Skip to content

Instantly share code, notes, and snippets.

@jat001
Created June 28, 2018 18:46
Show Gist options
  • Save jat001/a8d2448aae1372c37f26793ffeab8ac0 to your computer and use it in GitHub Desktop.
Save jat001/a8d2448aae1372c37f26793ffeab8ac0 to your computer and use it in GitHub Desktop.
package com.android.server;
import android.content.Context;
import android.content.IntentFilter;
import android.os.Build.VERSION;
import android.os.IBinder;
import android.os.ServiceManager;
import android.os.SystemClock;
import android.os.SystemProperties;
import android.util.Slog;
import com.android.server.display.ScreenEffectService;
import com.miui.server.BackupManagerService;
import com.miui.server.MiuiInitServer;
import com.miui.server.PerfShielderService;
import com.miui.server.SecurityManagerService;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.util.HashSet;
import java.util.Set;
import miui.log.SystemLogSwitchesConfigManager;
import miui.mqsas.sdk.BootEventManager;
import miui.os.Build;
import miui.util.ObjectReference;
import miui.util.ReflectionUtils;
class SystemServerInjector
{
private static final boolean DEBUG = true;
private static final String TAG = "SystemServerI";
private static Set<String> sVersionPolicyDevices;
private static final SystemLogSwitchesConfigReceiver systemLogSwitchesReceiver = new SystemLogSwitchesConfigReceiver();
static
{
sVersionPolicyDevices = new HashSet();
addDeviceName("ugg");
addDeviceName("ugglite");
addDeviceName("rosy");
addDeviceName("riva");
addDeviceName("vince");
addDeviceName("whyred");
addDeviceName("versace");
addDeviceName("wayne");
addDeviceName("ysl");
addDeviceName("sirius");
addDeviceName("nitrogen");
addDeviceName("polaris");
addDeviceName("dipper");
addDeviceName("sakura");
}
static void addDeviceName(String paramString)
{
sVersionPolicyDevices.add(paramString);
sVersionPolicyDevices.add(paramString + "_ru");
}
static final void addExtraServices(Context paramContext, boolean paramBoolean)
{
ServiceManager.addService("security", new SecurityManagerService(paramContext, paramBoolean));
ServiceManager.addService("MiuiInit", new MiuiInitServer(paramContext));
ServiceManager.addService("MiuiBackup", new BackupManagerService(paramContext));
ServiceManager.addService("locationpolicy", LocationPolicyManagerService.getDefaultService());
ServiceManager.addService("perfshielder", new PerfShielderService(paramContext));
try
{
localObject1 = ReflectionUtils.findClass("com.miui.whetstone.server.WhetstoneActivityManagerService", null);
localObject2 = (IBinder)ReflectionUtils.tryNewInstance((Class)localObject1, new Object[] { paramContext });
localObject1 = ReflectionUtils.tryGetStaticObjectField((Class)localObject1, "SERVICE", String.class);
if ((localObject2 != null) && (localObject1 != null)) {
ServiceManager.addService((String)((ObjectReference)localObject1).get(), (IBinder)localObject2);
}
}
catch (ClassNotFoundException localClassNotFoundException)
{
for (;;)
{
Object localObject1;
Object localObject2;
localClassNotFoundException.printStackTrace();
}
}
if (Build.VERSION.SDK_INT < 26) {}
try
{
localObject2 = Class.forName("com.miui.server.TidaService");
localObject1 = ((Class)localObject2).getConstructor(new Class[] { Context.class });
localObject2 = ((Class)localObject2).getDeclaredField("SERVICE_NAME");
if ((localObject1 != null) && (localObject2 != null))
{
paramContext = (IBinder)((Constructor)localObject1).newInstance(new Object[] { paramContext });
ServiceManager.addService((String)((Field)localObject2).get(null), paramContext);
}
ScreenEffectService.startScreenEffectService();
}
catch (Exception paramContext)
{
for (;;)
{
paramContext.printStackTrace();
}
}
MiuiFgThread.initialMiuiFgThread();
}
static void enableLogSwitch()
{
SystemLogSwitchesConfigManager.enableLogSwitch(true);
SystemLogSwitchesConfigManager.updateProgramName();
}
private static void enforceVersionPolicy()
{
String str = SystemProperties.get("ro.product.name");
if (!sVersionPolicyDevices.contains(str))
{
Slog.d("SystemServerI", "enforceVersionPolicy: enable_flash_global enabled");
return;
}
if (!"locked".equals(SystemProperties.get("ro.secureboot.lockstate")))
{
Slog.d("SystemServerI", "enforceVersionPolicy: device unlocked");
return;
}
if (isGlobalHaredware(str))
{
Slog.d("SystemServerI", "enforceVersionPolicy: global device");
return;
}
if (Build.IS_INTERNATIONAL_BUILD)
{
Slog.e("SystemServerI", "CN hardware can't run Global build; reboot into recovery!!!");
rebootIntoRecovery();
}
}
private static boolean isGlobalHaredware(String paramString)
{
if (("ugglite".equals(paramString)) || ("ugg".equals(paramString)) || ("ugglite_ru".equals(paramString)) || ("ugg_ru".equals(paramString))) {
return "China".equals(SystemProperties.get("ro.boot.hwcountry")) ^ true;
}
if (("riva".equals(paramString)) || ("riva_ru".equals(paramString)))
{
if (!"S88505AA1".equals(SystemProperties.get("ro.product.wt.boardid"))) {}
for (boolean bool = "S88505DA1".equals(SystemProperties.get("ro.product.wt.boardid"));; bool = true) {
return bool ^ true;
}
}
if (("rosy".equals(paramString)) || ("rosy_ru".equals(paramString))) {
return "CN".equals(SystemProperties.get("ro.boot.hwcountry")) ^ true;
}
return "CN".equals(SystemProperties.get("ro.boot.hwc")) ^ true;
}
static void markBootDexopt(long paramLong1, long paramLong2)
{
BootEventManager.getInstance().setBootDexopt(paramLong2 - paramLong1);
}
static void markPmsScan(long paramLong1, long paramLong2)
{
BootEventManager.getInstance().setPmsScanStart(paramLong1);
BootEventManager.getInstance().setPmsScanEnd(paramLong2);
}
static void markSystemRun(long paramLong)
{
long l = SystemClock.uptimeMillis();
BootEventManager.getInstance().setZygotePreload(l - paramLong);
BootEventManager.getInstance().setSystemRun(paramLong);
if (("file".equals(SystemProperties.get("ro.crypto.type"))) || ("trigger_restart_framework".equals(SystemProperties.get("vold.decrypt")))) {
enforceVersionPolicy();
}
}
private static void rebootIntoRecovery()
{
BcbUtil.setupBcb("--show_version_mismatch\n");
SystemProperties.set("sys.powerctl", "reboot,recovery");
}
static void registerSystemLogSwitchesReceiver(Context paramContext)
{
IntentFilter localIntentFilter = new IntentFilter();
localIntentFilter.addAction("miui.intent.action.SWITCH_ON_MIUILOGS");
localIntentFilter.addAction("miui.intent.action.SWITCH_OFF_MIUILOGS");
localIntentFilter.addAction("miui.intent.action.REVERT_MIUILOG_SWITCHES");
paramContext.registerReceiver(systemLogSwitchesReceiver, localIntentFilter);
}
}
@jat001
Copy link
Author

jat001 commented Jun 29, 2018

@simonsmh unpack system.img. use sublime text to search reboot into recovery!!!. it can search in binary files. then you will got a file named services.vdex. use vdexExtractor to decompile it. finally, use dex2jar and jd-gui to view the source code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment