For odex under /system/app, we can use baksmali tool to decompile smali file. After modifying some smali files, we use the dexopt-wrapper tool to make odex on the target machine, and then push it to /system/app. However, for files under the framework, it is generally not possible to modify them in this way. After modification, when you push them under /system/framework, the system will usually hang. If the files under the framework can't be modified, isn't it fun to play Android?
How to edit the ODEX framework file?
This method needs to be improved to be suitable for various models.
There are two main reasons why odex under the framework can't run when it is packaged, decompiled and pushed to the machine.
The first point is that many jar packages under the framework are boot classpaths that dalvik virtual needs to use. Android has a special security mechanism for this, so we need to add $ boot classpaths when making odex.
The second point is the signature problem. If the previous one is wrong, then fail will still start, which can be solved by copying the original odex file header.
Specific methods, we take the following example, modify android.policy.odex as an example.
We extract android.policy.odex and android.policy.jar from the target machine, then use baksmali to modify smali, use smali tool to package it into classes.dex, and then replace it with android. Policy. jar.
Let's start our text method:
1, create a zangcf_changed directory and zangcf_original directory in /data/local/tmp.
ADB Shell
cd /data/local/tmp
mkdir zangcf_changed
mkdir zangcf_original
export
2. Copy the original file and the modified file to the target machine.
ADB Shell
Adb pushes. /zang cf _ changed/Android . policy . jar/data/local/tmp/zang cf _ changed/
Adb pushes. /zang cf _ original/Android . policy . jar/data/local/tmp/zang cf _ original/
Adb pushes. /zang cf _ original/Android . policy . odex/data/local/tmp/zang cf _ original/
export
3. Prepare the execution environment
Adb shell
Soviet Union (short for USSR)
Install -o rw, reinstall/system.
chmod 777 /system/bin
Chmod 777/ system/framework/
export
export
Adb pushes. /dexopt-wrapper /system/bin
Adb shell
Soviet Union (short for USSR)
chmod 777/system/bin/dex opt-wrapper
export
export
4、odex
Adb shell
Soviet Union (short for USSR)
CP/data/local/tmp/zang cf _ changed/Android . policy . jar/system/framework/Android . policy . jar
dex opt-wrapper/system/framework/Android . policy . jar/system/framework/new _ Android . policy . odex$boot class path
CP-f/SD card/ame stris _ original/Android . policy . jar/system/framework
chmod 777/system/framework/Android . policy . odex
chmod 777/system/framework/Android . policy . jar
chmod 777/system/framework/new _ Android . policy . odex
export
5. Copy the header of the original file.
Adb shell
Soviet Union (short for USSR)
busybox DD if =/system/framework/Android . policy . odex of =/system/framework/new _ Android . policy . odex bs = 1 count = 20 skip = 52 seek = 52 conv = not runc
CP/system/framework/new _ Android . policy . odex/system/framework/Android . policy . odex
export
export
6. Delete temporary files and modify file properties.
ADB Shell
Soviet Union (short for USSR)
chmod 644/system/framework/Android . policy . odex
chown root . root/system/framework/Android . policy . odex
RM/system/framework/new _ Android . policy . odex
export
export
7, ok, and then restart
ADB restarts.