[Guide] SuperuserMod for all 6.x Devices/Roms

Search This thread
By:
Advanced…
venkat kamesh

venkat kamesh

Inactive Recognized Contributor
Jan 11, 2012
2,236
10,881
Tirupati
xdaforums.com
Updated the SuperUser mode .. Click here

Firstly thanks to sagitt67 from 4PDA ( he did it )
I grabbed it and tested :p and working

Hope this should help all others

Requirements :-

* core-libart.jar
* services.jar
* Apktool/tickle my android
and patience

1. Decompile core-libart.jar
2. open core-libart/smali/java/security/Signature.smali
look for this method
Code: 
.method public final verify([B)Z
in that method find this line
Code: 
invoke-virtual {p0, p1}, Ljava/security/Signature;->engineVerify([B)Z

    [COLOR="Red"]move-result v0[/COLOR]
Replace the red code with this
Code: 
const/4 v0, 0x1

now find this method
Code: 
.method public final verify([BII)Z
in that method find this line

Code: 
invoke-virtual {p0, p1, p2, p3}, Ljava/security/Signature;->engineVerify([BII)Z

    [COLOR="red"]move-result v0[/COLOR]
replace the red line with this
Code: 
const/4 v0, 0x1

save and close

3. Now open this core-libart/smali/java/security/MessageDigest.smali

find this method
Code: 
.method public static isEqual([B[B)Z
    .registers 7

    [COLOR="red"]const/4 v2, 0x0 [/COLOR]
Change the red line to this
Code: 
const/4 v2, 0x1

save and close
Compile it and Replace

and Continued in next post
 
Last edited:
  • Like
Reactions: Hiku, Parthib, kientrongtran and 12 others
venkat kamesh

venkat kamesh

Inactive Recognized Contributor
Jan 11, 2012
2,236
10,881
Tirupati
xdaforums.com
Continued

Now decompile services.jar

1. open services/smali/com/android/server/accounts/AccountManagerService.smali
Find this method
Code: 
.method private isAccountPresentForCaller(Ljava/lang/String;Ljava/lang/String;)Z

look for this lines

Code: 
iget-object v4, v0, Landroid/accounts/Account;->name:Ljava/lang/String;

    invoke-virtual {v4, p1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   [COLOR="Red"] move-result v4

if-eqz v4, :cond_2c[/COLOR]
cond_2c may vary with your code

in that 2 lines do the changes like this
Code: 
[COLOR="red"]move-result v4 [/COLOR]  to const/4 v4, 0x0
if-[COLOR="red"]eqz[/COLOR] v4, :cond_2c to  if-[COLOR="Red"]nez[/COLOR] v4, :cond_2c

save and Close

3. Now open this services/smali/com/android/server/pm/PackageManagerService$InstallParams.smali

look for this method
Code: 
.method private installLocationPolicy(Landroid/content/pm/PackageInfoLite;)I

find these lines
Code: 
    iget v8, p0, Lcom/android/server/pm/PackageManagerService$InstallParams;->installFlags:I
    :try_end_22
    .catchall {:try_start_10 .. :try_end_22} :catchall_5f

    [COLOR="red"]and[/COLOR]-int/lit16 v8, v8, 0x80
Change the red to this

Code: 
[COLOR="red"]or[/COLOR]-int/lit16 v8, v8, 0x80

save and Close

4. Now open this services/smali/com/android/server/pm/PackageManagerService.smali
in that look for this method
Code: 
.method private checkUpgradeKeySetLP(Lcom/android/server/pm/PackageSetting;Landroid/content/pm/PackageParser$Package;)Z
in that look for these lines

Code: 
    iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->mSigningKeys:Landroid/util/ArraySet;

    invoke-virtual {v4, v3}, Landroid/util/ArraySet;->containsAll(Ljava/util/Collection;)Z

    [COLOR="red"]move-result v4

    if-eqz v4, :cond_20[/COLOR]
cond_20 may be different with your code

Change re lines to these
Code: 
[COLOR="red"]move-result v4[/COLOR] to this const/4 v4, 0x0

if-[COLOR="red"]eqz[/COLOR] v4, :cond_20  to this  if-[COLOR="red"]nez[/COLOR] v4, :cond_20

Now look for this method
Code: 
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I

and replace with this
Code: 
.method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .locals 11

    const/4 v7, 0x0

    return v7
.end method

and look for this method
Code: 
.method private packageIsBrowser(Ljava/lang/String;I)Z
in that find these lines

Code: 
iget-object v4, v4, Landroid/content/pm/ActivityInfo;->packageName:Ljava/lang/String;

    invoke-virtual {p1, v4}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    [COLOR="red"]move-result v4 

    if-eqz v4, :cond_22[/COLOR]

cond_22 may be different with your code

Change re lines to these
Code: 
[COLOR="red"]move-result v4[/COLOR] to this const/4 v4, 0x0

if-[COLOR="red"]eqz[/COLOR] v4, :cond_22  to this  if-[COLOR="red"]nez[/COLOR] v4, :cond_22


Now save all and compile

replace both and Reboot
Tada
SuperUserMod Done....

#YourWish for this
Additional for Unlocked Bootloaders click here (complete mod)

Have Fun guys
Dont forget to mention me If you use my work
 
Last edited:
  • Like
Reactions: Hiku, Parthib, kientrongtran and 11 others
Hamidreza2010

Hamidreza2010

Senior Member
Jan 29, 2013
1,520
467
31
Www.Hamidreza71.Mihanblog.Com
@venkat kamesh bro thanks for your tut
i do this but get error in service.jar

after edit , i want to recompile it but get this error:

Code: 
Recompiling "services.jar" With Original Signature,
in work area "_WorkArea1", using "apktool_2.2.1.jar" 
 
With Tickle My Android 14.2.0.0. 
(tinyurl.com\ticklemyandroid) 

 ----------------

I: Using Apktool 2.2.1
I: Smaling smali folder into classes.dex...
..\_WorkArea1\_working\services.jar\smali\com\android\server\pm\PackageManagerService.smali[7670,4] missing EOF at '.locals'
Exception in thread "main" brut.androlib.AndrolibException: Could not smali file: com/android/server/pm/PackageManagerService.smali
	at brut.androlib.src.SmaliBuilder.buildFile(SmaliBuilder.java:77)
	at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:61)
	at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:38)
	at brut.androlib.Androlib.buildSourcesSmali(Androlib.java:405)
	at brut.androlib.Androlib.buildSources(Androlib.java:336)
	at brut.androlib.Androlib.build(Androlib.java:292)
	at brut.androlib.Androlib.build(Androlib.java:264)
	at brut.apktool.Main.cmdBuild(Main.java:227)
	at brut.apktool.Main.main(Main.java:84)

 ----------------

Recompile Not Successful!

how can i solve that?
 
venkat kamesh

venkat kamesh

Inactive Recognized Contributor
Jan 11, 2012
2,236
10,881
Tirupati
xdaforums.com
Hamidreza2010 said:
@venkat kamesh bro thanks for your tut
i do this but get error in service.jar

after edit , i want to recompile it but get this error:

Code: 
Recompiling "services.jar" With Original Signature,
in work area "_WorkArea1", using "apktool_2.2.1.jar" 
 
With Tickle My Android 14.2.0.0. 
(tinyurl.com\ticklemyandroid) 

 ----------------

I: Using Apktool 2.2.1
I: Smaling smali folder into classes.dex...
..\_WorkArea1\_working\services.jar\smali\com\android\server\pm\PackageManagerService.smali[7670,4] missing EOF at '.locals'
Exception in thread "main" brut.androlib.AndrolibException: Could not smali file: com/android/server/pm/PackageManagerService.smali
	at brut.androlib.src.SmaliBuilder.buildFile(SmaliBuilder.java:77)
	at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:61)
	at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:38)
	at brut.androlib.Androlib.buildSourcesSmali(Androlib.java:405)
	at brut.androlib.Androlib.buildSources(Androlib.java:336)
	at brut.androlib.Androlib.build(Androlib.java:292)
	at brut.androlib.Androlib.build(Androlib.java:264)
	at brut.apktool.Main.cmdBuild(Main.java:227)
	at brut.apktool.Main.main(Main.java:84)

 ----------------

Recompile Not Successful!

how can i solve that?
Click to expand...
Click to collapse

bro seems you deleted '.locals'

please recheck it
nothing more ;)

Goodluck bro
 
venkat kamesh

venkat kamesh

Inactive Recognized Contributor
Jan 11, 2012
2,236
10,881
Tirupati
xdaforums.com
juanpirulo said:
what´s the diferencce with the davidMKD´s tutorial disable signature verification http://xdaforums.com/showthread.php?t=2458144
I ve been using this method since kit kat and its working fine, and you only modified slightly services.jar nothing else. cheers
Click to expand...
Click to collapse

haha well said bro

but structure of signature verification is not same since 4.4 to till date
there are lot of modification in structure and security level of api developed in their best

seems you just seen the services.jar changes hmm
had you looked to core-libart.jar ?

and you just see lines bro ?
why don't you look the code back to java ( i meant from smali to java ) so you can know the changes what i did

read the java imports
https://github.com/frohoff/jdk8u-dev-jdk/tree/master/src/share/classes/java/security

read it get it
i had those changes too

the old guide is just allowing to install temporary ( if you already had old install and data is present)
but not a complete SuperUserMod

just for you to prove ( try only with marshmallow and this guide is from marshmallow )
for example add new settings.apk with new signatures replace it
clear data from recovery and check if your settings are there or not

Before commenting of comparison please go through the google, and try to read what changes are done ( analyze them in java )
then come to thread and give a comment

we are not ready to post something which is already persist/Working
Do tests and get back to here bro ;)

Good luck bro
 
  • Like
Reactions: and2 and juanpirulo
russel5

russel5

Senior Member
Jun 13, 2012
875
1,266
41
Yekaterinburg
First, this is not superuser mod, this is three android patches from LuckyPatcher.apk
First two makes your phone very vulnerable, because you makes signature verification always true and disable .apk signature verification. (core-libart.jar)
Superusermod is just
Code: 
comparesignatures
const/4 v7, 0x0
bla bla
All other just give you access for downgrade your installed apk (services.jar)
I think you must add this info (about core-libart.jar) to first post. Thanks.
 
  • Like
Reactions: juanpirulo, Hamidreza2010 and venkat kamesh
J

juanpirulo

Senior Member
Apr 19, 2011
1,378
1,061
vitoria-gasteiz (basque Country)
OPPO Find X3 Pro
venkat kamesh said:
haha well said bro

but structure of signature verification is not same since 4.4 to till date
there are lot of modification in structure and security level of api developed in their best

seems you just seen the services.jar changes hmm
had you looked to core-libart.jar ?

and you just see lines bro ?
why don't you look the code back to java ( i meant from smali to java ) so you can know the changes what i did

read the java imports
https://github.com/frohoff/jdk8u-dev-jdk/tree/master/src/share/classes/java/security

read it get it
i had those changes too

the old guide is just allowing to install temporary ( if you already had old install and data is present)
but not a complete SuperUserMod

just for you to prove ( try only with marshmallow and this guide is from marshmallow )
for example add new settings.apk with new signatures replace it
clear data from recovery and check if your settings are there or not

Before commenting of comparison please go through the google, and try to read what changes are done ( analyze them in java )
then come to thread and give a comment

we are not ready to post something which is already persist/Working
Do tests and get back to here bro ;)

Good luck bro
Click to expand...
Click to collapse

sorry bro when i said "you just modified slightly the services.jar" I didnt meant yourself i meant in the david tutorial no your tutorial. i just wanted your explanation about yours because i didnt know the difference. Now its ok
 
panzerox123

panzerox123

Senior Member
Sep 17, 2015
1,505
828
Bangalore
Hello! Does this work on stock marshmallow .291 for sony devices? Also, does this work on locked bootloaders? Great tutorial BTW!
 
panzerox123

panzerox123

Senior Member
Sep 17, 2015
1,505
828
Bangalore
Can I do this if my services.jar is from another systemUI. I have a z3c and I flashed Xperia X sysui and it replaced my stock systemUi and services.jar
 
W

wadeeh1990

Member
Nov 9, 2012
18
3
thank you bro

but after edit

any app not installed.
 

Attachments

  • PackageManagerService.rar
    593.1 KB · Views: 12
Last edited:
M

mobiware

Senior Member
Sep 14, 2009
121
9
Newport Beach, CA
Sony Xperia ZL
Sony Xperia Z5
russel5 said:
First, this is not superuser mod, this is three android patches from LuckyPatcher.apk
First two makes your phone very vulnerable, because you makes signature verification always true and disable .apk signature verification. (core-libart.jar)
Superusermod is just
Code: 
comparesignatures
const/4 v7, 0x0
bla bla
All other just give you access for downgrade your installed apk (services.jar)
I think you must add this info (about core-libart.jar) to first post. Thanks.
Click to expand...
Click to collapse

@russel5,
I am not familiar with how to decompile services.jar, and I am not sure I understand what this is. Do you know of any more basic of a guide on services.jar, deodexing and what it achieves?
Thanks a lot in advance,
MW
 
kaiiori

kaiiori

Senior Member
Apr 3, 2013
261
299
los cabos
I have been served this guide to enable superuser mod in my xperia x :D:)
music widget particles requires superuser mod but my xperia x has it
 

Attachments

  • 21686740_10208180111260202_6481880595896338129_o.jpg
    21686740_10208180111260202_6481880595896338129_o.jpg
    207.4 KB · Views: 83
You must log in or register to reply here.

Similar threads

O
[APP][CM/AOSP][UPDATE 26.02.2018][NO ROOT]Latest Xperia App for non stock ROM
Replies
2K
Views
611K
B
burnins
sirdoha
  • Poll
[PORT] [ALL DEVICES] [ALL ROMs] SONY XPERIA XZ2 SOUND SYSTEM™
Replies
696
Views
170K
K
Kaze2508
Beton Style
[Themes/IconPack/Wallpapers] [5.0+] Sony Xperia™ X-XZ2 (No Root)
Replies
298
Views
356K
C
ColdCrazy
Ben Ling
[APP][4.4+] Latest Sony Album 9.9.A.0.20 (Updated 9 March 2021)
Replies
1K
Views
621K
goldmobile
goldmobile
D
[SOLVED!!][Update!] MOD Full access for external SD-Card under Android 6 Marshmallow
Replies
93
Views
184K
Nimadroid
Nimadroid

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 15
    venkat kamesh
    venkat kamesh
    Updated the SuperUser mode .. Click here

    Firstly thanks to sagitt67 from 4PDA ( he did it )
    I grabbed it and tested :p and working

    Hope this should help all others

    Requirements :-

    * core-libart.jar
    * services.jar
    * Apktool/tickle my android
    and patience

    1. Decompile core-libart.jar
    2. open core-libart/smali/java/security/Signature.smali
    look for this method
    Code: 
    .method public final verify([B)Z
    in that method find this line
    Code: 
    invoke-virtual {p0, p1}, Ljava/security/Signature;->engineVerify([B)Z

    [COLOR="Red"]move-result v0[/COLOR]
    Replace the red code with this
    Code: 
    const/4 v0, 0x1

    now find this method
    Code: 
    .method public final verify([BII)Z
    in that method find this line

    Code: 
    invoke-virtual {p0, p1, p2, p3}, Ljava/security/Signature;->engineVerify([BII)Z

    [COLOR="red"]move-result v0[/COLOR]
    replace the red line with this
    Code: 
    const/4 v0, 0x1

    save and close

    3. Now open this core-libart/smali/java/security/MessageDigest.smali

    find this method
    Code: 
    .method public static isEqual([B[B)Z
    .registers 7

    [COLOR="red"]const/4 v2, 0x0 [/COLOR]
    Change the red line to this
    Code: 
    const/4 v2, 0x1

    save and close
    Compile it and Replace

    and Continued in next post
    View
    14
    venkat kamesh
    venkat kamesh
    Continued

    Now decompile services.jar

    1. open services/smali/com/android/server/accounts/AccountManagerService.smali
    Find this method
    Code: 
    .method private isAccountPresentForCaller(Ljava/lang/String;Ljava/lang/String;)Z

    look for this lines

    Code: 
    iget-object v4, v0, Landroid/accounts/Account;->name:Ljava/lang/String;

    invoke-virtual {v4, p1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   [COLOR="Red"] move-result v4

if-eqz v4, :cond_2c[/COLOR]
    cond_2c may vary with your code

    in that 2 lines do the changes like this
    Code: 
    [COLOR="red"]move-result v4 [/COLOR]  to const/4 v4, 0x0
if-[COLOR="red"]eqz[/COLOR] v4, :cond_2c to  if-[COLOR="Red"]nez[/COLOR] v4, :cond_2c

    save and Close

    3. Now open this services/smali/com/android/server/pm/PackageManagerService$InstallParams.smali

    look for this method
    Code: 
    .method private installLocationPolicy(Landroid/content/pm/PackageInfoLite;)I

    find these lines
    Code: 
        iget v8, p0, Lcom/android/server/pm/PackageManagerService$InstallParams;->installFlags:I
    :try_end_22
    .catchall {:try_start_10 .. :try_end_22} :catchall_5f

    [COLOR="red"]and[/COLOR]-int/lit16 v8, v8, 0x80
    Change the red to this

    Code: 
    [COLOR="red"]or[/COLOR]-int/lit16 v8, v8, 0x80

    save and Close

    4. Now open this services/smali/com/android/server/pm/PackageManagerService.smali
    in that look for this method
    Code: 
    .method private checkUpgradeKeySetLP(Lcom/android/server/pm/PackageSetting;Landroid/content/pm/PackageParser$Package;)Z
    in that look for these lines

    Code: 
        iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->mSigningKeys:Landroid/util/ArraySet;

    invoke-virtual {v4, v3}, Landroid/util/ArraySet;->containsAll(Ljava/util/Collection;)Z

    [COLOR="red"]move-result v4

    if-eqz v4, :cond_20[/COLOR]
    cond_20 may be different with your code

    Change re lines to these
    Code: 
    [COLOR="red"]move-result v4[/COLOR] to this const/4 v4, 0x0

if-[COLOR="red"]eqz[/COLOR] v4, :cond_20  to this  if-[COLOR="red"]nez[/COLOR] v4, :cond_20

    Now look for this method
    Code: 
    .method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I

    and replace with this
    Code: 
    .method static compareSignatures([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .locals 11

    const/4 v7, 0x0

    return v7
.end method

    and look for this method
    Code: 
    .method private packageIsBrowser(Ljava/lang/String;I)Z
    in that find these lines

    Code: 
    iget-object v4, v4, Landroid/content/pm/ActivityInfo;->packageName:Ljava/lang/String;

    invoke-virtual {p1, v4}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    [COLOR="red"]move-result v4 

    if-eqz v4, :cond_22[/COLOR]

    cond_22 may be different with your code

    Change re lines to these
    Code: 
    [COLOR="red"]move-result v4[/COLOR] to this const/4 v4, 0x0

if-[COLOR="red"]eqz[/COLOR] v4, :cond_22  to this  if-[COLOR="red"]nez[/COLOR] v4, :cond_22


    Now save all and compile

    replace both and Reboot
    Tada
    SuperUserMod Done....

    #YourWish for this
    Additional for Unlocked Bootloaders click here (complete mod)

    Have Fun guys
    Dont forget to mention me If you use my work
    View
    3
    russel5
    russel5
    First, this is not superuser mod, this is three android patches from LuckyPatcher.apk
    First two makes your phone very vulnerable, because you makes signature verification always true and disable .apk signature verification. (core-libart.jar)
    Superusermod is just
    Code: 
    comparesignatures
const/4 v7, 0x0
bla bla
    All other just give you access for downgrade your installed apk (services.jar)
    I think you must add this info (about core-libart.jar) to first post. Thanks.
    View
    2
    venkat kamesh
    venkat kamesh
    juanpirulo said:
    what´s the diferencce with the davidMKD´s tutorial disable signature verification http://xdaforums.com/showthread.php?t=2458144
    I ve been using this method since kit kat and its working fine, and you only modified slightly services.jar nothing else. cheers
    Click to expand...
    Click to collapse

    haha well said bro

    but structure of signature verification is not same since 4.4 to till date
    there are lot of modification in structure and security level of api developed in their best

    seems you just seen the services.jar changes hmm
    had you looked to core-libart.jar ?

    and you just see lines bro ?
    why don't you look the code back to java ( i meant from smali to java ) so you can know the changes what i did

    read the java imports
    https://github.com/frohoff/jdk8u-dev-jdk/tree/master/src/share/classes/java/security

    read it get it
    i had those changes too

    the old guide is just allowing to install temporary ( if you already had old install and data is present)
    but not a complete SuperUserMod

    just for you to prove ( try only with marshmallow and this guide is from marshmallow )
    for example add new settings.apk with new signatures replace it
    clear data from recovery and check if your settings are there or not

    Before commenting of comparison please go through the google, and try to read what changes are done ( analyze them in java )
    then come to thread and give a comment

    we are not ready to post something which is already persist/Working
    Do tests and get back to here bro ;)

    Good luck bro
    View
    1
    DeathStroke
    DeathStroke
    Thanks alot Buddy, really useful, I've been looking for this on some old thread.

    Sent from my E6683 using Tapatalk
    View

New posts