[MOD][GUIDE] Removing SysScope - Permanent "Official" Device Status [update 8-12-13]

[Aou]

[MOD][GUIDE] Removing SysScope - Permanent "Official" Device Status [update 8-12-13]

Notice (4/16/14): I'm no longer here. I've said "goodbye" to AT&T and their locked bootloader schemes. I'm voting with my wallet - I've sold my I337 and switched to T-Mobile. My apologies to the community, but you're now on your own here.

First and foremost, most of the credit goes to [email protected] and dwitherell for their hard work in this thread, and all the help they provided me to get this to work on the S4. Also some thanks to sicopat, with his instructions in this thread for deodexing APKs.

This guide will show you how to delete SysScope, and permanently alter your "Device Status" (Settings -> More -> About device -> Status -> Device Status) to be "Official". Futher, it will keep your boot logo to be the original "Galaxy S4" logo, and not the "Custom"/padlock logo. Before you begin, you will need to be sure that your device does not already show "Custom" - otherwise your boot logo will permanently be stuck showing the "Custom"/padlock. [Update 6-26-13: I've posted a method below that will allow you to restore your custom status temporarily before removing SysScope.] A couple more details about SysScope and how it works and what it is scanning for are in my old thread here.

Important Notes:

• This mod will make changes to your SecSettings.apk, so there is risk of borking your device. I am not responsible if you mess anything up on your device!
• This mod was performed on the AT&T Galaxy S4 (SGH-I337) with the latest OTA Update available at this time (I337UCUAMDL).
• This mod was performed on the STOCK UCUAMDL ROM. You might be able to make these same changes to other TW-based roms. Good luck.
• You must be rooted.
• It is highly advised to make a nandroid backup of your entire system/data before continuing. Seriously - go do it now.
• Your device must be in debugging mode (of course) and your ADB should be readily available (set in path, or dumped into your working folder). If you don't know what I'm talking about, you should probably stop now.

Prerequisites:

• You need java installed and working at the command prompt.
• You need smali and baksmali in your working directory. I used v1.4.2 of each. Here's some links: baksmali and smali.
• Basic ADB skills
• A good text editor, such as Notepad++. Even better, and good text comparison tool would be great to check your work (get a trial of Beyond Compare 3 maybe?). Originally, I used a comparison tool, but in the end found myself just making the edits in Notepad++.
• 7zip or some other compressing/deompressing tool that can add a file into an .apk file.
• Zip-Align (available in the SDK tools and other places around XDA) - technically optional, but probably a good idea
• Get all these things into a working folder, open your command prompt in that folder, test ADB, and then begin.

Added 6-26-13 - How to get "Official" status back before making it permanent:
If for some reason you already have a "custom" status, you can perform this lengthy, yet sure-fire method to get it back...

1. Install your favorite recovery by whatever means.
   • Personally, I like TWRP, and I install it using an ADB Shell:
     

     $ su
     # dd if=/sdcard/recoveryfilename.img of=/dev/block/mmcblk0p21

2. Make a nandroid backup of your device as it is now, just as a precaution.
3. Perform all the steps below to remove SysScope from your device (including the reboot at the end!). Note that this will not fix your "Custom"/padlock boot logo at this time.
4. Check to be sure SysScope gone by looking at Settings -> More -> About device -> Status -> Device status. It should say "Official".
5. Make another nandroid backup - this time you're making a backup of your system without SysScope inside of it.
6. Odin back to MDL stock. Personally, I recommend that you also backup your internal SD card to your computer before using the Odin-to-Stock. You might need to wipe your data to get the odin-to-stock to work correctly, which if done improperly, will wipe your SD card also.
7. After device boots fully, manually restart the phone again.
8. Watch to be sure boot logo is not the "custom"/padlock. If you'd like to be extra-sure your status is "Official", you can boot into Download/Odin mode again, and check the status there.
9. Run Motochopper, but DO NOT allow motochopper to restart the device!
   • Make sure motochopper reads "Success!". If it fails, just CLOSE the program and start it again. Do not press any key to reboot!
   • When motochopper says, "Exploit complete. Press enter to reboot and exit" - just close motochopper without pressing any keys!
   • Motochopper available here.
10. Install your favorite recovery again. Do not restart your phone at this time!
11. In the instructions to remove SysScope, repeat step #10 (the final step with all the shell commands) again to remove SysScope again.
    • Technically this step is optional, but it is needed if your facorite recovery doesn't format/restore the System partition when it restores nandroid backups. Better safe than sorry.
    • Regardless, we don't ever want to allow the phone to reboot into the normal System while SysScope still exists.
12. Restore the second nandroid backup you took, and reboot into System.

Main Instructions:

1. Pull a copy of entire contents of /system/framework folder "framework" in your current working folder.
   

   adb pull /system/framework/ ./framework/

2. Pull a copy of the SecSettings.apk and its .odex file
   

   adb pull /system/app/SecSettings.apk
   adb pull /system/app/SecSettings.odex

3. Deodex SecSettings.apk
   

   java -jar baksmali-1.4.2.jar -a 17 -x SecSettings.odex -d framework
   java -jar smali-1.4.2.jar ./out -o classes.dex

4. Decompile classes.dex
   

   java -jar baksmali-1.4.2.jar -a 17 -o .\classes_out classes.dex

5. Edit classes_out\com\android\settings\deviceinfo\Status.smali manually (using Notepad++). "Remove:" means to delete a line or remove a section entirely. "Change:" means to look at the original code, and make it look like the "to" part.
   
   
   Remove:
   

   .field private isSysScopeStatus:I

   Remove:
   

   .field private mSysScopeReceiver:Landroid/content/BroadcastReceiver;

   Remove:
   

       .line 264
       new-instance v0, Lcom/android/settings/deviceinfo/Status$2;
   
       invoke-direct {v0, p0}, Lcom/android/settings/deviceinfo/Status$2;-><init>(Lcom/android/settings/deviceinfo/Status;)V
   
       iput-object v0, p0, Lcom/android/settings/deviceinfo/Status;->mSysScopeReceiver:Landroid/content/BroadcastReceiver;

   Remove:
   

       .line 216
       const/4 v0, -0x1
   
       iput v0, p0, Lcom/android/settings/deviceinfo/Status;->isSysScopeStatus:I

   Remove:
   

   .method static synthetic access$402(Lcom/android/settings/deviceinfo/Status;I)I
       .registers 2
       .parameter "x0"
       .parameter "x1"
   
       .prologue
       .line 102
       iput p1, p0, Lcom/android/settings/deviceinfo/Status;->isSysScopeStatus:I
   
       return p1
   .end method
   
   .method static synthetic access$500(Lcom/android/settings/deviceinfo/Status;)V
       .registers 1
       .parameter "x0"
   
       .prologue
       .line 102
       invoke-direct {p0}, Lcom/android/settings/deviceinfo/Status;->changeSysScopeStatus()V
   
       return-void
   .end method

   Remove:
   

      .line 687
       iget-object v0, p0, Lcom/android/settings/deviceinfo/Status;->mSysScopeReceiver:Landroid/content/BroadcastReceiver;
   
       invoke-virtual {p0, v0}, Lcom/android/settings/deviceinfo/Status;->unregisterReceiver(Landroid/content/BroadcastReceiver;)V

   Remove:
   

      .line 657
       iget-object v1, p0, Lcom/android/settings/deviceinfo/Status;->mSysScopeReceiver:Landroid/content/BroadcastReceiver;
   
       new-instance v2, Landroid/content/IntentFilter;
   
       const-string v3, "com.sec.intent.action.SYSSCOPESTATUS"
   
       invoke-direct {v2, v3}, Landroid/content/IntentFilter;-><init>(Ljava/lang/String;)V
   
       invoke-virtual {p0, v1, v2}, Lcom/android/settings/deviceinfo/Status;->registerReceiver(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)Landroid/content/Intent;

   Change:
   

       .line 952
       const v1, 0x7f09013f

   to
   

       .line 952
       const v1, 0x7f09013d

   Change:
   

   .method private changeSysScopeStatus()V
       .registers 8
   
       .prologue
       const-wide/16 v3, 0x3e8
   
       const v6, 0x7f09013e
   
       const/4 v5, -0x1
   
       .line 956
       const-string v0, "sysscope_status"
   
       invoke-virtual {p0, v0}, Lcom/android/settings/deviceinfo/Status;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference;
   
       move-result-object v2
   
       .line 958
       invoke-static {}, Landroid/os/SystemClock;->uptimeMillis()J
   
       move-result-wide v0
   
       div-long/2addr v0, v3
   
       .line 959
       invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J
   
       move-result-wide v0
   
       div-long/2addr v0, v3
   
       .line 961
       const-wide/16 v3, 0x0
   
       cmp-long v3, v0, v3
   
       if-nez v3, :cond_1e
   
       .line 962
       const-wide/16 v0, 0x1
   
       .line 965
       :cond_1e
       iget v3, p0, Lcom/android/settings/deviceinfo/Status;->isSysScopeStatus:I
   
       if-ne v3, v5, :cond_30
   
       const-wide/16 v3, 0x78
   
       cmp-long v0, v0, v3
   
       if-lez v0, :cond_30
   
       .line 966
       invoke-virtual {p0, v6}, Lcom/android/settings/deviceinfo/Status;->getString(I)Ljava/lang/String;
   
       move-result-object v0
   
       .line 977
       :goto_2c
       invoke-virtual {v2, v0}, Landroid/preference/Preference;->setSummary(Ljava/lang/CharSequence;)V
   
       .line 978
       return-void
   
       .line 968
       :cond_30
       iget v0, p0, Lcom/android/settings/deviceinfo/Status;->isSysScopeStatus:I
   
       const/4 v1, 0x2
   
       if-ne v0, v1, :cond_3a
   
       .line 969
       invoke-virtual {p0, v6}, Lcom/android/settings/deviceinfo/Status;->getString(I)Ljava/lang/String;
   
       move-result-object v0
   
       goto :goto_2c
   
       .line 970
       :cond_3a
       iget v0, p0, Lcom/android/settings/deviceinfo/Status;->isSysScopeStatus:I
   
       if-ne v0, v5, :cond_46
   
       .line 971
      const v0, 0x7f09013f
   
       invoke-virtual {p0, v0}, Lcom/android/settings/deviceinfo/Status;->getString(I)Ljava/lang/String;
   
       move-result-object v0
   
       goto :goto_2c
   
       .line 973
       :cond_46
       const v0, 0x7f09013d
   
       invoke-virtual {p0, v0}, Lcom/android/settings/deviceinfo/Status;->getString(I)Ljava/lang/String;
   
       move-result-object v0
   
       goto :goto_2c
   .end method

   to
   

   .method private changeSysScopeStatus()V
       .registers 4
   
       .prologue
       const v1, 0x7f09013d
   
       .line 956
       const-string v0, "sysscope_status"
   
       invoke-virtual {p0, v0}, Lcom/android/settings/deviceinfo/Status;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference;
   
       move-result-object v2
   
       .line 966
       invoke-virtual {p0, v1}, Lcom/android/settings/deviceinfo/Status;->getString(I)Ljava/lang/String;
   
       move-result-object v0
   
       .line 977
       invoke-virtual {v2, v0}, Landroid/preference/Preference;->setSummary(Ljava/lang/CharSequence;)V
   
       .line 978
       return-void
   .end method

6. Recompile classes.dex
   

   java -jar smali-1.4.2.jar -a 17 .\classes_out -o classes.dex

7. Put classes.dex into SecSettings.apk. To do this, open SecSettings.apk in 7Zip, and drag/drop your new classes.dex into the root of SecSettings.apk. Save and close.
8. ZipAlign SecSettings.apk (optional, but advised)
   

   zipalign -v 4 SecSettings.apk zip_SecSettings.apk

9. Push it to the sdcard
   

   adb push zip_SecSettings.apk /sdcard/

10. Install! Use "adb shell" to begin, and use the following commands, one at a time:
    

    su
    mount -o rw,remount /system
    stop
    mv /system/app/SecSettings.apk /system/app/SecSettings.bak
    mv /system/app/SecSettings.odex /system/app/SecSettings.odexbak
    mv /system/app/SysScope.apk /system/app/SysScope.bak
    mv /system/app/EdmSysScopeService.apk /system/app/EdmSysScopeService.bak
    mv /system/app/EdmSysScopeService.odex /system/app/EdmSysScopeService.odexbak
    cp /sdcard/zip_SecSettings.apk /system/app/SecSettings.apk
    rm -r /data/dalvik-cache/*
    reboot

Added 8-12-13 - Flashable zips!
I've uploaded CWM/TWRP flashable zips for the SysScope mod for both MDL and MF3 firmware for the I337. Here are the download links:
mdl-remove-SysScope.zip (mirror)
mf3-remove-SysScope.zip (mirror)
The zip will do the following:

• Mount /system and /data
• Remove the following files (note that it doesn't make any backups):
  • /system/app/SecSettings.apk
  • /system/app/SecSettings.odex
  • /system/app/SysScope.apk
  • /system/app/EdmSysScopeService.apk
  • /system/app/EdmSysScopeService.odex
• Extracts the new SecSettings.apk into place
• Updates permissions on /system/app/SecSettings.apk to 0644
• Wipes dalvik cache
• Unmounts /system and /data

I'm not a Dev. Just a fellow XDA member, sharing some hard work with the rest of you. If this helped you out in any way, just hit the Thanks button.

To Devs: If you use this mod in your stock-based ROMs (if needed), it would be appreciated if you at least mention my name and/or [email protected] and dwitherell somewhere. Thanks. ^_^

 

[Aou]

Attached, you'll find a text copy of my I337UCUAMDL's Status.smali (rename to Status.smali if you want to use it directly). Good to compare against, or you can just skip to step 7 and place the attached classes.dex into your SecSettings.apk. Remember, these are for STOCK I337UCUAMDL only.

Update 8-13-13: I've also attached the Status.smali for MGA. Thanks to @Dean1650 for providing the original and testing it on his device.

 

[polish_pat]

OP i hope you dont mind i added your method to my thread that talks about this issue http://forum.xda-developers.com/showthread.php?t=2296014

Keep me posted if you have a problem with that and i'll take it down

P.S. i hotlinked to this thread, i didnt include instructions in mine

 

[dwitherell]

Nice write up! One small note - and the below quote is just an example snippet of the OP:

...
Deodex SecSettings.apk

java -jar baksmali-1.4.2.jar -a [b][i][u][color="red"]15[/b][/u][/i][/color] -x SecSettings.odex -d framework
java -jar smali-1.4.2.jar ./out -o classes.dex

Decompile classes.dex

java -jar baksmali-1.4.2.jar -a [b][i][u][color="red"]16[/b][/u][/i][/color] -o .\classes_out classes.dex

...

The values highlighted above are used to indicate the sdk version of whatever it is you are de/recompiling. Seeing as the stock S4 rom is android version 4.2.2 (at least I think it is, right?), this flag should actually be 17. Not sure it matters all that much in this case, but I just thought I'd point that out

 

[scott14719]

Attached, you'll find a text copy of my Status.smali (rename to Status.smali if you want to use it directly). Good to compare against, or you can just skip to step 7 and place the attached classes.dex into your SecSettings.apk. Remember, these are only for STOCK I337UCUAMDL only.

Great! How long until you get it into a flashable zip ? :laugh:

 

[iB4STiD]

edit..

woops .. thanks for the guide and hard work guys!!

 

[Aou]

OP i hope you dont mind i added your method to my thread that talks about this issue http://forum.xda-developers.com/showthread.php?t=2296014

Keep me posted if you have a problem with that and i'll take it down

P.S. i hotlinked to this thread, i didnt include instructions in mine

Not a problem at all! I'm not 100% sure that this will remove an existing custom boot screen. I'll look into this a bit more and get back to you.

Nice write up! One small note - and the below quote is just an example snippet of the OP:


The values highlighted above are used to indicate the sdk version of whatever it is you are de/recompiling. Seeing as the stock S4 rom is android version 4.2.2 (at least I think it is, right?), this flag should actually be 17. Not sure it matters all that much in this case, but I just thought I'd point that out

I will certainly look into this! It didn't seem to matter while compiling/decompiling in this case, but just in case there are side-effects, it's probably worth looking at.

Great! How long until you get it into a flashable zip ? :laugh:

Once I hear of enough positive reports, I'll look into this.

tried this on mdob.. didn't work.. thanks for the guide tho!!

It would be greatly helpful to me if you elaborated on what part didn't work? Also, it's possible that SecSettings.apk is different in MDOB.

 

[polish_pat]

Not a problem at all! I'm not 100% sure that this will remove an existing custom boot screen. I'll look into this a bit more and get back to you.

awesome, i've specified this in my thread, hopefully my thread will give you enough visibility people will try it out and report back to you

 

[iB4STiD]

Not a problem at all! I'm not 100% sure that this will remove an existing custom boot screen. I'll look into this a bit more and get back to you.



I will certainly look into this! It didn't seem to matter while compiling/decompiling in this case, but just in case there are side-effects, it's probably worth looking at.



Once I hear of enough positive reports, I'll look into this.



It would be greatly helpful to me if you elaborated on what part didn't work? Also, it's possible that SecSettings.apk is different in MDOB.

edit

my error.. nm!!

 

[shoman94]

Padlock on boot up was still there after r reboots, I edited secsettings from my ROM which is stock based off amdl

Sent from my SAMSUNG-SGH-I337 using Tapatalk 2

Didn't you read the op? It clearly states that if you already have the custom splash screen it won't work. This mod is to circumvent getting the custom screen. So you would have to go back to stock then use this.
This is my understanding of the op.

Sent from my SAMSUNG-SGH-I337 using Tapatalk 4 Beta

 

[iB4STiD]

Didn't you read the op? It clearly states that if you already have the custom splash screen it won't work. This mod is to circumvent getting the custom screen. So you would have to go back to stock then use this.
This is my understanding of the op.

Sent from my SAMSUNG-SGH-I337 using Tapatalk 4 Beta

did read it, but read it wrong i see.. :cyclops:

 

[ora282]

Nice job.

 

[Aou]

I've added a method to restore your "Official" status temporarily while you remove SysScope. Check it out in the OP.

Also, I did check on MDOB. Status.smali seems to be identical to stock, so this method in its entirety should work on MDOB.

 

[Aou]

Nice write up! One small note - and the below quote is just an example snippet of the OP:


The values highlighted above are used to indicate the sdk version of whatever it is you are de/recompiling. Seeing as the stock S4 rom is android version 4.2.2 (at least I think it is, right?), this flag should actually be 17. Not sure it matters all that much in this case, but I just thought I'd point that out

I've updated the OP to include API Level 17. It appears it doesn't really matter either way, but I've made the changes just to be safe. Thanks again for pointing these out. ^_^

 

[polish_pat]

has anybody just tried freezing sysscope with titanium backup?

 

[Aou]

has anybody just tried freezing sysscope with titanium backup?

Yup. If SysScope is missing or frozen, then SecSettings will automatically report that the system is Custom.

 

[igotroot]

Maybe it's just me...but The point of all this is to have the phone show Official, and not have a open padlock pop up upon reboot right?

Well, if you have a custom, rooted ROM, with lets say a custom boot animation, then it doesn't matter if the lock shows up or if your phone says custom..........but if this is for people that just want a straight stock rom with nothing added then I can see the point. On my stock rooted rom nandroid i had official, on my SHOstock ROM my phone now says custom. But i guess if I had a warranty issue I'd just odin it.

 

[scott14719]

Maybe it's just me...but The point of all this is to have the phone show Official, and not have a open padlock pop up upon reboot right?

Well, if you have a custom, rooted ROM, with lets say a custom boot animation, then it doesn't matter if the lock shows up or if your phone says custom..........but if this is for people that just want a straight stock rom with nothing added then I can see the point. On my stock rooted rom nandroid i had official, on my SHOstock ROM my phone now says custom. But i guess if I had a warranty issue I'd just odin it.

Everyone has their own reason, some just for looks, some for functionality (updates, warranty, and what-not), and others for other reasons. I just think it's none of Samsung's business what I decide to put on my phone or not.

 

[igotroot]

Everyone has their own reason, some just for looks, some for functionality (updates, warranty, and what-not), and others for other reasons. I just think it's none of Samsung's business what I decide to put on my phone or not.

Agreed.

 

[Dean1650]

Samsung must have read this thread. I didn't look at MF3, but the newer international releases they made major changes to status.smali.

sent using xda Premium