Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,768,721 Members 52,530 Now Online
XDA Developers Android and Mobile Development Forum

Xposed - Legacy thread. Don't panic, Xposed is still here.

Tip us?
 
Diliban
Old
(Last edited by Diliban; 5th April 2012 at 09:29 PM.)
#11  
Diliban's Avatar
Recognized Contributor
Thanks Meter 891
Posts: 545
Join Date: Jul 2011
Location: Bangalore, Karnataka

 
DONATE TO ME
I was not able to install it as normal app hence pushed them to system/app using root explorer.

It works perfectly on XXLPS SENSATION ROM ICS V 3.2

Sent from my GT-I9100 using Tapatalk
If you like my work, please me or please press THANKS button.

Device: Samsung Galaxy Note III (SM-N900)
Rom: Stock Kitkat 4.4.2
Baseband: N900DDUDNA1

My photography blog
 
pulser_g2
Old
#12  
pulser_g2's Avatar
Developer Admin / Senior Recognized Developer
Thanks Meter 10712
Posts: 19,248
Join Date: Nov 2009
OK you got me interested

What is currently holding me back is a lack of "documentation" about how to go about doing things...

Is there any reference info (even source code comments) that I should have a read of?

Or perhaps a little worked-through guide as to how you made the screen-off or red-clock one, complete with the "thinking" behind it all, just to learn the thought process.

This seems potentially hugely useful for me, just need to know what it can do!


Having trouble getting an answer? | What is XDA about? | How to ask for help?

if [ $PM.incoming.type = $type.question.ROM.how_to_use ] || [ $PM.incoming.type = $type.question.ROM.silly_question ]; then mv $PM.incoming /.trash; PM.response($responsetype.ignore); $PM.sender.ignore_in_future=true; init.sequence($boy_who_cried_wolf); fi;

BTC: 1K2fpDsRHkirWmk3PKiqtzhVHKUJCWPWnN
PGP: 0x260F4FDEF258E3C4
The Following 3 Users Say Thank You to pulser_g2 For This Useful Post: [ Click to Expand ]
 
rovo89
Old
#13  
rovo89's Avatar
Senior Recognized Developer - OP
Thanks Meter 13868
Posts: 2,367
Join Date: Jan 2012
Quote:
Originally Posted by Diliban View Post
I was not able to install it as normal app hence pushed them to system/app using root explorer.
Really? Oh. Did you get any error message? I assume you have allowed installation of non-market apps?


@pulser_g2: Feedback taken! Until now, I focused on bringing Xposed to a level where it is actually doing something useful for end-users.
As there are some steps that can not be documented easily in the source code (e.g. how you mark an app as Xposed module), I will recreate a tutorial how you can create the clock example. I will try to give many details not only what to do, but also how you can know that you need to do this.
Tired of updating your mod for every new ROM release?
You want give users the possibility to combine different mods without creating tons of different files for all possible combinations?
Then have a look at my Xposed framework - modifications without APK changes!
The Following 9 Users Say Thank You to rovo89 For This Useful Post: [ Click to Expand ]
 
rovo89
Old
(Last edited by rovo89; 28th April 2013 at 09:34 AM.)
#14  
rovo89's Avatar
Senior Recognized Developer - OP
Thanks Meter 13868
Posts: 2,367
Join Date: Jan 2012
Lightbulb TUTORIAL - How to create an Xposed module

The tutorial has been moved to https://github.com/rovo89/XposedBrid...pment-tutorial
Tired of updating your mod for every new ROM release?
You want give users the possibility to combine different mods without creating tons of different files for all possible combinations?
Then have a look at my Xposed framework - modifications without APK changes!
The Following 35 Users Say Thank You to rovo89 For This Useful Post: [ Click to Expand ]
 
intronauta
Old
(Last edited by intronauta; 6th April 2012 at 03:39 AM.)
#15  
Senior Member
Thanks Meter 107
Posts: 280
Join Date: Aug 2009
this is one of the most amazing projects made lately.

You are unleashed the best way to handle mods and possible some hacks.

very great work, robo89
 
aceofclubs
Old
#16  
aceofclubs's Avatar
Senior Member
Thanks Meter 211
Posts: 930
Join Date: Oct 2011
Great concepts mate. Very powerful.

Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.

----------------------
GTI9100 KK5
 
rovo89
Old
#17  
rovo89's Avatar
Senior Recognized Developer - OP
Thanks Meter 13868
Posts: 2,367
Join Date: Jan 2012
Quote:
Originally Posted by aceofclubs View Post
Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.
This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
Tired of updating your mod for every new ROM release?
You want give users the possibility to combine different mods without creating tons of different files for all possible combinations?
Then have a look at my Xposed framework - modifications without APK changes!
The Following 36 Users Say Thank You to rovo89 For This Useful Post: [ Click to Expand ]
 
pulser_g2
Old
#18  
pulser_g2's Avatar
Developer Admin / Senior Recognized Developer
Thanks Meter 10712
Posts: 19,248
Join Date: Nov 2009
Quote:
Originally Posted by rovo89 View Post
This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
It is so refreshing to see someone take such a mature approach as this.

I greatly appreciate your time on that tutorial, and I will take a proper read through it while working it out myself later... (on vacation right now, this seems like a good thing to try if it rains )

Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/


Having trouble getting an answer? | What is XDA about? | How to ask for help?

if [ $PM.incoming.type = $type.question.ROM.how_to_use ] || [ $PM.incoming.type = $type.question.ROM.silly_question ]; then mv $PM.incoming /.trash; PM.response($responsetype.ignore); $PM.sender.ignore_in_future=true; init.sequence($boy_who_cried_wolf); fi;

BTC: 1K2fpDsRHkirWmk3PKiqtzhVHKUJCWPWnN
PGP: 0x260F4FDEF258E3C4
 
rovo89
Old
#19  
rovo89's Avatar
Senior Recognized Developer - OP
Thanks Meter 13868
Posts: 2,367
Join Date: Jan 2012
Quote:
Originally Posted by pulser_g2 View Post
Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/
Maybe.. I could rather easily implement something in hookMethod that checks the method to be hooked against a whitelist defined in an asset in the module (which could of course contain wildcards). Then when you enable a module, I could display this whitelist, with a warning if it includes some very central classes/packages/methods (but how to create such a list?).

However, this cannot control the following:
  1. What you do inside the handling method. If you change anything in SystemUI (and that might be only the battery icon or the clock color), this method will be executed in the context of the SystemUI, which has a large set of Android standard permissions.
  2. Calling any methods of the framework and modifying any available variables, as this can be done via standard reflection.
  3. Basically anything that is not handled through XposedBridge, but using standard techniques.
Tired of updating your mod for every new ROM release?
You want give users the possibility to combine different mods without creating tons of different files for all possible combinations?
Then have a look at my Xposed framework - modifications without APK changes!
The Following 6 Users Say Thank You to rovo89 For This Useful Post: [ Click to Expand ]
 
Brotuck
Old
#20  
Brotuck's Avatar
Senior Member
Thanks Meter 355
Posts: 1,402
Join Date: Dec 2010
Location: Rotterdam
Wanted to install the framework, but i am getting:

sh: /data/data/de.robv.android.xposed.installer/cache/install.sh: no such file or directory


What am i doing wrong ?
growing old is inevitable, growing up is optional!


The Following User Says Thank You to Brotuck For This Useful Post: [ Click to Expand ]
Tags
don't ask questions about modules here!!!, framework, xposed
THREAD CLOSED
Subscribe
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes