Consider using DexPatcher

[Lanchon]

hi,

how does this work? i suppose applying a text diff over backsmalied framework? then this is kind of brittle and will break often with minute framework changes, and could require different diffs for different roms.

consider using dexpatcher instead. i could look into it myself but im travelling and have no time now. disadvantage: less granularity to do changes. advantages: much much less brittle, changes in java without having the exact source code, seems like changes might be very simply implemented as method wrappers. also, dexpatcher can run on the device itself (pure java), and it could probably be cross compiled to native to support patching in recovery; the addon.d mechanism to repatch on system upgrade is even possible.

i can help with the coding of the dexpatcher patch.

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[ale5000-git]

@Lanchon
Hi,
it search the correct point in the backsmalied framework, but it is generic enough to work on most cases.
I do not use apktool (opposed to Needle), I use only smali / baksmali directly (to disassembe/reassemble) and I do other things directly from Python.
I have plans to add support for running directly from the phone using QPython and Dalvik (I haven't yet started).

Can you please explain tecnically how DexPatcher operate (the various steps done by the program)?

[Lanchon]

hi, sorry for the delay, im travelling. better if you reed this message in full before following links.

dexpatcher is a toolset to mod apks. the complete set is here:
http://forum.xda-developers.com/android/software/tool-dexpatcher-modify-android-dex-apk-t3060854

an important member of the toolset is the "dexpatcher tool" itself (yep, same name as the whole project). what it does is:

• you create a 'patch' dex or apk, which is standard a dex written in java with some dexpatcher annotations. the 'patch' dex or apk describe changes to be made to some other dex file.
• you invoke the dexpatcher tool on the to-be-modded dex or apk with the patch dex or apk to produce the desired patched dex.

dexpatcher gradle plugins extend android studio to automate the process and add or patch resources and create several kinds of specialized libraries. but you dont need this functionality: the dexpatcher tool can also be run standalone (it is pure java). there are ready made scripts (for linux) to automate the process. see the second post in the link above titled "DEPRECATED: Workflow Automation Scripts HOW-TO". the scripts were deprecated once the gradle plugins were released, but they are a good example of how to use the tool in standalone mode.

regarding what the dexpatcher tool actually does to patch dex code (which should be the first thing you look into), see the section "PATCHING JAVA CODE IN JAVA" in the link above. you will find 1) source of sample code to be patched, 2) source of a 'patch' dex that describes changes to be made, and 3) diagnostic output of the dexpatcher tool as it runs, and runlogs of the unpatched and patched code. it is documentation by example (yep, pretty bad) but that's all there is for now. you can post questions on xda or create issues on my project (or even ask here, worst option) if there's something you don't understand.

the big picture is:

• you create the patch dex(s) with whatever tools (javac, android studio or whatever).
• you distribute a package with the patch dex(s), the dexpatcher tool binary, and patching script.
• users download the package and run it.
• the script extracts the user's framework apk(s), runs dexpatcher tool against the corresponding patch dex(s), and installs the resulting patched code.

it is trival to run the process in android once scripting is solved. if dexpatcher is compiled to native code, the whole process could be run on recovery which is the ideal outcome but more complex. (btw, for this you might want to take a look at flashize.)

(disclosure: im the author of dexpatcher and flashize.)

[ale5000-git]

I currently don't use android studio, I write Python code at hand; so I will need more time to get accustomed.

I'm considering using DexPatcher but before doing anything I must discover how it works at a lower level.
I must discover how DexPatcher search the point to patch, how it physically apply the patch, how much memory it use and valutate the pro/contro.
I plan for Tingle to being able to run also inside the phone itself (also on phones with a low amount of memory, for example 256MB) and I plan to support also legacy OS.
The license luckily is the same of mine.

I cannot put this as priority but be certain I will look at it.

In the meanwhile I'm already making Tingle more "tool agnostic", so it will be easier to switch tool but also support more then one tool at the same time.

[Lanchon]

sure! to know exactly what dexpatcher does, read the paragraph "regarding what the dexpatcher tool actually does to patch dex code..." in my answer above.

[Lanchon]

hi,

i've published a DexPatcher-based signature spoofing patcher, you might want to take a look:
https://github.com/Lanchon/haystack

thanks!