FORUMS
Remove All Ads from XDA

[VOLVO SCT] Volvo Sensus Connected Touch (car - navi - audio)

353 posts
Thanks Meter: 85
 
By RichieB, Senior Member on 18th September 2013, 07:51 AM
Post Reply Email Thread
27th October 2013, 09:37 PM |#101  
Senior Member
Thanks Meter: 104
 
More
Quote:
Originally Posted by donaldta

I sure would be nice if someone with the SCT can let us know if the original Asteroid Messenger can be installed onto their headunit. Maybe even have one of them download some of the apps from Asteroid Market and provide us copies of their unencrypted apks. That way we can go through them to find a suitable APK to work with since doing this for the Smart is unecessary.



How did you decompile it? As I understand many reverse-engineering tools for the AndroidManifest aren't perfect and the result will not be complete.

Here's how I "debugged" it.

Code:
[email protected]:/home/knoppix# aapt l -a Framaroot-1.6.1.apk
res/layout/activity_frama.xml
AndroidManifest.xml
resources.arsc
res/drawable-hdpi/ic_launcher.png
res/drawable-ldpi/ic_launcher.png
res/drawable-mdpi/ic_launcher.png
res/drawable-xhdpi/ic_launcher.png
classes.dex
lib/armeabi/libframalib.so
META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA

Resource table:
Package Groups (1)
Package Group 0 id=127 packageCount=1 name=com.alephzain.framaroot
  Package 0 id=127 name=com.alephzain.framaroot typeCount=7
    type 0 configCount=0 entryCount=0
    type 1 configCount=4 entryCount=1
      spec resource 0x7f020000 com.alephzain.framaroot:drawable/ic_launcher: flags=0x00000100
      config ldpi-v4:
        resource 0x7f020000 com.alephzain.framaroot:drawable/ic_launcher: t=0x03 d=0x00000001 (s=0x0008 r=0x00)
      config mdpi-v4:
        resource 0x7f020000 com.alephzain.framaroot:drawable/ic_launcher: t=0x03 d=0x00000002 (s=0x0008 r=0x00)
      config hdpi-v4:
        resource 0x7f020000 com.alephzain.framaroot:drawable/ic_launcher: t=0x03 d=0x00000003 (s=0x0008 r=0x00)
      config xhdpi-v4:
        resource 0x7f020000 com.alephzain.framaroot:drawable/ic_launcher: t=0x03 d=0x00000004 (s=0x0008 r=0x00)
    type 2 configCount=1 entryCount=1
      spec resource 0x7f030000 com.alephzain.framaroot:layout/activity_frama: flags=0x00000000
      config (default):
        resource 0x7f030000 com.alephzain.framaroot:layout/activity_frama: t=0x03 d=0x00000000 (s=0x0008 r=0x00)
    type 3 configCount=5 entryCount=13
      spec resource 0x7f040000 com.alephzain.framaroot:string/app_name: flags=0x00000004
      spec resource 0x7f040001 com.alephzain.framaroot:string/menu_settings: flags=0x00000004
      spec resource 0x7f040002 com.alephzain.framaroot:string/select_exploit: flags=0x00000004
      spec resource 0x7f040003 com.alephzain.framaroot:string/select_action: flags=0x00000004
      spec resource 0x7f040004 com.alephzain.framaroot:string/check_title: flags=0x00000004
      spec resource 0x7f040005 com.alephzain.framaroot:string/no_chance: flags=0x00000004
      spec resource 0x7f040006 com.alephzain.framaroot:string/result: flags=0x00000004
      spec resource 0x7f040007 com.alephzain.framaroot:string/success: flags=0x00000004
      spec resource 0x7f040008 com.alephzain.framaroot:string/failed: flags=0x00000004
      spec resource 0x7f040009 com.alephzain.framaroot:string/half_success: flags=0x00000004
      spec resource 0x7f04000a com.alephzain.framaroot:string/unroot_done: flags=0x00000004
      spec resource 0x7f04000b com.alephzain.framaroot:string/unroot_failed: flags=0x00000004
      spec resource 0x7f04000c com.alephzain.framaroot:string/failed_exploit: flags=0x00000004
      config (default):
        resource 0x7f040000 com.alephzain.framaroot:string/app_name: t=0x03 d=0x00000012 (s=0x0008 r=0x00)
        resource 0x7f040001 com.alephzain.framaroot:string/menu_settings: t=0x03 d=0x00000005 (s=0x0008 r=0x00)
        resource 0x7f040002 com.alephzain.framaroot:string/select_exploit: t=0x03 d=0x00000006 (s=0x0008 r=0x00)
        resource 0x7f040003 com.alephzain.framaroot:string/select_action: t=0x03 d=0x00000007 (s=0x0008 r=0x00)
        resource 0x7f040004 com.alephzain.framaroot:string/check_title: t=0x03 d=0x00000008 (s=0x0008 r=0x00)
        resource 0x7f040005 com.alephzain.framaroot:string/no_chance: t=0x03 d=0x00000009 (s=0x0008 r=0x00)
        resource 0x7f040006 com.alephzain.framaroot:string/result: t=0x03 d=0x0000000a (s=0x0008 r=0x00)
        resource 0x7f040007 com.alephzain.framaroot:string/success: t=0x03 d=0x0000000b (s=0x0008 r=0x00)
        resource 0x7f040008 com.alephzain.framaroot:string/failed: t=0x03 d=0x0000000c (s=0x0008 r=0x00)
        resource 0x7f040009 com.alephzain.framaroot:string/half_success: t=0x03 d=0x0000000d (s=0x0008 r=0x00)
        resource 0x7f04000a com.alephzain.framaroot:string/unroot_done: t=0x03 d=0x0000000e (s=0x0008 r=0x00)
        resource 0x7f04000b com.alephzain.framaroot:string/unroot_failed: t=0x03 d=0x0000000f (s=0x0008 r=0x00)
        resource 0x7f04000c com.alephzain.framaroot:string/failed_exploit: t=0x03 d=0x00000010 (s=0x0008 r=0x00)
      config sk:
        resource 0x7f040000 com.alephzain.framaroot:string/app_name: t=0x03 d=0x00000012 (s=0x0008 r=0x00)
        resource 0x7f040001 com.alephzain.framaroot:string/menu_settings: t=0x03 d=0x0000003d (s=0x0008 r=0x00)
        resource 0x7f040002 com.alephzain.framaroot:string/select_exploit: t=0x03 d=0x0000003e (s=0x0008 r=0x00)
        resource 0x7f040003 com.alephzain.framaroot:string/select_action: t=0x03 d=0x0000003f (s=0x0008 r=0x00)
        resource 0x7f040004 com.alephzain.framaroot:string/check_title: t=0x03 d=0x00000040 (s=0x0008 r=0x00)
        resource 0x7f040005 com.alephzain.framaroot:string/no_chance: t=0x03 d=0x00000041 (s=0x0008 r=0x00)
        resource 0x7f040006 com.alephzain.framaroot:string/result: t=0x03 d=0x00000042 (s=0x0008 r=0x00)
        resource 0x7f040007 com.alephzain.framaroot:string/success: t=0x03 d=0x00000043 (s=0x0008 r=0x00)
        resource 0x7f040008 com.alephzain.framaroot:string/failed: t=0x03 d=0x00000044 (s=0x0008 r=0x00)
        resource 0x7f040009 com.alephzain.framaroot:string/half_success: t=0x03 d=0x00000045 (s=0x0008 r=0x00)
        resource 0x7f04000a com.alephzain.framaroot:string/unroot_done: t=0x03 d=0x00000046 (s=0x0008 r=0x00)
        resource 0x7f04000b com.alephzain.framaroot:string/unroot_failed: t=0x03 d=0x00000047 (s=0x0008 r=0x00)
        resource 0x7f04000c com.alephzain.framaroot:string/failed_exploit: t=0x03 d=0x00000048 (s=0x0008 r=0x00)
      config fr:
        resource 0x7f040000 com.alephzain.framaroot:string/app_name: t=0x03 d=0x00000012 (s=0x0008 r=0x00)
        resource 0x7f040001 com.alephzain.framaroot:string/menu_settings: t=0x03 d=0x00000014 (s=0x0008 r=0x00)
        resource 0x7f040002 com.alephzain.framaroot:string/select_exploit: t=0x03 d=0x00000015 (s=0x0008 r=0x00)
        resource 0x7f040003 com.alephzain.framaroot:string/select_action: t=0x03 d=0x00000016 (s=0x0008 r=0x00)
        resource 0x7f040004 com.alephzain.framaroot:string/check_title: t=0x03 d=0x00000017 (s=0x0008 r=0x00)
        resource 0x7f040005 com.alephzain.framaroot:string/no_chance: t=0x03 d=0x00000018 (s=0x0008 r=0x00)
        resource 0x7f040006 com.alephzain.framaroot:string/result: t=0x03 d=0x00000019 (s=0x0008 r=0x00)
        resource 0x7f040007 com.alephzain.framaroot:string/success: t=0x03 d=0x0000001a (s=0x0008 r=0x00)
        resource 0x7f040008 com.alephzain.framaroot:string/failed: t=0x03 d=0x0000001b (s=0x0008 r=0x00)
        resource 0x7f040009 com.alephzain.framaroot:string/half_success: t=0x03 d=0x0000001c (s=0x0008 r=0x00)
        resource 0x7f04000a com.alephzain.framaroot:string/unroot_done: t=0x03 d=0x0000001d (s=0x0008 r=0x00)
        resource 0x7f04000b com.alephzain.framaroot:string/unroot_failed: t=0x03 d=0x0000001e (s=0x0008 r=0x00)
        resource 0x7f04000c com.alephzain.framaroot:string/failed_exploit: t=0x03 d=0x0000001f (s=0x0008 r=0x00)
      config it:
        resource 0x7f040000 com.alephzain.framaroot:string/app_name: t=0x03 d=0x00000012 (s=0x0008 r=0x00)
        resource 0x7f040001 com.alephzain.framaroot:string/menu_settings: t=0x03 d=0x00000022 (s=0x0008 r=0x00)
        resource 0x7f040002 com.alephzain.framaroot:string/select_exploit: t=0x03 d=0x00000023 (s=0x0008 r=0x00)
        resource 0x7f040003 com.alephzain.framaroot:string/select_action: t=0x03 d=0x00000024 (s=0x0008 r=0x00)
        resource 0x7f040004 com.alephzain.framaroot:string/check_title: t=0x03 d=0x00000025 (s=0x0008 r=0x00)
        resource 0x7f040005 com.alephzain.framaroot:string/no_chance: t=0x03 d=0x00000026 (s=0x0008 r=0x00)
        resource 0x7f040006 com.alephzain.framaroot:string/result: t=0x03 d=0x00000027 (s=0x0008 r=0x00)
        resource 0x7f040007 com.alephzain.framaroot:string/success: t=0x03 d=0x00000028 (s=0x0008 r=0x00)
        resource 0x7f040008 com.alephzain.framaroot:string/failed: t=0x03 d=0x00000029 (s=0x0008 r=0x00)
        resource 0x7f040009 com.alephzain.framaroot:string/half_success: t=0x03 d=0x0000002a (s=0x0008 r=0x00)
        resource 0x7f04000a com.alephzain.framaroot:string/unroot_done: t=0x03 d=0x0000002b (s=0x0008 r=0x00)
        resource 0x7f04000b com.alephzain.framaroot:string/unroot_failed: t=0x03 d=0x0000002c (s=0x0008 r=0x00)
        resource 0x7f04000c com.alephzain.framaroot:string/failed_exploit: t=0x03 d=0x0000002d (s=0x0008 r=0x00)
      config ru:
        resource 0x7f040000 com.alephzain.framaroot:string/app_name: t=0x03 d=0x00000012 (s=0x0008 r=0x00)
        resource 0x7f040001 com.alephzain.framaroot:string/menu_settings: t=0x03 d=0x0000002f (s=0x0008 r=0x00)
        resource 0x7f040002 com.alephzain.framaroot:string/select_exploit: t=0x03 d=0x00000030 (s=0x0008 r=0x00)
        resource 0x7f040003 com.alephzain.framaroot:string/select_action: t=0x03 d=0x00000031 (s=0x0008 r=0x00)
        resource 0x7f040004 com.alephzain.framaroot:string/check_title: t=0x03 d=0x00000032 (s=0x0008 r=0x00)
        resource 0x7f040005 com.alephzain.framaroot:string/no_chance: t=0x03 d=0x00000033 (s=0x0008 r=0x00)
        resource 0x7f040006 com.alephzain.framaroot:string/result: t=0x03 d=0x00000034 (s=0x0008 r=0x00)
        resource 0x7f040007 com.alephzain.framaroot:string/success: t=0x03 d=0x00000035 (s=0x0008 r=0x00)
        resource 0x7f040008 com.alephzain.framaroot:string/failed: t=0x03 d=0x00000036 (s=0x0008 r=0x00)
        resource 0x7f040009 com.alephzain.framaroot:string/half_success: t=0x03 d=0x00000037 (s=0x0008 r=0x00)
        resource 0x7f04000a com.alephzain.framaroot:string/unroot_done: t=0x03 d=0x00000038 (s=0x0008 r=0x00)
        resource 0x7f04000b com.alephzain.framaroot:string/unroot_failed: t=0x03 d=0x00000039 (s=0x0008 r=0x00)
        resource 0x7f04000c com.alephzain.framaroot:string/failed_exploit: t=0x03 d=0x0000003a (s=0x0008 r=0x00)
    type 4 configCount=5 entryCount=1
      spec resource 0x7f050000 com.alephzain.framaroot:array/action_array: flags=0x00000004
      config (default):
        resource 0x7f050000 com.alephzain.framaroot:array/action_array: <bag>
      config sk:
        resource 0x7f050000 com.alephzain.framaroot:array/action_array: <bag>
      config fr:
        resource 0x7f050000 com.alephzain.framaroot:array/action_array: <bag>
      config it:
        resource 0x7f050000 com.alephzain.framaroot:array/action_array: <bag>
      config ru:
        resource 0x7f050000 com.alephzain.framaroot:array/action_array: <bag>
    type 5 configCount=3 entryCount=2
      spec resource 0x7f060000 com.alephzain.framaroot:style/AppBaseTheme: flags=0x00000400
      spec resource 0x7f060001 com.alephzain.framaroot:style/AppTheme: flags=0x00000000
      config (default):
        resource 0x7f060000 com.alephzain.framaroot:style/AppBaseTheme: <bag>
        resource 0x7f060001 com.alephzain.framaroot:style/AppTheme: <bag>
      config v11:
        resource 0x7f060000 com.alephzain.framaroot:style/AppBaseTheme: <bag>
      config v14:
        resource 0x7f060000 com.alephzain.framaroot:style/AppBaseTheme: <bag>
    type 6 configCount=1 entryCount=5
      spec resource 0x7f070000 com.alephzain.framaroot:id/LinearLayout1: flags=0x00000000
      spec resource 0x7f070001 com.alephzain.framaroot:id/textView1: flags=0x00000000
      spec resource 0x7f070002 com.alephzain.framaroot:id/action_spinner: flags=0x00000000
      spec resource 0x7f070003 com.alephzain.framaroot:id/textView2: flags=0x00000000
      spec resource 0x7f070004 com.alephzain.framaroot:id/exploitlist: flags=0x00000000
      config (default):
        resource 0x7f070000 com.alephzain.framaroot:id/LinearLayout1: t=0x12 d=0x00000000 (s=0x0008 r=0x00)
        resource 0x7f070001 com.alephzain.framaroot:id/textView1: t=0x12 d=0x00000000 (s=0x0008 r=0x00)
        resource 0x7f070002 com.alephzain.framaroot:id/action_spinner: t=0x12 d=0x00000000 (s=0x0008 r=0x00)
        resource 0x7f070003 com.alephzain.framaroot:id/textView2: t=0x12 d=0x00000000 (s=0x0008 r=0x00)
        resource 0x7f070004 com.alephzain.framaroot:id/exploitlist: t=0x12 d=0x00000000 (s=0x0008 r=0x00)

Android manifest:
N: android=http://schemas.android.com/apk/res/android
  E: manifest (line=2)
    A: android:versionCode(0x0101021b)=(type 0x10)0x1
    A: android:versionName(0x0101021c)="1.6.1" (Raw: "1.6.1")
    A: package="com.alephzain.framaroot" (Raw: "com.alephzain.framaroot")
    E: uses-sdk (line=7)
      A: android:minSdkVersion(0x0101020c)=(type 0x10)0x3
      A: android:targetSdkVersion(0x01010270)=(type 0x10)0x11
    E: uses-permission (line=11)
      A: android:name(0x01010003)="android.permission.CAMERA" (Raw: "android.permission.CAMERA")
    E: application (line=13)
      A: android:theme(0x01010000)[email protected]
      A: android:label(0x01010001)[email protected]
      A: android:icon(0x01010002)[email protected]
      A: android:allowBackup(0x01010280)=(type 0x12)0xffffffff
      E: activity (line=18)
        A: android:label(0x01010001)[email protected]
        A: android:name(0x01010003)="com.alephzain.framaroot.FramaActivity" (Raw: "com.alephzain.framaroot.FramaActivity")
        E: intent-filter (line=21)
          E: action (line=22)
            A: android:name(0x01010003)="android.intent.action.MAIN" (Raw: "android.intent.action.MAIN")
          E: category (line=23)
            A: android:name(0x01010003)="android.intent.category.LAUNCHER" (Raw: "android.intent.category.LAUNCHER")
      E: activity (line=26)
        A: android:label(0x01010001)[email protected]
        A: android:name(0x01010003)="com.alephzain.framaroot.FramaAdbActivity" (Raw: "com.alephzain.framaroot.FramaAdbActivity")
        E: intent-filter (line=29)
          E: action (line=30)
            A: android:name(0x01010003)="android.intent.action.MAIN" (Raw: "android.intent.action.MAIN")
[email protected]:/home/knoppix#

I'm not sure what you're asking here.

I was under the impression that framaroot 1.6.1 added "services" where other software could invoke it directly. So We don't need UI in this case. But I could be wrong.

I decompiled the apk content with apktool. It also gives you a disassembly of the classes.dex (where I change the load lib calls to use lib cpurple). You can use apktool to rebuild the apk again. In the apk in the previous post, I searched for all activity_frama and renamed them to main. So the files in that apk should be ok to merge with your messenger app.
The Following User Says Thank You to gekkekoe123 For This Useful Post: [ View ] Gift gekkekoe123 Ad-Free
 
 
27th October 2013, 09:55 PM |#102  
donaldta's Avatar
Senior Member
Thanks Meter: 461
 
Donate to Me
More
Quote:
Originally Posted by gekkekoe123

I've rebuild the framaroot 1.6.1 apk to point to main.xml and cpurplelib. Try to "merge" this apk with messenger.
I could not find any other activity_frama reference in the apk.

btw: because of the "Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]" errors, I had to erase the following files from your frama-modded.apk:
  • res/drawable-hdpi/ic_launcher.png
  • res/drawable-ldpi/ic_launcher.png
  • res/drawable-mdpi/ic_launcher.png
  • res/drawable-xhdpi/ic_launcher.png
Install:
Code:
10-27 13:04:34.471: D/AndroidRuntime(6230): >>>>>> AndroidRuntime START com.android.internal.os.RuntimeInit <<<<<<
10-27 13:04:34.471: D/AndroidRuntime(6230): CheckJNI is ON
10-27 13:04:35.030: D/AndroidRuntime(6230): Calling main entry com.android.commands.pm.Pm
10-27 13:04:35.190: D/dalvikvm(8063): GC_EXPLICIT freed 7K, 54% free 2546K/5511K, external 716K/1038K, paused 44ms
10-27 13:04:35.200: W/ActivityManager(63): No content provider found for: 
10-27 13:04:36.071: W/ActivityManager(63): No content provider found for: 
10-27 13:04:36.081: D/PackageParser(63): Scanning package: /data/app/vmdl930312314.tmp
10-27 13:04:36.920: D/dalvikvm(63): GC_CONCURRENT freed 1183K, 51% free 5427K/10887K, external 3459K/4106K, paused 5ms+6ms
10-27 13:04:37.130: D/PackageManager(63): Scanning package com.alephzain.framaroot
10-27 13:04:37.141: I/PackageManager(63): Unpacking native libraries for /data/app/com.alephzain.framaroot-1.apk
10-27 13:04:37.704: D/installd(35): DexInv: --- BEGIN '/data/app/com.alephzain.framaroot-1.apk' ---
10-27 13:04:37.891: D/dalvikvm(6239): DexOpt: load 28ms, verify+opt 65ms
10-27 13:04:37.900: D/installd(35): DexInv: --- END '/data/app/com.alephzain.framaroot-1.apk' (success) ---
10-27 13:04:37.900: D/PackageManager(63):   Activities: com.alephzain.framaroot.FramaActivity com.alephzain.framaroot.FramaAdbActivity
10-27 13:04:37.921: I/ActivityManager(63): Force stopping package com.alephzain.framaroot uid=10039
10-27 13:04:38.040: I/installd(35): move /data/dalvik-cache/[email protected]@[email protected] -> /data/dalvik-cache/[email protected]@[email protected]
10-27 13:04:38.040: D/PackageManager(63): New package installed in /data/app/com.alephzain.framaroot-1.apk
10-27 13:04:38.480: D/PackageAddedReceiver(13889): package added com.alephzain.framaroot
10-27 13:04:38.661: W/PackageManager(135): Failure retrieving icon 0x7f020000 in package com.alephzain.framaroot
10-27 13:04:38.661: W/PackageManager(135): android.content.res.Resources$NotFoundException: File res/drawable-mdpi/ic_launcher.png from drawable resource ID #0x7f020000
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.Resources.loadDrawable(Resources.java:1714)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.Resources.getDrawable(Resources.java:581)
10-27 13:04:38.661: W/PackageManager(135): 	at android.app.ContextImpl$ApplicationPackageManager.getDrawable(ContextImpl.java:2161)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.pm.PackageItemInfo.loadIcon(PackageItemInfo.java:140)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.pm.ComponentInfo.loadDefaultIcon(ComponentInfo.java:154)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.pm.PackageItemInfo.loadIcon(PackageItemInfo.java:145)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.IconCache.cacheLocked(IconCache.java:142)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.IconCache.getTitleAndIcon(IconCache.java:91)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.ApplicationInfo.<init>(ApplicationInfo.java:74)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.AllAppsList.addPackage(AllAppsList.java:95)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.LauncherModel$PackageUpdatedTask.run(LauncherModel.java:1207)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.Handler.handleCallback(Handler.java:587)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.Handler.dispatchMessage(Handler.java:92)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.Looper.loop(Looper.java:123)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.HandlerThread.run(HandlerThread.java:60)
10-27 13:04:38.661: W/PackageManager(135): Caused by: java.io.FileNotFoundException: res/drawable-mdpi/ic_launcher.png
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.AssetManager.openNonAssetNative(Native Method)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.AssetManager.openNonAsset(AssetManager.java:406)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.Resources.loadDrawable(Resources.java:1706)
10-27 13:04:38.661: W/PackageManager(135): 	... 14 more
10-27 13:04:38.811: D/dalvikvm(63): GC_EXPLICIT freed 1293K, 51% free 5434K/10887K, external 3459K/4106K, paused 143ms
10-27 13:04:38.891: D/AndroidRuntime(6230): Shutting down VM
Execute:
Code:
10-27 13:05:24.381: D/dalvikvm(13889): GC_EXPLICIT freed 68K, 48% free 3617K/6855K, external 716K/1038K, paused 60ms
10-27 13:05:27.960: I/ActivityManager(63): Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.alephzain.framaroot/.FramaActivity } from pid 135
10-27 13:05:28.182: I/ActivityManager(63): Start proc com.alephzain.framaroot for activity com.alephzain.framaroot/.FramaActivity: pid=6326 uid=10039 gids={1006}
10-27 13:05:28.941: D/dalvikvm(6326): Trying to load lib /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513078
10-27 13:05:29.040: D/dalvikvm(6326): Added shared lib /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513078
10-27 13:05:29.040: D/dalvikvm(6326): No JNI_OnLoad found in /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513078, skipping init
10-27 13:05:29.180: W/dalvikvm(6326): No implementation found for native Lcom/alephzain/framaroot/FramaActivity;.Check ()[Ljava/lang/String;
10-27 13:05:29.180: D/AndroidRuntime(6326): Shutting down VM
10-27 13:05:29.180: W/dalvikvm(6326): threadid=1: thread exiting with uncaught exception (group=0x40015560)
10-27 13:05:29.180: E/AndroidRuntime(6326): FATAL EXCEPTION: main
10-27 13:05:29.180: E/AndroidRuntime(6326): java.lang.UnsatisfiedLinkError: Check
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.alephzain.framaroot.FramaActivity.Check(Native Method)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.alephzain.framaroot.FramaActivity.onCreate(FramaActivity.java:23)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1047)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1611)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1663)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.access$1500(ActivityThread.java:117)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:931)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.os.Handler.dispatchMessage(Handler.java:99)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.os.Looper.loop(Looper.java:123)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.main(ActivityThread.java:3683)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at java.lang.reflect.Method.invokeNative(Native Method)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at java.lang.reflect.Method.invoke(Method.java:507)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:839)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at dalvik.system.NativeStart.main(Native Method)
10-27 13:05:29.192: W/ActivityManager(63):   Force finishing activity com.alephzain.framaroot/.FramaActivity
Looks like we're another step closer.

Quote:
Originally Posted by gekkekoe123

I was under the impression that framaroot 1.6.1 added "services" where other software could invoke it directly. So We don't need UI in this case. But I could be wrong.

Oh! You mean by activating it through the Activity Manager; like, "adb shell am start -n com.alephzain.framaroot/com.alephzain.framaroot.FramaAdbActivity --es exploit Gimli --ei action 0". I had forgotten about that, but on a working compatible system it does bring up the framaroot's UI on the device as if .the exploit was pressed.
The Following 2 Users Say Thank You to donaldta For This Useful Post: [ View ] Gift donaldta Ad-Free
27th October 2013, 09:58 PM |#103  
Senior Member
Thanks Meter: 104
 
More
Quote:
Originally Posted by donaldta

btw: because of the "Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]" errors, I had to erase the following files from your frama-modded.apk:

  • res/drawable-hdpi/ic_launcher.png
  • res/drawable-ldpi/ic_launcher.png
  • res/drawable-mdpi/ic_launcher.png
  • res/drawable-xhdpi/ic_launcher.png
Install:
Code:
10-27 13:04:34.471: D/AndroidRuntime(6230): >>>>>> AndroidRuntime START com.android.internal.os.RuntimeInit <<<<<<
10-27 13:04:34.471: D/AndroidRuntime(6230): CheckJNI is ON
10-27 13:04:35.030: D/AndroidRuntime(6230): Calling main entry com.android.commands.pm.Pm
10-27 13:04:35.190: D/dalvikvm(8063): GC_EXPLICIT freed 7K, 54% free 2546K/5511K, external 716K/1038K, paused 44ms
10-27 13:04:35.200: W/ActivityManager(63): No content provider found for: 
10-27 13:04:36.071: W/ActivityManager(63): No content provider found for: 
10-27 13:04:36.081: D/PackageParser(63): Scanning package: /data/app/vmdl930312314.tmp
10-27 13:04:36.920: D/dalvikvm(63): GC_CONCURRENT freed 1183K, 51% free 5427K/10887K, external 3459K/4106K, paused 5ms+6ms
10-27 13:04:37.130: D/PackageManager(63): Scanning package com.alephzain.framaroot
10-27 13:04:37.141: I/PackageManager(63): Unpacking native libraries for /data/app/com.alephzain.framaroot-1.apk
10-27 13:04:37.704: D/installd(35): DexInv: --- BEGIN '/data/app/com.alephzain.framaroot-1.apk' ---
10-27 13:04:37.891: D/dalvikvm(6239): DexOpt: load 28ms, verify+opt 65ms
10-27 13:04:37.900: D/installd(35): DexInv: --- END '/data/app/com.alephzain.framaroot-1.apk' (success) ---
10-27 13:04:37.900: D/PackageManager(63):   Activities: com.alephzain.framaroot.FramaActivity com.alephzain.framaroot.FramaAdbActivity
10-27 13:04:37.921: I/ActivityManager(63): Force stopping package com.alephzain.framaroot uid=10039
10-27 13:04:38.040: I/installd(35): move /data/dalvik-cache/[email protected]@[email protected] -> /data/dalvik-cache/[email protected]@[email protected]
10-27 13:04:38.040: D/PackageManager(63): New package installed in /data/app/com.alephzain.framaroot-1.apk
10-27 13:04:38.480: D/PackageAddedReceiver(13889): package added com.alephzain.framaroot
10-27 13:04:38.661: W/PackageManager(135): Failure retrieving icon 0x7f020000 in package com.alephzain.framaroot
10-27 13:04:38.661: W/PackageManager(135): android.content.res.Resources$NotFoundException: File res/drawable-mdpi/ic_launcher.png from drawable resource ID #0x7f020000
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.Resources.loadDrawable(Resources.java:1714)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.Resources.getDrawable(Resources.java:581)
10-27 13:04:38.661: W/PackageManager(135): 	at android.app.ContextImpl$ApplicationPackageManager.getDrawable(ContextImpl.java:2161)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.pm.PackageItemInfo.loadIcon(PackageItemInfo.java:140)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.pm.ComponentInfo.loadDefaultIcon(ComponentInfo.java:154)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.pm.PackageItemInfo.loadIcon(PackageItemInfo.java:145)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.IconCache.cacheLocked(IconCache.java:142)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.IconCache.getTitleAndIcon(IconCache.java:91)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.ApplicationInfo.<init>(ApplicationInfo.java:74)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.AllAppsList.addPackage(AllAppsList.java:95)
10-27 13:04:38.661: W/PackageManager(135): 	at com.android.launcher2.LauncherModel$PackageUpdatedTask.run(LauncherModel.java:1207)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.Handler.handleCallback(Handler.java:587)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.Handler.dispatchMessage(Handler.java:92)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.Looper.loop(Looper.java:123)
10-27 13:04:38.661: W/PackageManager(135): 	at android.os.HandlerThread.run(HandlerThread.java:60)
10-27 13:04:38.661: W/PackageManager(135): Caused by: java.io.FileNotFoundException: res/drawable-mdpi/ic_launcher.png
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.AssetManager.openNonAssetNative(Native Method)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.AssetManager.openNonAsset(AssetManager.java:406)
10-27 13:04:38.661: W/PackageManager(135): 	at android.content.res.Resources.loadDrawable(Resources.java:1706)
10-27 13:04:38.661: W/PackageManager(135): 	... 14 more
10-27 13:04:38.811: D/dalvikvm(63): GC_EXPLICIT freed 1293K, 51% free 5434K/10887K, external 3459K/4106K, paused 143ms
10-27 13:04:38.891: D/AndroidRuntime(6230): Shutting down VM
Execute:
Code:
10-27 13:05:24.381: D/dalvikvm(13889): GC_EXPLICIT freed 68K, 48% free 3617K/6855K, external 716K/1038K, paused 60ms
10-27 13:05:27.960: I/ActivityManager(63): Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.alephzain.framaroot/.FramaActivity } from pid 135
10-27 13:05:28.182: I/ActivityManager(63): Start proc com.alephzain.framaroot for activity com.alephzain.framaroot/.FramaActivity: pid=6326 uid=10039 gids={1006}
10-27 13:05:28.941: D/dalvikvm(6326): Trying to load lib /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513078
10-27 13:05:29.040: D/dalvikvm(6326): Added shared lib /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513078
10-27 13:05:29.040: D/dalvikvm(6326): No JNI_OnLoad found in /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513078, skipping init
10-27 13:05:29.180: W/dalvikvm(6326): No implementation found for native Lcom/alephzain/framaroot/FramaActivity;.Check ()[Ljava/lang/String;
10-27 13:05:29.180: D/AndroidRuntime(6326): Shutting down VM
10-27 13:05:29.180: W/dalvikvm(6326): threadid=1: thread exiting with uncaught exception (group=0x40015560)
10-27 13:05:29.180: E/AndroidRuntime(6326): FATAL EXCEPTION: main
10-27 13:05:29.180: E/AndroidRuntime(6326): java.lang.UnsatisfiedLinkError: Check
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.alephzain.framaroot.FramaActivity.Check(Native Method)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.alephzain.framaroot.FramaActivity.onCreate(FramaActivity.java:23)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1047)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1611)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1663)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.access$1500(ActivityThread.java:117)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:931)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.os.Handler.dispatchMessage(Handler.java:99)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.os.Looper.loop(Looper.java:123)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at android.app.ActivityThread.main(ActivityThread.java:3683)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at java.lang.reflect.Method.invokeNative(Native Method)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at java.lang.reflect.Method.invoke(Method.java:507)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:839)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597)
10-27 13:05:29.180: E/AndroidRuntime(6326): 	at dalvik.system.NativeStart.main(Native Method)
10-27 13:05:29.192: W/ActivityManager(63):   Force finishing activity com.alephzain.framaroot/.FramaActivity
Looks like we're another step closer.


Oh! You mean by activating it through the Activity Manager; like, "adb shell am start -n com.alephzain.framaroot/com.alephzain.framaroot.FramaAdbActivity --es exploit Gimli --ei action 0". I had forgotten about that, but on a working compatible system it does bring up the framaroot's UI on the device as if .the exploit was pressed.

Ok so we managed to get rid off the activity.xml error. This next error looks like a lib/compile error thing. But before we continue, it might be wise to wait for some SCT owners to actually test the messenger apk.
The Following 3 Users Say Thank You to gekkekoe123 For This Useful Post: [ View ] Gift gekkekoe123 Ad-Free
27th October 2013, 10:20 PM |#104  
donaldta's Avatar
Senior Member
Thanks Meter: 461
 
Donate to Me
More
Quote:
Originally Posted by gekkekoe123

Ok so we managed to get rid off the activity.xml error. This next error looks like a lib/compile error thing. But before we continue, it might be wise to wait for some SCT owners to actually test the messenger apk.

Agreed.

Incidentally, I tried using Activity Manager with the most recent version. It looks like more NDK errors.

Code:
C:\>adb shell am start -n com.alephzain.framaroot/com.alephzain.framaroot.FramaAdbActivity --es exploit Gimli --ei
 action 0
Starting: Intent { cmp=com.alephzain.framaroot/.FramaAdbActivity (has extras) }
[1]   Segmentation fault      am start -n com....

C:\>
Logcat:
Code:
10-27 13:50:18.041: D/AndroidRuntime(9648): >>>>>> AndroidRuntime START com.android.internal.os.RuntimeInit <<<<<<
10-27 13:50:18.041: D/AndroidRuntime(9648): CheckJNI is ON
10-27 13:50:18.861: D/AndroidRuntime(9648): Calling main entry com.android.commands.am.Am
10-27 13:50:18.961: I/ActivityManager(63): Starting: Intent { flg=0x10000000 cmp=com.alephzain.framaroot/.FramaAdbActivity (has extras) } from pid 9648
10-27 13:50:19.211: I/ActivityManager(63): Start proc com.alephzain.framaroot for activity com.alephzain.framaroot/.FramaAdbActivity: pid=9663 uid=10039 gids={1006}
10-27 13:50:19.222: D/AndroidRuntime(9648): Shutting down VM
10-27 13:50:19.281: D/dalvikvm(9648): GC_CONCURRENT freed 102K, 69% free 321K/1024K, external 0K/0K, paused 2ms+1ms
10-27 13:50:19.281: D/jdwp(9648): Got wake-up signal, bailing out of select
10-27 13:50:19.281: D/dalvikvm(9648): Debugger has detached; object registry had 1 entries
10-27 13:50:20.010: D/dalvikvm(9663): Trying to load lib /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513358
10-27 13:50:20.170: D/dalvikvm(9663): Added shared lib /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513358
10-27 13:50:20.170: D/dalvikvm(9663): No JNI_OnLoad found in /data/data/com.alephzain.framaroot/lib/libclibpurple.so 0x40513358, skipping init
10-27 13:50:20.211: W/dalvikvm(9663): No implementation found for native Lcom/alephzain/framaroot/FramaAdbActivity;.Check ()[Ljava/lang/String;
10-27 13:50:20.231: D/AndroidRuntime(9663): Shutting down VM
10-27 13:50:20.231: W/dalvikvm(9663): threadid=1: thread exiting with uncaught exception (group=0x40015560)
10-27 13:50:20.251: E/AndroidRuntime(9663): FATAL EXCEPTION: main
10-27 13:50:20.251: E/AndroidRuntime(9663): java.lang.UnsatisfiedLinkError: Check
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at com.alephzain.framaroot.FramaAdbActivity.Check(Native Method)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at com.alephzain.framaroot.FramaAdbActivity.onCreate(FramaAdbActivity.java:15)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1047)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1611)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1663)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.app.ActivityThread.access$1500(ActivityThread.java:117)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:931)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.os.Handler.dispatchMessage(Handler.java:99)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.os.Looper.loop(Looper.java:123)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at android.app.ActivityThread.main(ActivityThread.java:3683)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at java.lang.reflect.Method.invokeNative(Native Method)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at java.lang.reflect.Method.invoke(Method.java:507)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:839)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597)
10-27 13:50:20.251: E/AndroidRuntime(9663): 	at dalvik.system.NativeStart.main(Native Method)
10-27 13:50:20.251: W/ActivityManager(63):   Force finishing activity com.alephzain.framaroot/.FramaAdbActivity
And for reference, here's a copy of the most recent modified APK
The Following 3 Users Say Thank You to donaldta For This Useful Post: [ View ] Gift donaldta Ad-Free
27th October 2013, 10:28 PM |#105  
Member
Thanks Meter: 22
 
More
Thanks for your awesome work! I will try tomorrow morning before going to work, and will let you know afterwards. I really appreciate all the efforts!
28th October 2013, 04:05 AM |#106  
VSTmoTP2's Avatar
Junior Member
Thanks Meter: 1
 
More
Great work, hopefully you guys will get this system cracked... I just bought a 2014 XC60 but I held off on getting SCT due to some complaints of bugs and limited usability due to lack of apps. Your work could open up a whole world of possibilities for the Volvo SCT unit.
28th October 2013, 01:26 PM |#107  
Senior Member
Thanks Meter: 104
 
More
There might be even an easier way to obtain root.

Code:
1. download http://www.cydiaimpactor.com/
2. launch cydia impactor
3. select bridge option and enter ip : port of your sct
4. try one of the options.
if # drop SuperSU su to /system/xbin/su succeeds then you're done.
Else you could try to start telnetd and telnet to you device, you should also have root. (# start telnetd as root on port 22/# start telnetd as system on port 2222)

I think you need to enable usb debugging in the menu's. It's normally used with usb cable, but there's also a bridge option to do adb over ip.

if that doesn't work, we should be able to the option "echo ro.kernel.qemu=1 >/data/local.prop" since we're running android <= 4.0
see: http://www.saurik.com/id/17 , "Optaining root" section
28th October 2013, 04:59 PM |#108  
getiem's Avatar
Member
Thanks Meter: 46
 
Donate to Me
More
Quote:
Originally Posted by gekkekoe123

There might be even an easier way to obtain root.


if that doesn't work, we should be able to the option "echo ro.kernel.qemu=1 >/data/local.prop" since we're running android <= 4.0
see: http://www.saurik.com/id/17 , "Optaining root" section

Thanks for thinking with us. Some practical problems may arise:
SCT does not have a hardware button or menu option to reboot. I did not try the ADB command reboot yet, maybe it works. The system runs already when the car is started. I do not know when it shuts down, but it is said that it shuts down after 15 minutes of engine shutdown.
Second, at the moment we only have ADB over Wifi, so if the function to run ADB over Wifi does not come back after reboot, we're stuck.

I want to try getting root and have the functions, but I am using only known/ "safe" ways to get there. The car is not really mine (from my Work) and it is my daily tool for more then 5 hours, 6 days in the week. Just to let you know

I downloaded the new .apk with the messenger. Will try it tomorrow after lunch.
28th October 2013, 05:03 PM |#109  
Senior Member
Thanks Meter: 104
 
More
Quote:
Originally Posted by getiem

Thanks for thinking with us. Some practical problems may arise:
SCT does not have a hardware button or menu option to reboot. I did not try the ADB command reboot yet, maybe it works. The system runs already when the car is started. I do not know when it shuts down, but it is said that it shuts down after 15 minutes of engine shutdown.
Second, at the moment we only have ADB over Wifi, so if the function to run ADB over Wifi does not come back after reboot, we're stuck.

I want to try getting root and have the functions, but I am using only known/ "safe" ways to get there. The car is not really mine (from my Work) and it is my daily tool for more then 5 hours, 6 days in the week. Just to let you know

I downloaded the new .apk with the messenger. Will try it tomorrow after lunch.

The first option doesn't require a boot. only the latter. It forces adb to run as root. But understandable if the unit isn't yours.
The Following User Says Thank You to gekkekoe123 For This Useful Post: [ View ] Gift gekkekoe123 Ad-Free
28th October 2013, 10:17 PM |#110  
donaldta's Avatar
Senior Member
Thanks Meter: 461
 
Donate to Me
More
Quote:
Originally Posted by gekkekoe123

We should also be able to use bug http://www.saurik.com/id/18 to add arbitrary files to an org apk.

I tried the Java APK generator and used the the -b switch which makes the tool exploit bug# 9695860 that was mentioned in his previous blog entry. (We were originally using the bash script to exploit bug# 8219321)

The only caveat here was that I had to upgrade to JRE7.

Creation:
Code:
[email protected]:/home/knoppix# java -jar /usr/local/bin/AndroidMasterKeys.jar -b -a ASTEROID_Messenger_1.100.53.apk -z Framaroot-1.6.1.apk
[email protected]:/home/knoppix# ls -l
total 10029
-rw-r--r-- 1 knoppix knoppix 3248536 Oct 28 01:31 ASTEROID_Messenger_1.100.53.apk
drwxr-xr-x 2 knoppix knoppix      72 Oct 28 12:42 Desktop
drwx------ 9 knoppix knoppix     544 Oct 28 17:33 Downloads
drwxr-xr-x 5 root    root        192 Oct 28 01:48 frama-modded
-rw-r--r-- 1 knoppix knoppix  912017 Oct 27 21:37 frama-modded.apk
-rw-r--r-- 1 knoppix knoppix  929956 Oct 26 16:28 Framaroot-1.6.1.apk
-rw-r--r-- 1 knoppix knoppix  914291 Oct 28 00:38 Framaroot-1.6.1.zip
-rwxr-xr-x 1 knoppix knoppix    1158 Oct 26 16:20 masterkey.bash
-rw-r--r-- 1 root    root    4237292 Oct 28 17:03 MasterKeysModded-ASTEROID_Messenger_1.100.53.apk
[email protected]:/home/knoppix#
Install:

Code:
C:\>adb install apk\Masterkey\MasterKeysModded-ASTEROID_Messenger_1.100.53.apk
190 KB/s (4237292 bytes in 21.747s)
        pkg: /data/local/tmp/MasterKeysModded-ASTEROID_Messenger_1.100.53.apk
Success
C:\>
Logcat:

Code:
10-28 20:40:46.779: D/AndroidRuntime(9298): >>>>>> AndroidRuntime START com.android.internal.os.RuntimeInit <<<<<<
10-28 20:40:46.779: D/AndroidRuntime(9298): CheckJNI is ON
10-28 20:40:47.309: D/AndroidRuntime(9298): Calling main entry com.android.commands.pm.Pm
10-28 20:40:47.471: D/dalvikvm(554): GC_EXPLICIT freed 7K, 54% free 2546K/5511K, external 716K/1038K, paused 40ms
10-28 20:40:47.479: W/ActivityManager(61): No content provider found for: 
10-28 20:40:48.179: W/ActivityManager(61): No content provider found for: 
10-28 20:40:48.199: D/PackageParser(61): Scanning package: /data/app/vmdl-1575653462.tmp
10-28 20:40:48.449: D/PackageManager(61): Scanning package com.alephzain.framaroot
10-28 20:40:48.459: I/PackageManager(61): Unpacking native libraries for /data/app/com.alephzain.framaroot-1.apk
10-28 20:40:48.879: D/installd(35): DexInv: --- BEGIN '/data/app/com.alephzain.framaroot-1.apk' ---
10-28 20:40:49.049: D/dalvikvm(9313): DexOpt: load 26ms, verify+opt 66ms
10-28 20:40:49.059: D/installd(35): DexInv: --- END '/data/app/com.alephzain.framaroot-1.apk' (success) ---
10-28 20:40:49.059: D/PackageManager(61):   Activities: com.alephzain.framaroot.FramaActivity com.alephzain.framaroot.FramaAdbActivity
10-28 20:40:49.080: I/ActivityManager(61): Force stopping package com.alephzain.framaroot uid=10039
10-28 20:40:49.189: I/installd(35): move /data/dalvik-cache/[email protected]@[email protected] -> /data/dalvik-cache/[email protected]@[email protected]
10-28 20:40:49.189: D/PackageManager(61): New package installed in /data/app/com.alephzain.framaroot-1.apk
10-28 20:40:49.490: D/PackageAddedReceiver(202): package added com.alephzain.framaroot
10-28 20:40:49.809: D/dalvikvm(61): GC_EXPLICIT freed 1003K, 45% free 5087K/9223K, external 3307K/4129K, paused 99ms
10-28 20:40:49.869: D/AndroidRuntime(9298): Shutting down VM
10-28 20:40:49.879: D/dalvikvm(9298): GC_CONCURRENT freed 101K, 72% free 295K/1024K, external 0K/0K, paused 1ms+3ms
10-28 20:40:49.879: D/jdwp(9298): Got wake-up signal, bailing out of select
10-28 20:40:49.889: D/dalvikvm(9298): Debugger has detached; object registry had 1 entries
10-28 20:40:54.799: D/dalvikvm(693): GC_EXPLICIT freed 3K, 54% free 2539K/5511K, external 716K/1038K, paused 90ms
10-28 20:40:59.829: D/dalvikvm(240): GC_EXPLICIT freed 217K, 51% free 2899K/5895K, external 716K/1038K, paused 80ms
10-28 20:41:05.029: W/ProcessStats(61): Skipping unknown process pid 9401
10-28 20:41:05.029: W/ProcessStats(61): Skipping unknown process pid 9402
10-28 20:41:05.239: D/dalvikvm(254): GC_EXPLICIT freed 440K, 40% free 5398K/8967K, external 907K/1038K, paused 196ms
10-28 20:41:05.400: D/Finsky(254): [1] 5.onFinished: Installation state replication succeeded.
10-28 20:41:10.109: D/dalvikvm(554): GC_EXPLICIT freed 8K, 54% free 2543K/5511K, external 716K/1038K, paused 60ms
10-28 20:41:15.289: D/dalvikvm(202): GC_EXPLICIT freed 131K, 49% free 3151K/6151K, external 716K/1038K, paused 203ms
The application Framaroot showed up in the app drawer even with its customized icon.

Execute's Logcat:

Code:
10-28 20:42:10.739: I/ActivityManager(61): Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.alephzain.framaroot/.FramaActivity } from pid 128
10-28 20:42:10.959: I/ActivityManager(61): Start proc com.alephzain.framaroot for activity com.alephzain.framaroot/.FramaActivity: pid=9703 uid=10039 gids={1006}
10-28 20:42:11.649: D/dalvikvm(9703): Trying to load lib /data/data/com.alephzain.framaroot/lib/libframalib.so 0x40515258
10-28 20:42:11.749: D/dalvikvm(9703): Added shared lib /data/data/com.alephzain.framaroot/lib/libframalib.so 0x40515258
10-28 20:42:11.749: D/dalvikvm(9703): No JNI_OnLoad found in /data/data/com.alephzain.framaroot/lib/libframalib.so 0x40515258, skipping init
10-28 20:42:12.299: I/ActivityManager(61): Displayed com.alephzain.framaroot/.FramaActivity: +1s349ms
10-28 20:42:18.009: D/dalvikvm(128): GC_EXPLICIT freed 90K, 50% free 3093K/6087K, external 4600K/5687K, paused 82ms
10-28 20:42:22.849: W/InputManagerService(61): Window already focused, ignoring focus gain of: [email protected]
Activity Manager:

Code:
C:\>adb shell am start -n com.alephzain.framaroot/com.alephzain.framaroot.FramaAdbActivity --es exploit Gimli --ei action 0
Starting: Intent { cmp=com.alephzain.framaroot/.FramaAdbActivity (has extras) }

C:>
Logcat:

Code:
10-28 20:50:20.029: D/AndroidRuntime(12068): >>>>>> AndroidRuntime START com.android.internal.os.RuntimeInit <<<<<<
10-28 20:50:20.029: D/AndroidRuntime(12068): CheckJNI is ON
10-28 20:50:20.819: D/AndroidRuntime(12068): Calling main entry com.android.commands.am.Am
10-28 20:50:20.849: I/ActivityManager(61): Starting: Intent { flg=0x10000000 cmp=com.alephzain.framaroot/.FramaAdbActivity (has extras) } from pid 12068
10-28 20:50:20.899: D/AndroidRuntime(12068): Shutting down VM
10-28 20:50:20.909: D/dalvikvm(12068): GC_CONCURRENT freed 102K, 69% free 321K/1024K, external 0K/0K, paused 1ms+0ms
10-28 20:50:20.909: D/dalvikvm(12068): Debugger has detached; object registry had 1 entries
10-28 20:50:20.939: I/AndroidRuntime(12068): NOTE: attach of thread 'Binder Thread #3' failed
10-28 20:50:21.749: I/ActivityManager(61): Displayed com.alephzain.framaroot/.FramaAdbActivity: +883ms
Looks good, so far. We just need a guinea pig to test it out.
The Following User Says Thank You to donaldta For This Useful Post: [ View ] Gift donaldta Ad-Free
28th October 2013, 10:25 PM |#111  
Senior Member
Thanks Meter: 104
 
More
Looks good. But you should be able to use the wikango apk. The second bug lets you craft arbitrary images. The cydia impactor uses both methods, that should work as well. But adjust the wikango.apk and the SCT should be hacked

I could not get the other bug exploit working, but i'm not on jre 7 so that was the problem.
Post Reply Subscribe to Thread

Tags
car audio, sct, sensus connected touch, volvo

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes