Xposed - Legacy thread. Don't panic, Xposed is still here.

Status
Not open for further replies.
Search This thread

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,276
Last edited:

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,276
Thanks for the "thanks" everyone. :) I decided to create an installer first before looking into the other things. This way, I hope a few people can test whether it works on their device (see first post for the APK).

Some notes about this:

  • The installer holds the app_process executable and the XposedBridge.jar as assets and can install it to the correct locations (root permissions required!).
  • It will automatically create a backup of /system/bin/app_process at /system/bin/app_process.orig, which can be restored either via the app or via shell (e.g. adb, works in recovery as well).
  • I have only tested it on ICS (LPQ Stock). Honestly, I do not have the time to test it with anything below that. If somebody wants to do this, I can help you to get started with the code. app_process was not changed very often, so chances are rather good that it will work with only few changes.
  • The installer requires SDK15 (4.0.3) for the same reason.
  • Improvements for any part of the code are welcome! It should be easy to use for both users and developers.
  • (Un-)Installing the installer app alone does not change anything (at least not now). Please use the buttons inside the app.
The next step should now really be to load modules dynamically, I hope I can use standard installable APKs for that (although the framework will probably request enabling confirmation for technical and security reasons).
 
Last edited:

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,276
I hope that you make a apk that simplifies things for simple user like rom control in AOKP ;)

From what I read, Rom Control seems to be something like the Settings app for ROM-specific stuff? I am not so sure yet whether I want to implement generic settings in the framework.
Having a standard interface for setting loading/saving (like or using Android's Shared Preferences) would probably make sense. But the settings themself can be very different from module to module, so I would rather let those bring their own settings menus.

What I did though was to implement an installer. My idea how it should ideally work for end users:
  1. Install the Xposed Installer
  2. Click the "Install/Update" button in the installer
  3. Install one or more modules
  4. Configure the modules (if necessary)
  5. Have fun!

Where "install" would mean that you can download the app from the Play Store or a website and install it with the usual package manager. At least for steps 1 and 2, this is working already. For the others, I have to see. ;)
 

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,276
Dynamic module loading is implemented now as well. Modules are normal apps with a special metadata tag and an asset describing which classes to load. You can look at my modifications for examples how this works. I think it is quite simple to develop and use.

I feel that Xposed is quite stable right now. It should be very easy to install both the framework and the modules without any knowledge about modding.

Also for developers, creating a new module is not too complicated. If anyone wants to give it a try, I'm happy to help you getting started. I'm convinced that Xposed is great alternative to APK modifying, but it will not work without developers creating modules for it.

Speaking of modules, I have published one for the famous CRT off effect: http://forum.xda-developers.com/showthread.php?t=1583963
The source code is also available at Github. See how it has less than 40 lines (and only about 10 LOC)? I think that this is awesome!
 

Diliban

Senior Member
Jul 7, 2011
601
913
Bangalore, India
I was not able to install it as normal app hence pushed them to system/app using root explorer.

It works perfectly on XXLPS SENSATION ROM ICS V 3.2

Sent from my GT-I9100 using Tapatalk
 
Last edited:

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,537
11,593
OK you got me interested :)

What is currently holding me back is a lack of "documentation" about how to go about doing things...

Is there any reference info (even source code comments) that I should have a read of?

Or perhaps a little worked-through guide as to how you made the screen-off or red-clock one, complete with the "thinking" behind it all, just to learn the thought process.

This seems potentially hugely useful for me, just need to know what it can do!
 

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,276
I was not able to install it as normal app hence pushed them to system/app using root explorer.

Really? Oh. Did you get any error message? I assume you have allowed installation of non-market apps?


@pulser_g2: Feedback taken! Until now, I focused on bringing Xposed to a level where it is actually doing something useful for end-users.
As there are some steps that can not be documented easily in the source code (e.g. how you mark an app as Xposed module), I will recreate a tutorial how you can create the clock example. I will try to give many details not only what to do, but also how you can know that you need to do this.
 

intronauta

Senior Member
Aug 29, 2009
281
106
this is one of the most amazing projects made lately.

You are unleashed the best way to handle mods and possible some hacks.

very great work, robo89
 
Last edited:

aceofclubs

Senior Member
Oct 5, 2011
956
213
Great concepts mate. Very powerful.

Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.

----------------------
GTI9100 KK5
 

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,276
Wouldnt this also expose a device to malicious coders?

If a device has this implemented then is it possible that a simple theme could contain something nasty.

Not trying to stop progress of this project just throwing this out there for consideration.

This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.
 

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,537
11,593
This is an absolutely valid thought.

In a way: Yes, it is easier to do something malicious with this. With great power comes great risk. The thing is: How would you prevent that? I couldn't think of any way once a module has been loaded, because a) how do you identify something malicious and b) how can you block it when it could just circumvent the security measure taken?

So what I did was to require that you enable a newly installed module in the installer. This at least avoids that you install any normal app and it contains a hidden Xposed module.

And not trying to play this question down, but you could insert malicous code in a theme also when you post a new framework.jar or SystemUI.apk. You could just change the smali code, compile it and you have similar power. For example, modifiying the constructor of the Activity class would also get you into any app and you could as well do whatever you want. You wouldn't even find these modifications because of the hundreds of classes in the Android framework. In this point, Xposed modules are easier to check, because they will usually contain just one class with very few and short methods.

Or take Superuser. Yes, it is asking you every time whether you want to execute this command. But the command can as well be a script that could replace files as the root user. Same for the kernel. In any case, when you modify anything in your phone, there is a risk that it is malicous.

As I said, I'm not denying that there could be a misuse of this project. But I do not see a chance to prevent it without blocking even simple real-life modifications. If anybody has ideas, please let me know.

It is so refreshing to see someone take such a mature approach as this.

I greatly appreciate your time on that tutorial, and I will take a proper read through it while working it out myself later... (on vacation right now, this seems like a good thing to try if it rains :D)

Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/
 
  • Like
Reactions: pdz123

rovo89

Senior Recognized Developer
Jan 4, 2012
2,585
81,276
Regarding security, I guess you could add a way to protect WHAT was being edited... Such that your package needed to declare edit access to package X and Y, and if it doesn't have permission, it can't do it... This way, if I want to interfere in Gmail, the user must agree, and he/she will say "well... Why is my no battery sound tweak touching gmail?" But this obviously doesn't help for frameworks and services where they are all in the one file... :/

Maybe.. I could rather easily implement something in hookMethod that checks the method to be hooked against a whitelist defined in an asset in the module (which could of course contain wildcards). Then when you enable a module, I could display this whitelist, with a warning if it includes some very central classes/packages/methods (but how to create such a list?).

However, this cannot control the following:

  1. What you do inside the handling method. If you change anything in SystemUI (and that might be only the battery icon or the clock color), this method will be executed in the context of the SystemUI, which has a large set of Android standard permissions.
  2. Calling any methods of the framework and modifying any available variables, as this can be done via standard reflection.
  3. Basically anything that is not handled through XposedBridge, but using standard techniques.
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 638
    Xposed 2.4 beta1/beta2

    This is Xposed version 2.4 beta1. The main new features and fixes in this version are:
    • Support for Android 4.4 (KitKat)
    • Significant performance improvements of the framework
    • Viewer for the debug.log in the installer
    • Check in the installer whether Xposed is actually active and working

    First of all, I would like to thank the 45 people who donated to get me a Nexus 5, from a little "thanks" to huge amounts of money. I was really impressed and hope you like this update.

    In detail:
    Xposed should now fully support KitKat. As mentioned, that wouldn't have been possible at this time without your support.
    Modules should continue to work if they don't rely on AOSP internals that have changed in KitKat. One example: It seems that the battery icon is no longer an (animated) image, but a Java implementation. Obviously, any modules that try to replace the battery image will no longer work. The Xposed framework can't do anything here, the module needs to be rewritten. Therefore, if some of your modules don't work, please get in contact with the module author first. You will probably see an error in the new debug.log viewer in this case.
    Xposed isn't compatible with ART, I can't say yet whether it will be in the future (will require a major rewrite if possible at all). As you would get into a bootloop if you try to combine Xposed+ART, Xposed automatically resets the choice to "Dalvik". If you want to test ART, you must uninstall the framework.

    The performance improvements apply to the very core of Xposed, the method hooks, in all Android versions. In a test app developed by @exidler, the overhead per call used to be ~71 μs (= 0.071 ms) per call to a hooked method (with one empty callback handler) on my Galaxy S2. Now it's ~13 μs (= 0.013 ms). That's a relative improvement of factor ~5.5x. Thanks to @exidler for the research and several suggestions! I have sent a pre-beta to @kamso, who had reported lags with older versions. Now everything works fine for him. Anyway, I wouldn't say that Xposed had bad performance before. Keep in mind that we are talking about significantly less than a millisecond here.

    The debug.log viewer should give a quick impression whether Xposed and modules could be loaded fine. It also includes options to save the log to SD card (so it's easier to transfer it to a PC etc.) and send it via mail.

    The Xposed Installer now checks whether the latest version of the framework is active. If not (e.g. because it's not installed yet, you forgot to reboot or something in Xposed doesn't work), you will see a warning in the welcome screen and at the top of the module list.

    Finally, there were some other minor improvements and fixes and new/updated translations.


    Developers:
    As a reminder, please keep the debug.log clean. It's only helpful if it's not as spammed as logcat. You should only use XposedBridge.log() for error messages and other unexpected situations. If everything runs fine, it shouldn't write anything to the log. If you really need to keep some logging in published builds, please use either logcat or make it an opt-in options (i.e. disabled by default and the user enables it if he runs into problems).

    Apart from that, there was a little API change: https://github.com/rovo89/XposedBridge/commit/3c18f6f6bd4e0ec57898b3b3a79b5584d0396054
    I assume that very few modules use the "extra" field to transfer information between beforeHookedMethod() and afterHookedMethod(). If you do, simply replace it by getExtra().

    Layout inflation hooks now also work if the layout has been included in other layouts. That's actually a pretty tricky use-case for the "extra" parameter mentioned about (and other tricky technologies).

    If for some reason you need to determine the active XposedBridge version in your module, you can use XposedBridge.XPOSED_BRIDGE_VERSION.

    findMethodBestMatch() now also looks for protected and package-private methods in superclasses. That's mainly useful if you use the callMethod() or callStaticMethod() helper.

    UPDATE: (beta2)
    The new beta should fix the "read-only filesystem" errors. If you used to experience them, please try this version. Otherwise, there is no need (and no advantage) to update.

    UPDATE:
    The final version is out, please use it instead (see first post / in-app installer).
    479
    The ART of patience

    Regarding ART possibly becoming the default runtime engine: I think that's good news because it means that we will get a stable version of ART then. I'm reluctant to work further on ART support at the moment for mainly three reasons:

    1. Time. I used to spend every evening and every weekend for Xposed, either to give support here (often answering the same questions again and again), writing code or researching about bugs or new ideas. As you may have noticed, there are now days or even weeks where I don't even log on to XDA, and I'm actually glad about this.

    2. Experimental software is bound to contain bugs, even severe ones. There is a reason why Google didn't make this choice available for the typical user (and keep in mind, we are not typical users). I neither want people to blame Xposed if their phone starts acting up nor do I want to hunt bugs which are caused by a runtime engine that is explicitely labelled as not finished yet.

    3. As long as ART is experimental, it's much easier to make big changes to the code. Once a final version is out and used by the masses, quality engineers we be much more careful not to break things. That means that Xposed for ART on 4.5 (or whatever it will be called) might need to be completely different than for ART on 4.4. More variants means more time for maintenance. And I don't feel like pushing something out now just to drop support again in a later version. There is not enough benefit of using ART at the moment to justify that.

    You know, I had already worked on ART support and spent several dozens of hours reading the code, looking for ways to hijack it, implementing my ideas, doing trial and error and starting again from the beginning. I finally had my Nexus 5 boot with Xposed in early December and quickly tested the App Settings module. I'm happy about that, but I also know that this was just a very experimental version, less ready than ART itself. It is totally hacked together and only tested with the stock ROM. ART is quite complex and has several different modes. It's not worth giving the current development to someone else before I have tested these things on my phone, where I can debug much better than instructing someone else to do it. It also requires rewriting app_process to be a light executable again, which loads either the Dalvik or ART Xposed library, depending on your settings. That would require changes in the installer as well, etc. etc.

    So you see, there is still lots of work to do. At the moment, I'm not actively working on it, but trying to get some other things fixed (e.g. LG ROMs) or improved (installation via recovery, better installation feedback in case root access failed, static Busybox package). And as I said, I do have other things in my life as well. It's not about money, that's what I have my full-time job for. I work on Xposed for fun (and maybe a bit for the reputation ;)), so the best way to ensure that I keep on working on it is not taking away the fun part of it. Don't pressure me like it was my duty to implement something ASAP (!!!), be patient even if it takes a bit longer until I answer and join the volunteers who help answering basic questions here so I don't have to. Thanks!
    313
    General information on Xposed has been moved to this thread: http://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053
    The FAQ has been moved to this thread: http://forum.xda-developers.com/xposed/-t2735540
    Questions, suggestions, bug reports and so on can be posted in the Xposed General forum (for the installer/framework/development only) and in the Xposed Framework modules forum (for anything module-related).
    222
    Xposed Framework Installer (Flashable Zip)

    Announcement: Xposed Framework v2.5+ comes with an option to flash its own install zip via recovery, making my package obsolete. I'll leave them up for posterity; could be useful should the need arise for downgrading on some devices. Cheers all! 10000 downloads is pretty cool. :)

    Xposed Framework v2.2+ has fixed JB4.3 installation and v2.4+ has added support for KK4.4, but for those that still want it, or cannot install via the APK due to /system write protection like HTC's S-ON, here is an updated zip frontend method for installing the framework; now for Xposed Framework v2.4.1.

    You MUST have the Xposed Installer APK installed FIRST. The zip will detect if you do not and stop.

    Flash this in recovery and my frontend script (the update-binary) will detect the correct architecture and SDK version to use the appropriate Xposed app_process and busybox builds (x86, armv5, v6 and v7 & sdk 15 and 16+ supported), and should detect the uid of the Xposed Installer APK on-the-fly and set up the required files with it.

    It leaves a log behind in /data/local/tmp/xposed-log.txt either way with more details about how it went. :cool:

    It also unpacks Xposed-Disabler-Recovery.zip to /sdcard/ (or /sdcard/0/ if it exists) to be as close to the APK install method as possible. For those wanting another method to reactivate after a ROM update or toggle Xposed disabled/enabled, @amishxda has also created a cool "Xposed toggler" zip here.

    Note: Xposed Framework files and the install.sh used are the work of @rovo89 and @Tungstwenty; I have only created a recovery flashable zip to function as an alternative frontend for the framework installation process. I take no credit for their fantastic work.


    P.S. If you found this handy then please check out my Odds and Ends thread for more flashable goodness. :D

    5351 downloads of v2.1.4 when removed. 1049 downloads of v2.2 when removed.
    193
    Xposed 2.5 final

    This is Xposed version 2.5 (final). The main new features and fixes in this version are:
    • Rewritten framework installation/uninstallation
      • Uses interactive su (via libsuperuser) to provide improved compatibility with different Superuser apps
      • Better feedback when root access fails (doesn't freeze the app anymore)
      • Offers installation via custom recovery (CWM/TWRP), either flashing the file automatically or manually
    • Safemode to disable Xposed with hardware keys to get out of (most) bootloops
    • Compatibility with Sony/LG ROMs (4.3 and 4.4), Meizu ROMs (4.4)
    • Debug setting to disable resource hooking as a temporary workaround for incompatibilities with some theming engines (not all modules can be used in this mode)
    There are also other improvements and fixes, especially many translations updates.
    In case you get a message "Segmentation fault" during installation, you can now download an additional app which provides statically compiled versions of BusyBox (a lot bigger, but should work with every ROM). It's not needed otherwise.

    Quick explanation of the safemode: It was developed by @Tungstwenty and makes it possible to disable Xposed by repeatedly pressing one of the hardware buttons during early startup. The phone will vibrate twice when the first key press has been detected. Then you have five seconds to press the same button four more times. Each key press will be confirmed with a short vibration; the final one with a long vibration. It creates /data/data/de.robv.android.xposed.installer/conf/disabled, which prevents most of Xposed's actions (e.g. no hooks are made and no modules are loaded). There's no 100% guarantee that this will get you out of a bootloop, but in most cases it should.

    As always, you can download it via the in-app updater or from http://dl.xposed.info/latest.apk.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone