Android gets system permissions by compiling APK with source code

Android gets system permissions by compiling APK with source code Android gets system permissions by compiling APK with source code Http://www.ziyouku.com/archives/android-source-code-compiled-by-apk-to-obtain-system-privileges.html

Apps in AndroidProgramHow do I obtain system permissions?

Systemclock is provided in the android API. setcurrenttimemillis () function to modify the system time. Unfortunately, no matter how you call this function, it is useless. No matter whether it is a simulator or a real machine, you will always get "unable to open alarm driver" in logcat: permission denied ". this function can be used only after the root permission or running and system processes.

I thought there was no way to change the system at the application layer for a long time. Later I searched the internet for a long time and knew that this goal could still be achieved.

The first method is simple, but it needs to be compiled using make in the environment of the Android system source code:

1. Add the manifest node in androidmanifest. xml of the application

Android: shareduserid = "android. uid. System.

2. Modify the Android. mk file and add local_certificate: = platform.

3. Use the MM command to compile the generated APK and you will have the permission to modify the system time.

 

The second method is troublesome, but you do not need to run the virtual machine to the source code environment and use make to compile it:

You do not need to use make to compile the eclipse source code (Android Source Code <D: \ myandroid_mx27> ):
1. First, add the Android: shareduserid = "android. uid. System" attribute to the manifest node in androidmanifest. xml.

2、use eclipseto compile the apk(clocksetting.apk) file, but this file cannot be used. Delete the CERT. SF and cert. RSA files under the META-INF directory.

3. Use the platform key of the current Android system (the Android system may be different) to re-sign the APK file (the user meter may not be used for signature ).
First, find the key file. The location in my android source code directory is "build \ target \ product \ Security", and the following two files are platform. pk8 and platform. x509.pem.
Then, use the signapk tool provided by Android to sign the signapkSource codeIn "build \ tools \ signapk", you must prepare for the following compilation:
<1> compile jar
Command line CD to signapk. JavaCodeDirectory,
Javac signapk. Java
Obtain signapk $ signatureoutputstream. Class and signapk. Class

Create the S \ com \ Android \ signapk directory and put the two class files in the directory
Jar cvfm signapk. Jar signapk. mf-c s \.
Note: There are spaces in front of "." after "s \"
Generate the signapk. jar file and obtain the signature program signapk. Jar provided by Android.
<2> use the target system's platform Key signature
Copy the platform. pk8 and platform. x509.pem files to the "D: \ myandroid_mx27 \ build \ tools \ signapk" directory, that is, the directory where signapk. jar and signapk. MF are located.
Java-jar signapk. Jar platform. x509.pem platform. pk8 D: \ clocksetting.apk D: \ clocksettingsigned.apk
My unsigned (clocksetting.apk.pdf and the signed (clocksettingsigned.apk) APK files are all placed on the d disk, so that the files compiled with the android source code are obtained.

<3> enable and install the VM.

 

First, add the Android: shareduserid = "android. uid. System" attribute. With the shared user ID, multiple APK with the same user ID can be configured to run in the same process. Then, assign the UID of the program to Android. uid. system, that is, to allow the program to run in the system process, so that you have the permission to modify the system time.

It is not enough to add uid. If the APK cannot be installed at this time, the system prompts that the signature is inconsistent because the program wants to run in the system process and the platform of the target system is required.

Key, which is the two platform. pk8 and platform. x509.pem files mentioned in the second method above. The APK can be put into the system process only after the two keys are signed. Adding local_certificate: = platform to the first method is actually using the two keys for signature. There is also a problem, that is, the program generated in this way can only be used in the original Android system or a self-compiled system, because such a system can get the platform. pk8 and platform. x509.pem files. If other companies do not even install Android. Try the original android
The program runs OK on the simulator, but the prompt "package... has no signatures that match those in shared user android. UID. system ", which also protects the system security. Finally, the Android: shareduserid attribute can not only put the apk in the system process, but also configure multiple APK to run in one process to share data, it should be very useful.