在Android中以编程方式打开ServiceMode菜单 [英] Open ServiceMode menu programmatically in Android
问题描述
如何在Samsung Phones上以编程方式打开Android ServiceMode 菜单?
可以手动拨打美元代码*#0011#.
How to open the Android ServiceMode menu programmatically on Samsung Phones ?
Manually, I can do it by dialing the ussd code *#0011#.
推荐答案
这是一个挑战,我已经花了几个小时寻找解决方案.但恐怕我没有好消息.
This was a challenge and I've been a few hours looking for a solution. But i am afraid i don't have good news.
1.第一次尝试Intent.ACTION_DIAL
是的,确实有可能在开始时就直接使用"tel:"模式从应用程序(使用Intent.ACTION_DIAL)甚至从网站直接调用USSD代码.这将打开拨号程序,并放置所需的号码.当您输入最后一个#时,代码会自动发送,这对于不需要交互的用户几乎是透明的.但这实际上被认为是系统的漏洞,因为有人可能编写恶意软件甚至更多内容,然后在网站中插入恶意代码,甚至可能擦除您的手机或阻止SIM卡.您可以在此链接中了解有关此内容的信息,例如 /a> 截至2012年9月,三星似乎终于修复了该漏洞因此,例如您的S3无法做到这一点.此时,很难找到仍然容易受到攻击的设备.
Is true that in the beginning, it was possible to directly call USSD codes from an app (using the intent Intent.ACTION_DIAL), and even from a website, just using the "tel:" schema. That opens the dialer, an puts the desired number. As when you put the last #, the code get send automatically, it was almost transparent to the user, whose interaction wasn't required. But that was actually considered a vulnerability of the system, since somebody could write malicious software, or even more, insert malicious code in a website that could even wipe your phone or block the sim card. You can read about this, for example in this link As of September 2012, it seems that Samsung finally fixed that vulnerability so for instance your S3 is not capable of that. At this point it will be hard to find any device still vulnerable.
2.第二次尝试,解决方法
确定,Android中的所有内容都是一个应用程序,甚至手机本身也是一个应用程序.那么,为什么我们不能尝试复制其代码?实际上,当用户手动发送美元时会发生什么? 有太多可能的答案:
Ok everything in Android is an app, even the phone itself is an app. So, why couldn't we try to replicate its code? And actually, what happens when the user manually sends a ussd? There was too possible answers:
- 电话将代码发送给提供商并等待响应,或者
- 电话在本地进行操作
易于测试:我将手机置于飞行模式,因此,如果必须发送密码,希望它将无法发送密码.符合我的预期:我拨了代码,出现了ServiceMode屏幕!它是空的,因此我们可以说拨号程序打开了一个系统应用程序,并且该应用程序调用了提供程序.
它很容易找出哪个是此应用程序.在Samsung设备中,至少在S4中,其名称为ServiceMode.您可以在Settings > Application manager > All上找到它.因此,我们可以尝试通过以下方法之一来发现它是如何启动的:
Easy to test: I put my phone in flight mode, so if it has to send a code, hopefully it wont be able to. It was as i expected: i dialed the code, and the ServiceMode screen appeared! And it was empty, so we can say that the dialer opens a system application, and this application calls the provider.
Its easy to find out which is this application. In Samsung devices, at least in S4, its name is ServiceMode. You can find it at Settings > Application manager > All. So we can try to find out how it is launched more by means of one of this:
2.1.读取电话应用程序代码
我尝试过,但是一开始就很混乱,所以我选择了选项2
I tried, but it was pretty confusing at the beginning, so i went to option 2
2.2.检查服务模式应用
我打开了ES文件浏览器>应用程序管理器. 连接电话,并且在电话/备份/应用程序中,我有servicestatus apk. 几分钟或逆向工程之后,我有了清单文件,像以前一样显示出来.在那里,我可以看到很多活动,还有一些广播接收器.我不知道我更害怕什么.
I opened ES file explorer > app manager. connected the phone, and in phone/backups/apps i had the servicestatus apk. a few minutes or inverse engineering after, i had the manifest file, as revealing as it uses to be. There i could see a bunch of activities, and also a few broadcast receivers. I didn't know what i was more afraid of.
2.2.1让我们尝试一下活动.
由于我们知道我们可以从另一个应用程序中打开一个特定的应用程序,因此我将尝试编写一个简单的应用程序来打开其中的一项活动.这很简单:
Since we know we can open an specific application from another, i will try to write a simple app, that open one of this activities. This is as simple as:
Intent i= new Intent(Intent.Action_MAIN);
i.setClass( "package name", "class name");
startActivity(i);
由于该应用不是要通过启动器图标打开的,因此它没有包含意图过滤器的活动,因此我们无法知道它是主要活动.因此,我必须至少尝试其中的一些.但是无论如何,我看到了我不喜欢的东西.我待会再告诉你.
Since this app is not meant to be open from a launcher icon, it has not an activity with an intent filter that let us know that it is the main activity. So i have to try at least a few of them. But anyways, i saw something i didn't like. I will tell you later.
我尝试过,但是,正如我期望的那样,我无法打开该活动.我收到未找到活动的异常.因此,让我们尝试一下接收器.至少这会很有趣.
I tried, but, as i expected, i cannot open that activities. I get an activity not found exception. So, lets try with a receiver. At least this will be fun.
2.2.2让我们尝试使用接收器.
有一些,但是特别地,我喜欢使用这种intent-filter:
There is a few, but specially i liked one with this intent-filter:
<intent-filter>
<action android:name="android.provider.Telephony.SECRET_CODE" />
...
看起来不错.我去了Telephony.java,在那里我可以看到:
Looks good. I went yo Telephony.java, and there i could see this:
/**
* Broadcast Action: A "secret code" has been entered in the dialer. Secret codes are
* of the form *#*#<code>#*#*. The intent will have the data URI:</p>
*
* <p><code>android_secret_code://<code></code></p>
*/
public static final String SECRET_CODE_ACTION =
"android.provider.Telephony.SECRET_CODE";
很好看,这是一个特定的意图,我们所需的架构可能不是"tel:",而是"android_secret_code://",并且代码可能必须采用不同的内部格式. 我试着或多或少只是为了好玩,因为我知道在活动中也遇到了同样的问题,这是
Looks great, its an specific intent, probably the schema we need is not "tel:" but "android_secret_code://" and probably the codes has to be in a different internal format. I tried, more or less just for fun, since i knew that there is the same problem i saw in the activities, and is this:
<permission android:name="com.sec.android.app.servicemodeapp.permission.KEYSTRING" android:protectionLevel="signatureOrSystem" />
应用程序声明此权限,并且每个组件都使用它.这样,或者您知道如何声明和设置签名,或者您是系统应用程序.否则,您将根本无法与此应用进行交互.
当然,您甚至都不会考虑创建自己的servicemode应用程序,因为如果不成为系统应用程序,您将无法与提供商进行这种通信(因为您必须通过某些固件应用程序,该应用程序会说伤心的你以为你是谁")
Of course you couldn't even think about creating your own servicemode app, since you wouldn't perform that kind of communication with the provider without being a system app (since you have to pass through some firmware apps that will say a sad "who do you think you are")
在他看来,至少对于三星手机,我们无能为力,我们可以认为其他所有手机都一样.
There is nothing we can do at his point, at least with a Samsung phone, and we can think every other phone will be the same.
嗯,实际上没有一个真的很好.但让我们看看:
Well, actually none really good. But lets see:
替代方法1.查找另一种ussd代码
我们知道有两种USSD.当您拨打最后一个#时,将自动触发该操作,而另一个,则需要按通话按钮.
We know that there is 2 kind of USSD. The ones that when you dial the last #, the action is automatically triggered, and the other, which require that you press the call button.
如果尝试使用第三方拨号器,您会看到
If you try with a third-party dialer, you can see that
- 当您拨打第一种类型的代码时,根本不会触发任何操作(只有固件拨号器才能触发它们)
- 您可以使用另一种类型(类型代码+按通话).我想这意味着这种代码的风险较小,因为它不会更改设备中的任何内容,因此可以使用.
- 当然,如果您键入第一种类型的代码并按call,则会出现错误,因为该代码无法正常工作.
因此,如果第三方可以发送这种类型的代码,则每个应用程序都可以. 因此,如果您可以尝试找到另一种在用户按下呼叫按钮后触发的usdd代码,则可以实现所需的功能.在这种情况下,您应该使用Intent.ACTION_CALL目的
So, if a third-party can send that type of codes, every app could. So If you could try to find an alternative ussd code, of that type that are triggered after the usser press the call button, you could achieve your what you need. In that case, you should use an Intent.ACTION_CALL intent
///如果使用ACTION_DIAL意图,它将打开拨号程序并将给定的号码放入其中. //同时,如果我们使用ACTION_CALL,则该应用将直接调用.
//if you use the ACTION_DIAL intent, it open the dialer and put the given number in it. //meanwhile, if we use the ACTION_CALL, the app will directly call.
Intent intent = new Intent(Intent.ACTION_CALL);
intent.setData(Uri.parse("tel:"+ "*" + Uri.encode("#") + "0011" + Uri.encode("#"))); //here you woud put your alternative code
startActivity(intent);
此外,您还需要在清单中声明此权限
Also you would need to declare this permission in your manifest
<uses-permission android:name="android.permission.CALL_PHONE"></uses-permission>
也许您可以找到一种替代方法来执行此操作,因为我已经在互联网上看到了一些,但是目前还没有人为我工作.您可以尝试一下
Probably you could find an alternative code to do this, since i ve seen a few in the internet, but at this point no one worked for me. You can give it a try
替代方法2.等待正式的api出现
在 Android项目页面上的coogle代码中,有一个添加请求USSD API支持.它有很多订阅者,但是它已经很老了(超过5年),恐怕还不是很好. 无论如何,可能会发生这种情况,可能是android tem将考虑准备一个api,以便应用程序可以声明一些权限,并发出某种代码的请求.但是,我知道,这可能会永远等待.
In the android project page at coogle code, there is a request to Add USSD API support. It has many subscribers, but it is quite old (more than 5 years), i'm afraid that's not really good. Anyways, that could happen, probably the android tem will consider to prepare an api so an app could declare some permissions, and make requests of some kind of codes. But, I know, this can be waiting forever.
那该说些什么.寻找解决方案或您的应用程序的替代方案会很幸运.对不起,我的研究还没有取得更多成果:(
So, what to say. Would luck looking for a solution, or for an alternative to your app. I'm sorry my research wasn't more fruitful :(
这篇关于在Android中以编程方式打开ServiceMode菜单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
