search

iBotPeaches / Apktool

A tool for reverse engineering Android apk files
https://apktool.org/
Apache License 2.0
19.92k stars 3.57k forks source link

APK builds and installs correctly but it crashes in runtime #1703

Closed arya6000 closed 3 years ago

arya6000 commented 6 years ago

Information

  1. Apktool Version (apktool -version) - 2.3.1
  2. Operating System (Mac, Linux, Windows) - Linux Mint 18
  3. APK From? (Playstore, ROM, Other) - apkmirror.com

Stacktrace/Logcat

01-03 10:21:06.523 31043 31156 E AndroidRuntime: FATAL EXCEPTION: RxIoScheduler-14
01-03 10:21:06.523 31043 31156 E AndroidRuntime: Process: com.tinder, PID: 31043
01-03 10:21:06.523 31043 31156 E AndroidRuntime: java.lang.IllegalStateException: Fatal Exception thrown on Scheduler.Worker thread.
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:59)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:423)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at java.util.concurrent.FutureTask.run(FutureTask.java:237)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:269)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at java.lang.Thread.run(Thread.java:818)
01-03 10:21:06.523 31043 31156 E AndroidRuntime: Caused by: java.lang.ExceptionInInitializerError
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.impl.builtins.BuiltInsLoader.<clinit>(BuiltInsLoader.kt)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.impl.builtins.KotlinBuiltIns.createBuiltInsModule(KotlinBuiltIns.java:150)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.impl.platform.JvmBuiltIns.<init>(JvmBuiltIns.kt:56)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.impl.platform.JvmBuiltIns.<init>(JvmBuiltIns.kt:31)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.impl.load.kotlin.reflect.RuntimeModuleData$Companion.create(RuntimeModuleData.kt:54)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.ModuleByClassLoaderKt.getOrCreateModule(moduleByClassLoader.kt:58)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KDeclarationContainerImpl$Data$moduleData$2.invoke(KDeclarationContainerImpl.kt:35)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KDeclarationContainerImpl$Data$moduleData$2.invoke(KDeclarationContainerImpl.kt:32)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.ReflectProperties$LazySoftVal.invoke(ReflectProperties.java:93)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.ReflectProperties$Val.getValue(ReflectProperties.java:32)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KDeclarationContainerImpl$Data.getModuleData(KDeclarationContainerImpl.kt)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl$Data$descriptor$2.invoke(KClassImpl.kt:46)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl$Data$descriptor$2.invoke(KClassImpl.kt:43)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.ReflectProperties$LazySoftVal.invoke(ReflectProperties.java:93)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.ReflectProperties$Val.getValue(ReflectProperties.java:32)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl$Data.getDescriptor(KClassImpl.kt)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl.getDescriptor(KClassImpl.kt:172)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl.getConstructorDescriptors(KClassImpl.kt:186)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl$Data$constructors$2.invoke(KClassImpl.kt:90)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl$Data$constructors$2.invoke(KClassImpl.kt:43)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.ReflectProperties$LazySoftVal.invoke(ReflectProperties.java:93)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.ReflectProperties$Val.getValue(ReflectProperties.java:32)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl$Data.getConstructors(KClassImpl.kt)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.jvm.internal.KClassImpl.getConstructors(KClassImpl.kt:222)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at kotlin.reflect.full.a.a(KClasses.kt:40)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.squareup.moshi.p.create(KotlinJsonAdapter.kt:160)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.squareup.moshi.s.a(Moshi.java:100)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.squareup.moshi.s.a(Moshi.java:62)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.tinder.api.response.v2.AutoValue_DataResponse$MoshiJsonAdapter.<init>(AutoValue_DataResponse.java:25)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.tinder.api.response.v2.DataResponse.jsonAdapter(DataResponse.java:27)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.tinder.api.moshi.AutoValueMoshi_TinderMoshiAdapterFactory.create(AutoValueMoshi_TinderMoshiAdapterFactory.java:83)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.squareup.moshi.s.a(Moshi.java:100)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at retrofit2.converter.moshi.MoshiConverterFactory.responseBodyConverter(MoshiConverterFactory.java:91)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at retrofit2.Retrofit.nextResponseBodyConverter(Retrofit.java:330)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at retrofit2.Retrofit.responseBodyConverter(Retrofit.java:313)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at retrofit2.ServiceMethod$Builder.createResponseConverter(ServiceMethod.java:736)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at retrofit2.ServiceMethod$Builder.build(ServiceMethod.java:169)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at retrofit2.Retrofit.loadServiceMethod(Retrofit.java:170)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at retrofit2.Retrofit$1.invoke(Retrofit.java:147)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at java.lang.reflect.Proxy.invoke(Proxy.java:393)
01-03 10:21:06.523 31043 31156 E AndroidRuntime:    at com.tinde
01-03 10:21:06.528  1861  3639 W ActivityManager:   Force finishing activity com.tinder/.activities.ActivityMain

Steps to Reproduce

  1. java -jar apktool.jar d com.tinder.apk
  2. java -jar apktool.jar b com.tinder -o new_apk.apk (I got about 50 warnings for this step. No errors)
  3. keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
  4. jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore new_apk.apk alias_name
  5. adb install new_apk.apk

Frameworks

If this APK is from an OEM ROM (Samsung, HTC, LG). Please attach framework files (.apks that live in /system/framework or /system/priv-app)

APK

If this APK can be freely shared, please upload/attach a link to it. https://www.apkmirror.com/apk/tinder/tinder-tinder/tinder-tinder-8-4-1-release/tinder-8-4-1-android-apk-download/

Questions to ask before submission

  1. Have you tried apktool d, apktool b without changing anything? Yes
  2. If you are trying to install a modified apk, did you resign it? Not modified, but I did resign it
  3. Are you using the latest apktool version? Yes

After installing the repackaged APK the app opens with no errors, and I can login to Facebook successfully. However after logging in, the app crashes with the logcat message.

iBotPeaches commented 6 years ago

Interesting. I wonder if this is at the source or resource level or somewhere during the rebuild process. Kotlin must be involved somehow.

I've downloaded application and thats about it.

NothingMore0x11 commented 6 years ago

A similar issue, likely related to kotlin, appears in the package com.xfinity.cloudtvr available on the US Google play store. I have tried the latest version of apktool both with -r and -s (as well as all combinations of those parameters without any changes to the APK or its assets). The resulting apk throws the same exception seen above.

One thing of note: When comparing the original APK with the output APK from apktool, a kotlin top level directory present in the original is missing in the output (./kotlin is in the original but missing entirely from the output). This may be a regression of Issue #1520 and may be what is causing these issues. I have yet to try your commit at 93d61cc that originally fixed this issue to confirm however.

iBotPeaches commented 6 years ago

Thanks for the research. I was pretty sure I wrote a test for this, but I guess not. I'll take another look for that directory to ensure its being treated properly.

NothingMore0x11 commented 6 years ago

I have tracked down the issue I am seeing. Basically what is going on is that the kotlin directory is simply not being copied in Androlib.java during the build process (void build(ExtFile appDir, File outFile)). Locally I have fixed this issue by adding a buildlibrary call to copy the kotlin directory (i.e. buildLibrary(appDir, "kotlin");).

I am not sure if this will resolve the issue the original poster had and I am not sure if this is the correct way to fix this issue (i.e. falling in line with the coding style/convention of the project, likely should be a call such as buildKotlin() or something similar). I can make this small patch available if desired (though you can likely make the patch in 10 seconds yourself).

iBotPeaches commented 6 years ago

Thanks for the research. That was indeed it. This does pose an interesting problem. Here is the original application:

➜  Bug1703 unzip -l tinder.apk | grep kotlin
     5995  00-00-1980 00:00   META-INF/Tinder_release.kotlin_module
      158  00-00-1980 00:00   META-INF/aggregator_release.kotlin_module
       78  00-00-1980 00:00   META-INF/api_release.kotlin_module
     2675  00-00-1980 00:00   META-INF/core.kotlin_module
     1816  00-00-1980 00:00   META-INF/data_release.kotlin_module
      363  00-00-1980 00:00   META-INF/domain_release.kotlin_module
       80  00-00-1980 00:00   META-INF/engine_release.kotlin_module
      360  00-00-1980 00:00   META-INF/kotlin-reflection.kotlin_module
      246  00-00-1980 00:00   META-INF/kotlin-runtime.kotlin_module
       43  00-00-1980 00:00   META-INF/kotlin-stdlib-jre7.kotlin_module
     2190  00-00-1980 00:00   META-INF/kotlin-stdlib.kotlin_module
       59  00-00-1980 00:00   META-INF/moshi-kotlin.kotlin_module
      187  00-00-1980 00:00   META-INF/purchase_release.kotlin_module
      121  00-00-1980 00:00   META-INF/services/kotlin.reflect.jvm.internal.impl.builtins.BuiltInsLoader
      471  00-00-1980 00:00   META-INF/services/kotlin.reflect.jvm.internal.impl.resolve.ExternalOverridabilityCondition
       59  00-00-1980 00:00   META-INF/shimmy_release.kotlin_module
      782  00-00-1980 00:00   META-INF/superlikeable_release.kotlin_module
       57  00-00-1980 00:00   META-INF/tooltip_release.kotlin_module
      303  00-00-1980 00:00   META-INF/util.runtime.kotlin_module
      926  00-00-1980 00:00   kotlin/annotation/annotation.kotlin_builtins
     3689  00-00-1980 00:00   kotlin/collections/collections.kotlin_builtins
      726  00-00-1980 00:00   kotlin/internal/internal.kotlin_builtins
    14202  00-00-1980 00:00   kotlin/kotlin.kotlin_builtins
     2296  00-00-1980 00:00   kotlin/ranges/ranges.kotlin_builtins
     4866  00-00-1980 00:00   kotlin/reflect/reflect.kotlin_builtins

Bringing notice to the kotlin files in META-INF. Now the decoded and rebuilt application.

➜  dist unzip -l tinder.apk | grep kotlin
      926  12-31-1980 19:00   kotlin/annotation/annotation.kotlin_builtins
     3689  12-31-1980 19:00   kotlin/collections/collections.kotlin_builtins
      726  12-31-1980 19:00   kotlin/internal/internal.kotlin_builtins
    14202  12-31-1980 19:00   kotlin/kotlin.kotlin_builtins
     2296  12-31-1980 19:00   kotlin/ranges/ranges.kotlin_builtins
     4866  12-31-1980 19:00   kotlin/reflect/reflect.kotlin_builtins
➜  dist

We obviously strip signatures so those kotlin META-INF files are gone. You can preserve them however using the -c flag during decode and build. Patch should be up soon, not sure if it'll resolve this as I haven't tested on device yet but will do that when able.

Ibuprophen commented 6 years ago

After just locating this issue, I just wanted to bring the following to your attention since it's regarding a similar situation as described and updated as well...

https://github.com/iBotPeaches/Apktool/issues/1860

Thanks a bunch! 👍

~Ibuprophen

pandasauce commented 6 years ago

Facing same problem on a Kotlin app. Using --copy-original results in Kotlin files being copied over, but gives INSTALL_PARSE_FAILED_NO_CERTIFICATES on installation. I did manually sign it with jarsigner.

EDIT: if using --copy-original the RSA, SF and MF files need to be manually purged from META-INF prior to signing the APK with jarsigner.

iBotPeaches commented 3 years ago

I can't really investigate this anymore. Sorry for 2-3 year delay.

It looks like we had to remove this app because of a DMCA takedown by Tinder.

Closing.