• XDA Forums have been migrated to XenForo. We are aware of several issues including missing threads, logins not working, and more. To discuss, use this thread.
  • If you are experiencing issues logging in, we migrated and software and made it more secure. We recommend trying to reset your password.

Xposed - Legacy thread. Don't panic, Xposed is still here.

Status
Not open for further replies.

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,181
0
Last edited:

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,181
0
Thanks for the "thanks" everyone. :) I decided to create an installer first before looking into the other things. This way, I hope a few people can test whether it works on their device (see first post for the APK).

Some notes about this:

  • The installer holds the app_process executable and the XposedBridge.jar as assets and can install it to the correct locations (root permissions required!).
  • It will automatically create a backup of /system/bin/app_process at /system/bin/app_process.orig, which can be restored either via the app or via shell (e.g. adb, works in recovery as well).
  • I have only tested it on ICS (LPQ Stock). Honestly, I do not have the time to test it with anything below that. If somebody wants to do this, I can help you to get started with the code. app_process was not changed very often, so chances are rather good that it will work with only few changes.
  • The installer requires SDK15 (4.0.3) for the same reason.
  • Improvements for any part of the code are welcome! It should be easy to use for both users and developers.
  • (Un-)Installing the installer app alone does not change anything (at least not now). Please use the buttons inside the app.
The next step should now really be to load modules dynamically, I hope I can use standard installable APKs for that (although the framework will probably request enabling confirmation for technical and security reasons).
 
Last edited:

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,181
0
I hope that you make a apk that simplifies things for simple user like rom control in AOKP ;)
From what I read, Rom Control seems to be something like the Settings app for ROM-specific stuff? I am not so sure yet whether I want to implement generic settings in the framework.
Having a standard interface for setting loading/saving (like or using Android's Shared Preferences) would probably make sense. But the settings themself can be very different from module to module, so I would rather let those bring their own settings menus.

What I did though was to implement an installer. My idea how it should ideally work for end users:
  1. Install the Xposed Installer
  2. Click the "Install/Update" button in the installer
  3. Install one or more modules
  4. Configure the modules (if necessary)
  5. Have fun!

Where "install" would mean that you can download the app from the Play Store or a website and install it with the usual package manager. At least for steps 1 and 2, this is working already. For the others, I have to see. ;)
 

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,181
0
Dynamic module loading is implemented now as well. Modules are normal apps with a special metadata tag and an asset describing which classes to load. You can look at my modifications for examples how this works. I think it is quite simple to develop and use.

I feel that Xposed is quite stable right now. It should be very easy to install both the framework and the modules without any knowledge about modding.

Also for developers, creating a new module is not too complicated. If anyone wants to give it a try, I'm happy to help you getting started. I'm convinced that Xposed is great alternative to APK modifying, but it will not work without developers creating modules for it.

Speaking of modules, I have published one for the famous CRT off effect: http://forum.xda-developers.com/showthread.php?t=1583963
The source code is also available at Github. See how it has less than 40 lines (and only about 10 LOC)? I think that this is awesome!
 

Diliban

New member
Jul 7, 2011
601
913
0
Bangalore, India
I was not able to install it as normal app hence pushed them to system/app using root explorer.

It works perfectly on XXLPS SENSATION ROM ICS V 3.2

Sent from my GT-I9100 using Tapatalk
 
Last edited:

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,538
11,594
0
OK you got me interested :)

What is currently holding me back is a lack of "documentation" about how to go about doing things...

Is there any reference info (even source code comments) that I should have a read of?

Or perhaps a little worked-through guide as to how you made the screen-off or red-clock one, complete with the "thinking" behind it all, just to learn the thought process.

This seems potentially hugely useful for me, just need to know what it can do!
 

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,181
0
I was not able to install it as normal app hence pushed them to system/app using root explorer.
Really? Oh. Did you get any error message? I assume you have allowed installation of non-market apps?


@pulser_g2: Feedback taken! Until now, I focused on bringing Xposed to a level where it is actually doing something useful for end-users.
As there are some steps that can not be documented easily in the source code (e.g. how you mark an app as Xposed module), I will recreate a tutorial how you can create the clock example. I will try to give many details not only what to do, but also how you can know that you need to do this.
 

intronauta

New member
Aug 29, 2009
281
106
0
this is one of the most amazing projects made lately.

You are unleashed the best way to handle mods and possible some hacks.

very great work, robo89
 
Last edited:

aceofclubs

New member
Oct 5, 2011
956
213
0
Great concepts mate. Very powerful.

Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.

----------------------
GTI9100 KK5
 

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,181
0
Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.
This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
 

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,538
11,594
0
This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
It is so refreshing to see someone take such a mature approach as this.

I greatly appreciate your time on that tutorial, and I will take a proper read through it while working it out myself later... (on vacation right now, this seems like a good thing to try if it rains :D)

Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/
 
  • Like
Reactions: pdz123

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,181
0
Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/
Maybe.. I could rather easily implement something in hookMethod that checks the method to be hooked against a whitelist defined in an asset in the module (which could of course contain wildcards). Then when you enable a module, I could display this whitelist, with a warning if it includes some very central classes/packages/methods (but how to create such a list?).

However, this cannot control the following:

  1. What you do inside the handling method. If you change anything in SystemUI (and that might be only the battery icon or the clock color), this method will be executed in the context of the SystemUI, which has a large set of Android standard permissions.
  2. Calling any methods of the framework and modifying any available variables, as this can be done via standard reflection.
  3. Basically anything that is not handled through XposedBridge, but using standard techniques.
 

Brotuck

Senior Member
Dec 22, 2010
2,039
670
113
Rotterdam
Wanted to install the framework, but i am getting:

sh: /data/data/de.robv.android.xposed.installer/cache/install.sh: no such file or directory


What am i doing wrong ?:)
 
  • Like
Reactions: micmaccc
Status
Not open for further replies.
Our Apps
Get our official app! (coming soon)
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone