Closed MlgmXyysd closed 10 months ago
Thanks for the information. Can you upload /linkerconfig/ld.config.txt
of your system? Also can you find the app_process binary? (Usually it is /system/bin/app_process64
.)
Thanks for the information. Can you upload
/linkerconfig/ld.config.txt
of your system? Also can you find the app_process binary? (Usually it is/system/bin/app_process64
.)
Here you are. MlgmXyysd.zip
So you did find those in your /system/bin
? I am not entirely sure what is wrong. Can you maybe try this test apk and see if it prints Hello World after granting root? https://file.io/tBO0at9JtYnn
So you did find those in your
/system/bin
? I am not entirely sure what is wrong. Can you maybe try this test apk and see if it prints Hello World after granting root? https://file.io/tBO0at9JtYnn
Yes, they are in /system/bin
09-06 16:23:57.898 17522 17522 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.
09-06 16:23:57.955 17522 17522 E ootkotlinx.demo: Invalid ID 0x00000000.
09-06 16:23:58.003 17557 17557 F linker : CANNOT LINK EXECUTABLE "/proc/17522/exe": library "libnativeloader.so" not found: needed by main executable
09-06 16:23:58.005 17522 17554 E RootServer: CANNOT LINK EXECUTABLE "/proc/17522/exe": library "libnativeloader.so" not found: needed by main executable
09-06 16:23:58.005 17522 17554 E RootServer:
That shouldn't happen. Can you check if there are other warning logs before that?
Also what is your Linux kernel version?
That shouldn't happen. Can you check if there are other warning logs before that?
All logs here
09-07 01:45:39.752 14013 14013 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.
09-07 01:45:39.775 1104 1168 E UxUtility: notifyAppState error = NULL
09-07 01:45:39.792 1118 1413 W AudioPolicyManagerCustomImpl: [MTK_APM_Route]setOutputDevices() mIoHandle 29 mId 7 device (0x2)(0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x4000, 0x4000000) delayMs 84 force 0 size 5
09-07 01:45:39.811 14013 14061 E QT : [QT]file does not exist
09-07 01:45:39.822 14013 14013 E ootkotlinx.demo: Invalid ID 0x00000000.
09-07 01:45:39.870 14067 14067 F linker : CANNOT LINK EXECUTABLE "/proc/14013/exe": library "libnativeloader.so" not found: needed by main executable
09-07 01:45:39.871 14013 14064 E RootServer: CANNOT LINK EXECUTABLE "/proc/14013/exe": library "libnativeloader.so" not found: needed by main executable
09-07 01:45:39.871 14013 14064 E RootServer:
09-07 01:45:39.893 2513 2759 W WindowManager: Changing focus from null to Window{4247ff9 u0 be.mygod.librootkotlinx.demo/be.mygod.librootkotlinx.demo.MainActivity} displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 01:45:39.898 1129 1192 W ServiceManager: Permission failure: android.permission.ACCESS_SURFACE_FLINGER from uid=10410 pid=0
09-07 01:45:39.898 14013 14013 E FBI : Can't load library: dlopen failed: library "libmagtsync.so" not found
09-07 01:45:39.899 1129 1192 W ServiceManager: Permission failure: android.permission.ROTATE_SURFACE_FLINGER from uid=10410 pid=0
09-07 01:45:39.899 1129 1192 W ServiceManager: Permission failure: android.permission.INTERNAL_SYSTEM_WINDOW from uid=10410 pid=0
09-07 01:45:39.899 1129 2960 W ServiceManager: Permission failure: android.permission.INTERNAL_SYSTEM_WINDOW from uid=10410 pid=14013
09-07 01:45:39.916 1129 2960 E HWComposer: getSupportedContentTypes: getSupportedContentTypes failed for display 0: Unsupported (8)
09-07 01:45:39.932 2513 2552 W System : A resource failed to call release.
09-07 01:45:39.958 14013 14058 W Parcel : Expecting binder but got null!
09-07 01:45:39.959 14013 14013 W System.err: be.mygod.librootkotlinx.RootServer$LaunchException: Failed to launch root daemon
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.doInit(RootServer.kt:169)
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.access$doInit(RootServer.kt:20)
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer$init$2.invokeSuspend(RootServer.kt:221)
09-07 01:45:39.959 14013 14013 W System.err: at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)
09-07 01:45:39.959 14013 14013 W System.err: Caused by: java.io.EOFException
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.lookForToken(RootServer.kt:125)
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.doInit(RootServer.kt:167)
09-07 01:45:39.959 14013 14013 W System.err: ... 10 more
09-07 01:45:40.244 2513 2513 W AccessibilityManagerService: wait for adding window timeout: 55
09-07 01:45:40.439 2513 2759 W InputManager-JNI: Input channel object '736c5de Splash Screen be.mygod.librootkotlinx.demo (client)' was disposed without first being removed with the input manager!
I am looking for logs before that. Anything?
I am looking for logs before that. Anything?
only WindowManager before that
09-07 02:44:54.867 2513 4965 W WindowManager: Changing focus from Window{f265a96 u0 com.android.launcher3/com.android.searchlauncher.SearchLauncher} to null displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 02:44:54.877 3024 3099 W Parcel : Expecting binder but got null!
09-07 02:44:54.884 6104 6104 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.
Okay thanks a lot for your help! Can you try this apk and see logs? https://file.io/bB1B58WhlfDc https://file.io/qhpDTG65oxON
Okay thanks a lot for your help! Can you try this apk and see logs? ~https://file.io/bB1B58WhlfDc~ https://file.io/qhpDTG65oxON
I saw Got result from root: 0 Hello, World
in app.
09-07 04:31:37.486 2496 7679 W WindowManager: Changing focus from Window{6b4bd5a u0 com.android.launcher3/com.android.searchlauncher.SearchLauncher} to null displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 04:31:37.496 2993 3073 W Parcel : Expecting binder but got null!
09-07 04:31:37.500 3707 3707 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.
09-07 04:31:37.521 1118 1173 E UxUtility: notifyAppState error = NULL
09-07 04:31:37.540 1124 1396 W AudioPolicyManagerCustomImpl: [MTK_APM_Route]setOutputDevices() mIoHandle 29 mId 7 device (0x2)(0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x4000, 0x4000000) delayMs 84 force 0 size 5
09-07 04:31:37.557 3707 3740 E QT : [QT]file does not exist
09-07 04:31:37.565 3707 3707 E ootkotlinx.demo: Invalid ID 0x00000000.
09-07 04:31:37.609 3707 3744 W TEST ME : /proc/3707/exe
09-07 04:31:37.633 2496 2954 W WindowManager: Changing focus from null to Window{17ecf34 u0 be.mygod.librootkotlinx.demo/be.mygod.librootkotlinx.demo.MainActivity} displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 04:31:37.640 3707 3707 E FBI : Can't load library: dlopen failed: library "libmagtsync.so" not found
09-07 04:31:37.656 1131 1321 E HWComposer: getSupportedContentTypes: getSupportedContentTypes failed for display 0: Unsupported (8)
09-07 04:31:37.673 3707 3738 W Parcel : Expecting binder but got null!
09-07 04:31:37.699 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.706 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes2.dex!classes2.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.712 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes3.dex!classes3.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.721 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes4.dex!classes4.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.733 3746 3746 E be.mygod.librootkotlinx.demo:root: Error reading named image component header for /data/misc/apexdata/com.android.art/dalvik-cache/boot.art, error: Failed to open oat file '/data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat' when validating it for image '/data/misc/apexdata/com.android.art/dalvik-cache/boot.art': In oat file '/data/misc/apexdata/com.android.art/dalvik-cache/boot.oat', dex file checksum 0x380098a2 does not match checksum 0xaaaa9f90 of external dex file '/system/framework/framework.jar'
09-07 04:31:37.753 3767 3767 W dex2oat64: Mismatch between dex2oat instruction set features to use (ISA: Arm64 Feature string: -a53,crc,lse,fp16,dotprod,-sve) and those from CPP defines (ISA: Arm64 Feature string: -a53,-crc,-lse,-fp16,-dotprod,-sve) for the command line:
09-07 04:31:37.753 3767 3767 W dex2oat64: /apex/com.android.art/bin/dex2oat64 --runtime-arg -Xbootclasspath:/apex/com.android.art/javalib/core-oj.jar:/apex/com.android.art/javalib/core-libart.jar:/apex/com.android.art/javalib/okhttp.jar:/apex/com.android.art/javalib/bouncycastle.jar:/apex/com.android.art/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/mediatek-telephony-base.jar:/system/framework/mediatek-telephony-common.jar:/system/framework/mediatek-carrier-config-manager.jar:/system/framework/mediatek-common.jar:/system/framework/mediatek-framework.jar:/system/framework/mediatek-ims-common.jar:/system/framework/mediatek-ims-base.jar:/system/framework/mediatek-telecom-common.jar:/system/framework/OPCommonTelephony.jar:/apex/com.android.i18n/javalib/core-icu4j.jar --runtime-arg -Xbootclasspath-locations:/apex/com.android.art/javalib/core-oj.jar:/apex/com.android.art/javalib/core-libart.jar:/apex/com.android.art/javalib/okhttp.jar:/apex/com.android.art/javalib/bouncycastle.jar:/apex/com.android.art/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/mediatek-telephony-base.jar:/system/framework/mediatek-telephony-common.jar:/system/framework/mediatek-carrier-config-manager.jar:/system/framework/mediatek-common.jar:/system/framework/mediatek-framework.jar:/system/framework/mediatek-ims-common.jar:/system/framework/mediatek-ims-base.jar:/system/framework/mediatek-telecom-common.jar:/system/framework/OPCommonTelephony.jar:/apex/com.android.i18n/javalib/core-icu4j.jar --base=0x70000000 --dex-file=/apex/com.android.art/javalib/core-oj.jar --dex-location=/apex/com.android.art/javalib/core-oj.jar --dex-file=/apex/com.android.art/javalib/core-libart.jar --dex-location=/apex/com.android.art/javalib/core-libart.jar --dex-file=/apex/com.android.art/javalib/okhttp.jar --dex-location=/apex/com.android.art/javalib/okhttp.jar --dex-file=/apex/com.android.art/javalib/bouncycastle.jar --dex-location=/apex/com.android.art/javalib/bouncycastle.jar --dex-file=/apex/com.android.art/javalib/apache-xml.jar --dex-location=/apex/com.android.art/javalib/apache-xml.jar --dex-file=/system/framework/framework.jar --dex-location=/system/framework/framework.jar --dex-file=/system/framework/framework-graphics.jar --dex-location=/system/framework/framework-graphics.jar --dex-file=/system/framework/ext.jar --dex-location=/system/framework/ext.jar --dex-file=/system/framework/telephony-common.jar --dex-location=/system/framework/telephony-common.jar --dex-file=/system/framework/voip-common.jar --dex-location=/system/framework/voip-common.jar --dex-file=/system/framework/ims-common.jar --dex-location=/system/framework/ims-common.jar --dex-file=/system/framework/mediatek-telephony-base.jar --dex-location=/system/framework/mediatek-telephony-base.jar --dex-file=/system/framework/mediatek-telephony-common.jar --dex-location=/system/framework/mediatek-telephony-common.jar --dex-file=/system/framework/mediatek-carrier-config-manager.jar --dex-location=/system/framework/mediatek-carrier-config-manager.jar --dex-file=/system/framework/mediatek-common.jar --dex-location=/system/framework/mediatek-common.jar --dex-file=/system/framework/mediatek-framework.jar --dex-location=/system/framework/mediatek-framework.jar --dex-file=/system/framework/mediatek-ims-common.jar --dex-location=/system/framework/mediatek-ims-common.jar --dex-file=/system/framework/mediatek-ims-base.jar --dex-location=/system/framework/mediatek-ims-base.jar --dex-file=/system/framework/mediatek-telecom-common.jar --dex-location=/system/framework/mediatek-telecom-common.jar --dex-file=/system/framework/OPCommonTelephony.jar --dex-location=/system/framework/OPCommonTelephony.jar --dex-file=/apex/com.android.i18n/ja
09-07 04:31:37.993 2496 2496 W AccessibilityManagerService: wait for adding window timeout: 45
09-07 04:31:38.157 2496 2954 W InputManager-JNI: Input channel object 'd3c3bc3 Splash Screen be.mygod.librootkotlinx.demo (client)' was disposed without first being removed with the input manager!
(framework.jar modified)
09-07 04:31:37.609 3707 3744 W TEST ME : /proc/3707/exe
Thanks! It looks like the symlink /proc/<pid>/exe
is somehow not being properly resolved to /system/bin/app_process64
. Perhaps a kernel bug? I will write a workaround.
Working after replace classes in be.mygod.librootkotlinx
demo to VPNHotspot
😂 You are really impatient, aren't you?
What modifications did you do to framework.jar? Did you change anything in java.io
?
What modifications did you do to framework.jar? Did you change anything in
java.io
?
Something about disable signature check
android.content.pm.ApplicationInfo
android.content.pm.PackageParser
android.content.pm.PackageParser$SigningDetails
android.content.pm.SigningDetails
android.content.res.AssetManager
android.util.apk.ApkSignatureVerifier
android.util.jar.StrictJarVerifier
android.util.apk.ApkSignatureSchemeV2Verifier
android.util.apk.ApkSignatureSchemeV3Verifier
android.util.apk.ApkSigningBlockUtils
android.util.apk.ApkSignatureVerifier
09-07 04:31:37.609 3707 3744 W TEST ME : /proc/3707/exe
Perhaps a kernel bug?
If you found something about kernel, let me know and I'll try to fix them
Can you check and see if /proc/<pid>/exe
is a proper symlink, for any Android app_process (either the demo app or the VPN Hotspot app)? Are you using a third-party kernel?
Normally File("/proc/self/exe").canonicalPath
(in Kotlin) should return /system/bin/app_process64
.
Can you check and see if
/proc/<pid>/exe
is a proper symlink, for any Android app_process (either the demo app or the VPN Hotspot app)? Are you using a third-party kernel?
# ps -ef | grep be.mygod.vpnhotspot
u0_a271 16868 1058 6 19:10 ? 00:00:01 be.mygod.vpnhotspot
root 16930 16868 4 19:10 ? 00:00:00 be.mygod.vpnhotspot:root
# ls -laZ /proc/16868/exe
lrwxrwxrwx 1 root root u:r:untrusted_app:s0:c15,c257,c512,c768 0 2023-09-07 05:19 exe -> /bin/app_process64
# ls -laZ /proc/16930/exe
lrwxrwxrwx 1 root root u:r:su:s0 0 2023-09-07 05:19 exe -> /system/bin/app_process64
# ls -laZ /bin
lrw-r--r-- 1 root root u:object_r:rootfs:s0 11 2009-01-01 08:00 /bin -> /system/bin
kernel is https://github.com/Mygod/VPNHotspot/issues/504#issuecomment-1708836658
Partition system
has been mounted as overlay fs by Pure Mount Script. Is this going to have an impact?
Can you do realpath /proc/<pid>/exe
? What does that print?
Can you do
realpath /proc/<pid>/exe
? What does that print?
# ps -ef | grep vpnhotspot
u0_a271 16868 1058 0 05:19:10 ? 00:00:02 be.mygod.vpnhotspot
root 20028 16868 1 05:34:13 ? 00:00:00 be.mygod.vpnhotspot:root
# realpath /proc/16868/exe
/system/bin/app_process64
# realpath /proc/20028/exe
/system/bin/app_process64
Normally
File("/proc/self/exe").canonicalPath
(in Kotlin) should return/system/bin/app_process64
.
Seems like something is wrong with canonicalize
. Try this workaround: https://file.io/hWe11CUbogb1
Might be related https://github.com/topjohnwu/libsu/pull/140
Normally
File("/proc/self/exe").canonicalPath
(in Kotlin) should return/system/bin/app_process64
.Seems like something is wrong with
canonicalize
. Try this workaround: https://file.io/hWe11CUbogb1
Sorry I'm stupid. One sec.
Try this instead. https://file.io/tB7QEKpTCIqk
got hello world after seconds
Device: Unihertz Jelly Star Android 13 Version: 2.16.6-g (Google Play) Crash log:
The file
libnativeloader.so
is not found in /system/lib and /system/lib64. Only one similarity file namedlibnativeloader_lazy.so
in it.Found
libnativeloader.so
in apex com.android.art.