I'm currently telling my users to use ReKey from the market to patch the MasterKey vulnerability. I'm looking for a way to patch it in my current ROM for the Galaxy Victory, but I'm building with the Kitchens right now, not from source (haven't got device files configured properly to build from source yet). Anyone know of a way to patch core.jar with a kitchen?
I'm not sure what patch this is but you can decompile a deodexed jar file and modify it with apktool. If you need help pm me.
I only know how to do it from source. Did you decompile it yet? If so, could you upload the .smali? I think it might not be able to done unless yuo could program in smali https://github.com/CyanogenMod/android_libcore/commit/c52671a647d3efa7ebbb19d1fc55b5b4a4c78876 this is the commit for CM7 if you want to look.
Thanks, I'll decompile core.jar and upload the files. I'm not too good with smali, prefer building from source and my efforts to port Lidroid via smali edits has been an experiment in frustration, so I appreciate the offer of help! I had to rescind my recommendation on ReKey. I had continuous issues with connecting to WiFi and 3G after installing it. Uninstalling I still had issues, so I restored the backup I made just before installing it, and all is well. Not sure what ReKey is doing (I should pull a logcat, but meh). I looked at the CM commit, not sure if it can be done with smali either. I thought I had read that Master Key had to do with not checking for an unsigned value on a short, perhaps that was the vulnerability they found in Asia about the same time? Or perhaps I need to stop reading articles while waiting for compilation to complete at 3:45am!
Here's the core.java smali, I included the frameworks and associated jar files in case you wanted to mess with it on your box. Looks like the relevant area starts around line 540. I can see how easily you could change a lot of parameters, but I'm not sure how you would add a conditional statement in smali. Appreciate any pointers you can offer. Here's the zip containing the original core.jar and it's decompiled smali files, and frameworks: core.jar.smali.zip The zip is 36.6Mb, so here's the pastebin of just core.java.util.zip.ZipFile.smali if you don't want to download the zip: core.java.util.zip.ZipFile.smali - Pastebin.com
Ok, I think the way to handle this would be to look at what the changes were done by decompiling an updated ZipFile.smali and fudging in the code. That's because I don't think smali is meant to be read. I've updated the CM7 ROM for the MT so if you beat me to the punch. I haven't even sepnt a full hour on coding as my shop forman has been out and I have been working extra hours. I hope to play this weekend. We'll see.
Good idea, I'll check out your updated ZipFile and see what it would take to merge with mine via smali. Gonna be alot of cntrl+f involved
I tried looking, but I don't know what I'm looking at. I see that you added in some extra parts. Is that needed to decompile the core.jar properly? Also (as I'm going to bed) where is the ZipFile.smali? I glansed for it, but it didn't come up in be search of core.jar.out. I'm using Mobstergunz's apktool linked set. I saw that you sould add in the frameworks, but really?
It should be in /core.jar.out/smali/java/util/zip/ZipFile.smali I wasn't sure if I needed the dependencies, so I added extras just in case. As I said, I'm not real familiar with smali, I primarly use apktool to change res. BTW- I did post the ZipFile.smali to pastebin (see link above) just in case.
Ok, ok ok. There are a bunch of differences on your ZipFile and mine from CM7. The one I used was way old as I had it on the Windows rig. I'm going to grab the two recent CM7 builds and work my was to the files. I think that Beyond Compare will make this damn near easy. I just downloaded it and it's going to save a ton of time on things like this. I'll post what I find in a couple of hours. There were a bunch of differences in the two CM7's. I'm going to rebuild the part without the security fix and see how it comes out.
Ha! I watched a movie and went to bed. I haven't been on the computer sense. What I ment was I was going to make the changes to the one version of the file so I can have the least number of variables possible. I think that some of the compiling/decompiling process assigns variable names to the variables so that I can't make a direct comparison. I think that if I just have the file with the fix as the only difference I'll be able to work my way through it. Hollla You didn't want to get this done quickly, did you?
OK, I think I have it on our CM7 end. Code (Text): .locals 22 move-object/from16 v18, v0 invoke-virtual/range {v18 .. v18}, Ljava/io/RandomAccessFile;->length()J move-result-wide v18 const-wide/16 v20, 0x16 sub-long v13, v18, v20 .local v13, scanOffset:J const-wide/16 v18, 0x0 cmp-long v18, v13, v18 if-gez v18, :cond_0 new-instance v18, Ljava/util/zip/ZipException; const-string v19, "too short to be Zip" invoke-direct/range {v18 .. v19}, Ljava/util/zip/ZipException;-><init>(Ljava/lang/String;)V throw v18 const-wide/32 v18, 0x10000 sub-long v15, v13, v18 .local v15, stopOffset:J const-wide/16 v18, 0x0 cmp-long v18, v15, v18 if-gez v18, :cond_1 const-wide/16 v15, 0x0 move-object/from16 v18, v0 move-object/from16 v0, v18 move-wide v1, v13 move-object/from16 v18, v0 invoke-static/range {v18 .. v18}, Ljava/util/zip/ZipEntry;->readIntLE(Ljava/io/RandomAccessFile;)J move-result-wide v18 const-wide/32 v20, 0x6054b50 cmp-long v18, v18, v20 if-nez v18, :cond_3 new-instance v12, Ljava/util/zip/ZipFile$RAFStream; move-object/from16 v18, v0 move-object/from16 v19, v0 invoke-virtual/range {v19 .. v19}, Ljava/io/RandomAccessFile;->getFilePointer()J move-result-wide v19 move-object v0, v12 move-object/from16 v1, v18 move-wide/from16 v2, v19 .local v12, rafs:Ljava/util/zip/ZipFile$RAFStream; const/16 v18, 0x16 move-object v1, v12 move/from16 v2, v18 move-object/from16 v18, v0 move-object/from16 v0, v18 move-object/from16 v18, v0 move-object/from16 v0, v18 move-object/from16 v18, v0 move-object/from16 v0, v18 move-result v11 .local v11, numEntries:I move-object/from16 v18, v0 move-object/from16 v0, v18 move-result v17 .local v17, totalNumEntries:I move-object/from16 v18, v0 move-object/from16 v0, v18 move-object/from16 v18, v0 move-object/from16 v0, v18 move-object/from16 v18, v0 move-object/from16 v0, v18 move v0, v11 move/from16 v1, v17 new-instance v18, Ljava/util/zip/ZipException; const-string v19, "spanned archives not supported" invoke-direct/range {v18 .. v19}, Ljava/util/zip/ZipException;-><init>(Ljava/lang/String;)V throw v18 .end local v11 #numEntries:I .end local v12 #rafs:Ljava/util/zip/ZipFile$RAFStream; .end local v17 #totalNumEntries:I const-wide/16 v18, 0x1 sub-long v13, v13, v18 cmp-long v18, v13, v15 if-gez v18, :cond_1 new-instance v18, Ljava/util/zip/ZipException; const-string v19, "EOCD not found; not a Zip archive?" invoke-direct/range {v18 .. v19}, Ljava/util/zip/ZipException;-><init>(Ljava/lang/String;)V throw v18 .restart local v11 #numEntries:I .restart local v12 #rafs:Ljava/util/zip/ZipFile$RAFStream; .restart local v17 #totalNumEntries:I new-instance v12, Ljava/util/zip/ZipFile$RAFStream; .end local v12 #rafs:Ljava/util/zip/ZipFile$RAFStream; move-object/from16 v18, v0 move-object v0, v12 move-object/from16 v1, v18 .restart local v12 #rafs:Ljava/util/zip/ZipFile$RAFStream; const/16 v18, 0x1000 move-object v1, v12 move/from16 v2, v18 const/4 v9, 0x0 .local v9, i:I if-ge v9, v11, :cond_5 new-instance v10, Ljava/util/zip/ZipEntry; move-object/from16 v18, v0 move-object v0, v10 move-object/from16 v1, v18 .local v10, newEntry:Ljava/util/zip/ZipEntry; move-object/from16 v18, v0 invoke-virtual {v10}, Ljava/util/zip/ZipEntry;->getName()Ljava/lang/String; move-object/from16 v0, v18 move-object/from16 v1, v19 move-object v2, v10 invoke-virtual {v0, v1, v2}, Ljava/util/LinkedHashMap;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object; add-int/lit8 v9, v9, 0x1 .line 383 .end local v10 #newEntry:Ljava/util/zip/ZipEntry; :cond_5 Code (Text): .locals 23 move-object/from16 v19, v0 invoke-virtual/range {v19 .. v19}, Ljava/io/RandomAccessFile;->length()J move-result-wide v19 const-wide/16 v21, 0x16 sub-long v14, v19, v21 .local v14, scanOffset:J const-wide/16 v19, 0x0 cmp-long v19, v14, v19 if-gez v19, :cond_0 new-instance v19, Ljava/util/zip/ZipException; const-string v20, "too short to be Zip" invoke-direct/range {v19 .. v20}, Ljava/util/zip/ZipException;-><init>(Ljava/lang/String;)V throw v19 const-wide/32 v19, 0x10000 sub-long v16, v14, v19 .local v16, stopOffset:J const-wide/16 v19, 0x0 cmp-long v19, v16, v19 if-gez v19, :cond_1 const-wide/16 v16, 0x0 move-object/from16 v19, v0 move-object/from16 v0, v19 move-wide v1, v14 move-object/from16 v19, v0 invoke-static/range {v19 .. v19}, Ljava/util/zip/ZipEntry;->readIntLE(Ljava/io/RandomAccessFile;)J move-result-wide v19 const-wide/32 v21, 0x6054b50 cmp-long v19, v19, v21 if-nez v19, :cond_3 new-instance v13, Ljava/util/zip/ZipFile$RAFStream; move-object/from16 v19, v0 move-object/from16 v20, v0 invoke-virtual/range {v20 .. v20}, Ljava/io/RandomAccessFile;->getFilePointer()J move-result-wide v20 move-object v0, v13 move-object/from16 v1, v19 move-wide/from16 v2, v20 .local v13, rafs:Ljava/util/zip/ZipFile$RAFStream; const/16 v19, 0x16 move-object v1, v13 move/from16 v2, v19 move-object/from16 v19, v0 move-object/from16 v0, v19 move-object/from16 v19, v0 move-object/from16 v0, v19 move-object/from16 v19, v0 move-object/from16 v0, v19 move-result v12 .local v12, numEntries:I move-object/from16 v19, v0 move-object/from16 v0, v19 move-result v18 .local v18, totalNumEntries:I move-object/from16 v19, v0 move-object/from16 v0, v19 move-object/from16 v19, v0 move-object/from16 v0, v19 move-object/from16 v19, v0 move-object/from16 v0, v19 move v0, v12 move/from16 v1, v18 new-instance v19, Ljava/util/zip/ZipException; const-string v20, "spanned archives not supported" invoke-direct/range {v19 .. v20}, Ljava/util/zip/ZipException;-><init>(Ljava/lang/String;)V throw v19 .end local v12 #numEntries:I .end local v13 #rafs:Ljava/util/zip/ZipFile$RAFStream; .end local v18 #totalNumEntries:I const-wide/16 v19, 0x1 sub-long v14, v14, v19 cmp-long v19, v14, v16 if-gez v19, :cond_1 new-instance v19, Ljava/util/zip/ZipException; const-string v20, "EOCD not found; not a Zip archive?" invoke-direct/range {v19 .. v20}, Ljava/util/zip/ZipException;-><init>(Ljava/lang/String;)V throw v19 .restart local v12 #numEntries:I .restart local v13 #rafs:Ljava/util/zip/ZipFile$RAFStream; .restart local v18 #totalNumEntries:I new-instance v13, Ljava/util/zip/ZipFile$RAFStream; .end local v13 #rafs:Ljava/util/zip/ZipFile$RAFStream; move-object/from16 v19, v0 move-object v0, v13 move-object/from16 v1, v19 .restart local v13 #rafs:Ljava/util/zip/ZipFile$RAFStream; const/16 v19, 0x1000 move-object v1, v13 move/from16 v2, v19 const/4 v10, 0x0 .local v10, i:I if-ge v10, v12, :cond_6 new-instance v11, Ljava/util/zip/ZipEntry; move-object/from16 v19, v0 move-object v0, v11 move-object/from16 v1, v19 .local v11, newEntry:Ljava/util/zip/ZipEntry; invoke-virtual {v11}, Ljava/util/zip/ZipEntry;->getName()Ljava/lang/String; move-result-object v9 .line 382 .local v9, entryName:Ljava/lang/String; move-object/from16 v19, v0 move-object/from16 v0, v19 move-object v1, v9 move-object v2, v11 invoke-virtual {v0, v1, v2}, Ljava/util/LinkedHashMap;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object; if-eqz v19, :cond_5 .line 383 new-instance v19, Ljava/util/zip/ZipException; new-instance v20, Ljava/lang/StringBuilder; invoke-direct/range {v20 .. v20}, Ljava/lang/StringBuilder;-><init>()V const-string v21, "Duplicate entry name: " invoke-virtual/range {v20 .. v21}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v20 move-object/from16 v0, v20 move-object v1, v9 invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v20 invoke-virtual/range {v20 .. v20}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v20 invoke-direct/range {v19 .. v20}, Ljava/util/zip/ZipException;-><init>(Ljava/lang/String;)V throw v19 :cond_5 add-int/lit8 v10, v10, 0x1 .line 386 .end local v9 #entryName:Ljava/lang/String; .end local v11 #newEntry:Ljava/util/zip/ZipEntry; :cond_6 There are some differences around the files. According to Beyond Compare every line is different. It seems like mostly internal pointing. I think what you want is about 2/3s of the way down. I'm still looking at it, but I have to go to bed. Damn real life getting in the way. I hope this gives you an idea.
