MIUI 9 Nougat

[PsyMan47]

You are on the good way to fix the MIUI incompatibility. The log now shows just a few errors! Xposed installer shows "Installed but not active". Info: Xiaomi Mi Note 2 - scorpio MultiRom 7.9.21, 7.0 (deodexed) Xposed v88.1 Tried to disable resources from xposed installer, but the log shows exactly the same errors. Full log here:

xposed_error_20171011_014135.log

[TuSKan]

xposed_error_20171011_002049.log Same here. Xposed 88.1

Errors during Xposed initialization java.lang.NoSuchFieldError: no "J" field "BOOT_START_TIME" in class "Lde/robv/android/xposed/XposedBridge;" or its superclasses

[aviraxp]

Seems it still needs TypedArray changes in the KK days.

[AdamKoska]

Xiaomi Mi Max (hydrogen) Android 7.0 arm64 MIUI 9 by xiaomi.eu 7.9.21 xposed v88.1 xposed_error_20171011_080153.log

[rovo89]

Any idea where that BOOT_START_TIME field is coming from? I don't have any references to that in my code...

[PsyMan47]

I have no idea. But you can take a look at xposed forked from Xiaomi and modified for MIUI. Maybe you can find the answer here. https://github.com/MiCode/Xposed/commits/master

[rovo89]

That's a version from 2014, I don't think that's the current code.

[PsyMan47]

Ok, i did some research and realised that xiaomi has done some changes to art from MIUI 7.9.14. Your v88.1 is working on MIUI 8 and MIUI 9 < 7.9.14. There's a guide that suggest to copy libandroid_runtime.so (both from lib and lib64) from and older MIUI (like MIUI 7.9.7 or 7.9.14). Tried to do this and now it's working! I think the BOOT_START_TIME comes from here. I will try to decompile this lib and see which are the diffs (or is something else you can do?).

[rovo89]

I will try to decompile this lib and see which are the diffs

That would be great! I assume that it's a change somewhere here: https://github.com/aosp-mirror/platform_frameworks_base/blob/nougat-mr2-release/core/jni/AndroidRuntime.cpp#L975 They might look up and set the BOOT_START_TIME field in the same class that holds the main() method. That would be XposedBridge instead of ZygoteInit / RuntimeInit. A smali dump of the latter two classes might also help.

[PsyMan47]

Decompiled with both objdump and elfreader, but can not find nothing relevant here.

obj.txt elf.txt

[rovo89]

Yeah, without a disassembler that shows string references, that's a hard job. I'm not up-to-date regarding which tools to use nowadays. Could you please upload libandroid_runtime.so and the two .smali files anyway?

[PsyMan47]

I have it. Finally i've found a good disassembler. You can find the source here (unfortunately not the fully C source): https://www.onlinedisassembler.com/odaweb/gUrMSV17 You can download the disassembled lib directly from the site. Here the original lib from MIUI 7.9.21:

libandroid_runtime.zip

What .smali do you mean? Libs have not .smali: are written in C, not java

[j2u]

Xiaomi mi6 Android 7.1.1 arm64 MIUI9 Global 7.9.22 xpsoed v88.1 adb logcat log filelog.txt

[PsyMan47]

@rovo89 Have you already tried this? It's basically trying to find a class that not exists anymore, so your can try with getField() or getDeclaredField() to get all the existing fields. Another idea it's to use NoSuchFieldError with -s option too see which is the missing class. In case, i am ready to test.

[rovo89]

I have it. Finally i've found a good disassembler. You can find the source here (unfortunately not the fully C source): https://www.onlinedisassembler.com/odaweb/gUrMSV17

Unfortunately, that's not really better, it doesn't show any string references either (i.e. annotiations in the code that a certain string is passed to a function). But maybe I'll find out more from the lib itself.

What .smali do you mean?

ZygoteInit / RuntimeInit, where I expect to find that field.

[PsyMan47]

@rovo89 Please read. I have a solution. I have decompiled the XposedBridge.jar from your official xposed v87 and the XposedBrige.jar from a modded version which works with miui 7.9.21 and the latest miui and found some references to "BOOT_START_TIME" and "J" field (by us3r). Just compared the folders with Meld and found this: I have also found this differences in typedArray:

I am going to upload both the decompiled XposedBridge.jar and you can diff them yourself: XposedBridge.jar.out (official).zip XposedBridge.jar (modded for miui).zip

He simply addded a pubblic start field. Now you know how to do it :+1:

[rovo89]

Thanks, but still, please post the smali of the two classes I mentioned. I can't imagine that MIUI just added the field and doesn't use it. Maybe I need to pass it on to the original classes?

By the way, I think it's sad that you had to spend time decompiling and comparing. One of my intentions of making Xposed open-source is that people can help make it better by contributing their fixes upstream. There might be situations where a fork diverges so much that it can't/shouldn't be integrated into the official version, but why maintain another distribution when there can be one official version that works for all?

[PsyMan47]

@rovo89 OMG I'VE FIXED IT!!!!!!! :D

[FeoniX97]

@rovo89 Sadly there are always people who see profit first. Btw, I have used Xposed for years and I really appreciate and respect for your work, may I know whether you have any intention to release Xposed for Oreo any sooner? Thankyou :) @PsyMan47 May I know is your post above on the latest MIUI 9? Btw, I have tested the v88.1 version with a Mi 5 running MIUI 8 but its not working and stuck on boot, so I think your conclusion may not work for all MIUI devices.

[PsyMan47]

@FeoniX97 Yes, it's MIUI 9 - 7.9.21. I have modified the original v88.1 to get working on latest MIUI 9, so It should work on 7.10.12 too.

[FeoniX97]

@PsyMan47 Then it would be great, cant wait to test out the new version ! Finally comes the official support for MIUI :)

[fawzy46]

@PsyMan47 so now should i download 88.1v from the official link or the fixed version for miui did not released yet

and would it work with miui 8 ??

[rovo89]

Ehrm.. is anyone still interested in getting compatibility in the official version? If yes, please do post the smali code of ZygoteInit and RuntimeInit.

This is exactly what I complained about above. You could have simply sent me the smali code, I would have checked it, integrated the results into the official version and Xposed would probably work for everyone out of the box, even in older ROMs and when I do more updates. Instead, you decided to post an unofficial version, which only works for Android 7.0 and 7.1, and only for v88.1. When I update, you'll need to update. I also know from the past experience that it takes a long time until all users of an unofficial version have realized that the official version would work for them as well. So please, let's get this fixed in the official version as soon as possible.

[ghost]

@rovo89 Please tell me how to get the smali code of ZygoteInit and RuntimeInit, Thx! The MIUI Rom (odex) still get bootloop with Xposed 88.1. log-mi5-miui7.10.11-nougat-xposed88.1.txt

[rovo89]

You could try baksmali directly on boot-framework.oat: https://github.com/JesusFreke/smali/wiki/DeodexInstructions

There's also a tool called oat2dex, maybe that's easier to use.

Finally, you could try "oatdump --oat-file=boot-framework.oat --class-filter=ZygoteInit --no-disassemble --no-dump:vmap" on your device. The other options are better though.

[Dibel]

I've got the ZygoteInit and RuntimeInit dumps from boot-framework.oat. It seems BOOT_START_TIME is defined in ZygoteInit without any other references.

RuntimeInit.zip ZygoteInit.zip

However, only adding BOOT_START_TIME field can't resolve the bootloop problem on official MIUI which has been odexed. Just like the log from @j2u , dex2oat doesn't work and reports error:

Could not create image space with image file '/system/framework/boot.art'. Attempting to fall back to imageless running. Error was: Unable to relocate image '/system/framework/boot.art' from '/system/framework/arm64/boot.art' to '/data/dalvik-cache/arm64/system@framework@boot.art': Only the zygote can create the global boot image.

[ghost]

When I use dex2oat, I get two dex files. I've got the smali code of ZygoteInit and RuntimeInit. @rovo89 ZygoteInit_RuntimeInit-smali.zip

boot-framework-smali.zip

boot-framework-dex.zip

ZygoteInit_RuntimeInit_dump.zip

And it also reports error:

10-14 16:36:50:987 Output raw dex: D:\Program Files\APKDB\apktool\odex\framework.dex 10-14 16:36:51:105 Output raw dex: D:\Program Files\APKDB\apktool\odex\framework-classes2.dex 10-14 16:36:52:150 Art version=79 (boot-framework.oat) 10-14 16:36:52:213 De-optimizing /system/framework/framework.jar 10-14 16:36:52:894 Analysis error in class=Landroid/accessibilityservice/AccessibilityService$1; method= Method: Landroid/accessibilityservice/AccessibilityService$1;->(Landroid/accessibilityservice/AccessibilityService;ZLandroid/accessibilityservice/AccessibilityService$GestureResultCallbackInfo;)V Near line: -1 (address 2) Instructions: [0] iput-object-quick regA=1 regB=0 [1] iput-boolean-quick regA=2 regB=0 <----- [2] iput-object-quick regA=3 regB=0 [3] invoke-direct regC=0 10-14 16:36:52:918 org.jf.dexlib2.analysis.AnalysisException: Could not resolve the field in class (UninitThis,Landroid/accessibilityservice/AccessibilityService$1;) at offset 16 in at org.jf.dexlib2.analysis.MethodAnalyzer.analyzeIputIgetQuick(MethodAnalyzer.java:2438) at org.jf.dexlib2.analysis.MethodAnalyzer.analyzeInstruction(MethodAnalyzer.java:1246) at org.jf.dexlib2.analysis.MethodAnalyzer.analyze(MethodAnalyzer.java:259) at org.jf.dexlib2.analysis.MethodAnalyzer.(MethodAnalyzer.java:190) at org.rh.smaliex.DexUtil$ODexRewriterModule$1$1.getInstructions(DexUtil.java:505) ...(Skip 24 traces) at org.rh.smaliex.OatUtil.convertToDex(OatUtil.java:321) at org.rh.smaliex.OatUtil.convertDexFromBootOat(OatUtil.java:244) at org.rh.smaliex.OatUtil.bootOat2Dex(OatUtil.java:128) at org.rh.smaliex.Main.mainImpl(Main.java:101) at org.rh.smaliex.Main.main(Main.java:42) 10-14 16:36:52:922 Failed to re-construct dex java.lang.ClassCastException: org.jf.dexlib2.analysis.UnresolvedOdexInstruction cannot be cast to org.jf.dexlib2.iface.instruction.formats.Instruction22cs 10-14 16:36:52:927 convertToDex: skip /system/framework/framework.jar 10-14 16:36:52:935 De-optimizing /system/framework/framework.jar:classes2.dex 10-14 16:36:53:329 Analysis error in class=Landroid/telecom/ConnectionService$5$2; method= Method: Landroid/telecom/ConnectionService$5$2;->(Landroid/telecom/ConnectionService$5;)V Near line: 1083 (address 0) Instructions: [0] iput-object-quick regA=1 regB=0 <----- [1] invoke-direct regC=0 [2] return-void 10-14 16:36:53:339 org.jf.dexlib2.analysis.AnalysisException: Could not resolve the field in class (UninitThis,Landroid/telecom/ConnectionService$5$2;) at offset 8 in at org.jf.dexlib2.analysis.MethodAnalyzer.analyzeIputIgetQuick(MethodAnalyzer.java:2438) at org.jf.dexlib2.analysis.MethodAnalyzer.analyzeInstruction(MethodAnalyzer.java:1246) at org.jf.dexlib2.analysis.MethodAnalyzer.analyze(MethodAnalyzer.java:259) at org.jf.dexlib2.analysis.MethodAnalyzer.(MethodAnalyzer.java:190) at org.rh.smaliex.DexUtil$ODexRewriterModule$1$1.getInstructions(DexUtil.java:505) ...(Skip 24 traces) at org.rh.smaliex.OatUtil.convertToDex(OatUtil.java:321) at org.rh.smaliex.OatUtil.convertDexFromBootOat(OatUtil.java:244) at org.rh.smaliex.OatUtil.bootOat2Dex(OatUtil.java:128) at org.rh.smaliex.Main.mainImpl(Main.java:101) at org.rh.smaliex.Main.main(Main.java:42) 10-14 16:36:53:343 Failed to re-construct dex java.lang.ClassCastException: org.jf.dexlib2.analysis.UnresolvedOdexInstruction cannot be cast to org.jf.dexlib2.iface.instruction.formats.Instruction22cs 10-14 16:36:53:352 convertToDex: skip /system/framework/framework.jar:classes2.dex

[PsyMan47]

@rovo89 I have released an unofficial version becouse a lot of people requested to me. If you want we can talk privately and try to find a solution, so i can explain which modifications i have done.

[wanam]

@PsyMan47 why privately? Do you have any reason for not sharing your modifications publicly?

[PsyMan47]

@wanam I mean for talking more rapidly with him, like on telegram etc. Obviously i want to share these modifications. I hate closed source softwares!

[ghost]

@PsyMan47 The device on odexed MIUI9 will get bootloop with your unofficial version xposed.

[PsyMan47]

@littleprince007 I know! Please send a logcat taken from adb during the boot

[ghost]

@PsyMan47 There is the log. Thx! log-mi5-miui7.10.11-nougat-xposed88.1.txt

[PsyMan47]

@littleprince007 Not sure, but i think i have fixed the bootloop issue for odexed roms.

[ghost]

@PsyMan47 Does it work now? Thx!

[pavan3999]

@PsyMan47 can you give link for mm?

[menghang]

https://github.com/menghang/XposedBridge/commit/1131e76721ab05e12b0807e008c28cdf3114c68c It is a dirty fix based on comments from @PsyMan47. I don't know if it can help to solve the issue in MIUI 9.

[aviraxp]

You don't need to add miui.jar. We can import it as a provided stub api to let it build and MIUI will use the framework ones.

[PsyMan47]

@menghang BOOT_START_TIME and MiuiTypedArray fixes the miui 9 incompatibility. The problem now are the odexed roms: gots bootloop. Also on xiaomi mi 6 get bootloop even with both odexed and deodexed for roms atfer 7.9.21. Also someone uses xposed on global roms (so odexed) and works normally. -.-"

[rovo89]

Here is my attempt at a version that supports both normal and MIUI ROMs: https://www.dropbox.com/s/r4uizoa5v8nrycx/xposed-v88.2-sdk24-arm64-test3.zip?dl=0 https://www.dropbox.com/s/pgk4uba77nclidr/xposed-v88.2-sdk25-arm64-test3.zip?dl=0

No guarantee that everything will work fine, so please test and provide feedback (with logs).

[Daviteusz]

10-15 22:15:28.118 I/Xposed  (  543): -----------------
10-15 22:15:28.118 I/Xposed  (  543): Starting Xposed version 88.2-test3, compiled for SDK 24
10-15 22:15:28.118 I/Xposed  (  543): Device: Redmi Note 3 (Xiaomi), Android version 7.0 (SDK 24)
10-15 22:15:28.118 I/Xposed  (  543): ROM: TURKDEVS
10-15 22:15:28.118 I/Xposed  (  543): Build fingerprint: Xiaomi/kenzo/kenzo:7.0/NRD90M/7.10.12:user/release-keys
10-15 22:15:28.118 I/Xposed  (  543): Platform: arm64-v8a, 64-bit binary, system server: yes
10-15 22:15:28.118 I/Xposed  (  543): SELinux enabled: yes, enforcing: no
10-15 22:15:31.568 I/Xposed  (  543): -----------------
10-15 22:15:31.569 I/Xposed  (  543): Added Xposed (/system/framework/XposedBridge.jar) to CLASSPATH
10-15 22:15:32.175 I/Xposed  (  543): Detected ART runtime
10-15 22:15:32.180 I/Xposed  (  543): Found Xposed class 'de/robv/android/xposed/XposedBridge', now initializing
10-15 22:15:32.619 I/Xposed  (  543): Loading modules from /data/app/com.hartec.miuitweaks8-1/base.apk
10-15 22:15:32.628 I/Xposed  (  543):   Loading class com.hartec.miuitweaks8.InitHooks
10-15 22:15:38.273 I/Xposed  (  544): -----------------
10-15 22:15:38.273 I/Xposed  (  544): Starting Xposed version 88.2-test3, compiled for SDK 24
10-15 22:15:38.273 I/Xposed  (  544): Device: Redmi Note 3 (Xiaomi), Android version 7.0 (SDK 24)
10-15 22:15:38.273 I/Xposed  (  544): ROM: TURKDEVS
10-15 22:15:38.273 I/Xposed  (  544): Build fingerprint: Xiaomi/kenzo/kenzo:7.0/NRD90M/7.10.12:user/release-keys
10-15 22:15:38.273 I/Xposed  (  544): Platform: arm64-v8a, 32-bit binary, system server: no
10-15 22:15:38.274 I/Xposed  (  544): SELinux enabled: yes, enforcing: no
10-15 22:15:41.498 I/Xposed  (  544): -----------------
10-15 22:15:41.498 I/Xposed  (  544): Added Xposed (/system/framework/XposedBridge.jar) to CLASSPATH
10-15 22:15:41.943 I/Xposed  (  544): Detected ART runtime
10-15 22:15:41.947 I/Xposed  (  544): Found Xposed class 'de/robv/android/xposed/XposedBridge', now initializing
10-15 22:15:42.280 I/Xposed  (  544): Loading modules from /data/app/com.hartec.miuitweaks8-1/base.apk
10-15 22:15:42.642 I/Xposed  (  544):   Loading class com.hartec.miuitweaks8.InitHooks

[PsyMan47]

@rovo89 What about for odexed MIUIs which are getting bootloop?

[TuSKan]

Working on MIUI 9 - 7.10.12

[kullurumanoj]

Yahh bootloop on MIUI9 official rom.. unfortunately can't create log of bootloop

[Hmmzzz]

@rovo89 seems all miui9 835 devices bootloop. lol

[838514984]

Mi6 miui9 official rom boots loop。。 the same situation like above~ Android 7.1.1 835

[moseay]

Xiaomi Mi 5s Official MIUI9 7.10.12, Android 7.0 (odex)(Chinese version) Xposed v88,v88.2-test3 All these xposed version caused bootloop in my device. Do not know how to get logs because it is bootloop.

[Hmmzzz]

@MXILSH u should use deodexed rom .

[nguyenpalx]

thanks mi max prime rom xiaomi.eu 7.10.12 xposed framework version 88.2-tese3 is active

[rovo89]

OK, to summarize: It seems to work for many people, but some still get bootloops. See this page on how to get logs (because I don't know what else MIUI has modified): https://github.com/rovo89/XposedBridge/wiki/Bugs#how-can-i-get-logs

[67au]

It works on mi note pro which is running Miui based on Android7.0