#disallowed odex opcode still present on 2.1.0

[ghost]

Information

1. Apktool Version 2.1.0
2. Operating System Windows
3. APK From Other

   Stacktrace/Logcat

No errors

C:\Users\quocd\Documents\APK Easy Tool>java -jar apktool.jar d "dungeonlink dex.apk"
I: Using Apktool 2.1.0 on dungeonlink dex.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\quocd\apktool\framework\1.apk
I: Decoding Shared Library (com.sonyericsson.uxp), pkgId: 2
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...

Steps to Reproduce

1. decompile the apk with debug info via CMD

   Frameworks

http://sbupload.com/7lir9iruqk9t.html

APK

http://sbupload.com/4dchxramlgvj.html

Questions to ask before submission

1. Have you tried apktool d, apktool b without changing anything? Yes, nothing changed
2. If you are trying to install a modified apk, did you resign it?
3. Are you using the latest apktool version? Yes, it's 2.1.0

[iBotPeaches]

Not sure what you are reporting. If there is a logcat during run of application, attach that.

[ghost]

You need to do something because the classes.dex is decrypted by me. My friend and other peoples had passed decompiling decrypted classes.dex without "disallowed odex opcode" bug and the app is working perfectly, but he or they don't tell me the details. I simply re-place the classes.dex file inside the APK and decompiled the APK but i got a bunch of "disallowed odex opcode" that breaks the entire app. where can i find the logcat?

[iBotPeaches]

adb logcat during execution of application. Have your friend report a bug then. Nothing is making sense here.

[ghost]

are you serious? why this don't make sense? why would my friends report a bug when they don't have a problem running an app? go try decompile and see the smali by yourself. i don't wanna get stuck and i need to mod the app badly

05-08 15:59:29.930 I/ActivityManager(491): START u0 {act=android.intent.action.MAIN flg=0x10000000 cmp=com.gamevilusa.dungeonlink.android.google.global.normal/com.seworks.medusah.MainActivity} from pid 2079
05-08 15:59:29.934 D/AndroidRuntime(2079): Shutting down VM
05-08 15:59:29.938 D/dalvikvm(2079): GC_CONCURRENT freed 94K, 15% free 576K/676K, paused 0ms+0ms, total 0ms
05-08 15:59:29.946 I/ActivityManager(491): Start proc com.gamevilusa.dungeonlink.android.google.global.normal for activity com.gamevilusa.dungeonlink.android.google.global.normal/com.seworks.medusah.MainActivity: pid=2091 uid=10067 gids={50067, 3003, 1028, 1015, 1023}
05-08 15:59:29.966 W/NetworkManagementSocketTagger(491): setKernelCountSet(10067, 1) failed with errno -13
05-08 15:59:29.966 I/dalvikvm(2091): ignoring registerObject request in thread=1
05-08 15:59:29.966 D/AndroidRuntime(2091): Shutting down VM
05-08 15:59:29.966 W/dalvikvm(2091): threadid=1: thread exiting with uncaught exception (group=0x94d68b20)
05-08 15:59:29.970 E/AndroidRuntime(2091): FATAL EXCEPTION: main
05-08 15:59:29.970 E/AndroidRuntime(2091): Process: com.gamevilusa.dungeonlink.android.google.global.normal, PID: 2091
05-08 15:59:29.970 E/AndroidRuntime(2091): java.lang.RuntimeException: Unable to instantiate application com.seworks.medusah.app: java.lang.ClassNotFoundException: Didn't find class "com.seworks.medusah.app" on path: DexPathList[[zip file "/data/app/com.gamevilusa.dungeonlink.android.google.global.normal-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.gamevilusa.dungeonlink.android.google.global.normal-1, /system/lib]]
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.app.LoadedApk.makeApplication(LoadedApk.java:516)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4345)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.app.ActivityThread.access$1500(ActivityThread.java:135)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.os.Handler.dispatchMessage(Handler.java:102)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.os.Looper.loop(Looper.java:136)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.app.ActivityThread.main(ActivityThread.java:5045)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at java.lang.reflect.Method.invokeNative(Native Method)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at java.lang.reflect.Method.invoke(Method.java:515)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at dalvik.system.NativeStart.main(Native Method)
05-08 15:59:29.970 E/AndroidRuntime(2091): Caused by: java.lang.ClassNotFoundException: Didn't find class "com.seworks.medusah.app" on path: DexPathList[[zip file "/data/app/com.gamevilusa.dungeonlink.android.google.global.normal-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.gamevilusa.dungeonlink.android.google.global.normal-1, /system/lib]]
05-08 15:59:29.970 E/AndroidRuntime(2091):  at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at java.lang.ClassLoader.loadClass(ClassLoader.java:497)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at java.lang.ClassLoader.loadClass(ClassLoader.java:457)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.app.Instrumentation.newApplication(Instrumentation.java:992)
05-08 15:59:29.970 E/AndroidRuntime(2091):  at android.app.LoadedApk.makeApplication(LoadedApk.java:511)
05-08 15:59:29.970 E/AndroidRuntime(2091):  ... 11 more
05-08 15:59:29.970 W/ActivityManager(491):   Force finishing activity com.gamevilusa.dungeonlink.android.google.global.normal/com.seworks.medusah.MainActivity
05-08 15:59:29.982 D/        (491): HostConnection::get() New Host Connection established 0xb88358f0, tid 505
05-08 15:59:30.086 D/dalvikvm(491): GC_FOR_ALLOC freed 445K, 17% free 8788K/10532K, paused 8ms, total 8ms
05-08 15:59:30.086 I/dalvikvm-heap(491): Grow heap (frag case) to 8.875MB for 232460-byte allocation
05-08 15:59:30.090 D/dalvikvm(491): GC_FOR_ALLOC freed 5K, 17% free 9009K/10760K, paused 7ms, total 7ms
05-08 15:59:30.102 D/dalvikvm(491): GC_FOR_ALLOC freed 21K, 17% free 8987K/10760K, paused 8ms, total 8ms
05-08 15:59:30.102 I/dalvikvm-heap(491): Grow heap (frag case) to 9.070MB for 232460-byte allocation
05-08 15:59:30.106 D/dalvikvm(491): GC_FOR_ALLOC freed 2K, 17% free 9212K/10988K, paused 7ms, total 7ms
05-08 15:59:30.118 D/dalvikvm(491): GC_FOR_ALLOC freed 37K, 16% free 9263K/10988K, paused 6ms, total 6ms
05-08 15:59:30.122 I/dalvikvm-heap(491): Grow heap (frag case) to 9.774MB for 688716-byte allocation
05-08 15:59:30.126 D/dalvikvm(491): GC_FOR_ALLOC freed <1K, 15% free 9935K/11664K, paused 7ms, total 7ms
05-08 15:59:30.130 W/WindowManager(491): updateFocusedWindowLocked, focusedAppToken is null.
05-08 15:59:30.166 D/        (491): HostConnection::get() New Host Connection established 0xb8789cf0, tid 506
05-08 15:59:30.610 W/ActivityManager(491): Activity pause timeout for ActivityRecord{4a9d6474 u0 com.gamevilusa.dungeonlink.android.google.global.normal/com.seworks.medusah.MainActivity t3 f}
05-08 15:59:30.614 D/dalvikvm(735): GC_FOR_ALLOC freed 526K, 23% free 4918K/6308K, paused 2ms, total 2ms

[iBotPeaches]

The original application won't even install. See below snippet.

05-08 11:24:19.764   810  1473 W PackageManager: Failed collect during installPackageLI
05-08 11:24:19.764   810  1473 W PackageManager: android.content.pm.PackageParser$PackageParserException: Failed reading classes.dex in java.util.jar.StrictJarFile@2754ca7
05-08 11:24:19.764   810  1473 W PackageManager:    at android.content.pm.PackageParser.loadCertificates(PackageParser.java:631)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.content.pm.PackageParser.collectCertificates(PackageParser.java:1211)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.content.pm.PackageParser.collectCertificates(PackageParser.java:1166)
05-08 11:24:19.764   810  1473 W PackageManager:    at com.android.server.pm.PackageManagerService.installPackageLI(PackageManagerService.java:12960)
05-08 11:24:19.764   810  1473 W PackageManager:    at com.android.server.pm.PackageManagerService.-wrap26(PackageManagerService.java)
05-08 11:24:19.764   810  1473 W PackageManager:    at com.android.server.pm.PackageManagerService$8.run(PackageManagerService.java:10854)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.os.Handler.handleCallback(Handler.java:739)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.os.Handler.dispatchMessage(Handler.java:95)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.os.Looper.loop(Looper.java:148)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.os.HandlerThread.run(HandlerThread.java:61)
05-08 11:24:19.764   810  1473 W PackageManager:    at com.android.server.ServiceThread.run(ServiceThread.java:46)
05-08 11:24:19.764   810  1473 W PackageManager: Caused by: java.lang.SecurityException: META-INF/MANIFEST.MF has invalid digest for classes.dex in classes.dex
05-08 11:24:19.764   810  1473 W PackageManager:    at java.util.jar.JarVerifier.invalidDigest(JarVerifier.java:140)
05-08 11:24:19.764   810  1473 W PackageManager:    at java.util.jar.JarVerifier.-wrap0(JarVerifier.java)
05-08 11:24:19.764   810  1473 W PackageManager:    at java.util.jar.JarVerifier$VerifierEntry.verify(JarVerifier.java:132)
05-08 11:24:19.764   810  1473 W PackageManager:    at java.util.jar.JarFile$JarFileInputStream.read(JarFile.java:117)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.content.pm.PackageParser.readFullyIgnoringContents(PackageParser.java:5363)
05-08 11:24:19.764   810  1473 W PackageManager:    at android.content.pm.PackageParser.loadCertificates(PackageParser.java:628)
05-08 11:24:19.764   810  1473 W PackageManager:    ... 10 more

Hacking your way through a decode/recompile and sign will throw

05-08 11:23:40.905  6655  6655 E AndroidRuntime: Caused by: java.lang.ClassNotFoundException: Didn't find class "com.seworks.medusah.app" on path: DexPathList[[zip file "/data/app/com.gamevilusa.dungeonlink.android.google.global.normal-1/base.apk"],nativeLibraryDirectories=[/data/app/com.gamevilusa.dungeonlink.android.google.global.normal-1/lib/arm, /data/app/com.gamevilusa.dungeonlink.android.google.global.normal-1/base.apk!/lib/armeabi-v7a, /vendor/lib, /system/lib]]

Half the application has disallowed opcodes which points (in my knowledge) to a poor deodex of the application.

    #disallowed odex opcode
    #iput-quick v0, p0, field@0x60
    nop

All in all, apktool is doing nothing wrong. It cannot fix already broken apks.

[ghost]

Thanks man. I didn't think that old version could have solved my problems. I'm gonna try Apktool 2.0.3 to see if it works, and i will include it in my own Apk Tool GUI

[SmooveMove]

Thanks kalakuru. Very helpful and life safer. Been looking for this solution very long time

[ghost]

did not work. it only decompiled Android folder and gives me "Exception in thread "main" brut.androlib.AndrolibException: Could not decode arsc file" error. why can't dev remove disallowed opcode from apktool 2.1.1!?

[ghost]

I have devices running 4.4.4 but it have not enough RAM to perform gcore dump and my Samsung Galaxy S3 mini was dead, and my 2 tablets running Android 4.2.2 are also dead

My friend in FB told me that he used baksmali and he also have the same problem. He said it is caused by Medusah protection

[iBotPeaches]

@JesusFreke sorry for dragging you into this issue, but my understanding of this is these APKS were created during Lollipop which didn't have a stable sorting tree which prevented deodexing.

I believe this issue was similar (the disallowed odex errors).

[JesusFreke]

It looks like the classes.dex has been modified, the apk signature is invalid for classes.dex. It looks like that classes.dex is actually an odex file with the odex header and extra odex stuff stripped. If this is the case, it needs to be deodexed using the same framework files that it was orignially odexed with.

In any case, the disassembly you show in the "apktool 2.0.3" graphic could never have reassembled anyway, as smali doesn't support most odex opcodes.

[JesusFreke]

@evildog1 After reading back through some of the previous comments in this thread, it looks like you dumped the in-memory dex file after it was decrypted, and are trying to disassemble that dumped dex file. That is actually an odex file, not a dex file, and it needs to be deodexed before you can do anything with it. See https://github.com/JesusFreke/smali/wiki/DeodexInstructions for instructions on how to use baksmali to deodex. Apktool doesn't (and probably shouldn't) support deodexing, as far as I know, so you'll need to download and use baksmali directly.

[ghost]

So it means i have to dump memory on deodexed rom and decompile apk with the same framework i took from my same device? sorry, i do not understand odex things and i can't use gcore on lollipop 5.1.1

A member from a forum said to me that he have no problem with decompiling an APK and he is using APKTOOL 2.1.1, android 5.1.1 running stock rom and bluestacks

He gave me an info about dumping memory in correct way from other member and he have not tried it yet. what does the # 17 mean?

15) Cutout the dex and call it classes.dex and open it with ida

16) Should have some info about the app in it if its correct.

17) next remove the odex info from it

This is a sample bad odex commands" poss remove invoke-direct {p0},

invoke-object-init/range {p0 .. p0}, invoke-direct {p0}, or invoke-direct {v0}, if it is the start(.this)

invoke-object-init/range {v0 .. v0}, invoke-direct {v0},

invoke-static/range {p0 .. p0}, invoke-static {p0},

return-void-barrier return-void

iput-volatile iput iput-boolean

iget-volatile iget

iget-volatile iget-boolean

sget-object-volatile

sput-object-volatile

move-object/from16

iget-object-volatile

iput-object-volatile " 18) Resave it and pack it back into app. Should run with out encription now ;-)

[JesusFreke]

No. Randomly deleting things from the apk will not produce a working apk :). As I said, you need to deodex it. See https://github.com/JesusFreke/smali/wiki/DeodexInstructions for information about deodexing.

[ghost]

But i dumped the game with my tablet running Android 4.4.4, Dalvik runtime

[JesusFreke]

Yes, and?

It's still an odex, and you still need to deodex it.

[ghost]

Android 4.4.4 and below does not have .oat files so the guide is pointless.

[CunningLogic]

Its perfectly useful for 4.4.4 and below if you bother to read it.

[ghost]

I can't just skip important steps. i need another method of framework thing for 4.4.4

[CunningLogic]

Read the whole thing, just deodex that odex against the framework of the device using that guide.

[ghost]

fine, let me read it again

[CunningLogic]

No, its about dodexing odex files, and you have an odex file.

It looks like you are dealing with an app protected by the commercial medusah packer (a $15,000yr packer!), which dumps an odex to disk, which it appears you grabbed. Deodex it like any other odex file, and you will have your dex.

[ghost]

it does not work, #disallowed odex opcode still there

this is the correct command? java -jar baksmali-2.1.2.jar -x classes.dex -o classes1.dex

[JesusFreke]

No, that is not correct. Let me refer you yet again to https://github.com/JesusFreke/smali/wiki/DeodexInstructions

[ghost]

Bad explanation. This guide is mostly for odexed system apps. I want to deodex an APK file without any .odex file

Edit: Maybe i need to use Lucky Patcher to create .odex file on user apps, and take it out and deodex it

[JesusFreke]

You already have an odex file. You know all those opcodes that baksmali adds "#disallowed odex opcodes" comments for? Those are odex opcodes. Odex opcodes are only used in odex files. Your file has odex opcodes, thus you have an odex file.

You need to turn those odex opcodes back into the unoptimized opcodes used in dex files. This process is called "deodexing".