Jan 31, 2013

How to deodex

Whats an odex file?
Android packages or apks contain certain .odex files, whose supposed function is to save space. These files are collections of parts of an application that are optimized before booting. These files are actually collections of parts of an application that are optimized before booting. Doing so speeds up the boot process, as it preloads part of an application. On the other hand, it also makes hacking those applications difficult because a part of the coding has already been extracted to another location before execution.

What are the benefits of deodexing?
The main benefit is to be able to modify any apk. This could be from editing and entire apk from scratch to apply themes or other patches.

What are the disadvantages?
In theory you shouldn't experience any big disadvantage. The main thing you could experience is that the phone will take a little more to boot on the first boot, as the dalvik cache gets populated. Once populated, the rest of the boots should take less time until you wipe your dalvik cache.

What do we need

  • Java (JRE)
  • Android SDK
  • smali/baksmali jars from GoogleCode
  • any zip program

How to deodex

  1. Get the framework and apps you want to deodex from your phone or update zip.
  2. Use baksmali to disassemble and deodex the app or framework.
    java -Xmx1024 -jar baksmali.jar -a <api_level>
    -d <framework_dir> -x <odex_file>
    You can check valid api_levels in wikipedia.
  3. Use smali to assemble them back in a single file (classes.dex).
    java -Xmx1024 -jar smali.jar out -o classes.dex
    
  4. Use the zip program to open the app or framework and add the result file of point 3.
Once we have the app or framework file deodexed, we can delete the old .odex files.


Jan 14, 2013

Stock ROMs and bloatware

Updating your Android device and having the latest stable version is always a good thing to do and its really recommended when you upgrade versions (4.0.4 to 4.1 for example). The only downside is that some stock ROMs bring a preinstaller apk that will not only install some random junk (depending on the country of origin of the ROM), it will also install it in /system so you can't uninstall it.

This might seem a downside when updating our Android device, but knowing how to create our own update packages, when can create a script that will delete the apk before it installs all the bloatware. With some little tools, we could be able to know what's packaged inside the ROM and create our script to clean all the bloatware we want. The tricky part is that once the stock ROM is flashed, we need to restart the phone in recovery mode before it restarts in normal mode. If the phone restarts normally, it will execute the preinstaller apk.

In Samsung Galaxy's case, we can extract the stock ROM file and open it via DiskInternals to see what apks are present and know the names of the ones we want to delete. Just remember to delete PreloadInstaller.apk and PreloadInstaller.odex

Jan 12, 2013

Signing Android aplications

If we want to be able to create our own ROM packages or updates as a flashable zip via custom recovery, we need to be able to sign them, so the recovery will install them without problems. There are several scripts that will let you sign your packages, but here you will learn to create your own signature so you can use it for signing your packages.

As the basic requirement, we need to have a JDK installation with keytool and jarsigner binaries. If we have them in our PATH we won't need to reference them with their full path. If you don't have the binaries in your path don't worry, you will just need to provide the full path to the binary, for example: "C:\Program Files\JDK\bin\keytool"

Creating our own signature
We will be creating a keystore file that will have our signature saved, so we can use it afterwards to sign our packages. To create a keystore, we use the following command:
keytool -genkey -v -keystore file.keystore -alias key_alias
-keyalg RSA -keysize 2048 -validity 10000
This command will create us a keystore named file.keystore with the alias key_alias that will last 10000 days. Once we hit enter, it will ask for the details of the keystore. You can complete it with the default values or just add yours.

Signing things!
Once we've got our keystore file, we can use it to either sign applications (.apk) or packages (.zip).

  • Signing applications:
    jarsigner -verbose -keystore file.keystore
    example_app.apk key_alias
  • Signing packages:
    jarsigner -verbose -keystore file.keystore
    -signedjar signed_update.zip update.zip key_alias
Once signed, we can verify the signature with the following command:
jarsigner -verify [ example_app.apk | signed_update.zip ]
Now we're able to either modify applications and then sign them back or create our custom packages or ROMs and then install them from recovery without signature problems.