Patchapk fails

[numin0us]

Describe the bug I'm unable to run a standard patchapk command on an APK. I'm using the latest version of objection on Kali, and attempting to patch one of the Crackmes from OWASP's Crackme set.

To Reproduce

root@kali:~/ctf/OWASP-Crackmes/Android/Level_01# objection patchapk --source UnCrack$
ble-Level1.apk                                                                       
No architecture specified. Determining it using `adb`...                             
Detected target device architecture as: x86_64                                       
Using latest Github gadget version: 12.6.11                                          
Patcher will be using Gadget version: 12.6.11                                        
Unpacking UnCrackable-Level1.apk                                                     
Injecting permission: android.permission.INTERNET                                    
Writing new Android manifest...                                                      
Target class not specified, searching for launchable activity instead...             
Reading smali from: /tmp/tmp0625v2ho.apktemp/smali/sg/vantagepoint/uncrackable1/Main$
ctivity.smali                                                                        
Injecting loadLibrary call at line: 5                                                
Attempting to fix the constructors .locals count                                     
Current locals value is 0, updating to 1:                                            
Writing patched smali back to: /tmp/tmp0625v2ho.apktemp/smali/sg/vantagepoint/uncrac$
able1/MainActivity.smali                                                             
Creating library path: /tmp/tmp0625v2ho.apktemp/lib/x86_64                           
Copying Frida gadget to libs path...                                                 
Rebuilding the APK with the frida-gadget loaded...                                   
Rebuilding the APK may have failed. Read the following output to determine if apktoo$
 actually had an error:                                                              

W: aapt: brut.common.BrutException: brut.common.BrutException: Could not extract res$
urce: /prebuilt/aapt/linux/aapt (defaulting to $PATH binary)                         
W: First type is not attr!                                                           
W: A/        (10839): First type is not attr!                                        
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit cod$
 = 134): [aapt, p, --min-sdk-version, 19, --target-sdk-version, 28, --version-code, $
, --version-name, 1.0, --no-version-vectors, -F, /tmp/APKTOOL15270052569136818352.tm$
, -0, arsc, -0, png, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /$
mp/tmp0625v2ho.apktemp/res, -M, /tmp/tmp0625v2ho.apktemp/AndroidManifest.xml]    

Built new APK with injected loadLibrary and frida-gadget                             
Signing new APK.                                                                     
Signing the new APK may have failed.                                                 
jarsigner: unable to open jar file: /tmp/tmp0625v2ho.apktemp.objection.apk           

Signed the new APK                                                                   
Performing zipalign                                                                  
Zipaligning the APK may have failed. Read the following output to determine if zipali
gn actually had an error:                                                            

Unable to open '/tmp/tmp0625v2ho.apktemp.objection.apk' as zip archive               

Zipalign completed                                                                   
Copying final apk from /tmp/tmp0625v2ho.apktemp.aligned.objection.apk to UnCrackable-
Level1.objection.apk in current directory...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 10, in <module>
    sys.exit(cli())
  File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/objection/console/cli.py", line 342, i
n patchapk
    patch_android_apk(**locals())
  File "/usr/local/lib/python3.7/dist-packages/objection/commands/mobile_packages.py"
, line 182, in patch_android_apk
    shutil.copyfile(patcher.get_patched_apk_path(), os.path.join(os.path.abspath('.')
, destination))
  File "/usr/lib/python3.7/shutil.py", line 120, in copyfile
    with open(src, 'rb') as fsrc:
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/tmp0625v2ho.apktemp.ali
gned.objection.apk'
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/tmp/tmp0625v2ho.
apktemp.objection.apk'

I tried it with a few different architectures to see if it was an architecture specific problem, and that did not solve the issue.

Environment (please complete the following information):

• OS: Latest version of Kali
• Objection Version: 1.6.6

[leonjza]

It looks like apktool cant extract resources. You can try and patch the APK with the -D flag to skip resource decoding. If that does not work, you would need to manually use apktool to extract and repack the apk, taking note of any changes you made for it to be successful.

If manual changes are necessary for apktool to complete the repacking, add the --pause flag to the objection patcher to give you an opportunity to apply those fixups manually.

[yrncollo]

Signing the new APK may have failed.

Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true

what might be the issue?