androproto not working

[eonghk]

Hi, Thank you for developing such an awesome tool! I'm trying to use your androproto to extract the proto in the GoogleServiceFramework.odex(4.1 version) but androguard seems not be able to solve the "invoke-virtual-quick/vtable" bytecode, then it can't find the "read/set" pair. Any idea?

Regards, Eong

[egirault]

Hi, Thanks for your feedback. This script is indeed more like a PoC than a generic tool. It worked well on Google Play APK but I didn't have the opportunity to try it on other apps. You can try to troubleshoot the issue using Androguard or IDA to disassemble the app, follow basic blocks of the switch within the protobuf parsing method, and see what's wrong. Unfortunately I do not have much time to work on this now, hopefully I will soon.

2012/12/18 eonghk notifications@github.com

Hi, Thank you for developing such an awesome tool! I'm trying to use your androproto to extract the proto in the GoogleServiceFramework.odex(4.1 version) but androguard seems not be able to solve the "invoke-virtual-quick/vtable" bytecode, then it can't find the "read/set" pair. Any idea?

Regards, Eong

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/15.

[eonghk]

Thank you for your reply! I used baksmali to extract the proto from the dissembled smali files, text scanning, and solved my problem. I just want to check if androguard will work out. I'm not that familiar with androguard and it has very few documents. Using IDA is not a good idea as it's not a free GNU tool. XD

The problem is in analyse_bb function: if n == "invoke-virtual": icn, imn, imd = get_invoked_method_info(i) l.append( imn ) # class name : icn.split("/")[-1]

if n == "invoke-direct":
  icn, imn, _ = get_invoked_method_info(i)

Actually there is no "invoke-virtual" as the androguard doesn't resolve the vtable part. The instruction looks like this: invoke-virtual-quick v2, v1, vtable[0x18] I just want to ask if it is possible to let androguard to load the basic class from another apk or odex(framework.apk) and resolve the vtable?

[egirault]

Yes, Androguard is unfortunately not very documented, but i'm pretty sure it should be able to parse a vtable, either manually or by hand. I'm really not a Dalvik expert and don't know how virtual calls are handled, but you can have a look at Dalvik Opcodes reference. For sure Androguard can load any files as you want, but I'm not aware of a method for resolving virtual tables. You should ask its creator, Anthony Desnos :)

2012/12/18 eonghk notifications@github.com

Thank you for your reply! I used baksmali to extract the proto from the dissembled smali files, text scanning, and solved my problem. I just want to check if androguard will work out. I'm not that familiar with androguard and it has very few documents. Using IDA is not a good idea as it's not a free GNU tool. XD

The problem is in analyse_bb function: if n == "invoke-virtual": icn, imn, imd = get_invoked_method_info(i) l.append( imn ) # class name : icn.split("/")[-1]

if n == "invoke-direct": icn, imn, _ = get_invoked_method_info(i)

Actually there is no "invoke-virtual" as the androguard doesn't resolve the vtable part. The instruction looks like this: invoke-virtual-quick v2, v1, vtable[0x18] I just want to ask if it is possible to let androguard to load the basic class from another apk or odex(framework.apk) and resolve the vtable?

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/15#issuecomment-11479185.

[eonghk]

Thank you. Are you going to add the check-in code? I saw that you already added the proto.

[egirault]

Actually it is not commited into the master branch, the #10 pull request is still pending. I tested https://github.com/nviennot/android-checkin but I couldn't make it work. I get an androidID, but I'm not sure the device is properly registrated as it does not appear under "My devices" on my Google account parameters. I will try to have a deeper look later when I find some time.

2012/12/18 eonghk notifications@github.com

Thank you. Are you going to add the check-in code? I saw that you already added the proto.

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/15#issuecomment-11479651.

[eonghk]

I did some tests and I can confirm it's working. I register a new gmail account and I tried to use the account to do something. Before activating this account on my android device or "checkin-in", the account doesn't work. After "check-in", everything works fine. You may check the "auth" response from Google. Before "check-in", there is no "android" in the "service" section even you activate the "google play" through the web. And if you can add proxy support and put the proxy config in config.py, that will be great! XD

[egirault]

What kind of operation did you try before "checking in" your account ? Can you see the device you registered on Google Play Web interface ? I only tried with an account having already a registered device and couldn't make the 2nd appear on the interface, so I thought it wasn't registered correctly.

2012/12/18 eonghk notifications@github.com

I did some tests and I can confirm it's working. I register a new gmail account and I tried to use the account to do something. Before activating this account on my android device or "checkin-in", the account doesn't work. After "check-in", everything works fine. You may check the "auth" response from Google. Before "check-in", there is no "android" in the "service" section even you activate the "google play" through the web. And if you can add proxy support and put the proxy config in config.py, that will be great! XD

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/15#issuecomment-11481271.

[eonghk]

I tried to use the account to submit a review for an app.

[eonghk]

And the device also doesn't appear under my account in Google Play. But it doesn't affect the functions except pushing an app to your non-exist device. XD