Thread Tools
Aug 08, 2017, 08:34 AM
Suspended Account
Quote:
Originally Posted by jab
Left hand says "we will not do forced updates and follow Google terms and conditions", while the right hand spends time and resources implementing code to be able to enforce updates even with auto update turned off.

If it's not allowed, why is it there in the first place?
Their history of violating the Apple SDK doesn't give a warm and fuzzy feeling it wont happen on Google...
Sign up now
to remove ads between posts
Aug 08, 2017, 08:37 AM
jab
jab
Unregistered User
And now the US Army ban also suddenly makes very much sense.
Aug 08, 2017, 08:37 AM
Registered User
Quote:
Originally Posted by jab
If it's not allowed, why is it there in the first place?
Google Play isn't the only way to distribute apps, I can see the utility when used with direct distribution for example, as you wouldn't otherwise have a simple to manage update process.

I'd still strongly suggest that they pull Tinker from future Google Play builds to avoid any misunderstandings...
Aug 08, 2017, 08:39 AM
Registered User
blade strike's Avatar
Quote:
Originally Posted by SasquatchLabs
I appreciate you checking that out... can you ask someone to confirm the origin of the artifacts I found?

https://www.rcgroups.com/forums/show...postcount=2536

The libstlport_shared.so can be tied directly to Tinker loading for example. I *believe the "Temp.jar" can also, the .dex's too...

Thanks for helping take this apart.
Email sent and no problem ..
Aug 08, 2017, 08:41 AM
Pedantic Thinker
SasquatchLabs's Avatar
Quote:
Originally Posted by blade strike
tinker sdk was built in but has never downloaded or executed any files....
If someone has anything that's shows different please let me know and I will contact the lead PM again.
Update: mere coincidence in this case... I happened to be learning to extract the DJI SQLCipher password around this exact same date:
https://github.com/MAVProxyUser/dji.nfzdb/issues/1

That of course doesn't change how sketchy Tinker is but I can state that it was a coincidence the files happened to be named the same as ones Tinker uses. Oddly enough when searching for the .so used by Tinker sample it's also the same one SQLcipher uses.
Aka I don't have proof it was "used" even though of course it could have been

What was likely going on is the SQLCipher code I was poking was *also* coincidentally looking for the stlport_shared library
https://github.com/sqlcipher/android...pher/issues/27

----- original text ---

You can see here a *dropped* libstlport_shared.so file that has the same date as FlyForbid.dex indicating to me they were *dropped* around the same time (minutes apart)




You can see this behavior in the tinker-sample-android source code...
$ grep stlport . -r
./tinker-sample-android/app/src/main/java/tinker/sample/android/app/MainActivity.java: System.loadLibrary("stlport_shared");
./tinker-sample-android/app/src/main/java/tinker/sample/android/app/MainActivity.java:// TinkerLoadLibrary.loadArmLibrary(getApplicationCon text(), "stlport_shared");
./tinker-sample-android/app/src/main/java/tinker/sample/android/app/MainActivity.java:// TinkerInstaller.loadLibraryFromTinker(getApplicati onContext(), "assets/x86", "stlport_shared");

I've NEVER had anything tinker related on this device... it is odd to me FlyForbid.dex and libstlport_shared.so get dropped on the same day minutes apart, and have been associated with *known* tinker behavior, yet I am to believe this has never been used?

This *confirmed* behavior is a bit too close to what has been seen on the file system on my personal device as screen shotted above.

https://github.com/Tencent/tinker/tr...sample-android
Now if you take the tinker-sample-android app, launch it, and click "Load Library" you will note it crashes... trying to load none other than libstlport_shared.so

8-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: catch exception when loading tinker:java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/tinker.sample.android-1/base.apk"],nativeLibraryDirectories=[/data/app/tinker.sample.android-1/lib/arm, /vendor/lib, /system/lib]]] couldn't find "libstlport_shared.so"
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at java.lang.Runtime.loadLibrary(Runtime.java:367)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at java.lang.System.loadLibrary(System.java:1076)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at tinker.sample.android.app.MainActivity$2.onClick(M ainActivity.java:70)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.view.View.performClick(View.java:5698)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.widget.TextView.performClick(TextView.java :10850)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.view.View$PerformClick.run(View.java:22523 )
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.os.Handler.handleCallback(Handler.java:739 )
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.os.Handler.dispatchMessage(Handler.java:95 )
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.os.Looper.loop(Looper.java:158)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.app.ActivityThread.main(ActivityThread.jav a:7230)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at java.lang.reflect.Method.invoke(Native Method)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at com.android.internal.os.ZygoteInit$MethodAndArgsCa ller.run(ZygoteInit.java:1230)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at com.android.internal.os.ZygoteInit.main(ZygoteInit .java:1120)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: FATAL EXCEPTION: main
08-08 09:40:28.622 13736 13736 E AndroidRuntime: Process: tinker.sample.android, PID: 13736
08-08 09:40:28.622 13736 13736 E AndroidRuntime: java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/tinker.sample.android-1/base.apk"],nativeLibraryDirectories=[/data/app/tinker.sample.android-1/lib/arm, /vendor/lib, /system/lib]]] couldn't find "libstlport_shared.so"
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at java.lang.Runtime.loadLibrary(Runtime.java:367)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at java.lang.System.loadLibrary(System.java:1076)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at tinker.sample.android.app.MainActivity$2.onClick(M ainActivity.java:70)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.view.View.performClick(View.java:5698)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.widget.TextView.performClick(TextView.java :10850)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.view.View$PerformClick.run(View.java:22523 )
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.os.Handler.handleCallback(Handler.java:739 )
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:95 )
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.os.Looper.loop(Looper.java:158)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.jav a:7230)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at com.android.internal.os.ZygoteInit$MethodAndArgsCa ller.run(ZygoteInit.java:1230)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit .java:1120)
08-08 09:40:28.622 2182 2578 I APM::AudioPolicyManager: getSituationVolume: isBTConnected:0 isHeadConnected:0

DJI Devs be like...

update regarding "test.dex" also being a Tencent tinker default.

./tinker-build/tinker-patch-lib/src/main/java/com/tencent/tinker/build/decoder/DexDiffDecoder.java: private static final String TEST_DEX_NAME = "test.dex";
./tinker-android/tinker-android-loader/src/main/java/com/tencent/tinker/loader/shareutil/ShareConstants.java: public static final String TEST_DEX_NAME = "test.dex";
Last edited by SasquatchLabs; Aug 08, 2017 at 07:28 PM.
Aug 08, 2017, 09:40 AM
Registered User
blade strike's Avatar
Quote:
Originally Posted by SasquatchLabs
You can see here a *dropped* libstlport_shared.so file that has the same date as FlyForbid.dex indicating to me they were *dropped* around the same time (minutes apart)




You can see this behavior in the tinker-sample-android source code...
$ grep stlport . -r
./tinker-sample-android/app/src/main/java/tinker/sample/android/app/MainActivity.java: System.loadLibrary("stlport_shared");
./tinker-sample-android/app/src/main/java/tinker/sample/android/app/MainActivity.java:// TinkerLoadLibrary.loadArmLibrary(getApplicationCon text(), "stlport_shared");
./tinker-sample-android/app/src/main/java/tinker/sample/android/app/MainActivity.java:// TinkerInstaller.loadLibraryFromTinker(getApplicati onContext(), "assets/x86", "stlport_shared");

I've NEVER had anything tinker related on this device... it is odd to me FlyForbid.dex and libstlport_shared.so get dropped on the same day minutes apart, and have been associated with *known* tinker behavior, yet I am to believe this has never been used?

This *confirmed* behavior is a bit too close to what has been seen on the file system on my personal device as screen shotted above.

https://github.com/Tencent/tinker/tr...sample-android
Now if you take the tinker-sample-android app, launch it, and click "Load Library" you will note it crashes... trying to load none other than libstlport_shared.so

8-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: catch exception when loading tinker:java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/tinker.sample.android-1/base.apk"],nativeLibraryDirectories=[/data/app/tinker.sample.android-1/lib/arm, /vendor/lib, /system/lib]]] couldn't find "libstlport_shared.so"
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at java.lang.Runtime.loadLibrary(Runtime.java:367)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at java.lang.System.loadLibrary(System.java:1076)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at tinker.sample.android.app.MainActivity$2.onClick(M ainActivity.java:70)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.view.View.performClick(View.java:5698)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.widget.TextView.performClick(TextView.java :10850)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.view.View$PerformClick.run(View.java:22523 )
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.os.Handler.handleCallback(Handler.java:739 )
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.os.Handler.dispatchMessage(Handler.java:95 )
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.os.Looper.loop(Looper.java:158)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at android.app.ActivityThread.main(ActivityThread.jav a:7230)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at java.lang.reflect.Method.invoke(Native Method)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at com.android.internal.os.ZygoteInit$MethodAndArgsCa ller.run(ZygoteInit.java:1230)
08-08 09:40:28.622 13736 13736 E Tinker.UncaughtHandler: at com.android.internal.os.ZygoteInit.main(ZygoteInit .java:1120)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: FATAL EXCEPTION: main
08-08 09:40:28.622 13736 13736 E AndroidRuntime: Process: tinker.sample.android, PID: 13736
08-08 09:40:28.622 13736 13736 E AndroidRuntime: java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/tinker.sample.android-1/base.apk"],nativeLibraryDirectories=[/data/app/tinker.sample.android-1/lib/arm, /vendor/lib, /system/lib]]] couldn't find "libstlport_shared.so"
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at java.lang.Runtime.loadLibrary(Runtime.java:367)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at java.lang.System.loadLibrary(System.java:1076)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at tinker.sample.android.app.MainActivity$2.onClick(M ainActivity.java:70)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.view.View.performClick(View.java:5698)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.widget.TextView.performClick(TextView.java :10850)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.view.View$PerformClick.run(View.java:22523 )
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.os.Handler.handleCallback(Handler.java:739 )
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:95 )
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.os.Looper.loop(Looper.java:158)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.jav a:7230)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at com.android.internal.os.ZygoteInit$MethodAndArgsCa ller.run(ZygoteInit.java:1230)
08-08 09:40:28.622 13736 13736 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit .java:1120)
08-08 09:40:28.622 2182 2578 I APM::AudioPolicyManager: getSituationVolume: isBTConnected:0 isHeadConnected:0

DJI Devs be like...

update regarding "test.dex" also being a Tencent tinker default.

./tinker-build/tinker-patch-lib/src/main/java/com/tencent/tinker/build/decoder/DexDiffDecoder.java: private static final String TEST_DEX_NAME = "test.dex";
./tinker-android/tinker-android-loader/src/main/java/com/tencent/tinker/loader/shareutil/ShareConstants.java: public static final String TEST_DEX_NAME = "test.dex";
Forwarded... but also got word they will remove tinker in future releases since they have no plans on using it.
Aug 08, 2017, 09:50 AM
Registered User
Dave Pitman's Avatar
Quote:
Originally Posted by blade strike
Forwarded... but also got word they will remove tinker in future releases since they have no plans on using it.
"I just wanted to look at it" says kid caught with hand in cookie jar.
Aug 08, 2017, 09:52 AM
Suspended Account
Quote:
Originally Posted by Dave Pitman
"I just wanted to look at it" says kid caught with hand in cookie jar.


Yes you don't usually add random code for fun. Perhaps now that eyes are on them DJI will start to be a bit more transparent. One can hope.
Aug 08, 2017, 09:55 AM
Go Hawks!
cryhavoc38's Avatar
Quote:
Originally Posted by filthy13
This seems to be sort of inline with what guys were discussing above your post (#2536.)
understood, but I wanted to mention the behavior I've seen that goes along with what they were discussing, if its related.

Quote:
Originally Posted by Kilrah
It's normal in the latest version (4.1.4), they seem to have finally moved the editor resources out of the apk. That's normal practice for large content.
fair enough and I have no issues with that, if we know what is actually in those out of store additional files are and do.
Aug 08, 2017, 10:07 AM
Registered User
blade strike's Avatar
Quote:
Originally Posted by SasquatchLabs

I've NEVER had anything tinker related on this device... it is odd to me FlyForbid.dex and libstlport_shared.so get dropped on the same day minutes apart, and have been associated with *known* tinker behavior, yet I am to believe this has never been used?
Confirmed that this has never been used in production.. That's all I have been told.


For the others , instead of trying to stir the pot why don't you provide data and stop the peanut gallery remarks...
Aug 08, 2017, 10:09 AM
Registered User
Quote:
Originally Posted by blade strike
Forwarded... but also got word they will remove tinker in future releases since they have no plans on using it.
Quote:
Originally Posted by blade strike
Confirmed that this has never been used in production.. That's all I have been told.


For the others , instead of trying to stir the pot why don't you provide data and stop the peanut gallery remarks...


To say something here. THIS IS NOT TRUE! We have the prove that DJI used it atleast once, even if it only was for testing. THIS is breaking the playstore rules and even worse this is a trojan horse inside the app. DJI can change broad parts of the app without the user noticing an update at all. Used or not THIS IS ILLEGAL.
FWIW we did report the finding to google along with proofs. Do the right thing and remove the Go4 app from the Playstore ASAP yourself and release a clean backdoor free version.
Also don't use too much sugar in your words, tell the simple users what it is. IT IS a hotfix framework designed to circumvence googles playstore checks and change app behaviour after the release.
Anyone still wondering why the US MIL killed all DJI drones? This is wrong on so many levels that i cannot count it anymore. This is betrayal on the customer at it's finest.

Best Regards
Bin4ry
Aug 08, 2017, 10:12 AM
Pedantic Thinker
SasquatchLabs's Avatar
Quote:
Originally Posted by blade strike
Confirmed that this has never been used in production.. That's all I have been told.


For the others , instead of trying to stir the pot why don't you provide data and stop the peanut gallery remarks...
Can they identify the source of the FlyForbid.dex , Test.jar, and dropped .so files I attached to the previous post?

Many of us have been "beta" users in the past... could *we* have seen this?
Aug 08, 2017, 10:15 AM
Pedantic Thinker
SasquatchLabs's Avatar
Quote:
Originally Posted by Bin4ry
To say something here. THIS IS NOT TRUE! We have the prove that DJI used it atleast once, even if it only was for testing. THIS is breaking the playstore rules and even worse this is a trojan horse inside the app. DJI can change broad parts of the app without the user noticing an update at all. Used or not THIS IS ILLEGAL.
FWIW we did report the finding to google along with proofs. Do the right thing and remove the Go4 app from the Playstore ASAP yourself and release a clean backdoor free version.
Also don't use too much sugar in your words, tell the simple users what it is. IT IS a hotfix framework designed to circumvence googles playstore checks and change app behaviour after the release.
Anyone still wondering why the US MIL killed all DJI drones? This is wrong on so many levels that i cannot count it anymore. This is betrayal on the customer at it's finest.

Best Regards
Bin4ry
IMHO the "proof" that Bin4ry mentions above is in what I have shown here:
https://www.rcgroups.com/forums/show...3#post38060463

I encourage the rest of you to scour your DJI Go app enabled devices for extraneous files matching the names test.dex, Temp.jar, or FlyForbid.dex mine were located in the directory /storage/emulated/0/ . Please look for yourselves... surely I am not the ONLY one to capture these files.
https://www.rcgroups.com/forums/show...3&d=1502126390
Aug 08, 2017, 10:18 AM
Pedantic Thinker
SasquatchLabs's Avatar
Also... take it easy on Blade and realize he is performing seppuku here.



He doesn't HAVE to be the interface to technical people on his team. He can very easily make us wait for Adam Lisberg to handle my questions and request for public comment. If you all want to wait for "news room" to give us an answer... keep taking small jabs at Blade and Ed.
Aug 08, 2017, 10:21 AM
Registered User
blade strike's Avatar
Quote:
Originally Posted by Bin4ry
To say something here. THIS IS NOT TRUE! We have the prove that DJI used it atleast once, even if it only was for testing. THIS is breaking the playstore rules and even worse this is a trojan horse inside the app. DJI can change broad parts of the app without the user noticing an update at all. Used or not THIS IS ILLEGAL.
FWIW we did report the finding to google along with proofs. Do the right thing and remove the Go4 app from the Playstore ASAP yourself and release a clean backdoor free version.
Also don't use too much sugar in your words, tell the simple users what it is. IT IS a hotfix framework designed to circumvence googles playstore checks and change app behaviour after the release.
Anyone still wondering why the US MIL killed all DJI drones? This is wrong on so many levels that i cannot count it anymore. This is betrayal on the customer at it's finest.

Best Regards
Bin4ry
Hey don't shoot the messenger.. I'm just relaying what the app team has told me.. They have already stated that it will be removed. If google thinks its in violation it will be removed, correct?

Quote:
Originally Posted by SasquatchLabs
Can they identify the source of the FlyForbid.dex , Test.jar, and dropped .so files I attached to the previous post?

Many of us have been "beta" users in the past... could *we* have seen this?
I will ask but its also going 0 dark thirty, its their night!


Quick Reply
Message:

Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
Article How To: Scale FPV Tips and Tricks Mega Thread Jason Cole FPV Talk 21 Jun 26, 2020 08:53 PM
Discussion Lee ME262 Mods, tips and tricks thread Extreme_RC Australia 181 May 16, 2020 01:19 AM
FAQ Tiny QX/EX Series Tips & Tricks Thread (FAQ info on first page) SoloProFan Micro Multirotor Drones 1003 Aug 27, 2018 02:27 PM
Build Log Zagi 33 New form Trick Wings Official Thread Tempest42 Foamies (Kits) 7 Apr 25, 2013 03:12 PM
Rave Official GAUI 330X-S Build Thread/ Tips & Tricks EmpireHobby Tech Multirotor Drone Talk 183 May 19, 2011 11:19 AM