Repacked APK crashes on android 4.0.4

[GoogleCodeExporter]

What steps will reproduce the problem?

Source code of app-original.apk available at 
https://github.com/rusmonster/example-apktool

1. Download example.zip from 
https://github.com/rusmonster/example-apktool/raw/master/example.zip and 
extract it.
2. Repack app-original.apk with apktool_2.0.0rc2 from 
https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.0.0rc2.jar

./apktool-rc2 d -f -o out-rc2 app-original.apk
./apktool-rc2 b out-rc2

#sign repacked apk
mv out-rc2/dist/app-original.apk app-repacked.apk
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore 
my-release-key.keystore -storepass 12345678 app-repacked.apk alias_name

3. Install app-repacked.apk on device with Android 4.0.4 (I used Galaxy Nexus 
with stock 
android image from 
https://dl.google.com/dl/android/aosp/yakju-imm76i-factory-8001e72f.tgz).

4. Run the app and tap the "Workaround" button 
5. Tap the "Crash" button. The app crashes
6. Install app-original.apk on the same device. Both buttons work well.
7. Install app-repacked.apk on an Android 4.4.4 device (I used Nexus 5 with 
stock android 
image from 
https://dl.google.com/dl/android/aosp/hammerhead-ktu84p-factory-35ea0277.tgz)
8. Check that both buttons work well.

What is the expected output? What do you see instead?

At step 5 the app crashes on line 23 in file
https://github.com/rusmonster/example-apktool/blob/master/app/src/main/java/com/
example/exampleapktool/MyInvocationHandler.java

    final Annotation[][] parameterAnnotationArrays = method.getParameterAnnotations();

with stack:
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
java.lang.reflect.Method.getParameterAnnotations(Native Method)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
java.lang.reflect.Method.getParameterAnnotations(Method.java:311)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
retrofit.RestMethodInfo.parseParameters(RestMethodInfo.java:330)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
retrofit.RestMethodInfo.init(RestMethodInfo.java:116)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:327)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
retrofit.RestAdapter$RestHandler.access$100(RestAdapter.java:262)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
retrofit.RestAdapter$RestHandler$2.obtainResponse(RestAdapter.java:313)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
retrofit.CallbackRunnable.run(CallbackRunnable.java:38)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
retrofit.Platform$Android$2$1.run(Platform.java:136)
09-03 15:32:08.629 8583-8587/? I/dalvikvm﹕ at 
java.lang.Thread.run(Thread.java:856)

What version of the product are you using? On what operating system?

apktool_2.0.0rc2 on Windows 7 and Mac Os X 10.9

Please provide any additional information below.

1. Sources of app-original.apk available at 
https://github.com/rusmonster/example-apktool

2. run ./repack.sh from example.zip. This script repacks app-original.apk with 
apktool_2.0.0rc2 and then 
decompile app-original.apk and app-repacked.apk with apktool1.5.2
check crash method at
example\out-152-original\smali\com\example\exampleapktool\MyExample.smali

.method public abstract 
crash(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
    .parameter
        .annotation runtime Lcom/example/exampleapktool/annotations/FindMe;
        .end annotation
    .end parameter
    .parameter
    .end parameter
.end method

and
example\out-152-repacked\smali\com\example\exampleapktool\MyExample.smali

.method public abstract 
crash(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
    .parameter
        .annotation runtime Lcom/example/exampleapktool/annotations/FindMe;
        .end annotation
    .end parameter
    .parameter
.end method

there is no ".end parameter" marker for second parameter in the repacked file. 
So it may be the reason of the crash.

3. run ./dex2jar.sh from the example.zip
dex2jar throws exception on app-repacked.apk:

#error output:
#
# dex2jar app-repacked.apk -> app-repacked-dex2jar.jar
# com.googlecode.dex2jar.DexException: while accept 
method:[Lcom/example/exampleapktool/MyExample;.crash(Ljava/lang/String;Ljava/lan
g/String;)Ljava/lang/String;]
#   at 
com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:694)
#   at 
com.googlecode.dex2jar.reader.DexFileReader.acceptClass(DexFileReader.java:441)
#   at com.googlecode.dex2jar.reader.DexFileReader.accept(DexFileReader.java:323)
#   at com.googlecode.dex2jar.v3.Dex2jar.doTranslate(Dex2jar.java:85)
#   at com.googlecode.dex2jar.v3.Dex2jar.to(Dex2jar.java:261)
#   at com.googlecode.dex2jar.v3.Dex2jar.to(Dex2jar.java:252)
#   at com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:110)
#   at com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:174)
#   at com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:34)
# Caused by: com.googlecode.dex2jar.DexException: while accept parameter 
annotation in 
method:[Lcom/example/exampleapktool/MyExample;.crash(Ljava/lang/String;Ljava/lan
g/String;)Ljava/lang/String;], parameter:[1]
#   at 
com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:663)
#   ... 8 more
# Caused by: java.lang.RuntimeException: EOF
#   at 
com.googlecode.dex2jar.reader.io.ArrayDataIn.readUByte(ArrayDataIn.java:131)
#   at 
com.googlecode.dex2jar.reader.DexAnnotationReader.accept(DexAnnotationReader.jav
a:49)
#   at 
com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:660)
#   ... 8 more

Original issue reported on code.google.com by RusMons...@gmail.com on 11 Oct 2014 at 1:01

[GoogleCodeExporter]

This is a good bug report submission. Thanks, will take a look.

Original comment by connor.tumbleson on 11 Oct 2014 at 1:05

• Changed state: Accepted
• Added labels: Milestone-v2.0

[GoogleCodeExporter]

Okay sorry for the delay. I did the following steps.

apktool d app-original.apk
apktool b app-original -o app-dirty.apk
signapk app-dirty.apk

where signapk is
java -jar /usr/local/bin/signapk.jar /usr/local/bin/keys/testkey.x509.pem 
/usr/local/bin/keys/testkey.pk8 "$1" "$1-signed"

adb install app-dirty.apk-signed
Clicked both buttons "Crash" & "Workaround" and nothing happened crash wise. I 
then installed "app-original.apk" and had 0 crashes.

I was testing on a OnePlus One, Android 4.4.4

Original comment by connor.tumbleson on 27 Dec 2014 at 12:32

• Changed state: Invalid

[GoogleCodeExporter]

As I write in report - it crashes on android 4.0.4 and works fine on 4.4.4. So 
please try on 4.0.4

Original comment by RusMons...@gmail.com on 27 Dec 2014 at 12:40

[GoogleCodeExporter]

Apktool has no control over the decoded and rebuilt smali. That is done by 
https://code.google.com/p/smali/. 

You could try with the latest smali builds. Apktool 1.5.2 had smali 1.4.1 & 
Apktool 2.x is at smali 2.0.3 currently. If regression occurred it happened in 
between those (which was an entire rewrite).

This commit looks related: 
https://code.google.com/p/smali/source/detail?r=0d8418ff1f253471dc5f579ec5b4976c
08649a09

I will keep this closed as its really isolated to certain platform versions & 
appears to be directly related to dex files.

Original comment by connor.tumbleson on 27 Dec 2014 at 12:51

[GoogleCodeExporter]

FYI, I think I have encountered the same problem. I have tracked it down to a 
bug in Dalvik VM before Jelly Bean MR1 (4.2) and suggested a compatibility fix 
in smali.

I have submitted a pull request at https://github.com/JesusFreke/smali/pull/29

When it gets merged (or the problem gets solved in some other way), apktool and 
other derived projects will hopefully work with the older versions again sooner 
or later too.

Original comment by ji...@fud.cz on 19 Feb 2015 at 2:43