search

testwhat / SmaliEx

A wrapper to get de-optimized dex from odex/oat/vdex.
532 stars 141 forks source link

Deodexed Samsung TW Roms (OFJ) 5.1.1 causes FC on NfcNci #1

Closed wanam closed 9 years ago

wanam commented 9 years ago

Deodexed with no errors using @svadev tool against your master branch, 0.81 and 0.7 version, but all of them causes many hangs at boot resulting on a continuous NfcNci FC.

NfcNci (odexed + deodexed) can be downloaded here: https://www.dropbox.com/sh/eroyj74t559w8qi/AABwEeSVEnCV83uYwMRjzLoia?dl=0

It seems to be a wrong type issue on the result of dex2oat:

I/dex2oat ( 6112): /system/bin/dex2oat --zip-fd=11 --zip-location=/system/app/NfcNci/NfcNci.apk --oat-fd=12 --art-fd=13 --compress-image --oat-location=/data/dalvik-cache/arm64/system@app@NfcNci@NfcNci.apk@classes.dex --instruction-set=arm64 --instruction-set-features=default --runtime-arg -Xms64m --runtime-arg -Xmx512m --swap-fd=15

I/dex2oat ( 6112): Decided to run without swap.

I/dex2oat ( 6112): Verification error in void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback)

I/dex2oat ( 6112): void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback) failed to verify: void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback): [0xF7] register v3 has type Float but expected Integer

E/dex2oat ( 6112): Verification failed on class com.android.nfc.beam.SendUi in /system/app/NfcNci/NfcNci.apk because: Verifier rejected class com.android.nfc.beam.SendUi due to bad method void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback)

arter97 commented 9 years ago

More logs.

I get FCs with this : http://pastebin.com/Xd8n0tHW

And those apps fails to go through proper dexopt with this : http://pastebin.com/skS1zrc3 See the line 32. java.lang.VerifyError: android.widget.NumberPicker

wanam commented 9 years ago

I'm getting "android.widget.NumberPicker" verification issue as well: 06-29 13:40:10.610 2991 2991 I Xposed : ----------------- 06-29 13:40:10.610 2991 2991 I Xposed : Starting Xposed binary version 61, compiled for SDK 22 06-29 13:40:10.610 2991 2991 I Xposed : Device: SM-G920F (samsung), Android version 5.1.1 (SDK 22) 06-29 13:40:10.610 2991 2991 I Xposed : ROM: WanamLite.V2.0-LMY47X.G920FXXU2BOFJ 06-29 13:40:10.610 2991 2991 I Xposed : Build fingerprint: samsung/zerofltexx/zeroflte:5.1.1/LMY47X/G920FXXU2BOFJ:user/release-keys 06-29 13:40:10.610 2991 2991 I Xposed : Platform: arm64-v8a, 32-bit binary, system server: no 06-29 13:40:10.610 2991 2991 I Xposed : SELinux enabled: yes, enforcing: no 06-29 13:40:11.140 3725 3731 W dex2oat : Skipping class android.widget.NumberPicker$2 from /system/framework/framework.jar:classes2.dex previously found in /system/framework/framework.jar 06-29 13:40:11.140 3725 3727 W dex2oat : Skipping class android.widget.NumberPicker$CustomEditText from /system/framework/framework.jar:classes2.dex previously found in /system/framework/framework.jar 06-29 13:40:11.140 3725 3727 W dex2oat : Skipping class android.widget.NumberPicker$Formatter from /system/framework/framework.jar:classes2.dex previously found in /system/framework/framework.jar 06-29 13:40:11.140 3725 3727 W dex2oat : Skipping class android.widget.NumberPicker$PressedStateHelper from /system/framework/framework.jar:classes2.dex previously found in /system/framework/framework.jar 06-29 13:40:11.140 3725 3727 W dex2oat : Skipping class android.widget.NumberPicker$SetSelectionCommand from /system/framework/framework.jar:classes2.dex previously found in /system/framework/framework.jar 06-29 13:40:11.140 3725 3727 I dex2oat : Verification error in void android.widget.NumberPicker.(android.content.Context, android.util.AttributeSet, int, int) 06-29 13:40:11.140 3725 3727 I dex2oat : void android.widget.NumberPicker.(android.content.Context, android.util.AttributeSet, int, int) failed to verify: void android.widget.NumberPicker.(android.content.Context, android.util.AttributeSet, int, int): [0x176] unexpected value in v0 of type Integer but expected Float for put 06-29 13:40:11.160 3725 3727 E dex2oat : Verification failed on class android.widget.NumberPicker in /system/framework/framework.jar:classes2.dex because: Verifier rejected class android.widget.NumberPicker due to bad method void android.widget.NumberPicker.(android.content.Context, android.util.AttributeSet, int, int)

testwhat commented 9 years ago

Under checking...

com/android/nfc/SendUi.java
public class SendUi implements Animator.AnimatorListener, View.OnTouchListener,
        TimeAnimator.TimeListener, TextureView.SurfaceTextureListener, android.view.Window.Callback {
// ...
    public SendUi(Context context, Callback callback) {
// ...
199        mDisplayMetrics = new DisplayMetrics();
200        mDisplayMatrix = new Matrix();
201        mWindowManager = (WindowManager) context.getSystemService(Context.WINDOW_SERVICE);
202        mStatusBarManager = (StatusBarManager) context.getSystemService(Context.STATUS_BAR_SERVICE);
203
204        mDisplay = mWindowManager.getDefaultDisplay();
205
206        mLayoutInflater = (LayoutInflater)
207                context.getSystemService(Context.LAYOUT_INFLATER_SERVICE);
208        mScreenshotLayout = mLayoutInflater.inflate(R.layout.screenshot, null);

It looks missing +8 offset...

Field offset mapping:
 ## 0:Landroid/animation/ObjectAnimator; mAlphaDownAnimator
 ## 4:Landroid/animation/ObjectAnimator; mAlphaUpAnimator
 ## 8:Landroid/widget/ImageView; mBlackLayer
 ## 12:Lcom/android/nfc/beam/SendUi$Callback; mCallback
 ## 16:Landroid/content/Context; mContext
 ## 20:Landroid/view/View; mDecor
 ## 24:Landroid/view/Display; mDisplay // field@0x20 - 8 = 0x18
 ## 28:Landroid/graphics/Matrix; mDisplayMatrix // field@0x24 - 8 = 1c
 ## 32:Landroid/util/DisplayMetrics; mDisplayMetrics // field@0x28 - 8 = 0x20
 ## 36:Landroid/animation/ObjectAnimator; mFadeInAnimator
 ## 40:Landroid/animation/ObjectAnimator; mFastSendAnimator // 
 ## 44:Lcom/android/nfc/beam/FireflyRenderer; mFireflyRenderer
 ## 48:Landroid/animation/TimeAnimator; mFrameCounterAnimator
 ## 52:Landroid/animation/ObjectAnimator; mHintAnimator
 ## 56:Landroid/view/LayoutInflater; mLayoutInflater  // field@0x40 - 8 = 0x38
 ## 60:Landroid/animation/ObjectAnimator; mPreAnimator
 ## 64:Landroid/animation/ObjectAnimator; mScaleUpAnimator
 ## 68:Landroid/graphics/Bitmap; mScreenshotBitmap
 ## 72:Landroid/view/View; mScreenshotLayout
 ## 76:Landroid/widget/ImageView; mScreenshotView
 ## 80:Landroid/animation/ObjectAnimator; mSlowSendAnimator
 ## 84:Landroid/app/StatusBarManager; mStatusBarManager // field@0x5c - 8 = 0x54
 ## 88:Landroid/animation/AnimatorSet; mSuccessAnimatorSet
 ## 92:Landroid/graphics/SurfaceTexture; mSurface
 ## 96:Landroid/widget/TextView; mTextHint
 ## 100:Landroid/widget/TextView; mTextRetry
 ## 104:Landroid/view/TextureView; mTextureView
 ## 108:Ljava/lang/String; mToastString
 ## 112:Landroid/view/WindowManager$LayoutParams; mWindowLayoutParams
 ## 116:Landroid/view/WindowManager; mWindowManager // field@0x7c - 8 = 0x74
 ## 120:Z mHardwareAccelerated
 ## 124:I mRenderedFrames
 ## 128:I mState
 ## 132:I mSurfaceHeight
 ## 136:I mSurfaceWidth

Partial of constructor:

.class public Lcom/android/nfc/beam/SendUi;
.super Ljava/lang/Object;
.source "SendUi.java"
#...
.method public constructor <init>(Landroid/content/Context;Lcom/android/nfc/beam/SendUi$Callback;)V
    .registers 24
    .param p1, "context"    # Landroid/content/Context;
    .param p2, "callback"    # Lcom/android/nfc/beam/SendUi$Callback;
#...
    .line 199
    new-instance v2, Landroid/util/DisplayMetrics;

    invoke-direct {v2}, Landroid/util/DisplayMetrics;-><init>()V

    move-object/from16 v0, p0

    iput-object-quick v2, v0, field@0x28

    .line 200
    new-instance v2, Landroid/graphics/Matrix;

    invoke-direct {v2}, Landroid/graphics/Matrix;-><init>()V

    move-object/from16 v0, p0

    iput-object-quick v2, v0, field@0x24

    .line 201
    const-string v2, "window"

    move-object/from16 v0, p1

    invoke-virtual-quick {v0, v2}, vtable@80

    move-result-object v2

    check-cast v2, Landroid/view/WindowManager;

    move-object/from16 v0, p0

    iput-object-quick v2, v0, field@0x7c

    .line 202
    const-string v2, "statusbar"

    move-object/from16 v0, p1

    invoke-virtual-quick {v0, v2}, vtable@80

    move-result-object v2

    check-cast v2, Landroid/app/StatusBarManager;

    move-object/from16 v0, p0

    iput-object-quick v2, v0, field@0x5c

    .line 204
    move-object/from16 v0, p0

    iget-object-quick v2, v0, field@0x7c

    invoke-interface {v2}, Landroid/view/WindowManager;->getDefaultDisplay()Landroid/view/Display;

    move-result-object v2

    move-object/from16 v0, p0

    iput-object-quick v2, v0, field@0x20

    .line 206
    const-string v2, "layout_inflater"

    move-object/from16 v0, p1

    invoke-virtual-quick {v0, v2}, vtable@80

    move-result-object v2

    check-cast v2, Landroid/view/LayoutInflater;

    move-object/from16 v0, p0

    iput-object-quick v2, v0, field@0x40

    .line 208
    move-object/from16 v0, p0

    iget-object-quick v2, v0, field@0x40

    const v3, 0x7f030009

    const/4 v4, 0x0

    invoke-virtual-quick {v2, v3, v4}, vtable@18

    move-result-object v2

    move-object/from16 v0, p0

    iput-object-quick v2, v0, field@0x50
wanam commented 9 years ago

Great!

It seems the same issue is happening to many other deodexed files, i hope this can help, let me know if you need any file:

I/dex2oat ( 3488): void android.widget.NumberPicker.(android.content.Context, android.util.AttributeSet, int, int) failed to verify: void android.widget.NumberPicker.(android.content.Context, android.util.AttributeSet, int, int): [0x176] unexpected value in v0 of type Integer but expected Float for put E/dex2oat ( 3488): Verification failed on class android.widget.NumberPicker in /system/framework/framework.jar:classes2.dex because: Verifier rejected class android.widget.NumberPicker due to bad method void android.widget.NumberPicker.(android.content.Context, android.util.AttributeSet, int, int) I/dex2oat ( 5493): void com.myscript.atk.sltw.SingleLineTextWidget.a(android.content.Context) failed to verify: void com.myscript.atk.sltw.SingleLineTextWidget.a(android.content.Context): [0x71] unexpected value in v1 of type Float but expected Integer for put E/dex2oat ( 5493): Verification failed on class com.myscript.atk.sltw.SingleLineTextWidget in /system/app/SamsungIMEv2/SamsungIMEv2.apk because: Verifier rejected class com.myscript.atk.sltw.SingleLineTextWidget due to bad method void com.myscript.atk.sltw.SingleLineTextWidget.a(android.content.Context) I/dex2oat ( 5858): void com.android.settings.FontPreview.onCreate(android.os.Bundle) failed to verify: void com.android.settings.FontPreview.onCreate(android.os.Bundle): [0xA5] unexpected value in v3 of type Integer but expected Float for put E/dex2oat ( 5858): Verification failed on class com.android.settings.FontPreview in /system/priv-app/SecSettings2/SecSettings2.apk because: Verifier rejected class com.android.settings.FontPreview due to bad method void com.android.settings.FontPreview.onCreate(android.os.Bundle) I/dex2oat ( 5858): void com.android.settings.personalvibration.BackgroundView.init(android.graphics.Canvas) failed to verify: void com.android.settings.personalvibration.BackgroundView.init(android.graphics.Canvas): [0x12] register v14 has type Float but expected Integer E/dex2oat ( 5858): Verification failed on class com.android.settings.personalvibration.BackgroundView in /system/priv-app/SecSettings2/SecSettings2.apk because: Verifier rejected class com.android.settings.personalvibration.BackgroundView due to bad method void com.android.settings.personalvibration.BackgroundView.init(android.graphics.Canvas) I/dex2oat ( 6038): android.support.v4.app.NotificationCompatBase$Action[] android.support.v4.app.NotificationCompat$Action$1.newArray(int) failed to verify: android.support.v4.app.NotificationCompatBase$Action[] android.support.v4.app.NotificationCompat$Action$1.newArray(int): [0x4] returning 'Reference: android.support.v4.app.NotificationCompat$Action[]', but expected from declaration 'Reference: android.support.v4.app.NotificationCompatBase$Action[]' E/dex2oat ( 6038): Verification failed on class android.support.v4.app.NotificationCompat$Action$1 in /system/priv-app/SystemUI/SystemUI.apk because: Verifier rejected class android.support.v4.app.NotificationCompat$Action$1 due to bad method android.support.v4.app.NotificationCompatBase$Action[] android.support.v4.app.NotificationCompat$Action$1.newArray(int) I/dex2oat ( 6204): void com.samsung.android.voicewakeup.ui.ListeningView.init(android.content.Context) failed to verify: void com.samsung.android.voicewakeup.ui.ListeningView.init(android.content.Context): [0x50] unexpected value in v2 of type Float but expected Integer for put E/dex2oat ( 6204): Verification failed on class com.samsung.android.voicewakeup.ui.ListeningView in /system/priv-app/VoiceWakeUp/VoiceWakeUp.apk because: Verifier rejected class com.samsung.android.voicewakeup.ui.ListeningView due to bad method void com.samsung.android.voicewakeup.ui.ListeningView.init(android.content.Context) I/dex2oat ( 6681): void com.sec.android.app.camera.widget.gl.FocusButton.(com.sec.android.app.camera.Camera, float, float) failed to verify: void com.sec.android.app.camera.widget.gl.FocusButton.(com.sec.android.app.camera.Camera, float, float): [0x29] unexpected value in v0 of type Integer but expected Float for put E/dex2oat ( 6681): Verification failed on class com.sec.android.app.camera.widget.gl.FocusButton in /system/app/SamsungCamera4/SamsungCamera4.apk because: Verifier rejected class com.sec.android.app.camera.widget.gl.FocusButton due to bad method void com.sec.android.app.camera.widget.gl.FocusButton.(com.sec.android.app.camera.Camera, float, float) I/dex2oat ( 6720): void com.sec.android.widgetapp.weather.libs.animation.weathereffect.SunnyView.initSize() failed to verify: void com.sec.android.widgetapp.weather.libs.animation.weathereffect.SunnyView.initSize(): [0xA] unexpected value in v0 of type Integer but expected Float for put E/dex2oat ( 6720): Verification failed on class com.sec.android.widgetapp.weather.libs.animation.weathereffect.SunnyView in /system/app/AccuweatherPhone2015/AccuweatherPhone2015.apk because: Verifier rejected class com.sec.android.widgetapp.weather.libs.animation.weathereffect.SunnyView due to bad method void com.sec.android.widgetapp.weather.libs.animation.weathereffect.SunnyView.initSize() I/dex2oat ( 7319): void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback) failed to verify: void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback): [0xF7] register v3 has type Float but expected Integer E/dex2oat ( 7319): Verification failed on class com.android.nfc.beam.SendUi in /system/app/NfcNci/NfcNci.apk because: Verifier rejected class com.android.nfc.beam.SendUi due to bad method void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback) I/dex2oat ( 7392): java.lang.String com.tf.thinkdroid.write.ni.ui.FormatStatus.toString() failed to verify: java.lang.String com.tf.thinkdroid.write.ni.ui.FormatStatus.toString(): [0x61] register v2 has type Float but expected Integer E/dex2oat ( 7392): Verification failed on class com.tf.thinkdroid.write.ni.ui.FormatStatus in /system/priv-app/HancomOfficeViewer/HancomOfficeViewer.apk because: Verifier rejected class com.tf.thinkdroid.write.ni.ui.FormatStatus due to bad method java.lang.String com.tf.thinkdroid.write.ni.ui.FormatStatus.toString() I/dex2oat ( 7998): void com.sec.android.mimage.photoretouching.Core.CropEffect.calculateRect(com.sec.android.mimage.photoretouching.Core.ImageData) failed to verify: void com.sec.android.mimage.photoretouching.Core.CropEffect.calculateRect(com.sec.android.mimage.photoretouching.Core.ImageData): [0x47] unexpected value in v4 of type Integer but expected Float for put E/dex2oat ( 7998): Verification failed on class com.sec.android.mimage.photoretouching.Core.CropEffect in /system/priv-app/PhotoStudio_WQHD_Zero/PhotoStudio_WQHD_Zero.apk because: Verifier rejected class com.sec.android.mimage.photoretouching.Core.CropEffect due to bad method void com.sec.android.mimage.photoretouching.Core.CropEffect.calculateRect(com.sec.android.mimage.photoretouching.Core.ImageData) I/dex2oat ( 8974): void com.samsung.android.app.shealth.tracker.food.data.DefaultFood.makeDefaultFoodInfoDatasForUSA() failed to verify: void com.samsung.android.app.shealth.tracker.food.data.DefaultFood.makeDefaultFoodInfoDatasForUSA(): [0x53] register v4 has type Double (Low Half) but expected Long (Low Half) E/dex2oat ( 8974): Verification failed on class com.samsung.android.app.shealth.tracker.food.data.DefaultFood in /system/priv-app/SHealth4_2/SHealth4_2.apk because: Verifier rejected class com.samsung.android.app.shealth.tracker.food.data.DefaultFood due to bad method void com.samsung.android.app.shealth.tracker.food.data.DefaultFood.makeDefaultFoodInfoDatasForUSA() I/dex2oat ( 8974): void com.samsung.android.app.shealth.tracker.pedometer.data.PedometerDataManager.setDayStepData(com.samsung.android.app.shealth.tracker.pedometer.service.data.DayStepData, java.util.List) failed to verify: void com.samsung.android.app.shealth.tracker.pedometer.data.PedometerDataManager.setDayStepData(com.samsung.android.app.shealth.tracker.pedometer.service.data.DayStepData, java.util.List): [0x3] register v2 has type Double (Low Half) but expected Long (Low Half) E/dex2oat ( 8974): Verification failed on class com.samsung.android.app.shealth.tracker.pedometer.data.PedometerDataManager in /system/priv-app/SHealth4_2/SHealth4_2.apk because: Verifier rejected class com.samsung.android.app.shealth.tracker.pedometer.data.PedometerDataManager due to bad method void com.samsung.android.app.shealth.tracker.pedometer.data.PedometerDataManager.setDayStepData(com.samsung.android.app.shealth.tracker.pedometer.service.data.DayStepData, java.util.List) I/dex2oat ( 8974): java.lang.String com.samsung.android.app.shealth.tracker.sport.data.ExerciseDetailData.toString() failed to verify: java.lang.String com.samsung.android.app.shealth.tracker.sport.data.ExerciseDetailData.toString(): [0x58] register v3 has type Integer but expected Float E/dex2oat ( 8974): Verification failed on class com.samsung.android.app.shealth.tracker.sport.data.ExerciseDetailData in /system/priv-app/SHealth4_2/SHealth4_2.apk because: Verifier rejected class com.samsung.android.app.shealth.tracker.sport.data.ExerciseDetailData due to bad method java.lang.String com.samsung.android.app.shealth.tracker.sport.data.ExerciseDetailData.toString() I/dex2oat ( 8974): java.lang.String com.samsung.android.app.shealth.tracker.sport.livetracker.ExerciseRecord.toString() failed to verify: java.lang.String com.samsung.android.app.shealth.tracker.sport.livetracker.ExerciseRecord.toString(): [0x186] register v3 has type Integer but expected Float E/dex2oat ( 8974): Verification failed on class com.samsung.android.app.shealth.tracker.sport.livetracker.ExerciseRecord in /system/priv-app/SHealth4_2/SHealth4_2.apk because: Verifier rejected class com.samsung.android.app.shealth.tracker.sport.livetracker.ExerciseRecord due to bad method java.lang.String com.samsung.android.app.shealth.tracker.sport.livetracker.ExerciseRecord.toString()

testwhat commented 9 years ago

Please also provide boot.oat file.

Ignore previous checking... The error should be caused by wrong field offset of WindowManager.LayoutParams.

void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback) failed to verify: void com.android.nfc.beam.SendUi.(android.content.Context, com.android.nfc.beam.SendUi$Callback): [0xF7] register v3 has type Float but expected Integer

That will need boot.oat to compare.

The correct result should be:

layoutParams.privateFlags |= WindowManager.LayoutParams.PRIVATE_FLAG_SHOW_FOR_ALL_USERS;

The wrong result is: (horizontalMargin is float)

layoutParams.horizontalMargin |= 16;

field@0x60 should not map to horizontalMargin.

    .line 235
    move-object/from16 v0, p0

    iget-object-quick v2, v0, field@0x78

    iget-quick v3, v2, field@0x60

    or-int/lit8 v3, v3, 0x10

    iput-quick v3, v2, field@0x60
    .line 235
    move-object/from16 v0, p0

    iget-object v2, v0, Lcom/android/nfc/beam/SendUi;->mWindowLayoutParams:Landroid/view/WindowManager$LayoutParams;

    iget v3, v2, Landroid/view/WindowManager$LayoutParams;->horizontalMargin:F

    or-int/lit8 v3, v3, 0x10

    iput v3, v2, Landroid/view/WindowManager$LayoutParams;->horizontalMargin:F
arter97 commented 9 years ago

http://www.arter97.com/browse/tmp/oat2dex/

testwhat commented 9 years ago

Please have a try: https://github.com/testwhat/SmaliEx/releases/tag/0.83

wanam commented 9 years ago

Thank you for the fix, it seems to work great.

But i used my built version with JDK 7, I think you built yours with JDK 8 instead of the 6 that you are using for release profile.

wanam commented 9 years ago

One other good point of this fix is that it fixes Samsung theme engine support on deodexed Roms.

testwhat commented 9 years ago

Ok, I also upload a java7 jar to release page. Since java7 is end of life in May 14, 2015, I will still use java 8 as default release. And just ignore the release profile because I never use it and it is for original smali project.

Finally, this issue should be fixed, thanks for reporting the problem.