Crashes on startup when XPosed modules are loaded.
http://ouyaforum.com/showthread.php?10047-Final-Fantasy-III-Not-Launching
Luckily for others, I've done extensive research and I have found that it is not the root access itself which is not compatible with FF3, it is the activation of an Xposed Framework module.
So, if you're are rooted, have Xposed Framework installed and want to play Final Fantasy 3, just go to Xposed installer, deactivate all modules and reboot. You won't lose your root access and the game will launch just fine.
https://forum.xda-developers.com/xposed/framework-xposed-rom-modding-modifying-t1574401/page170#1700
Ok, whatever Final Fantasy does there: It looks like some very dirty coding.
What's going on there:
- com/square_enix/android_googleplay/FFIV_GP/MainActivitya loads lib__57d5__.so and then calls native function MainActivityb.a(I)I with some random (?) integer constants
- Actually already the library loading fails because somewhere during the initialization, it calls "sh -c pm clear <package>" for the Xposed modules, which fails with a permission error and crashes the process
- The library seems to be obfuscated - I can read some assembler, but I couldn't find the real code. mprotect/memset functions are called, maybe for decoding
- With trial and error, I think I found the place where FF reads the package names: /proc/self/maps (or /proc/<pid>/maps)
- This file contains the memory regions of a process and the files from which they are mapped
- As Xposed has loaded the modules, they are in the memory for FF as well
- When I rename the module file, the new path is also updated in the mapping file
- After renaming /data/app/xyz-1.apk to /data/app/abc-1.apk, the call is no longer "pm clear xyz", but "pm clear abc" (even though that package doesn't exist and probably nothing in the systems can know about the renaming)
- After renaming to /data/app/xyz-1.apkx, the calls continue with the next package; once all are renamed the calls stop and FF continues to load
- However, it seems to detect itself - if I move the game apk to /data/app, it doesn't hang
To summarize: A strange native library in FF seems to get all /data/app/*-?.apk entries from the memory mapping file and tries to clear the data for them. Why? I don't know what this should be good for. I assume it targets the app itself, but why does it go such a complicated way? Why is the library obfuscated (the others aren't)? The best explanation I could think of was that it wants to clean up previous versions, but then I discovered that it doesn't clean for its own apk... so I have no idea.
After spending 2.5 hours looking at this, I don't think I have any chance or need to fix something in my code. I can't avoid that the modules are in the memory, I couldn't even unload them if I wanted to. Sorry, but it seems that you need to disable Xposed and reboot to play. Or ask the vendor to fix their code, there is no reason to clear data for foreign packages - but I'm not sure if they will listen to it.
https://forum.xda-developers.com/xposed/framework-xposed-rom-modding-modifying-t1574401/page187#1869
In case anyone is interested, I use XPrivacy (using Xposed Framework ironically) to circumvent this issue.
I allowed the following permissions only
- Identification
- Internet
- Network
- External storage (for the data cache)
You will be able to play it. It may work the same for Chaos Rings series as well.
https://forum.xda-developers.com/xposed/xposed-faq-issues-t2735540#4
Symptom: If you have activated Xposed and any module, some Square Enix games (e.g. Final Fantasy) and Puzzles & Dragons don't start anymore.
Background: I have spent several hours analyzing this issue. Here are my findings: http://forum.xda-developers.com/show...postcount=1701
Solution: I don't think I will be able to fix this. Some users reported that it's working after converting Xposed and modules to system apps (but I didn't test it and you have to do this after every update). Otherwise, you could press the "uninstall" button in the Xposed Installer, reboot, play the game, afterwards press the "install/update" button and reboot again.
Same problem with "Guardian Cross", also from Square Enix.
https://forum.xda-developers.com/xposed/hook-called-android-app-t4042575
Android 4.1.2 source code:
Games that do not check previously purchased products on startup and do have no way to sync purchases:
They can be unlocked on a dynamic server, not a static one.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | I/ActivityManager( 348): Start proc com.square_enix.android_OUYA.FFIII for activity com.square_enix.android_OUYA.FFIII/com.square_enix.FFIII_J.MainActivity: pid=1691 uid=10047 gids={3003, 1028} I/dalvikvm( 1691): Turning on JNI app bug workarounds for target SDK version 13... D/dalvikvm( 1691): Trying to load lib /data/data/com.square_enix.android_OUYA.FFIII/lib/lib__57d5__.so 0x41e4dbe8 D/Xposed ( 1705): Starting Xposed binary version 50, compiled for SDK 16 D/Xposed ( 1705): Phone: OUYA Console (OUYA), Android version 4.1.2 (SDK 16) D/Xposed ( 1705): ROM: JZO54L-OUYA D/Xposed ( 1705): Build fingerprint: OUYA/ouya_1_1/ouya_1_1:4.1.2/JZO54L-OUYA/1427:user/test-keys I/Xposed ( 1705): ----------------- I/Xposed ( 1705): Added Xposed (/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar) to CLASSPATH. D/AndroidRuntime( 1705): D/AndroidRuntime( 1705): >>>>>> AndroidRuntime START de.robv.android.xposed.XposedBridge <<<<<< D/AndroidRuntime( 1705): CheckJNI is OFF D/dalvikvm( 1705): Trying to load lib libjavacore.so 0x0 D/dalvikvm( 1705): Added shared lib libjavacore.so 0x0 D/dalvikvm( 1705): Trying to load lib libnativehelper.so 0x0 D/dalvikvm( 1705): Added shared lib libnativehelper.so 0x0 D/Xposed ( 1705): Using structure member offsets for mode WITH_JIT I/Xposed ( 1705): Found Xposed class 'de/robv/android/xposed/XposedBridge', now initializing I/ethernet( 1705): Loading ethernet jni class I/Xposed ( 1705): ----------------- I/Xposed ( 1705): Jan 25, 2020 6:04:47 PM UTC I/Xposed ( 1705): Loading Xposed v47 (for com.android.commands.pm.Pm)... I/Xposed ( 1705): Loading modules from /data/app/de.cweiske.ouya.plainpurchases-2.apk I/Xposed ( 1705): Loading class de.cweiske.ouya.plainpurchases.PlainPurchases D/AndroidRuntime( 1705): Calling main entry com.android.commands.pm.Pm D/AndroidRuntime( 1705): Shutting down VM W/dalvikvm( 1705): threadid=1: thread exiting with uncaught exception (group=0x41521300) E/JavaBinder( 1705): Unknown binder error code. 0xfffffff7 E/AndroidRuntime( 1705): *** FATAL EXCEPTION IN SYSTEM PROCESS: main E/AndroidRuntime( 1705): java.lang.SecurityException: 1705 does not have permission:android.permission.CLEAR_APP_USER_DATA to clear datafor process:de.cweiske.ouya.plainpurchases E/AndroidRuntime( 1705): at android.os.Parcel.readException(Parcel.java:1425) E/AndroidRuntime( 1705): at android.os.Parcel.readException(Parcel.java:1379) E/AndroidRuntime( 1705): at android.app.ActivityManagerProxy.clearApplicationUserData(ActivityManagerNative.java:2889) E/AndroidRuntime( 1705): at com.android.commands.pm.Pm.runClear(Pm.java:1126) E/AndroidRuntime( 1705): at com.android.commands.pm.Pm.run(Pm.java:116) E/AndroidRuntime( 1705): at com.android.commands.pm.Pm.main(Pm.java:75) E/AndroidRuntime( 1705): at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method) E/AndroidRuntime( 1705): at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:235) E/AndroidRuntime( 1705): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:135) E/AndroidRuntime( 1705): at dalvik.system.NativeStart.main(Native Method) I/Process ( 1705): Sending signal. PID: 1705 SIG: 9 E/AndroidRuntime( 1705): Error reporting crash E/AndroidRuntime( 1705): android.os.RemoteException: Unknown binder error code. 0xfffffff7 E/AndroidRuntime( 1705): at android.os.BinderProxy.transact(Native Method) E/AndroidRuntime( 1705): at android.app.ActivityManagerProxy.handleApplicationCrash(ActivityManagerNative.java:3118) E/AndroidRuntime( 1705): at com.android.internal.os.RuntimeInit$UncaughtHandler.uncaughtException(RuntimeInit.java:76) E/AndroidRuntime( 1705): at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:693) E/AndroidRuntime( 1705): at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:690) E/AndroidRuntime( 1705): at dalvik.system.NativeStart.main(Native Method) D/Zygote ( 109): Process 1691 exited cleanly (1) I/ActivityManager( 348): Process com.square_enix.android_OUYA.FFIII (pid 1691) has died. |