search

JesusFreke / smali

smali/baksmali
6.29k stars 1.07k forks source link

"boot-framework.oat" has no dex files #810

Closed anonymix007 closed 2 years ago

anonymix007 commented 3 years ago

I copied boot-framework.art,boot-framework.oat and boot-framework.vdex from Android 11 device. But baksmali list no dex in .oat and could not deodex them:

$ baksmali list dex boot-framework.oat
$ baksmali x boot-framework.oat
Exception in thread "main" java.lang.RuntimeException: "boot-framework.oat" has no dex files
    at org.jf.baksmali.DexInputCommand.loadDexFile(DexInputCommand.java:167)
    at org.jf.baksmali.DisassembleCommand.run(DisassembleCommand.java:162)
    at org.jf.baksmali.Main.main(Main.java:102)

What should be done to modify this file?

UPD: framework.zip

JesusFreke commented 3 years ago

On the Android 11 devices I've seen (only pixel devices), there is no need to deodex the framework. The dex files are stored as-is in the framework jar files.

anonymix007 commented 3 years ago

It's 1+ 7 pro, modifying only framework.jar gives bootloop, and I don't know why. I am trying to replace Activity.onWindowFocusChanged with modification to make all apps fullscreen by default: Modify it to:

.method public onWindowFocusChanged(Z)V
    .locals 2
    .param p1, "hasFocus"    # Z

    .line 4016
    invoke-virtual {p0}, Lru/kirddos/logictable/MainActivity;->getWindow()Landroid/view/Window;

    move-result-object v0

    const/16 v1, 0x400

    invoke-virtual {v0, v1, v1}, Landroid/view/Window;->setFlags(II)V

    return-void
.end method

$ baksmali d --api 30 -j 12 framework.jar/classes.dex Then patched file and assembled it: $ smali a --api 30 -j 12 --verbose out/ After that I copied original framework.jar, deleted classes.dex in it and replaced them with out.dex (renamed) Zipaligned and put it to /system/framework and got infinte loading: logcat_boot.txt framework.jar and framework.aligned_mod.jar are here But after restoring backed-up framework.jar boot procedure continues.

JesusFreke commented 3 years ago

If framework.jar has a classes.dex file, why are you trying to deodex anything? The point of deodexing is to recover the classes.dex file when it has been removed from the jar/apk and converted to an odex/oat/vdex/whatever. But if you already have the original classes.dex file, you don't need to deodex anything.

JesusFreke commented 3 years ago

I took a quick look at your 2 framework jars. It looks like smali or baksmali may be mangling the hidden api restriction flags at some point. I tried just disassembling and reassembling the original framework.jar without any modifications, and most/all of the hidden api restrictions seem to have been modified at some point during the round-trip.

I'll investigate more, and see if I can figure out where the problem is.

anonymix007 commented 3 years ago

I understand, but at first I tried using apktool. And jar from it gave errors something about loading boot-framework.oat, so I thought that I'll have to recompile them. EDIT: Error was "Failed to load boot image extension /system/framework/framework.jar: Failed to open oat file '/system/framework/arm/boot-framework.oat'" But still, is empty dex list expected (and why if so)? Also, should baksmali - smali give different from input file?

anonymix007 commented 3 years ago

@JesusFreke are there any updates?

xcorner21 commented 2 years ago

same error :( Have any update for it? @JesusFreke Every time smali with --api-level 29 option to work around when i recompile framework.jar without any modify, it create new framework.jar file that have half size of old framework.jar If I put back mod framework.jar, my device can not boot to android, stuck at boot animation.

xconer commented 2 years ago

@JesusFreke has any good news?

JesusFreke commented 2 years ago

This is probably fixed by https://github.com/JesusFreke/smali/pull/816

xconer commented 2 years ago

Hi @JesusFreke I tried #816 commit but this is not working!

I just recompile classes.dex in framework.jar It gave error: 'Unable to find class android/app/admin/SecurityLog$SecurityEvent'

The logcat here: logcat.txt

04-20 00:01:57.140 20598 20598 F libc : Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 20598 (main), pid 20598 (main) 04-20 00:01:57.168 20649 20649 F DEBUG : 04-20 00:01:57.168 20649 20649 F DEBUG : LineageOS Version: '17.1-20220214-UNOFFICIAL-starlte' 04-20 00:01:57.168 20649 20649 F DEBUG : Build fingerprint: 'samsung/starltexx/starlte:10/QP1A.190711.020/G960FXXU7DTAA:user/release-keys' 04-20 00:01:57.168 20649 20649 F DEBUG : Revision: '26' 04-20 00:01:57.168 20649 20649 F DEBUG : ABI: 'arm64' 04-20 00:01:57.169 20649 20649 F DEBUG : Timestamp: 2022-04-20 00:01:57+0700 04-20 00:01:57.169 20649 20649 F DEBUG : pid: 20598, tid: 20598, name: main >>> zygote64 <<< 04-20 00:01:57.169 20649 20649 F DEBUG : uid: 0 04-20 00:01:57.169 20649 20649 F DEBUG : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 04-20 00:01:57.169 20649 20649 F DEBUG : Abort message: 'Unable to find class android/app/admin/SecurityLog$SecurityEvent' 04-20 00:01:57.169 20649 20649 F DEBUG : x0 0000000000000000 x1 0000000000005076 x2 0000000000000006 x3 0000007fe6e8e8b0 04-20 00:01:57.169 20649 20649 F DEBUG : x4 0080000000000000 x5 0080000000000000 x6 0080000000000000 x7 0000000000008000 04-20 00:01:57.169 20649 20649 F DEBUG : x8 00000000000000f0 x9 000000768fc3b4a0 x10 0000000000000000 x11 0000000000000001 04-20 00:01:57.169 20649 20649 F DEBUG : x12 0000007fe6e8ea40 x13 0000000000000030 x14 ffffffffffffffff x15 000000000003926e 04-20 00:01:57.169 20649 20649 F DEBUG : x16 000000768fd088c0 x17 000000768fce6310 x18 000000769320e000 x19 00000000000000ac 04-20 00:01:57.169 20649 20649 F DEBUG : x20 0000000000005076 x21 00000000000000b2 x22 0000000000005076 x23 00000000ffffffff 04-20 00:01:57.169 20649 20649 F DEBUG : x24 0000007692015068 x25 000000769308c020 x26 0000007692034000 x27 431bde82d7b634db 04-20 00:01:57.169 20649 20649 F DEBUG : x28 0000000000000003 x29 0000007fe6e8e960 04-20 00:01:57.169 20649 20649 F DEBUG : sp 0000007fe6e8e890 lr 000000768fc99170 pc 000000768fc991a0 04-20 00:01:57.177 20649 20649 F DEBUG : 04-20 00:01:57.177 20649 20649 F DEBUG : backtrace: 04-20 00:01:57.177 20649 20649 F DEBUG : #00 pc 00000000000821a0 /apex/com.android.runtime/lib64/bionic/libc.so (abort+176) (BuildId: a5aa1dd8572ed64645c321b17b43e24d) 04-20 00:01:57.177 20649 20649 F DEBUG : #01 pc 0000000000008a74 /system/lib64/liblog.so (android_log_assert+324) (BuildId: 8c965f7a3c14a1799bc31f4b9a6fe159) 04-20 00:01:57.178 20649 20649 F DEBUG : #02 pc 00000000000d2924 /system/lib64/libandroid_runtime.so (android::register_android_app_admin_SecurityLog(_JNIEnv)+476) (BuildId: eac6993b3f0f3278ee5a7c283b740b10) 04-20 00:01:57.178 20649 20649 F DEBUG : #03 pc 00000000000c2658 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::startReg(_JNIEnv)+112) (BuildId: eac6993b3f0f3278ee5a7c283b740b10) 04-20 00:01:57.178 20649 20649 F DEBUG : #04 pc 00000000000c22dc /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector const&, bool)+364) (BuildId: eac6993b3f0f3278ee5a7c283b740b10) 04-20 00:01:57.178 20649 20649 F DEBUG : #05 pc 00000000000034e0 /system/bin/app_process64 (main+1168) (BuildId: f76426758d45e1a553be61a1caa503f7) 04-20 00:01:57.178 20649 20649 F DEBUG : #06 pc 000000000007d844 /apex/com.android.runtime/lib64/bionic/libc.so (libc_init+108) (BuildId: a5aa1dd8572ed64645c321b17b43e24d) 04-20 00:01:57.186 20599 20599 F : Unable to find class android/app/admin/SecurityLog$SecurityEvent 04-20 00:01:57.186 20599 20599 F libc : Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 20599 (main), pid 20599 (main) 04-20 00:01:57.286 20649 20649 E crash_dump64: unable to connect to activity manager: Connection refused 04-20 00:01:57.288 4223 4223 E /system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_00 04-20 00:01:57.294 20659 20659 F DEBUG : 04-20 00:01:57.294 20659 20659 F DEBUG : LineageOS Version: '17.1-20220214-UNOFFICIAL-starlte' 04-20 00:01:57.294 20659 20659 F DEBUG : Build fingerprint: 'samsung/starltexx/starlte:10/QP1A.190711.020/G960FXXU7DTAA:user/release-keys' 04-20 00:01:57.294 20659 20659 F DEBUG : Revision: '26' 04-20 00:01:57.294 20659 20659 F DEBUG : ABI: 'arm' 04-20 00:01:57.294 20659 20659 F DEBUG : Timestamp: 2022-04-20 00:01:57+0700 04-20 00:01:57.294 20659 20659 F DEBUG : pid: 20599, tid: 20599, name: main >>> zygote <<< 04-20 00:01:57.294 20659 20659 F DEBUG : uid: 0 04-20 00:01:57.294 20659 20659 F DEBUG : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 04-20 00:01:57.294 20659 20659 F DEBUG : Abort message: 'Unable to find class android/app/admin/SecurityLog$SecurityEvent' 04-20 00:01:57.294 20659 20659 F DEBUG : r0 00000000 r1 00005077 r2 00000006 r3 ffa49ac8 04-20 00:01:57.294 20659 20659 F DEBUG : r4 ffa49adc r5 ffa49ac0 r6 00005077 r7 0000016b 04-20 00:01:57.294 20659 20659 F DEBUG : r8 ffa49ad8 r9 ffa49ac8 r10 ffa49af8 r11 ffa49ae8 04-20 00:01:57.294 20659 20659 F DEBUG : ip 00005077 sp ffa49a98 lr e76212b3 pc e76212c6

The framework.jar file: framework.zip

Thank you so much!