Closed sebras closed 5 years ago
Thanks for the detailed research and attached PR! I'll do some digging with those magic values and see what I can find.
In the middle of investigating the broken aapt builds for windows, but I'll loop back to this when done.
any info about this issue ? I already decompiled apk and want to open androidmanifest file but it fail like above.
Information
apktool -version
) - v2.4.0-261e16-SNAPSHOTStacktrace/Logcat
Steps to Reproduce
apktool d com.unionpay.apk
Frameworks
This APK is not from an OEM ROM.
APK
If this APK can be freely shared, please upload/attach a link to it.
Questions to ask before submission
apktool d
,apktool b
without changing anything? Yes, the very first step fails.261e163bc9ace48555c515b87662eccb0725a073
.I did some investigation as to why this fails.
According to the aapt source code an
AndroidManifest.xml
ought to start with a 16 bit RES_XML_TYPE which is0x0003
, followed by a 16 bit size (describing the size of a struct ResXMLTree_header which is really a struct ResChunk_header which is 8 bytes large, hence should be0x0008
). And then a total size fo the chunk in bytes.After the initial here there might be StringPool which is created by a call to createStringPool() which calls writeStringBlock() which eventually writes its header consisting of a 16 bit RES_STRING_POOL_TYPE which is
0x0001
followed by a 16 bit size (describing the size of a ResStringPool_header which in total is 28 bytes large, hence should be0x001C
).apktool's AXmlResourceParser correctly assumes that an
AndroidManifest.xml
starts with this same0x0003
followed by0x0008
, however they have been concatenate into a 32bit CHUNK_AXML_FILE with the value0x00080003
. This is then followed by a StringBlockNow, the
AndroidManifest.xml
in the APK begins like thisThe bytes at offset 0 are almost identical with a
RES_XML_TYPE
followed by a size and a chunk size, but it should begin with03 00 08 00
, not01 00 08 00
. The chunksize of0x000109a4
also seems reasonable given the size of the file. At offset 8 I do find aRES_STRING_POOL_TYPE
followed by a size as it starts with01 00 1c 00
.This leads me to believe that the
AndroidManifest.xml
in the downloaded APK is actually faulty, but runningunzip -t com.unionpay.apk
reports no errors. The APK may have been processed by some tool at or after build time that incorrectly wrote aRES_STRING_POOL_TYPE
at the beginning of the file instead of aRES_XML_TYPE
. I'm not sure what that tool would be though.