Closed MlgmXyysd closed 10 months ago
Mygod
commented
10 months ago Thanks for the information. Can you upload /linkerconfig/ld.config.txt of your system? Also can you find the app_process binary? (Usually it is /system/bin/app_process64.)
MlgmXyysd
commented
10 months ago Thanks for the information. Can you upload
/linkerconfig/ld.config.txtof your system? Also can you find the app_process binary? (Usually it is/system/bin/app_process64.)
Here you are. MlgmXyysd.zip
Mygod
commented
10 months ago So you did find those in your /system/bin? I am not entirely sure what is wrong. Can you maybe try this test apk and see if it prints Hello World after granting root? https://file.io/tBO0at9JtYnn
MlgmXyysd
commented
10 months ago So you did find those in your
/system/bin? I am not entirely sure what is wrong. Can you maybe try this test apk and see if it prints Hello World after granting root? https://file.io/tBO0at9JtYnn
Yes, they are in /system/bin
09-06 16:23:57.898 17522 17522 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.
09-06 16:23:57.955 17522 17522 E ootkotlinx.demo: Invalid ID 0x00000000.
09-06 16:23:58.003 17557 17557 F linker : CANNOT LINK EXECUTABLE "/proc/17522/exe": library "libnativeloader.so" not found: needed by main executable
09-06 16:23:58.005 17522 17554 E RootServer: CANNOT LINK EXECUTABLE "/proc/17522/exe": library "libnativeloader.so" not found: needed by main executable
09-06 16:23:58.005 17522 17554 E RootServer:That shouldn't happen. Can you check if there are other warning logs before that?
Mygod
commented
10 months ago Also what is your Linux kernel version?
MlgmXyysd
commented
10 months ago That shouldn't happen. Can you check if there are other warning logs before that?
All logs here
09-07 01:45:39.752 14013 14013 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.
09-07 01:45:39.775 1104 1168 E UxUtility: notifyAppState error = NULL
09-07 01:45:39.792 1118 1413 W AudioPolicyManagerCustomImpl: [MTK_APM_Route]setOutputDevices() mIoHandle 29 mId 7 device (0x2)(0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x4000, 0x4000000) delayMs 84 force 0 size 5
09-07 01:45:39.811 14013 14061 E QT : [QT]file does not exist
09-07 01:45:39.822 14013 14013 E ootkotlinx.demo: Invalid ID 0x00000000.
09-07 01:45:39.870 14067 14067 F linker : CANNOT LINK EXECUTABLE "/proc/14013/exe": library "libnativeloader.so" not found: needed by main executable
09-07 01:45:39.871 14013 14064 E RootServer: CANNOT LINK EXECUTABLE "/proc/14013/exe": library "libnativeloader.so" not found: needed by main executable
09-07 01:45:39.871 14013 14064 E RootServer:
09-07 01:45:39.893 2513 2759 W WindowManager: Changing focus from null to Window{4247ff9 u0 be.mygod.librootkotlinx.demo/be.mygod.librootkotlinx.demo.MainActivity} displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 01:45:39.898 1129 1192 W ServiceManager: Permission failure: android.permission.ACCESS_SURFACE_FLINGER from uid=10410 pid=0
09-07 01:45:39.898 14013 14013 E FBI : Can't load library: dlopen failed: library "libmagtsync.so" not found
09-07 01:45:39.899 1129 1192 W ServiceManager: Permission failure: android.permission.ROTATE_SURFACE_FLINGER from uid=10410 pid=0
09-07 01:45:39.899 1129 1192 W ServiceManager: Permission failure: android.permission.INTERNAL_SYSTEM_WINDOW from uid=10410 pid=0
09-07 01:45:39.899 1129 2960 W ServiceManager: Permission failure: android.permission.INTERNAL_SYSTEM_WINDOW from uid=10410 pid=14013
09-07 01:45:39.916 1129 2960 E HWComposer: getSupportedContentTypes: getSupportedContentTypes failed for display 0: Unsupported (8)
09-07 01:45:39.932 2513 2552 W System : A resource failed to call release.
09-07 01:45:39.958 14013 14058 W Parcel : Expecting binder but got null!
09-07 01:45:39.959 14013 14013 W System.err: be.mygod.librootkotlinx.RootServer$LaunchException: Failed to launch root daemon
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.doInit(RootServer.kt:169)
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.access$doInit(RootServer.kt:20)
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer$init$2.invokeSuspend(RootServer.kt:221)
09-07 01:45:39.959 14013 14013 W System.err: at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677)
09-07 01:45:39.959 14013 14013 W System.err: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)
09-07 01:45:39.959 14013 14013 W System.err: Caused by: java.io.EOFException
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.lookForToken(RootServer.kt:125)
09-07 01:45:39.959 14013 14013 W System.err: at be.mygod.librootkotlinx.RootServer.doInit(RootServer.kt:167)
09-07 01:45:39.959 14013 14013 W System.err: ... 10 more
09-07 01:45:40.244 2513 2513 W AccessibilityManagerService: wait for adding window timeout: 55
09-07 01:45:40.439 2513 2759 W InputManager-JNI: Input channel object '736c5de Splash Screen be.mygod.librootkotlinx.demo (client)' was disposed without first being removed with the input manager!I am looking for logs before that. Anything?
MlgmXyysd
commented
10 months ago I am looking for logs before that. Anything?
only WindowManager before that
09-07 02:44:54.867 2513 4965 W WindowManager: Changing focus from Window{f265a96 u0 com.android.launcher3/com.android.searchlauncher.SearchLauncher} to null displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 02:44:54.877 3024 3099 W Parcel : Expecting binder but got null!
09-07 02:44:54.884 6104 6104 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.Okay thanks a lot for your help! Can you try this apk and see logs? https://file.io/bB1B58WhlfDc https://file.io/qhpDTG65oxON
MlgmXyysd
commented
10 months ago Okay thanks a lot for your help! Can you try this apk and see logs? ~https://file.io/bB1B58WhlfDc~ https://file.io/qhpDTG65oxON
I saw Got result from root: 0 Hello, World in app.
09-07 04:31:37.486 2496 7679 W WindowManager: Changing focus from Window{6b4bd5a u0 com.android.launcher3/com.android.searchlauncher.SearchLauncher} to null displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 04:31:37.496 2993 3073 W Parcel : Expecting binder but got null!
09-07 04:31:37.500 3707 3707 E ootkotlinx.demo: Not starting debugger since process cannot load the jdwp agent.
09-07 04:31:37.521 1118 1173 E UxUtility: notifyAppState error = NULL
09-07 04:31:37.540 1124 1396 W AudioPolicyManagerCustomImpl: [MTK_APM_Route]setOutputDevices() mIoHandle 29 mId 7 device (0x2)(0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x4000, 0x4000000) delayMs 84 force 0 size 5
09-07 04:31:37.557 3707 3740 E QT : [QT]file does not exist
09-07 04:31:37.565 3707 3707 E ootkotlinx.demo: Invalid ID 0x00000000.
09-07 04:31:37.609 3707 3744 W TEST ME : /proc/3707/exe
09-07 04:31:37.633 2496 2954 W WindowManager: Changing focus from null to Window{17ecf34 u0 be.mygod.librootkotlinx.demo/be.mygod.librootkotlinx.demo.MainActivity} displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:476 com.android.server.wm.WindowManagerService.updateFocusedWindowLocked:6061 com.android.server.wm.WindowManagerService.relayoutWindow:2496 com.android.server.wm.Session.relayout:267
09-07 04:31:37.640 3707 3707 E FBI : Can't load library: dlopen failed: library "libmagtsync.so" not found
09-07 04:31:37.656 1131 1321 E HWComposer: getSupportedContentTypes: getSupportedContentTypes failed for display 0: Unsupported (8)
09-07 04:31:37.673 3707 3738 W Parcel : Expecting binder but got null!
09-07 04:31:37.699 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.706 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes2.dex!classes2.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.712 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes3.dex!classes3.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.721 3746 3746 W be.mygod.librootkotlinx.demo:root: Can't mmap dex file /system/framework/framework.jar!classes4.dex!classes4.dex directly; please zipalign to 4 bytes. Falling back to extracting file.
09-07 04:31:37.733 3746 3746 E be.mygod.librootkotlinx.demo:root: Error reading named image component header for /data/misc/apexdata/com.android.art/dalvik-cache/boot.art, error: Failed to open oat file '/data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat' when validating it for image '/data/misc/apexdata/com.android.art/dalvik-cache/boot.art': In oat file '/data/misc/apexdata/com.android.art/dalvik-cache/boot.oat', dex file checksum 0x380098a2 does not match checksum 0xaaaa9f90 of external dex file '/system/framework/framework.jar'
09-07 04:31:37.753 3767 3767 W dex2oat64: Mismatch between dex2oat instruction set features to use (ISA: Arm64 Feature string: -a53,crc,lse,fp16,dotprod,-sve) and those from CPP defines (ISA: Arm64 Feature string: -a53,-crc,-lse,-fp16,-dotprod,-sve) for the command line:
09-07 04:31:37.753 3767 3767 W dex2oat64: /apex/com.android.art/bin/dex2oat64 --runtime-arg -Xbootclasspath:/apex/com.android.art/javalib/core-oj.jar:/apex/com.android.art/javalib/core-libart.jar:/apex/com.android.art/javalib/okhttp.jar:/apex/com.android.art/javalib/bouncycastle.jar:/apex/com.android.art/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/mediatek-telephony-base.jar:/system/framework/mediatek-telephony-common.jar:/system/framework/mediatek-carrier-config-manager.jar:/system/framework/mediatek-common.jar:/system/framework/mediatek-framework.jar:/system/framework/mediatek-ims-common.jar:/system/framework/mediatek-ims-base.jar:/system/framework/mediatek-telecom-common.jar:/system/framework/OPCommonTelephony.jar:/apex/com.android.i18n/javalib/core-icu4j.jar --runtime-arg -Xbootclasspath-locations:/apex/com.android.art/javalib/core-oj.jar:/apex/com.android.art/javalib/core-libart.jar:/apex/com.android.art/javalib/okhttp.jar:/apex/com.android.art/javalib/bouncycastle.jar:/apex/com.android.art/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/framework-graphics.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/mediatek-telephony-base.jar:/system/framework/mediatek-telephony-common.jar:/system/framework/mediatek-carrier-config-manager.jar:/system/framework/mediatek-common.jar:/system/framework/mediatek-framework.jar:/system/framework/mediatek-ims-common.jar:/system/framework/mediatek-ims-base.jar:/system/framework/mediatek-telecom-common.jar:/system/framework/OPCommonTelephony.jar:/apex/com.android.i18n/javalib/core-icu4j.jar --base=0x70000000 --dex-file=/apex/com.android.art/javalib/core-oj.jar --dex-location=/apex/com.android.art/javalib/core-oj.jar --dex-file=/apex/com.android.art/javalib/core-libart.jar --dex-location=/apex/com.android.art/javalib/core-libart.jar --dex-file=/apex/com.android.art/javalib/okhttp.jar --dex-location=/apex/com.android.art/javalib/okhttp.jar --dex-file=/apex/com.android.art/javalib/bouncycastle.jar --dex-location=/apex/com.android.art/javalib/bouncycastle.jar --dex-file=/apex/com.android.art/javalib/apache-xml.jar --dex-location=/apex/com.android.art/javalib/apache-xml.jar --dex-file=/system/framework/framework.jar --dex-location=/system/framework/framework.jar --dex-file=/system/framework/framework-graphics.jar --dex-location=/system/framework/framework-graphics.jar --dex-file=/system/framework/ext.jar --dex-location=/system/framework/ext.jar --dex-file=/system/framework/telephony-common.jar --dex-location=/system/framework/telephony-common.jar --dex-file=/system/framework/voip-common.jar --dex-location=/system/framework/voip-common.jar --dex-file=/system/framework/ims-common.jar --dex-location=/system/framework/ims-common.jar --dex-file=/system/framework/mediatek-telephony-base.jar --dex-location=/system/framework/mediatek-telephony-base.jar --dex-file=/system/framework/mediatek-telephony-common.jar --dex-location=/system/framework/mediatek-telephony-common.jar --dex-file=/system/framework/mediatek-carrier-config-manager.jar --dex-location=/system/framework/mediatek-carrier-config-manager.jar --dex-file=/system/framework/mediatek-common.jar --dex-location=/system/framework/mediatek-common.jar --dex-file=/system/framework/mediatek-framework.jar --dex-location=/system/framework/mediatek-framework.jar --dex-file=/system/framework/mediatek-ims-common.jar --dex-location=/system/framework/mediatek-ims-common.jar --dex-file=/system/framework/mediatek-ims-base.jar --dex-location=/system/framework/mediatek-ims-base.jar --dex-file=/system/framework/mediatek-telecom-common.jar --dex-location=/system/framework/mediatek-telecom-common.jar --dex-file=/system/framework/OPCommonTelephony.jar --dex-location=/system/framework/OPCommonTelephony.jar --dex-file=/apex/com.android.i18n/ja
09-07 04:31:37.993 2496 2496 W AccessibilityManagerService: wait for adding window timeout: 45
09-07 04:31:38.157 2496 2954 W InputManager-JNI: Input channel object 'd3c3bc3 Splash Screen be.mygod.librootkotlinx.demo (client)' was disposed without first being removed with the input manager!(framework.jar modified)
Mygod
commented
10 months ago 09-07 04:31:37.609 3707 3744 W TEST ME : /proc/3707/exeThanks! It looks like the symlink /proc/<pid>/exe is somehow not being properly resolved to /system/bin/app_process64. Perhaps a kernel bug? I will write a workaround.
MlgmXyysd
commented
10 months ago Working after replace classes in be.mygod.librootkotlinx demo to VPNHotspot
Mygod
commented
10 months ago 😂 You are really impatient, aren't you?
Mygod
commented
10 months ago What modifications did you do to framework.jar? Did you change anything in java.io?
MlgmXyysd
commented
10 months ago What modifications did you do to framework.jar? Did you change anything in
java.io?
Something about disable signature check
android.content.pm.ApplicationInfo
android.content.pm.PackageParser
android.content.pm.PackageParser$SigningDetails
android.content.pm.SigningDetails
android.content.res.AssetManager
android.util.apk.ApkSignatureVerifier
android.util.jar.StrictJarVerifier
android.util.apk.ApkSignatureSchemeV2Verifier
android.util.apk.ApkSignatureSchemeV3Verifier
android.util.apk.ApkSigningBlockUtils
android.util.apk.ApkSignatureVerifier09-07 04:31:37.609 3707 3744 W TEST ME : /proc/3707/exePerhaps a kernel bug?
If you found something about kernel, let me know and I'll try to fix them
Mygod
commented
10 months ago Can you check and see if /proc/<pid>/exe is a proper symlink, for any Android app_process (either the demo app or the VPN Hotspot app)? Are you using a third-party kernel?
Mygod
commented
10 months ago Normally File("/proc/self/exe").canonicalPath (in Kotlin) should return /system/bin/app_process64.
MlgmXyysd
commented
10 months ago Can you check and see if
/proc/<pid>/exeis a proper symlink, for any Android app_process (either the demo app or the VPN Hotspot app)? Are you using a third-party kernel?
# ps -ef | grep be.mygod.vpnhotspot
u0_a271 16868 1058 6 19:10 ? 00:00:01 be.mygod.vpnhotspot
root 16930 16868 4 19:10 ? 00:00:00 be.mygod.vpnhotspot:root
# ls -laZ /proc/16868/exe
lrwxrwxrwx 1 root root u:r:untrusted_app:s0:c15,c257,c512,c768 0 2023-09-07 05:19 exe -> /bin/app_process64
# ls -laZ /proc/16930/exe
lrwxrwxrwx 1 root root u:r:su:s0 0 2023-09-07 05:19 exe -> /system/bin/app_process64
# ls -laZ /bin
lrw-r--r-- 1 root root u:object_r:rootfs:s0 11 2009-01-01 08:00 /bin -> /system/binkernel is https://github.com/Mygod/VPNHotspot/issues/504#issuecomment-1708836658
MlgmXyysd
commented
10 months ago Partition system has been mounted as overlay fs by Pure Mount Script. Is this going to have an impact?
Mygod
commented
10 months ago Can you do realpath /proc/<pid>/exe? What does that print?
MlgmXyysd
commented
10 months ago Can you do
realpath /proc/<pid>/exe? What does that print?
# ps -ef | grep vpnhotspot
u0_a271 16868 1058 0 05:19:10 ? 00:00:02 be.mygod.vpnhotspot
root 20028 16868 1 05:34:13 ? 00:00:00 be.mygod.vpnhotspot:root
# realpath /proc/16868/exe
/system/bin/app_process64
# realpath /proc/20028/exe
/system/bin/app_process64Normally
File("/proc/self/exe").canonicalPath(in Kotlin) should return/system/bin/app_process64.
Seems like something is wrong with canonicalize. Try this workaround: https://file.io/hWe11CUbogb1
Mygod
commented
10 months ago Might be related https://github.com/topjohnwu/libsu/pull/140
MlgmXyysd
commented
10 months ago Normally
File("/proc/self/exe").canonicalPath(in Kotlin) should return/system/bin/app_process64.Seems like something is wrong with
canonicalize. Try this workaround: https://file.io/hWe11CUbogb1
Mygod
commented
10 months ago Sorry I'm stupid. One sec.
Mygod
commented
10 months ago Try this instead. https://file.io/tB7QEKpTCIqk
MlgmXyysd
commented
10 months ago
got hello world after seconds
aliseiv
commented
9 months ago
Device: Unihertz Jelly Star Android 13 Version: 2.16.6-g (Google Play) Crash log:
The file
libnativeloader.sois not found in /system/lib and /system/lib64. Only one similarity file namedlibnativeloader_lazy.soin it.Found
libnativeloader.soin apex com.android.art.