. And time too - I don't have much of that right now.
Click to expand...
Click to collapse
I quite understand time limitations working on stuff like this - I think everyone appreciates the time and effort you've spent on rooting Fonepad 7.
I followed the procedure in the link. Unfortunately, it doesn't work... maybe that fix is for machines that still support Flash.
Would I dare to volunteer? Hmm... now that I've got root I don't think I would risk it.
Lord Childe said:
I followed the procedure in the link. Unfortunately, it doesn't work... maybe that fix is for machines that still support Flash.
Click to expand...
Click to collapse
I'll give it a try when I get my tablet back and see if I can get it to work.
Lord Childe said:
Would I dare to volunteer? Hmm... now that I've got root I don't think I would risk it.
Click to expand...
Click to collapse
I don't blame you. I wouldn't suggest testing unless you really don't care if you brick the tablet.
thumbs up for 5.2.2 :highfive:
USB OTG
Hi, i know this is not the right tread to ask but since there is not forum about our tablet i'll ask here. I have a fonemap 7 ME372GC the 4 GB version (witch by the way doesn't appear on Asus page) and i'm not able to use usb OTG. Is this not possible on our tablets or does mine have something wrong? I have 5.22 rom version andoid 4.3. I use an OTG cable witch is working on my HTC One
Thank you for your help
Let's root it again
Hi Dr. Psycho,
I just got a Asus fonepad 7 model: k00E (ME372CG) and I will put some more data about this device:
- Firmware version: 54.2F
- Android version: 4.2.2
- Baseband version: 1338G_1.12.0_0913
- Kernel version : 3.4.34-00006-gc3b491f
[email protected] #1
Fri Sep 13 21:24:31 CST 2013
- Build number: JDQ39.WW_epad-V3.2.1-20120913
000053_201307241030
It seems as this is the older version of the build then 3.2.4 but it is well WW.
Should I upgrade to version 3.2.4 (and can you explain me how to do this but still to avoid ASUS upgrading to even newest version) or may I try to update this "OTADelusion" update directly with this "old" build number following the instructions ?
And is there any risk of bricking my device with rooting following this method as you stated that there is no way to de-brick Asus fonepad 7 yet ?
Or is there any other (older and safer) way to root this older build version except this "OTADelusion" ?
Thanks in advance !
Cheers !
Hello,
I done everything. Installed BUSYBOX Pro . Tried DSPLOIT, ZANTI, WI.CAP. Any sniffers do not work on my device .
It is ROOTED 4.4.2 kitkat flashed wtih werewolf custom rom.
Can anyone help me to run apps like this?
Gradz,
Head16
Head16 said:
Hello,
I done everything. Installed BUSYBOX Pro . Tried DSPLOIT, ZANTI, WI.CAP. Any sniffers do not work on my device .
It is ROOTED 4.4.2 kitkat flashed wtih werewolf custom rom.
Can anyone help me to run apps like this?
Gradz,
Head16
Click to expand...
Click to collapse
Dude, seriously? If you don't see what's wrong with your question then you shouldn't be playing
with those things. Lot's of reading and learning must you do, hmmm?
Yoda
okay, slightly dickish answer sorry.
you need certain abilities enabled at the kernel/driver level for some of the things you want
to do. which maybe be as relatively simple as patching kernel source and rebuilding or may require
rev-eng'ing proprietary drivers/binaries additionally.
you may be better served to researched a device more naturally endowed with these capabilities,
alternately a device with usb-otg support so you can use a dongle device proven to be
capable of these tasks.
ommmm
So because i used custom rom, this apps does not working?
Head16 said:
So because i used custom rom, this apps does not working?
Click to expand...
Click to collapse
sort of yes/no because the custom rom contains the software and the kernel is a custom build
it does not necessarily mean that your hardware is capable [meaning the device's capability, the kernel
having the necessary code and if there are proprietary/prebuilt source code unavailable/ binaries and firmware
support files which need to be hacked/engineered.
find out the device id of your wifi hardware and search it's id/name along with the function you are trying to perform.
for example
bcm4334 monitor mode
use the search engine that works for you, read carefully and fully and get yourself trained to follow trails of related/seemingly related
information, no matter how obscure.
good luck, may the schwartz be with you ! :silly:
m
Hi. I'm not very well versed in Android. I got a Galaxy Tab 3 7.0 for free as a promo from my bank a year or so ago. I've always been frustrated that there was no multi-user support. A year ago I tried correcting that by upgrading to 4.2.2 which required rooting because there was no official upgrade at the time. I thought that would fix it, but it didn't. I recently revisited my problem and found a guide suggesting to install Xposed Installer's Multi Users module and I did that but the module again tells me to simply go to Settings->Users (if that setting were there, I'm not sure why you need the Xposed thing, but anyway). It still isn't there.
I don't know if its because I have a bank promo model or what, but I don't have the option and all the guides seem to suggest 4.2+ simply DOES have it. Well mine doesn't.
Is this something that a custom ROM would fix? If so, is there a Absolute Moron's Guide to Custom ROMs out there for this device?
Thanks for any insight.
Edit: I guess some specs might be useful, as I see there are different model numbers associated with "Tab 3 7.0". The model number is SM-T210R. Android version 4.2.2 (rooted). Kernel is 3.4.5-blackhawk+
Nevermind.
For some reason my unit wasn't receiving the 4.4 update. I manually updated to 4.4 and I now have the Users menu.
There are many custom ROM for A5 and A3 but unfortunately no buddy comes with A7 2017
Very big strange
I am also wondering this. Seems like no one love A7 here.
Not exactly.
zoya4u said:
There are many custom ROM for A5 and A3 but unfortunately no buddy comes with A7 2017
Very big strange
Click to expand...
Click to collapse
There are a few custom ROMs for A7 2017 32GB model (A720F), you can find them here on XDA.
But I suggest care, there's talk the latest official firmware version blocks customization...
TWRP for example will cause a system lock and your phone can end up a nice paperweight (brick).
Also, don't block OEM RESET (always Allow Oem Reset in Developer options) if you use root / customs.
Samsung security may get you a FRP LOCK should you want to reflash.
Odin won't help if you need to downgrade to an older version (like a backup).
Fixes for such a situation are difficult at the moment.
I'm facing it right now and don't know if my phone will be back up and running again
ODIN'd a Stock Recovery and CP ROM, let's see in some hours!
Dan.911 said:
There are a few custom ROMs for A7 2017 32GB model (A720F), you can find them here on XDA.
But I suggest care, there's talk the latest official firmware version blocks customization...
TWRP for example will cause a system lock and your phone can end up a nice paperweight (brick).
Also, don't block OEM RESET (always Allow Oem Reset in Developer options) if you use root / customs.
Samsung security may get you a FRP LOCK should you want to reflash.
Odin won't help if you need to downgrade to an older version (like a backup).
Fixes for such a situation are difficult at the moment.
I'm facing it right now and don't know if my phone will be back up and running again
ODIN'd a Stock Recovery and CP ROM, let's see in some hours!
Click to expand...
Click to collapse
Hummm!
Current situation: FRP lock.
Phone won't get off the boot logo (white screen, "Powered by Android") and FRP/OEM lock are in effect.
I relly shouldn't have fiddle with the new "Directional Lock" feature - Wich can't be disabled, btw.
For anyone in the same situation, pc tricks zone has some remedy but not for A720 at the moment.
I should also point that tutorial videos show an anti-virus alert they claim to be a false positive, but I don't know
- Can't be sure for I didn't try it, but one can't be too cautious. The tool (ADB enabler for FRP) was clean here, says Avira.
But I'm still stuck with ADB/sideload disabled, the stock ROM I found on updato is in ZIP format, useless for ODIN and ADB-e.
ROM files can't simply be converted from ZIP to TAR, they must be cooked - With a "kitchen" tool and a lot of proper knowledge that I, a simple noob/leecher, don't have.
So until finding a TAR file for stock Android 7 (Rev 2) I'm denied access to my US$400 phone just cause Samsung says so.
[A little rant, if I may]
Thanks Samsung will (greed) to enter the digital payment market and enforce security, I, a simple home user who likes the cool mods, debloated systems, freedom and privacy of a custom ROM, (not to mention A720 camera software sucks,) am locked out of my (theirs?) phone. Not buying Sammy again...
Have 2 ROMS for A7 2017 elite stock and experience nougat, all ROMS is bad. stock is more fast lol
I guess there're a couple more:
Diegocbv111 said:
Have 2 ROMS for A7 2017 elite stock and experience nougat, all ROMS is bad. stock is more fast lol
Click to expand...
Click to collapse
Right, Elite was first I saw a few months back. Not much custom, just stock with a few adjustments,
but thanks the guy who gave us at least that.
Considering A7 is the worst snapper phone I saw so far and it is not even mentioned in Samsung's USA support site,
nobody will care to develop, I guess.
The A7 is dead. Hello chimium (chinese cheap premium)?
Hello everyone,
Recently I have been experimenting with custom ROMs on my Samsung phone and was very unpleasantly surprised to find that Samsung does not allow my Galaxy Watch to be used with modded Samsung phone... Yeah, I know there's the option to replace manufacturer and brand in build.prop, however I don't like the idea of unnecessarily modifying the system just for a couple of proprietary apps, so instead I took the approach of patching the apps to make them work with the phone again.
All that needed to be done was patch manufacturer and brand to static string(s). Here's a command to do just that:
Bash:
find . -type f -name "*.smali" -exec sed -i 's/sget-object \(v\|p\)\(.\+\), Landroid\/os\/Build;->\(MANUFACTURER\|BRAND\):Ljava\/lang\/String;/const-string \1\2, \"letitbeheardthisphoneistobetreatedasifitwereofabranddifferentfromtheonestartingwiths\"/g' "{}" \;
Patching the apps, however made the shealth app refuse communication with the wearable app due to mismatching signing certificates and it needed to be patched too. It is possible to either completely bypass signature checking or insert custom certificate - I have attached a patch that does just that.
You can (and probably should) do this yourself if you want to use the modified applications. Just decompile apks with apktool, apply the command in the directory with the apps content (it is necessary for Galaxy Wearable, Samsung Accessory and Galaxy Watch Plugin apps), and insert you own custom certificate into Galaxy Watch Plugin (attached patch - just replace the cert with your custom one). If you use Samsung Health, just replace the certificate string with hex-encoded certificate you used to sign the apps in the attached patch and apply it to the app. Then rebuild the apps and sign using the key whose certificate you just inserted into the apps.
Although you should never trust a random stranger on the internet with apps you install, I understand not everyone wants to go through this process themselves, so hereby I solemnly promise there is no malicious code inserted into the provided apks. And here's the link
App Versions:
Samsung Accessory (com.samsung.accessory): 3.1.94.11128
Galaxy Wearable (com.samsung.android.app.watchmanager): 2.2.42.21083061
Galaxy Watch PlugIn (com.samsung.android.geargplugin): 2.2.05.21042051
Samsung Health (com.sec.android.app.shealth): 6.18.7.005
No idea what you're talking about. My watch works fine with my note 10+ using Dr ketan rom.
Same with Alexis. I just hide it with magisk but it was working just fine before that.
dchd310870 said:
No idea what you're talking about. My watch works fine with my note 10+ using Dr ketan rom.
Click to expand...
Click to collapse
Leon said:
Same with Alexis. I just hide it with magisk but it was working just fine before that.
Click to expand...
Click to collapse
I was talking about AOSP-based ROMs. Generally, I build and sign the ROM whenever possible and so I don't find it necessary to root my devices. Also I don't like the idea of making changes to mask the actual device and when the app is used with Samsung phone, it relies on proprietary interfaces implemented only in Touchwiz, which are not available in AOSP. Since it is an app issue, it makes sense to make changes on the app level instead of the system level.
dansimko said:
I was talking about AOSP-based ROMs. Generally, I build and sign the ROM whenever possible and so I don't find it necessary to root my devices. Also I don't like the idea of making changes to mask the actual device and when the app is used with Samsung phone, it relies on proprietary interfaces implemented only in Touchwiz, which are not available in AOSP. Since it is an app issue, it makes sense to make changes on the app level instead of the system level.
Click to expand...
Click to collapse
Hi,
I 've got the same problem with the rom Beyond V2.0.
Can you explain more precisely what i must do with yours files ? I'm a novice and my english not very good.
Thank a lot
Hello,
I'm using a unrooted (root not available yet) but knox tripped Samsung Galaxy S21 Ultra. Because of no root i'm not be able to edit build.prop to change the tima line. Now I'm searching a way to get Samsung shealth 6.15.1.003 get working with data sync. To be honost i dont really understand how to patch this way. Could somehone explain me what to do? Samsung health is already decompiled with APK Easy Tool. Thanks in Advance
Hallo sir can you update the files or explain a bit further how to do it by ourselves
Could you be more specific. I want to try it but I dont understand how to doit. some one knows how to patch these apks. ? you tube video? thanks.
hi sir, thank you for your hard work. looks good and might be what i wanted. just rooted my phone and i cant seem to pair my gear sport with my rooted S20+.
Do i just install the apk like normal, running it in file manager? or do i need to flash it in through custom recovery?
fwiw i use an Active 2 with a rooted Pixel 2 XL, and dont need any of that and have ECG/BP and Samsung Pay working. Only modified thing is the Samsung Health monitor app on the phone, modded to not detect root or require a Samsung Phone, thats it....
I own a s5neo with lineage 17.1 and I had the same problem as reported, galaxy wearable identified my phone as modified/rooted and exited. Using your apk I was able to launch the app but it fails to install the galaxy buds live plugin, only shows a message that failed to install.
I don't know how to do the patch and I would like to know if you can generate a patched apk for buds live plugin (https://play.google.com/store/apps/details?id=com.samsung.accessory.neobeanmgr&hl=en_GB)
thanks in advance
Can I use it for Spay?
nevermindrs said:
I own a s5neo with lineage 17.1 and I had the same problem as reported, galaxy wearable identified my phone as modified/rooted and exited. Using your apk I was able to launch the app but it fails to install the galaxy buds live plugin, only shows a message that failed to install.
I don't know how to do the patch and I would like to know if you can generate a patched apk for buds live plugin (https://play.google.com/store/apps/details?id=com.samsung.accessory.neobeanmgr&hl=en_GB)
thanks in advance
Click to expand...
Click to collapse
I have Galaxy Buds+ on a Pixel 2 XL
Heres how to do it the easy way...
Install Magisk
Enable MagiskHide in Magisk Manager settings
Tick all Samsung related apps in MagiskHide in Magisk Manager
Hide Magisk Manager
Reboot
Thats how i also have my Active 2 and Samsung Pay working
^yep, magisk is magic!
dansimko said:
I was talking about AOSP-based ROMs. Generally, I build and sign the ROM whenever possible and so I don't find it necessary to root my devices. Also I don't like the idea of making changes to mask the actual device and when the app is used with Samsung phone, it relies on proprietary interfaces implemented only in Touchwiz, which are not available in AOSP. Since it is an app issue, it makes sense to make changes on the app level instead of the system level.
Click to expand...
Click to collapse
Hi,
I am unable to install any of the apk. App not installed.
Please help me.
dansimko said:
Hello everyone,
Recently I have been experimenting with custom ROMs on my Samsung phone and was very unpleasantly surprised to find that Samsung does not allow my Galaxy Watch to be used with modded Samsung phone... Yeah, I know there's the option to replace manufacturer and brand in build.prop, however I don't like the idea of unnecessarily modifying the system just for a couple of proprietary apps, so instead I took the approach of patching the apps to make them work with the phone again.
All that needed to be done was patch manufacturer and brand to static string(s). Here's a command to do just that:
Bash:
find . -type f -name "*.smali" -exec sed -i 's/sget-object \(v\|p\)\(.\+\), Landroid\/os\/Build;->\(MANUFACTURER\|BRAND\):Ljava\/lang\/String;/const-string \1\2, \"letitbeheardthisphoneistobetreatedasifitwereofabranddifferentfromtheonestartingwiths\"/g' "{}" \;
Patching the apps, however made the shealth app refuse communication with the wearable app due to mismatching signing certificates and it needed to be patched too. It is possible to either completely bypass signature checking or insert custom certificate - I have attached a patch that does just that.
You can (and probably should) do this yourself if you want to use the modified applications. Just decompile apks with apktool, apply the command in the directory with the apps content (it is necessary for Galaxy Wearable, Samsung Accessory and Galaxy Watch Plugin apps), and insert you own custom certificate into Galaxy Watch Plugin (attached patch - just replace the cert with your custom one). If you use Samsung Health, just replace the certificate string with hex-encoded certificate you used to sign the apps in the attached patch and apply it to the app. Then rebuild the apps and sign using the key whose certificate you just inserted into the apps.
Although you should never trust a random stranger on the internet with apps you install, I understand not everyone wants to go through this process themselves, so hereby I solemnly promise there is no malicious code inserted into the provided apks. And here's the link
App Versions:
Samsung Accessory (com.samsung.accessory): 3.1.94.11128
Galaxy Wearable (com.samsung.android.app.watchmanager): 2.2.36.20113061
Galaxy Watch PlugIn (com.samsung.android.geargplugin): 2.2.05.20110441N
Samsung Health (com.sec.android.app.shealth): 6.12.3.001
Click to expand...
Click to collapse
how to generate hash from keystore. can anyone help? @dansimko
mohsin1122 said:
how to generate hash from keystore. can anyone help? @dansimko
Click to expand...
Click to collapse
Generate Hex from keystore
keytool -alias mykey -exportcert -keystore my-release-key.keystore -storepass 123456 | xxd -p
To anyone coming across this post who wants to do this themselves, I've made a little guide and some tools here: https://github.com/adil192/SamsungAppsPatcher.
I've also attached the apks I've patched if you don't want to do it yourself (since the ones in OP didn't work for me) here: https://mega.nz/folder/sUFj2C5b#M4zEP-c9ylY-ENxPw7qCUQ. Like OP, I promise I haven't added malware in this.
Edit: I've somewhat automated the process now so if anyone wants me to patch another plugin, just @ me and I'll get it added as soon as possible.
Adil192 said:
To anyone coming across this post who wants to do this themselves, I've made a little guide here: https://gist.github.com/adil192/ab95808fb66b6cde3d63ded6c19b0f1d. I've also attached the latest apps I've patched if you don't want to do that (since the ones in OP didn't work for me) here: https://mega.nz/folder/sUFj2C5b#M4zEP-c9ylY-ENxPw7qCUQ. This is tied to my name so I have no reason to add malicious code.
Click to expand...
Click to collapse
I need assistance with the gear s3plugin apk please.
Got it working..thanks
Would this process work to enable the Galaxy Wearable App to connect if using non-uk galaxy buds live? My app sets up the buds live but then fails to connect, even though Bluetooth connects and buds function.
Samsung have advised I have a Vietnamese version of the buds live which are not compatible with the Galaxy Wearable App in the UK.