A Brief Introduction to the Method and Process of Manually Transferring Arbitrary APP to System APP

Purpose: Maintain the same directory as the original system file settings (permissions, owners, SE context), directory structure can be consistent!

1. Move the corresponding APP file from / data/app / to / system/app.

   The system after Android 5.0 may have AppName/AppName.apk directories in the APP directory, and so on, all of which need to be moved.

2. Set the file permissions of APP to (0644)
3. The owner is (0:0,root:root)
4. SE context is u:object_r:system_file:s0 (some systems need to be set when the SELinux subsystem is turned on)

5. Restart is enough

Method steps for converting any APP to OPPO's Color OS system APP:

Because the COLOROOS system of OPPO customizes the bottom layer of the system, it can not identify non-OPPO applications in the system catalog.

Therefore, it is necessary to add the converted APP package name to the OPPO application whitelist in order to ensure that it can be recognized on boot after the transfer.

1. Encrypted file ** pl.fs ** generation algorithm is used to add PackageName package name of any APP to get new pl.fs

2. Replace the old / system/etc/security/pl.fs file with the new pl.fs file

3. Use titanium backup or lucky cracker or manually convert any APP-to system application.

Encrypted File pl.fs Generation Algorithms Containing a List of Package Names of All Oppo APP Applications

try
{
        //Generating Encrypted Files
        mOppoApkList.add("cn.asiontang.launcher");
        StringBuilder stringBuilder = new StringBuilder();
        for (String p : mOppoApkList)
            stringBuilder.append(p).append("\n");
        final byte[] bytes = stringBuilder.toString().getBytes("UTF-8");
        for (int i = 0; i < bytes.length; i++)
        {
            bytes[i] = (byte) (~bytes[i]);
            bytes[i] = (byte) (bytes[i] ^ a);
        }
        new FileOutputStream(new File(Environment.getExternalStorageDirectory(), "pl.fs")).write(bytes);
}
catch (Exception e)
{
    e.printStackTrace();
}

ReadEncryptFile reads the key decryption function of mOppoApkList (translated into JAVA code)

try
{
    final InputStream open = getResources().getAssets().open("pl.fs");
    byte[] pl = new byte[open.available()];
    final byte[] a = "a".getBytes("UTF-8");
    final int read = open.read(pl);
    for (int i = 0; i < read; i++)
    {
        pl[i] = (byte) (pl[i] ^ a[0]);
        pl[i] = (byte) (~pl[i]);
    }
    final String s = new String(pl, 0, read);
    final String[] split = s.split("\n");
    mOppoApkList.addAll(Arrays.asList(split));
}
catch (Exception e)
{
    e.printStackTrace();
}

ReadEncryptFile reads the key decryption function of mOppoApkList (decompiled to. smali code)

.method public static ReadEncryptFile()I
          .registers 15
00000000  const/4             v12, 0
00000002  const/4             v11, -1
00000004  const/4             v3, 0
:6
00000006  const-string        v13, "ColorPackageManager"
0000000A  const-string        v14, "ReadEncryptFile!!!"
0000000E  invoke-static       Slog->d(String, String)I, v13, v14
00000014  new-instance        v9, File
00000018  const-string        v13, "/system/etc/security/pl.fs"
0000001C  invoke-direct       File-><init>(String)V, v9, v13
00000022  invoke-virtual-quick vtaboff@19, v9
:28
00000028  move-result         v13
0000002A  if-nez              v13, :3A
:2E
0000002E  if-eqz              v3, :38
:32
00000032  invoke-virtual-quick vtaboff@12, v3
:38
00000038  return              v11
:3A
0000003A  invoke-virtual-quick vtaboff@36, v9
00000040  move-result-wide    v13
00000042  long-to-int         v7, v13
00000044  new-array           v1, v7, [B
00000048  const-string        v13, "a"
0000004C  const-string        v14, "UTF-8"
00000050  invoke-virtual-quick vtaboff@27, v13, v14
00000056  move-result-object  v0
00000058  new-instance        v4, FileInputStream
0000005C  invoke-direct       FileInputStream-><init>(File)V, v4, v9
:62
00000062  invoke-virtual-quick vtaboff@16, v4, v1
00000068  const/4             v5, 0
:6A
0000006A  if-ge               v5, v7, :94
:6E
0000006E  aget-byte           v13, v1, v5
00000072  const/4             v14, 0
00000074  aget-byte           v14, v0, v14
00000078  xor-int/2addr       v13, v14
0000007A  int-to-byte         v13, v13
0000007C  aput-byte           v13, v1, v5
00000080  aget-byte           v13, v1, v5
00000084  xor-int/lit8        v13, v13, -0x01
00000088  int-to-byte         v13, v13
0000008A  aput-byte           v13, v1, v5
0000008E  add-int/lit8        v5, v5, 0x01
00000092  goto                :6A
:94
00000094  new-instance        v10, String
00000098  const/4             v13, 0
0000009A  invoke-direct       String-><init>([B, I, I)V, v10, v1, v13, v7
000000A0  const-string        v13, "\n"
000000A4  invoke-virtual-quick vtaboff@49, v10, v13
000000AA  move-result-object  v8
000000AC  const/4             v6, 0
:AE
000000AE  array-length        v13, v8
000000B0  if-ge               v6, v13, :10C
:B4
000000B4  sget-object         v13, ColorPackageManagerHelper->mOppoApkList:ArrayList
000000B8  aget-object         v14, v8, v6
000000BC  invoke-virtual-quick vtaboff@11, v13, v14
:C2
000000C2  add-int/lit8        v6, v6, 0x01
000000C6  goto                :AE
:C8
000000C8  move-exception      v2
:CA
000000CA  invoke-virtual-quick vtaboff@19, v2
:D0
000000D0  if-eqz              v3, :38
:D4
000000D4  invoke-virtual-quick vtaboff@12, v3
:DA
000000DA  goto                :38
:DC
000000DC  move-exception      v2
:DE
000000DE  invoke-virtual-quick vtaboff@19, v2
000000E4  goto                :38
:E6
000000E6  move-exception      v2
:E8
000000E8  invoke-virtual-quick vtaboff@19, v2
:EE
000000EE  if-eqz              v3, :38
:F2
000000F2  invoke-virtual-quick vtaboff@12, v3
:F8
000000F8  goto                :38
:FA
000000FA  move-exception      v2
000000FC  goto                :DE
:FE
000000FE  move-exception      v11
:100
00000100  if-eqz              v3, :10A
:104
00000104  invoke-virtual-quick vtaboff@12, v3
:10A
0000010A  throw               v11
:10C
0000010C  if-eqz              v4, :116
:110
00000110  invoke-virtual-quick vtaboff@12, v4
:116
00000116  move                v11, v12
00000118  goto                :38
:11A
0000011A  move-exception      v2
0000011C  invoke-virtual-quick vtaboff@19, v2
00000122  goto                :10A
:124
00000124  move-exception      v2
00000126  goto                :DE
:128
00000128  move-exception      v2
0000012A  invoke-virtual-quick vtaboff@19, v2
00000130  goto                :116
:132
00000132  move-exception      v11
00000134  move-object         v3, v4
00000136  goto                :100
:138
00000138  move-exception      v2
0000013A  move-object         v3, v4
0000013C  goto                :E8
:13E
0000013E  move-exception      v2
00000140  move-object         v3, v4
00000142  goto                :CA
          .catch FileNotFoundException {:6 .. :28} :C8
          .catch IOException {:6 .. :28} :E6
          .catchall {:6 .. :28} :FE
          .catch IOException {:32 .. :38} :124
          .catch FileNotFoundException {:3A .. :62} :C8
          .catch IOException {:3A .. :62} :E6
          .catchall {:3A .. :62} :FE
          .catch FileNotFoundException {:62 .. :C2} :13E
          .catch IOException {:62 .. :C2} :138
          .catchall {:62 .. :C2} :132
          .catchall {:CA .. :D0} :FE
          .catch IOException {:D4 .. :DA} :DC
          .catchall {:E8 .. :EE} :FE
          .catch IOException {:F2 .. :F8} :FA
          .catch IOException {:104 .. :10A} :11A
          .catch IOException {:110 .. :116} :128
.end method

Why can't it work whether through software or manual transplantation of APP to the system System APP directory? The same way can be done with other mobile phones.

The reasons are as follows:

PackageManager: This is not oppo app, so skip it :/system/app/cn.xx.launcher-1.apk

Decompiled ROM services.odex - PackageManagerService.java - ColorPackageManagerHelper.java - IsOppoApkList - ReadEncryptFile - Encrypted "/system/etc/security/pl.fs" file

Differentiation of OPPO 1107 Mobile Customized Version and Selection of Brush Pack

When the original system starts up, there will be mobile 4GLTE LOGO, which will disappear after 1107_11_A.20_OTA_020_all_201512151836.zip (downloaded from OPPO Forum official website). Functions were tested normally.

Mobile customized version 1107_11_B.03_XXXXXX XX ROM version is not open to the market version of ROM new. No test.

How to modify permissions in SELinux

1. Using ls-Z, you can view various permissions of files

2. Modify the SE context using chcon u:object_r:system_file:s0 XX.APK

3. Use Root Explorer to modify ownership, permissions, SE context.

Method of Unloading KingRoot after Root and Replacing SuperSu

1. Successful Root dropping OPPO 1107 device by Brush Wizard or RootGenius Root Wizard
2. At this point, KingRoot APP is installed in the system to manage Root privileges.

3. Then install third party Recovery

   The third party Recovery image can be brushed through'Office TWRP App'APP.

4. Then enter Recovery Card Brush complete ROM package 1107_11_A.20_OTA_020_all_201512151836.zip

5. When restarting, you will be prompted to "Do you prohibit restoring to official Recovery" and choose "No"

   If the choice is yes, the third party Recovery will remain, but it will not be able to enter the next selection "Root or not" interface.

6. Then pop up "Root or not" and select "Yes"

7. After reboot, install SuperSu APP.

Apps that support ODEX of APK software include:

1. Lucky Cracker

   Click on Specify APP - Toolbox - Odex for this application

2. Titanium backup

   Click on Specify APP - Convert to System Program

3. Link2SD ??

   Click on APP -??