search

iBotPeaches / Apktool

A tool for reverse engineering Android apk files
https://apktool.org/
Apache License 2.0
19.8k stars 3.56k forks source link

apktool decode with resources removes/moves files - crashes on runtime #1948

Open gilhartman opened 5 years ago

gilhartman commented 5 years ago

Information

  1. Apktool Version (apktool -version) - 2.3.4
  2. Operating System (Mac, Linux, Windows) - Mac
  3. APK From? (Playstore, ROM, Other) - Playstore

Stacktrace/Logcat

bin>apktool d /Volumes/Public/shaul/playstoreCityVelocity.apk
I: Using Apktool 2.3.4 on playstoreCityVelocity.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /Users/gil/Library/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
bin>apktool b playstoreCityVelocity -o build.apk
I: Using Apktool 2.3.4
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs... (/lib)
I: Copying libs... (/kotlin)
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk...

Steps to Reproduce

  1. apktool d orginal.apk
  2. apktool b original -o apktooled.apk
  3. Compare the unzipped original apk to the unzipped apktooled apk.
  4. The file 'r' (is a png) doesn't appear. The files 'res/w' and 'res/6' appear under res/fonts/APKTOOL_DUMMYVAL_0x7f030000 and res/fonts/APKTOOL_DUMMYVAL_0x7f030001
  5. Run the app and load the resource (need a username and password to reach the correct screen)
 E/AndroidRuntime: FATAL EXCEPTION: main
    Process: com.citi.icg.portal.mobile, PID: 26966
    android.view.InflateException: Binary XML file line #10: Binary XML file line #10: Error inflating class com.astuetz.PagerSlidingTabStrip
    Caused by: android.view.InflateException: Binary XML file line #10: Error inflating class com.astuetz.PagerSlidingTabStrip
    Caused by: java.lang.reflect.InvocationTargetException
        at java.lang.reflect.Constructor.newInstance0(Native Method)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:334)
        at android.view.LayoutInflater.createView(LayoutInflater.java:647)
        at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:790)
        at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:730)
        at android.view.LayoutInflater.rInflate(LayoutInflater.java:863)
        at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:824)
        at android.view.LayoutInflater.inflate(LayoutInflater.java:515)
        at android.view.LayoutInflater.inflate(LayoutInflater.java:423)
        at com.velocity.mobile.blotter.OrdersTabbedFragment.onCreateView(:59)
        at android.support.v4.app.Fragment.performCreateView(:2346)
        at android.support.v4.app.FragmentManagerImpl.moveToState(:1428)
        at android.support.v4.app.FragmentManagerImpl.moveFragmentToExpectedState(:1759)
        at android.support.v4.app.FragmentManagerImpl.moveToState(:1827)
        at android.support.v4.app.BackStackRecord.executeOps(:797)
        at android.support.v4.app.FragmentManagerImpl.executeOps(:2596)
        at android.support.v4.app.FragmentManagerImpl.executeOpsTogether(:2383)
        at android.support.v4.app.FragmentManagerImpl.removeRedundantOperationsAndExecute(:2338)
        at android.support.v4.app.FragmentManagerImpl.execSingleAction(:2215)
        at android.support.v4.app.BackStackRecord.commitNowAllowingStateLoss(:649)
        at android.support.v4.app.FragmentStatePagerAdapter.finishUpdate(:167)
        at android.support.v4.view.ViewPager.populate(:1238)
        at android.support.v4.view.ViewPager.populate(:1086)
        at android.support.v4.view.ViewPager.onMeasure(:1616)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.LinearLayout.measureChildBeforeLayout(LinearLayout.java:1514)
        at android.widget.LinearLayout.measureVertical(LinearLayout.java:806)
        at android.widget.LinearLayout.onMeasure(LinearLayout.java:685)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.FrameLayout.onMeasure(FrameLayout.java:185)
        at android.view.View.measure(View.java:22071)
        at android.widget.RelativeLayout.measureChildHorizontal(RelativeLayout.java:715)
        at android.widget.RelativeLayout.onMeasure(RelativeLayout.java:461)
        at android.view.View.measure(View.java:22071)
        at android.support.v4.widget.DrawerLayout.onMeasure(:1059)
        at android.view.View.measure(View.java:22071)
        at android.support.v4.view.ViewPager.onMeasure(:1632)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.LinearLayout.measureChildBeforeLayout(LinearLayout.java:1514)
        at android.widget.LinearLayout.measureVertical(LinearLayout.java:806)
        at android.widget.LinearLayout.onMeasure(LinearLayout.java:685)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.LinearLayout.measureChildBeforeLayout(LinearLayout.java:1514)
        at android.widget.LinearLayout.measureVertical(LinearLayout.java:806)
        at android.widget.LinearLayout.onMeasure(LinearLayout.java:685)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.LinearLayout.measureChildBeforeLayout(LinearLayout.java:1514)
        at android.widget.LinearLayout.measureVertical(LinearLayout.java:806)
        at android.widget.LinearLayout.onMeasure(LinearLayout.java:685)
        at android.view.View.measure(View.java:22071)
        at android.widget.LinearLayout.measureVertical(LinearLayout.java:958)
        at android.widget.LinearLayout.onMeasure(LinearLayout.java:685)
        at android.view.View.measure(View.java:22071)
        at android.widget.LinearLayout.measureVertical(LinearLayout.java:958)
        at android.widget.LinearLayout.onMeasure(LinearLayout.java:685)
        at android.view.View.measure(View.java:22071)
        at android.widget.RelativeLayout.measureChildHorizontal(RelativeLayout.java:715)
        at android.widget.RelativeLayout.onMeasure(RelativeLayout.java:461)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.FrameLayout.onMeasure(FrameLayout.java:185)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.LinearLayout.measureChildBeforeLayout(LinearLayout.java:1514)
        at android.widget.LinearLayout.measureVertical(LinearLayout.java:806)
        at android.widget.LinearLayout.onMeasure(LinearLayout.java:685)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:6602)
        at android.widget.FrameLayout.onMeasure(FrameLayout.java:185)
        at com.android.internal.policy.DecorView.onMeasure(DecorView.java:724)
        at android.view.View.measure(View.java:22071)
        at android.view.ViewRootImpl.performMeasure(ViewRootImpl.java:2422)
        at android.view.ViewRootImpl.measureHierarchy(ViewRootImpl.java:1504)
        at android.view.ViewRootImpl.performTraversals(ViewRootImpl.java:1761)
        at android.view.ViewRootImpl.doTraversal(ViewRootImpl.java:1392)
        at android.view.ViewRootImpl$TraversalRunnable.run(ViewRootImpl.java:6752)
        at android.view.Choreographer$CallbackRecord.run(Choreographer.java:911)
        at android.view.Choreographer.doCallbacks(Choreographer.java:723)
        at android.view.Choreographer.doFrame(Choreographer.java:658)
        at android.view.Choreographer$FrameDisplayEventReceiver.run(Choreographer.java:897)
        at android.os.Handler.handleCallback(Handler.java:790)
        at android.os.Handler.dispatchMessage(Handler.java:99)
        at android.os.Looper.loop(Looper.java:164)
        at android.app.ActivityThread.main(ActivityThread.java:6494)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807)
     Caused by: android.content.res.Resources$NotFoundException: Font resource ID #0x7f030000 could not be retrieved.
        at o.lq.z(:340)
        at o.lq.r(:205)
        at com.astuetz.PagerSlidingTabStrip.<init>(:172)
        at com.astuetz.PagerSlidingTabStrip.<init>(:117)
               ... 92 more

Frameworks

If this APK is from an OEM ROM (Samsung, HTC, LG). Please attach framework files (.apks that live in /system/framework or /system/priv-app)

APK

If this APK can be freely shared, please upload/attach a link to it.

https://www.dropbox.com/s/1tx2uph1nenzkpx/playstoreCityVelocity.apk?dl=0

Questions to ask before submission

  1. Have you tried apktool d, apktool b without changing anything? yes
  2. If you are trying to install a modified apk, did you resign it? not relevant
  3. Are you using the latest apktool version? yes
iBotPeaches commented 5 years ago

Interesting find. Will have just debug and see what is going on with that resource. I've seen strange cases where an asset exists in the structure, but has no mapping in the resource tree. Thus it isn't decoded and instead the suspected resource is found with an ID, but no corresponding resource (thus dummy resource)

gilhartman commented 5 years ago

Hi, we debugged it a bit and managed to unpack and repack the apk correctly when inserting a small change.

We found that some resources that are supposed to be strings, are assigned the wrong type (e.g. drawable).

We found that when we change files (on the open apk dir) that their names were only comprised of digits without an extension (e.g. 9, 55, etc), to a name that has at least one letter (we renamed all files and references to these files to apktool_9, apktool_55, etc), apktool managed to build the apk correctly.

It did not make any difference to the reported condition above (files move into the res/fonts dir), but it did fix the app, it stopped crashing when loading resources, even that specific font.

Hope this helps

Jabb0 commented 3 years ago

There is a scenario that causes a similar error. When the App you want to disassemble consists of multiple APKs the resources might be split between them. If you only install the base.apk after reassembly it will not work with this single apk. This is because the App has been deployed as app bundle. I assume. You need to fetch all of the applications apks and install them again with adb install-multiple *.apk after proper signing.

SmartManoj commented 7 months ago

https://play.google.com/store/apps/details?id=com.frzinapps.smsforward&hl=en&gl=US I got the following error when changing the package name,

`android.view.InflateException: Binary XML file line #2 in com.frzinapps.smsforward:layout/preference_widget_switch_compat: Binary XML file line #2 in com.frzinapps.smsforward:layout/preference_widget_switch_compat: Error inflating class androidx.appcompat.widget.SwitchCompat
                                                                                                    Caused by: android.view.InflateException: Binary XML file line #2 in com.frzinapps.smsforward:layout/preference_widget_switch_compat: Error inflating class androidx.appcompat.widget.SwitchCompat