Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Thread Closed

Xposed - Legacy thread. Don't panic, Xposed is still here.

OP rovo89

5th April 2012, 10:27 PM   |  #11  
Diliban's Avatar
Recognized Contributor
Flag Bangalore, India
Thanks Meter: 901
 
561 posts
Join Date:Joined: Jul 2011
Donate to Me
More
I was not able to install it as normal app hence pushed them to system/app using root explorer.

It works perfectly on XXLPS SENSATION ROM ICS V 3.2

Sent from my GT-I9100 using Tapatalk
Last edited by Diliban; 5th April 2012 at 10:29 PM.
5th April 2012, 10:32 PM   |  #12  
pulser_g2's Avatar
Developer Admin / Senior Recognized Developer
Thanks Meter: 11,264
 
19,383 posts
Join Date:Joined: Nov 2009
More
OK you got me interested

What is currently holding me back is a lack of "documentation" about how to go about doing things...

Is there any reference info (even source code comments) that I should have a read of?

Or perhaps a little worked-through guide as to how you made the screen-off or red-clock one, complete with the "thinking" behind it all, just to learn the thought process.

This seems potentially hugely useful for me, just need to know what it can do!
The Following 3 Users Say Thank You to pulser_g2 For This Useful Post: [ View ]
5th April 2012, 11:01 PM   |  #13  
rovo89's Avatar
OP Senior Recognized Developer
Thanks Meter: 15,410
 
2,386 posts
Join Date:Joined: Jan 2012
More
Quote:
Originally Posted by Diliban

I was not able to install it as normal app hence pushed them to system/app using root explorer.

Really? Oh. Did you get any error message? I assume you have allowed installation of non-market apps?


@pulser_g2: Feedback taken! Until now, I focused on bringing Xposed to a level where it is actually doing something useful for end-users.
As there are some steps that can not be documented easily in the source code (e.g. how you mark an app as Xposed module), I will recreate a tutorial how you can create the clock example. I will try to give many details not only what to do, but also how you can know that you need to do this.
The Following 9 Users Say Thank You to rovo89 For This Useful Post: [ View ]
6th April 2012, 02:39 AM   |  #14  
rovo89's Avatar
OP Senior Recognized Developer
Thanks Meter: 15,410
 
2,386 posts
Join Date:Joined: Jan 2012
More
Lightbulb TUTORIAL - How to create an Xposed module
The tutorial has been moved to https://github.com/rovo89/XposedBrid...pment-tutorial
Last edited by rovo89; 28th April 2013 at 10:34 AM.
The Following 35 Users Say Thank You to rovo89 For This Useful Post: [ View ]
6th April 2012, 04:36 AM   |  #15  
Senior Member
Thanks Meter: 107
 
280 posts
Join Date:Joined: Aug 2009
this is one of the most amazing projects made lately.

You are unleashed the best way to handle mods and possible some hacks.

very great work, robo89
Last edited by intronauta; 6th April 2012 at 04:39 AM.
6th April 2012, 05:11 AM   |  #16  
aceofclubs's Avatar
Senior Member
Thanks Meter: 211
 
930 posts
Join Date:Joined: Oct 2011
More
Great concepts mate. Very powerful.

Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.

----------------------
GTI9100 KK5
6th April 2012, 10:36 AM   |  #17  
rovo89's Avatar
OP Senior Recognized Developer
Thanks Meter: 15,410
 
2,386 posts
Join Date:Joined: Jan 2012
More
Quote:
Originally Posted by aceofclubs

Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.

This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
The Following 40 Users Say Thank You to rovo89 For This Useful Post: [ View ]
6th April 2012, 12:06 PM   |  #18  
pulser_g2's Avatar
Developer Admin / Senior Recognized Developer
Thanks Meter: 11,264
 
19,383 posts
Join Date:Joined: Nov 2009
More
Quote:
Originally Posted by rovo89

This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.

It is so refreshing to see someone take such a mature approach as this.

I greatly appreciate your time on that tutorial, and I will take a proper read through it while working it out myself later... (on vacation right now, this seems like a good thing to try if it rains )

Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/
6th April 2012, 12:30 PM   |  #19  
rovo89's Avatar
OP Senior Recognized Developer
Thanks Meter: 15,410
 
2,386 posts
Join Date:Joined: Jan 2012
More
Quote:
Originally Posted by pulser_g2

Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/

Maybe.. I could rather easily implement something in hookMethod that checks the method to be hooked against a whitelist defined in an asset in the module (which could of course contain wildcards). Then when you enable a module, I could display this whitelist, with a warning if it includes some very central classes/packages/methods (but how to create such a list?).

However, this cannot control the following:
  1. What you do inside the handling method. If you change anything in SystemUI (and that might be only the battery icon or the clock color), this method will be executed in the context of the SystemUI, which has a large set of Android standard permissions.
  2. Calling any methods of the framework and modifying any available variables, as this can be done via standard reflection.
  3. Basically anything that is not handled through XposedBridge, but using standard techniques.
The Following 6 Users Say Thank You to rovo89 For This Useful Post: [ View ]
6th April 2012, 08:16 PM   |  #20  
Brotuck's Avatar
Senior Member
Flag Rotterdam
Thanks Meter: 362
 
1,424 posts
Join Date:Joined: Dec 2010
More
Wanted to install the framework, but i am getting:

sh: /data/data/de.robv.android.xposed.installer/cache/install.sh: no such file or directory


What am i doing wrong ?

The Following User Says Thank You to Brotuck For This Useful Post: [ View ]
Thread Closed Subscribe to Thread

Tags
don't ask questions about modules here!!!, framework, xposed
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes