[GUIDE] Smali coding guide for beginners

Search This thread

havocgb

Senior Member
Sep 14, 2012
208
381
Whiterun
BEGINNER'S GUIDE TO SMALI CODING OF SYSTEMUI
Presenting to you a beginners guide to smali coding. This thread would focus specifically on SystemUI modding. Please keep questions related to other apks out of this thread.

Disclaimer

This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. When I say beginners, I expect you to have
- Knowledge of some programming language (C,java,etc)
- An inquisitive mind to try things out
- The patience to first google and try to find answers to simple questions

Background

I was also a noob at smali coding till few weeks back. What I have learnt through hours of google searching, reading over the internet, figuring things out and experimenting, I will try to write it up in this guide so that it becomes easier for other beginners to get into systemUI smali coding. This guide won't be just a copy paste guide to get certain mods to work in your systemUI. Rather it should get you started to write your own smali codes and edit systemUI. Lastly, I have limited knowledge on smali currently but I'll try to clarigy doubts as much as possible and I sincerely wish that the great devs around who knows smali coding would join up and help make this thread better and I certainly hope that we all get to learn more smali through this thread.

Ok cut the crap. Lets get to the real thing.

If you already know what is smali - goto : post_2
If you already know smaling and baksmaling - goto : post_3
If you just wanna know how to implement the my mod (right finger pull for quick panel toggles) of Serajr's JB like SystemUI - goto : post_4
If you already do smali coding and would like some tips to make life easier - goto : post_6

What is smali?
Android programmers write android apps in java. The compilers like eclipse are then used to build apks from these codes by converting the java source code into dalvik executables (.dex files). The dalvik virtual machine (dalvikvm) in Android can then run these executables. So the perfect way to mod systemUI would be to edit the source code of the systemUI and build the modded systemUI. This is possible for AOSP ROMs like cyanogenmod. So anyone who knows java can download the source code of cyanogenmod, do any crazy modification they want and build CM with the new systemUI. This is all possible because the CM is open source. But unfortunately the OEM Roms like Xperia, Sense, etc are not open source as far as I know. So their source code is not available.

But their dex files are available which would be in a totally unreadable. So to edit it we need to convert this .dex files to a more understandable form. This is where smali comes in. To make it easier to understand I can represent it like this:

.dex <------------------> .smali <--------------------- java source code​

Converting a .dex file to smali (called baksmaling) gives us readable code in smali language. Now if you wonder why can't smali be converted into java source, that's because java is a very developed language and smali is more of an assembly based language. And so while going from java source to smali information is lost and that's why smali can't be used to completely reconstruct java source code
 
Last edited:

havocgb

Senior Member
Sep 14, 2012
208
381
Whiterun
How to baksmali SystemUI.apk?
So let us first decode and obtain the smali code from the SystemUI.apk in your phone.

APK Multi-tool: There are many tools out there that can baksmali apks and later recompile them back after you edit the .smali files. I used APK Multi-tool for this purpose and I would say it works really well with SystemUI.apk as the tool handles system apps separately and has a comparatively more decent UI. I used Windows Version v1.0.11

(Don't forget to give thanks to the people who made these tools if these come in handy for you!)

I - Setting up APK Multi-Tool
  1. Download and extract it
  2. Now from your phone copy framework-res.apk from /system/framework and SystemUI.apk from /system/app and paste it in <folder to which you extracted APK-Multitool>\other. Also copy SemcGenericUxpRes.apk from /system/framework. You will need it later. SemcGenericUxpRes.apk is only for Sony stock based ROMs. For ROMs from other OEMs the corresponding file may have different name and/or location
  3. Run Setup.bat (I think it needs to be run as administrator)
  4. Choose option 2. And from there choose the option to install framework-res.apk and SystemUI.apk. After both are installed return to main menu
  5. Choose option 3 to setup directories
  6. Choose 00 to quit



Now that we have APK Multi-Tool setup for use let us do some baksmaling ;)

II - Decompiling and Baksmaling
  1. Run Script.bat (In case you face problems try running it as administrator. But you probably wouldn't need to unless you extracted all this somewhere in your main windows partition)
  2. Place the apk to be modded in 'place-apk-here-for-modding' folder
  3. Choose option 10 in APK Multi-Tool command window
  4. When it asks for the dependee apk as input drag and drop SemcGenericUxpRes.apk you took from your phone earlier at the command input
  5. If all goes well you would return to the main screen. Don't close the script yet. Back at the APK Multi-tool\projects folder you should find a new folder inside which you would find a folder named smali. This folder has all the required smali files

DON'T CLOSE THE SCRIPT YET
The script needs to be open from baksmaling and needs to stay till you smali it again. If you close it in between you will have to start over again​

Trouble? :(
  • Try running the scripts as administrator if you get errors
  • Make sure you have java installed (Latest version recommended. I've used APK MultiTool with v1.6 and 1.7). Open command prompt (Type cmd in run to open command prompt) and type in java. If it says something similar to unknown command, that means you either don't have properly working java or you haven't added java to the command line path. Here is how to add it. The method explained for Vista worked in my Windows 7 laptop
  • If you get an error similar to wrong dependee then try this. Goto %userprofile%/apktool/framework. You must already be having 1.apk there if you successfully installed framework-res.apk in step I.4 above. Just copy and paste it again in that same folder as a copy (don't overwrite the first 1.apk) and rename this copy to 2.apk and try baksmaling again

III - Coding
This is where the actual work happens. As far as I have understood each class in the java source code would make a seperate smali file. Suppose there is a PhoneStatusBar class in the actual SystemUI source code you will find a PhoneStatusBar.smali somewhere in the smali folder APK Multi-Tool just made. If there was one sub class in the PhoneStatusBar class then that would result in a PhoneStatusBar$1.smali and so on. So you need to figure out which file to edit and do it using any text editor. More help on that in the next post

IV - Smaling and Recompiling
After you finished editing all the smali files and xmls and pngs next the whole thing needs to be smalied and then recompiled into the final apk.
  1. From the APK Multi-tool script choose option 11.
  2. When it asks about y/n enter y
  3. You would now find a new folder named keep in the APK Multi-Tool directory. From that folder delete everything that you changed. Obviously you won't find any smali files as they have already been smalied into dex. So if you made changes in any smali file then delete the .dex file in this folder. If you have made changes in any xml then delete the resources.arsc and also the xml file that you changed. Delete any png or any other file you have changed
  4. Go back to the script and press any key to continue
  5. If all goes well you would now have the modded apk waiting for you in the 'place-apk-here-for-modding' folder with its unsigned added to its file name.

Trouble? :(
  • Try running the scripts as administrator if you get errors
  • In the main window type in option 23 to check the log. Try to figure out what you messed up from the information in the log. :p
 
Last edited:

havocgb

Senior Member
Sep 14, 2012
208
381
Whiterun
:angel: Welcome to the world of smali coding! :cowboy:

Smali is not an easy programming language to master. You can get info about almost all smali commands here and here. These two links are excellent references for you all along the way! Here I'll go through some of the facts about smali and some of the things that I have found which might help you in writing your own smali code

As far as I know Smali resembles java the most. And the best resource to java in android programming is nothing else than developer.android.com

As I said earlier its not possible to reconstruct java source code from smali. But this handy tool APK_OneClick would still get you as close to the source code as possible. That said don't expect to get a compilable code out of it. Set up is pretty straight forward. Running the bat file adds few shell extensions to the right click menu including reconstructing java code. This tool has helped me a lot in understanding the code structure in SystemUI and I highly recommend using it. As a warning don't trust it completely. It did make mistakes a few times mostly when loops are involved

That said let us talk more about loops. You might have played with for, while loops, etc before. But well you won't find them in smali. Smali being more of an assembly language handles such loops using labels and goto commands.

Example 1 java code
Code:
if (flagx == 1)
	flagx = 2
else
	flagx = 3

When flagx variable is referenced as v0
Equivalent Example 1 smali code
Code:
const/4 v1, 0x1
if-ne v0, v1, :cond_0
const/4 v2, 0x2
move v0,v2
goto :goto_0
:cond_0
const/4 v2, 0x3
move v0,v2
:goto_0

See how much complex the so simple java code became in smali! At this rate how the hell can one figure out the smali for complex java code? Well the easiest way to do it would be starting from the opposite end.
  1. Get Android SDK and Eclipse downloaded and set up
  2. Write the java code which resembles what you want to do as closely as possible for a simple non-system app
  3. Build the apk in eclipse
  4. Decompile and Baksmali the apk and look at the smali code
Through this, if we get to know how the smali code would look, it should be easier to start off. For an example and more details on this check this post and this post

Numbers in smali are represented in hex number system and follow IEEE 754 standards. Yeah you guessed right - That's also complicated.

  • Suppose you want to introduce a number in your smali code. Say in example 1, you want flagx to be 330 instead of 3. The best way to find how 330 would look in smali would be to do what I said in the previous quote about starting from the opposite end. Write a java code with 330 replacing 3 and look into the baksmalied file to see how it looks.
  • Online Converter - This is an excellent online converter to make things easier. But even this isn't straight forward. Suppose you find a hexadecimal 0x435c in a smali file. Look for what type of variable is it stored in. And you see that that value is stored in smali in a 16 bit variable. Unfortunately the online converter takes only 32,64 and 128 bits. So type in 435c0000 in the input of the online converter. For 64 bit variables you will have to put more zeros. To find the IEEE 754 hex representation of decimal 330, type in 330 in the online converter and get its hex representation for different bit sizes

I will update this post as and when I get more stuff to add.
 
Last edited:

havocgb

Senior Member
Sep 14, 2012
208
381
Whiterun
Pulling Status Bar down from the right side for Quick Panel Toggles in Serajr's SystemUI

This was the first SystemUI mod that I did. I have refined the code a bit after that with suggestions from Serajr (Thanks bro! :good: ) This is a pretty simple edit and do-able for beginners. I will try to explain each step rather than just asking you to copy paste code.

Define a new boolean mTouchRight in PhoneStatusBar class (\SystemUI.apk\smali\com\android\systemui\statusbar\phone\PhoneStatusBar.smali) along with the other .field lines in the beginning part of this smali file.

Code:
.field private mTouchRight:Z

Now define a new method interceptOneFingerStatusBarRightTap to check if the user is touching the statusbar on its right side and make mTouchRight true if he is and false if not. All this is done only if mExpanded is zero

Code:
.method private interceptOneFingerStatusBarRightTap(Landroid/view/MotionEvent;)V
    .locals 2
    .parameter "event"

    .prologue
    iget-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpanded:Z

    if-nez v1, :cond_1

    invoke-virtual {p1}, Landroid/view/MotionEvent;->getRawX()F

    move-result v0

    const/high16 v1, 0x435c

    cmpl-float v0, v0, v1

    if-ltz v0, :cond_0

    const/4 v1, 0x1

    iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z

    goto :goto_0

    :cond_0
    const/4 v1, 0x0

    iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z

    :cond_1
    :goto_0
    return-void
.end method

You can just add such method definitions at the end of the smali file or in between. Just dont add it within another method!
Now we need to call this method in some function that handles touch events. I will talk about how to figure this out in a later post (Hint: coding logic+Names of variables and methods+using logcat).

In this case the method that we are interested in is interceptTouchEvent.

Original

Code:
if-ge v2, v3, :cond_0

    iget-boolean v2, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpanded:Z

    if-nez v2, :cond_5

    :goto_2
    invoke-virtual {p0, v5, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->prepareTracking(IZ)V

Change to

Code:
if-ge v2, v3, :cond_0

    iget-boolean v2, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpanded:Z

    if-nez v2, :cond_5

    :goto_2
    [COLOR="Red"]invoke-direct {p0, p1}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->interceptOneFingerStatusBarRightTap(Landroid/view/MotionEvent;)V
[/COLOR]
    invoke-virtual {p0, v5, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->prepareTracking(IZ)V

Next we need to make another new method to flip To QuickPanel in case mTouchRight is true.

Code:
.method private oneFingerStatusBarRightTapFlipToQuickPanel()V
    .locals 1

    .prologue
    iget-boolean v0, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z

    if-eqz v0, :cond_0

    invoke-direct {p0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->fastFlipToQuickPanel()V

    :cond_0
    return-void
.end method

Now to find out where this method needs to be called, I did the same as what I did with interceptOneFingerStatusBarRightTap (which would be explained in a later post)

I found out that if the call is added in makeExpandedVisible method, as the statusbar starts to get pulled down, the flip-to-quickpanel happens.

Original makeExpandedVisible
Code:
iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpandedVisible:Z

invoke-virtual {p0, v1}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->visibilityChanged(Z)V

const/16 v0, -0x2710

invoke-virtual {p0, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->updateExpandedViewPos(I)V

Change to:
Code:
iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpandedVisible:Z

    [COLOR="Red"]invoke-direct {p0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->oneFingerStatusBarRightTapFlipToQuickPanel()V[/COLOR]

    invoke-virtual {p0, v1}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->visibilityChanged(Z)V

    const/16 v0, -0x2710

    invoke-virtual {p0, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->updateExpandedViewPos(I)V

You can also put the call in updateExpandedViewPos method in which case the flip would happen only after the notification panel is completely open. Don't put the call for the method in both makeExpandedVisible and updateExpandedViewPos. Only one of them

Original code:
Code:
if-ne p1, v8, :cond_5

    move v6, v3

    .local v6, pos:I

Change to:
Code:
if-ne p1, v8, :cond_5

move v6, v3

[COLOR="Red"]invoke-direct {p0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->oneFingerStatusBarRightTapFlipToQuickPanel()V[/COLOR]

.local v6, pos:I
 
Last edited:

havocgb

Senior Member
Sep 14, 2012
208
381
Whiterun
Figuring out smali :cool:

So in the previous post I said we should call interceptOneFingerStatusBarRightTap in interceptTouchEvent method. But how does one find that out? In which function to call and where?

Well first of all look at the names of the methods and variables and try to figure out what they do. Look at the parameters in function calls. Like interceptOneFingerStatusBarRightTap requires MotionEvent as its parameter in the function call to be able to use getRawX(). So now look at all the methods in PhoneStatusBar.smali which has acces to MotionEvent. In simple cases you might then be able to figure out where to put the method call if you understand the smali code and/or through trial and error. But in more complex cases you can take the help of logcat

Send messages to logcat
So here our aim is to add the call to interceptOneFingerStatusBarRightTap to a method in PhoneStatusBar.smali that has access to MotionEvent and is called when the user touches the screen. Goto all such methods and add smali code to send messages to the logcat. The smali code would be like this

Code:
const-string v1, "Message1"

const-string v2, "Message2"

invoke-static {v1, v2}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I

Make sure the variables used doesn't interfere with the code. Let us say we want to see when interceptTouchEvent is called. Add the above code at the beginning of the definition for interceptTouchEvent method. Instead of "Message1" write "interceptTouchEvent" and instead of "Message2" write "beginning". Now if you smali+compile the code to get the unsignedSystemUI.apk and get it working in your phone, connect the phone to your PC/laptop with USB debugging and open up logcat in cmd or eclipse. Now the "interceptTouchEvent" and "beginning" would come up in the logcat the moment the beginning part of interceptTouchEvent is executed. Like this you can find out which method is called when the user touches the status bar and where in the method should the code be added so that the right tap check happens only when you want it to

In some cases you would want to see what value a certain variable holds. Suppose you want to know the value in mTouchRight at the beginning of interceptTouchEvent. The following code would do it

Code:
iget-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z

const-string v2, "mTouchRightatbegofITE"

invoke-static {v1}, Ljava/lang/String;->valueOf(Z)Ljava/lang/String;

move-result-object v3

invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I

The extra line is to convert the boolen value in mTouchRight to string as Log.d() needs string parameters.
Finally get rid of the log.d() commands you wouldn't require before releasing the final version! :D

Starting from the Opposite End
To aid in this I'll share a simple apk source code that my friend (unfortunately he's not a member of xda) and I made with this post. Just import this project into eclipse and you should be able to build it. Suppose you want to know how much 107.0 is in hex. Just change the value at the place where it checks with getRawX in the java code to 107.0 and build the apk. Decompile/Baksmali the apk to check the corresponding smali hex value of 107.0 ;)

This is just a starter. You can probably do many things with this. Do complex codes in java in a dummy apk and see how it looks in smali and then try to implement it in the smali code of the actual apk!

Notepad++
If you have already gotten into smali coding you might have seen that just the number of all these smali files are enough to cause headache! How do you find out all the places where interceptTouchEvent is being called? Well if you sit and open all smali files and search for the method your patience would soon abandon you (to put it in a decent way :p) Don't worry, here's notepad++ to the rescue. Here's why I recommend notepad++
  • The above mentioned purpose - Notepad++ has a "find in files" feature. It lets you search for "interceptTouchEvent" in every file that notepad++ can handle (of course including smali). It even lets you know which line in the file in the search result has the search string
  • Smali syntax highlighting - You can get proper syntax highlighted in notepad++ by importing the .xml file for smali. Google for "notepad++ smali user defined language" and find the .xml. Import it in notepad++ as a new user defined language by going to Language>Define you language.. in notepad++. I can't share the .xml file here due to some reasons.
  • Easy to use with multiple-tabs for multiple files
  • More minor reasons are there which I would let you discover for yourself :laugh:
 

Attachments

  • CoordTeller.zip
    823.8 KB · Views: 2,139
Last edited:

Ganesh A

Senior Member
May 29, 2012
914
781
Chennai
Thank you very much for this...
Very very useful...

:) btw, will it work on gb???

---- by ----
Ganesh,
R.C. @ XDA
 
Last edited:

havocgb

Senior Member
Sep 14, 2012
208
381
Whiterun
Sandy bro... It´s been hard to wipe the smile off my face after see this thread!! :)

Havocgb, you come true an old dream!!! HATS OFF!!! :good:

Thanks bro! Now I can't wipe the smile off my face after seeing the response from all you guys! You guys are the best! :highfive:

Thank you very much for this...
Very very useful...

:) btw, will it work on gb???

---- by ----
Ganesh,
R.C. @ XDA

Hmm I have no idea. I haven't done any decompiling/baksmaling for the SystemUI from GB rom but it might work if the tools I have used support GB. Ask in APK-Multi-Tool thread if there is one or try contacting its maker. Or else try it and see ;) As for serajr's systemUI, I don't think it supports GB. Its for ICS. And so you won't be able to use my mod also. But just decompiling/balsmaling your GB systemUI.apk might work
 
  • Like
Reactions: zalmen hatotach

havocgb

Senior Member
Sep 14, 2012
208
381
Whiterun
  • Like
Reactions: yusuf_mumani

ra3al

Senior Member
Oct 21, 2010
329
4,805
Sofia
Sony Xperia XZ1
WOW! Great job havocgb! I can definitely learn some tricks from this :)
I generally avoid writing complex methods completely in smali. (Especially ones that involve loops, if / else and switch statements. It is so easy to screw something up :p)
I prefer to write complex new methods in Java (in a dummy project in Eclipse), compile the project, decompile it to smali and copy-paste the new method.

Example:
If, let's say you want to write the method:
Code:
.method private interceptOneFingerStatusBarRightTap(Landroid/view/MotionEvent;)V
in the file:
Code:
smali/com/sonymobile/some_app/Class1.smali

In an Eclipse project:
1. Create the package com.sonymobile.some_app in the directory src
2. Create a new Java class (Class1) in the package you created in step 1.
3. Add your new method in the newly created Class1.java file
Code:
package com.sonymobile.some_app;

public class Class1
{
    private void interceptOneFingerStatusBarRightTap(android.view.MotionEvent event)
    {
        //...
        //add your logic here
        //...

        // Example
        int action = event.getAction();
        action = action+1;
    }
}
4. Compile the project
5. Decompile the resulting apk file to smali
6. This is what the smali code will look like:
Code:
.class public Lcom/sonymobile/some_app/Class1;
.super Ljava/lang/Object;
.source "Class1.java"


# direct methods
.method public constructor <init>()V
    .locals 0

    .line 3
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    #p0=(Reference,Lcom/sonymobile/some_app/Class1;);
    return-void
.end method

.method private interceptOneFingerStatusBarRightTap(Landroid/view/MotionEvent;)V
    .locals 1
    .parameter "event"

    .line 12
    invoke-virtual {p1}, Landroid/view/MotionEvent;->getAction()I

    move-result v0

    .line 13
    .local v0, action:I
    #v0=(Integer);
    add-int/lit8 v0, v0, 0x1

    .line 14
    return-void
.end method
7. Copy the new method from the smali file you've just produced to the original smali file you are trying to modify.


If you think this is off topic or irrelevant, please let me know and I'll delete it :D
Congrats again for the great thread!
 

Top Liked Posts

  • There are no posts matching your filters.
  • 122
    BEGINNER'S GUIDE TO SMALI CODING OF SYSTEMUI
    Presenting to you a beginners guide to smali coding. This thread would focus specifically on SystemUI modding. Please keep questions related to other apks out of this thread.

    Disclaimer

    This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. When I say beginners, I expect you to have
    - Knowledge of some programming language (C,java,etc)
    - An inquisitive mind to try things out
    - The patience to first google and try to find answers to simple questions

    Background

    I was also a noob at smali coding till few weeks back. What I have learnt through hours of google searching, reading over the internet, figuring things out and experimenting, I will try to write it up in this guide so that it becomes easier for other beginners to get into systemUI smali coding. This guide won't be just a copy paste guide to get certain mods to work in your systemUI. Rather it should get you started to write your own smali codes and edit systemUI. Lastly, I have limited knowledge on smali currently but I'll try to clarigy doubts as much as possible and I sincerely wish that the great devs around who knows smali coding would join up and help make this thread better and I certainly hope that we all get to learn more smali through this thread.

    Ok cut the crap. Lets get to the real thing.

    If you already know what is smali - goto : post_2
    If you already know smaling and baksmaling - goto : post_3
    If you just wanna know how to implement the my mod (right finger pull for quick panel toggles) of Serajr's JB like SystemUI - goto : post_4
    If you already do smali coding and would like some tips to make life easier - goto : post_6

    What is smali?
    Android programmers write android apps in java. The compilers like eclipse are then used to build apks from these codes by converting the java source code into dalvik executables (.dex files). The dalvik virtual machine (dalvikvm) in Android can then run these executables. So the perfect way to mod systemUI would be to edit the source code of the systemUI and build the modded systemUI. This is possible for AOSP ROMs like cyanogenmod. So anyone who knows java can download the source code of cyanogenmod, do any crazy modification they want and build CM with the new systemUI. This is all possible because the CM is open source. But unfortunately the OEM Roms like Xperia, Sense, etc are not open source as far as I know. So their source code is not available.

    But their dex files are available which would be in a totally unreadable. So to edit it we need to convert this .dex files to a more understandable form. This is where smali comes in. To make it easier to understand I can represent it like this:

    .dex <------------------> .smali <--------------------- java source code​

    Converting a .dex file to smali (called baksmaling) gives us readable code in smali language. Now if you wonder why can't smali be converted into java source, that's because java is a very developed language and smali is more of an assembly based language. And so while going from java source to smali information is lost and that's why smali can't be used to completely reconstruct java source code
    61
    :angel: Welcome to the world of smali coding! :cowboy:

    Smali is not an easy programming language to master. You can get info about almost all smali commands here and here. These two links are excellent references for you all along the way! Here I'll go through some of the facts about smali and some of the things that I have found which might help you in writing your own smali code

    As far as I know Smali resembles java the most. And the best resource to java in android programming is nothing else than developer.android.com

    As I said earlier its not possible to reconstruct java source code from smali. But this handy tool APK_OneClick would still get you as close to the source code as possible. That said don't expect to get a compilable code out of it. Set up is pretty straight forward. Running the bat file adds few shell extensions to the right click menu including reconstructing java code. This tool has helped me a lot in understanding the code structure in SystemUI and I highly recommend using it. As a warning don't trust it completely. It did make mistakes a few times mostly when loops are involved

    That said let us talk more about loops. You might have played with for, while loops, etc before. But well you won't find them in smali. Smali being more of an assembly language handles such loops using labels and goto commands.

    Example 1 java code
    Code:
    if (flagx == 1)
    	flagx = 2
    else
    	flagx = 3

    When flagx variable is referenced as v0
    Equivalent Example 1 smali code
    Code:
    const/4 v1, 0x1
    if-ne v0, v1, :cond_0
    const/4 v2, 0x2
    move v0,v2
    goto :goto_0
    :cond_0
    const/4 v2, 0x3
    move v0,v2
    :goto_0

    See how much complex the so simple java code became in smali! At this rate how the hell can one figure out the smali for complex java code? Well the easiest way to do it would be starting from the opposite end.
    1. Get Android SDK and Eclipse downloaded and set up
    2. Write the java code which resembles what you want to do as closely as possible for a simple non-system app
    3. Build the apk in eclipse
    4. Decompile and Baksmali the apk and look at the smali code
    Through this, if we get to know how the smali code would look, it should be easier to start off. For an example and more details on this check this post and this post

    Numbers in smali are represented in hex number system and follow IEEE 754 standards. Yeah you guessed right - That's also complicated.

    • Suppose you want to introduce a number in your smali code. Say in example 1, you want flagx to be 330 instead of 3. The best way to find how 330 would look in smali would be to do what I said in the previous quote about starting from the opposite end. Write a java code with 330 replacing 3 and look into the baksmalied file to see how it looks.
    • Online Converter - This is an excellent online converter to make things easier. But even this isn't straight forward. Suppose you find a hexadecimal 0x435c in a smali file. Look for what type of variable is it stored in. And you see that that value is stored in smali in a 16 bit variable. Unfortunately the online converter takes only 32,64 and 128 bits. So type in 435c0000 in the input of the online converter. For 64 bit variables you will have to put more zeros. To find the IEEE 754 hex representation of decimal 330, type in 330 in the online converter and get its hex representation for different bit sizes

    I will update this post as and when I get more stuff to add.
    48
    How to baksmali SystemUI.apk?
    So let us first decode and obtain the smali code from the SystemUI.apk in your phone.

    APK Multi-tool: There are many tools out there that can baksmali apks and later recompile them back after you edit the .smali files. I used APK Multi-tool for this purpose and I would say it works really well with SystemUI.apk as the tool handles system apps separately and has a comparatively more decent UI. I used Windows Version v1.0.11

    (Don't forget to give thanks to the people who made these tools if these come in handy for you!)

    I - Setting up APK Multi-Tool
    1. Download and extract it
    2. Now from your phone copy framework-res.apk from /system/framework and SystemUI.apk from /system/app and paste it in <folder to which you extracted APK-Multitool>\other. Also copy SemcGenericUxpRes.apk from /system/framework. You will need it later. SemcGenericUxpRes.apk is only for Sony stock based ROMs. For ROMs from other OEMs the corresponding file may have different name and/or location
    3. Run Setup.bat (I think it needs to be run as administrator)
    4. Choose option 2. And from there choose the option to install framework-res.apk and SystemUI.apk. After both are installed return to main menu
    5. Choose option 3 to setup directories
    6. Choose 00 to quit



    Now that we have APK Multi-Tool setup for use let us do some baksmaling ;)

    II - Decompiling and Baksmaling
    1. Run Script.bat (In case you face problems try running it as administrator. But you probably wouldn't need to unless you extracted all this somewhere in your main windows partition)
    2. Place the apk to be modded in 'place-apk-here-for-modding' folder
    3. Choose option 10 in APK Multi-Tool command window
    4. When it asks for the dependee apk as input drag and drop SemcGenericUxpRes.apk you took from your phone earlier at the command input
    5. If all goes well you would return to the main screen. Don't close the script yet. Back at the APK Multi-tool\projects folder you should find a new folder inside which you would find a folder named smali. This folder has all the required smali files

    DON'T CLOSE THE SCRIPT YET
    The script needs to be open from baksmaling and needs to stay till you smali it again. If you close it in between you will have to start over again​

    Trouble? :(
    • Try running the scripts as administrator if you get errors
    • Make sure you have java installed (Latest version recommended. I've used APK MultiTool with v1.6 and 1.7). Open command prompt (Type cmd in run to open command prompt) and type in java. If it says something similar to unknown command, that means you either don't have properly working java or you haven't added java to the command line path. Here is how to add it. The method explained for Vista worked in my Windows 7 laptop
    • If you get an error similar to wrong dependee then try this. Goto %userprofile%/apktool/framework. You must already be having 1.apk there if you successfully installed framework-res.apk in step I.4 above. Just copy and paste it again in that same folder as a copy (don't overwrite the first 1.apk) and rename this copy to 2.apk and try baksmaling again

    III - Coding
    This is where the actual work happens. As far as I have understood each class in the java source code would make a seperate smali file. Suppose there is a PhoneStatusBar class in the actual SystemUI source code you will find a PhoneStatusBar.smali somewhere in the smali folder APK Multi-Tool just made. If there was one sub class in the PhoneStatusBar class then that would result in a PhoneStatusBar$1.smali and so on. So you need to figure out which file to edit and do it using any text editor. More help on that in the next post

    IV - Smaling and Recompiling
    After you finished editing all the smali files and xmls and pngs next the whole thing needs to be smalied and then recompiled into the final apk.
    1. From the APK Multi-tool script choose option 11.
    2. When it asks about y/n enter y
    3. You would now find a new folder named keep in the APK Multi-Tool directory. From that folder delete everything that you changed. Obviously you won't find any smali files as they have already been smalied into dex. So if you made changes in any smali file then delete the .dex file in this folder. If you have made changes in any xml then delete the resources.arsc and also the xml file that you changed. Delete any png or any other file you have changed
    4. Go back to the script and press any key to continue
    5. If all goes well you would now have the modded apk waiting for you in the 'place-apk-here-for-modding' folder with its unsigned added to its file name.

    Trouble? :(
    • Try running the scripts as administrator if you get errors
    • In the main window type in option 23 to check the log. Try to figure out what you messed up from the information in the log. :p
    46
    Pulling Status Bar down from the right side for Quick Panel Toggles in Serajr's SystemUI

    This was the first SystemUI mod that I did. I have refined the code a bit after that with suggestions from Serajr (Thanks bro! :good: ) This is a pretty simple edit and do-able for beginners. I will try to explain each step rather than just asking you to copy paste code.

    Define a new boolean mTouchRight in PhoneStatusBar class (\SystemUI.apk\smali\com\android\systemui\statusbar\phone\PhoneStatusBar.smali) along with the other .field lines in the beginning part of this smali file.

    Code:
    .field private mTouchRight:Z

    Now define a new method interceptOneFingerStatusBarRightTap to check if the user is touching the statusbar on its right side and make mTouchRight true if he is and false if not. All this is done only if mExpanded is zero

    Code:
    .method private interceptOneFingerStatusBarRightTap(Landroid/view/MotionEvent;)V
        .locals 2
        .parameter "event"
    
        .prologue
        iget-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpanded:Z
    
        if-nez v1, :cond_1
    
        invoke-virtual {p1}, Landroid/view/MotionEvent;->getRawX()F
    
        move-result v0
    
        const/high16 v1, 0x435c
    
        cmpl-float v0, v0, v1
    
        if-ltz v0, :cond_0
    
        const/4 v1, 0x1
    
        iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z
    
        goto :goto_0
    
        :cond_0
        const/4 v1, 0x0
    
        iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z
    
        :cond_1
        :goto_0
        return-void
    .end method

    You can just add such method definitions at the end of the smali file or in between. Just dont add it within another method!
    Now we need to call this method in some function that handles touch events. I will talk about how to figure this out in a later post (Hint: coding logic+Names of variables and methods+using logcat).

    In this case the method that we are interested in is interceptTouchEvent.

    Original

    Code:
    if-ge v2, v3, :cond_0
    
        iget-boolean v2, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpanded:Z
    
        if-nez v2, :cond_5
    
        :goto_2
        invoke-virtual {p0, v5, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->prepareTracking(IZ)V

    Change to

    Code:
    if-ge v2, v3, :cond_0
    
        iget-boolean v2, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpanded:Z
    
        if-nez v2, :cond_5
    
        :goto_2
        [COLOR="Red"]invoke-direct {p0, p1}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->interceptOneFingerStatusBarRightTap(Landroid/view/MotionEvent;)V
    [/COLOR]
        invoke-virtual {p0, v5, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->prepareTracking(IZ)V

    Next we need to make another new method to flip To QuickPanel in case mTouchRight is true.

    Code:
    .method private oneFingerStatusBarRightTapFlipToQuickPanel()V
        .locals 1
    
        .prologue
        iget-boolean v0, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z
    
        if-eqz v0, :cond_0
    
        invoke-direct {p0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->fastFlipToQuickPanel()V
    
        :cond_0
        return-void
    .end method

    Now to find out where this method needs to be called, I did the same as what I did with interceptOneFingerStatusBarRightTap (which would be explained in a later post)

    I found out that if the call is added in makeExpandedVisible method, as the statusbar starts to get pulled down, the flip-to-quickpanel happens.

    Original makeExpandedVisible
    Code:
    iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpandedVisible:Z
    
    invoke-virtual {p0, v1}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->visibilityChanged(Z)V
    
    const/16 v0, -0x2710
    
    invoke-virtual {p0, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->updateExpandedViewPos(I)V

    Change to:
    Code:
    iput-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mExpandedVisible:Z
    
        [COLOR="Red"]invoke-direct {p0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->oneFingerStatusBarRightTapFlipToQuickPanel()V[/COLOR]
    
        invoke-virtual {p0, v1}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->visibilityChanged(Z)V
    
        const/16 v0, -0x2710
    
        invoke-virtual {p0, v0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->updateExpandedViewPos(I)V

    You can also put the call in updateExpandedViewPos method in which case the flip would happen only after the notification panel is completely open. Don't put the call for the method in both makeExpandedVisible and updateExpandedViewPos. Only one of them

    Original code:
    Code:
    if-ne p1, v8, :cond_5
    
        move v6, v3
    
        .local v6, pos:I

    Change to:
    Code:
    if-ne p1, v8, :cond_5
    
    move v6, v3
    
    [COLOR="Red"]invoke-direct {p0}, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->oneFingerStatusBarRightTapFlipToQuickPanel()V[/COLOR]
    
    .local v6, pos:I
    17
    Figuring out smali :cool:

    So in the previous post I said we should call interceptOneFingerStatusBarRightTap in interceptTouchEvent method. But how does one find that out? In which function to call and where?

    Well first of all look at the names of the methods and variables and try to figure out what they do. Look at the parameters in function calls. Like interceptOneFingerStatusBarRightTap requires MotionEvent as its parameter in the function call to be able to use getRawX(). So now look at all the methods in PhoneStatusBar.smali which has acces to MotionEvent. In simple cases you might then be able to figure out where to put the method call if you understand the smali code and/or through trial and error. But in more complex cases you can take the help of logcat

    Send messages to logcat
    So here our aim is to add the call to interceptOneFingerStatusBarRightTap to a method in PhoneStatusBar.smali that has access to MotionEvent and is called when the user touches the screen. Goto all such methods and add smali code to send messages to the logcat. The smali code would be like this

    Code:
    const-string v1, "Message1"
    
    const-string v2, "Message2"
    
    invoke-static {v1, v2}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I

    Make sure the variables used doesn't interfere with the code. Let us say we want to see when interceptTouchEvent is called. Add the above code at the beginning of the definition for interceptTouchEvent method. Instead of "Message1" write "interceptTouchEvent" and instead of "Message2" write "beginning". Now if you smali+compile the code to get the unsignedSystemUI.apk and get it working in your phone, connect the phone to your PC/laptop with USB debugging and open up logcat in cmd or eclipse. Now the "interceptTouchEvent" and "beginning" would come up in the logcat the moment the beginning part of interceptTouchEvent is executed. Like this you can find out which method is called when the user touches the status bar and where in the method should the code be added so that the right tap check happens only when you want it to

    In some cases you would want to see what value a certain variable holds. Suppose you want to know the value in mTouchRight at the beginning of interceptTouchEvent. The following code would do it

    Code:
    iget-boolean v1, p0, Lcom/android/systemui/statusbar/phone/PhoneStatusBar;->mTouchRight:Z
    
    const-string v2, "mTouchRightatbegofITE"
    
    invoke-static {v1}, Ljava/lang/String;->valueOf(Z)Ljava/lang/String;
    
    move-result-object v3
    
    invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I

    The extra line is to convert the boolen value in mTouchRight to string as Log.d() needs string parameters.
    Finally get rid of the log.d() commands you wouldn't require before releasing the final version! :D

    Starting from the Opposite End
    To aid in this I'll share a simple apk source code that my friend (unfortunately he's not a member of xda) and I made with this post. Just import this project into eclipse and you should be able to build it. Suppose you want to know how much 107.0 is in hex. Just change the value at the place where it checks with getRawX in the java code to 107.0 and build the apk. Decompile/Baksmali the apk to check the corresponding smali hex value of 107.0 ;)

    This is just a starter. You can probably do many things with this. Do complex codes in java in a dummy apk and see how it looks in smali and then try to implement it in the smali code of the actual apk!

    Notepad++
    If you have already gotten into smali coding you might have seen that just the number of all these smali files are enough to cause headache! How do you find out all the places where interceptTouchEvent is being called? Well if you sit and open all smali files and search for the method your patience would soon abandon you (to put it in a decent way :p) Don't worry, here's notepad++ to the rescue. Here's why I recommend notepad++
    • The above mentioned purpose - Notepad++ has a "find in files" feature. It lets you search for "interceptTouchEvent" in every file that notepad++ can handle (of course including smali). It even lets you know which line in the file in the search result has the search string
    • Smali syntax highlighting - You can get proper syntax highlighted in notepad++ by importing the .xml file for smali. Google for "notepad++ smali user defined language" and find the .xml. Import it in notepad++ as a new user defined language by going to Language>Define you language.. in notepad++. I can't share the .xml file here due to some reasons.
    • Easy to use with multiple-tabs for multiple files
    • More minor reasons are there which I would let you discover for yourself :laugh: