search

sensepost / objection

📱 objection - runtime mobile exploration
GNU General Public License v3.0
7.46k stars 854 forks source link

How to patch in multi-apk/app bundle scenario? #340

Closed ColtonIdle closed 4 years ago

ColtonIdle commented 4 years ago

I'm going through the instructions and see

adb shell pm path com.ubercab

after I run that I get 3 apks. What should I do in this scenario?

package:/data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/base.apk
package:/data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.arm64_v8a.apk
package:/data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.xxhdpi.apk
leonjza commented 4 years ago

I think you should pull all three, patch base.apk and install again with the install-multiple adb command.

ColtonIdle commented 4 years ago

Okay. I ran

adb pull /data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/base.apk
adb pull /data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.arm64_v8a.apk
adb pull /data/app/com.ubercab-7XGjq2gMXVpmTgo_g7gA==/split_config.xxhdpi.apk

Then as per the wiki

objection patchapk --source base.apk

Which gave me an output of

No architecture specified. Determining it using `adb`...
Detected target device architecture as: arm64-v8a
Using latest Github gadget version: 12.8.14
Patcher will be using Gadget version: 12.8.14
Unpacking base.apk
App already has android.permission.INTERNET
Target class not specified, searching for launchable activity instead...
Smali not found in smali directory. This might be a multidex APK. Searching...
Found smali at: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/smali_classes2/com/ubercab/presidio/app/core/root/RootActivity.smali
Reading smali from: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/smali_classes2/com/ubercab/presidio/app/core/root/RootActivity.smali
Injecting loadLibrary call at line: 66
Attempting to fix the constructors .locals count
Current locals value is 0, updating to 1:
Writing patched smali back to: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/smali_classes2/com/ubercab/presidio/app/core/root/RootActivity.smali
Creating library path: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/lib/arm64-v8a
Copying Frida gadget to libs path...
Rebuilding the APK with the frida-gadget loaded...
Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error: 

W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4172: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item borderAccent.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4171: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4192: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item borderNegative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4191: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4195: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item borderPositive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4194: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4203: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item borderWarning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4202: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4232: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item eatsGreen.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4231: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4234: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item freightBlue.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4233: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4282: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item jumpRed.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4281: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4336: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item negative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4335: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4356: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item positive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4355: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4452: error: Resource entry Theme.UberBaseColorToken.Dark already has bag item warning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4451: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4632: error: Resource entry Theme.UberBaseColorToken.Light already has bag item borderAccent.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4631: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4652: error: Resource entry Theme.UberBaseColorToken.Light already has bag item borderNegative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4651: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4655: error: Resource entry Theme.UberBaseColorToken.Light already has bag item borderPositive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4654: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4663: error: Resource entry Theme.UberBaseColorToken.Light already has bag item borderWarning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4662: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4793: error: Resource entry Theme.UberBaseColorToken.Light already has bag item negative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4792: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4813: error: Resource entry Theme.UberBaseColorToken.Light already has bag item positive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4812: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4909: error: Resource entry Theme.UberBaseColorToken.Light already has bag item warning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:4908: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5089: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item borderAccent.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5088: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5109: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item borderNegative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5108: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5112: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item borderPositive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5111: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5120: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item borderWarning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5119: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5149: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item eatsGreen.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5148: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5151: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item freightBlue.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5150: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5199: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item jumpRed.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5198: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5253: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item negative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5252: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5273: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item positive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5272: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5369: error: Resource entry Theme.UberBaseColorTokens.Dark.Bridge already has bag item warning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5368: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5549: error: Resource entry Theme.UberBaseColorTokens.Light.Bridge already has bag item borderAccent.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5548: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5569: error: Resource entry Theme.UberBaseColorTokens.Light.Bridge already has bag item borderNegative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5568: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5572: error: Resource entry Theme.UberBaseColorTokens.Light.Bridge already has bag item borderPositive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5571: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5580: error: Resource entry Theme.UberBaseColorTokens.Light.Bridge already has bag item borderWarning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5579: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5710: error: Resource entry Theme.UberBaseColorTokens.Light.Bridge already has bag item negative.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5709: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5730: error: Resource entry Theme.UberBaseColorTokens.Light.Bridge already has bag item positive.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5729: Originally defined here.
W: 
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5826: error: Resource entry Theme.UberBaseColorTokens.Light.Bridge already has bag item warning.
W: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res/values/styles.xml:5825: Originally defined here.
W: 
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/brut_util_Jar_361249607161645826.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 29, --version-code, 64772, --version-name, 4.307.10001, --no-version-vectors, -F, /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/APKTOOL6435103595556231829.tmp, -e, /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/APKTOOL1500318192941859325.tmp, -0, arsc, -I, /Users/coltonidle/Library/apktool/framework/1.apk, -S, /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/res, -M, /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp/AndroidManifest.xml]

Built new APK with injected loadLibrary and frida-gadget
Signing new APK.
Signing the new APK may have failed.
jarsigner: unable to open jar file: /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp.objection.apk

Signed the new APK
Performing zipalign
Zipaligning the APK may have failed. Read the following output to determine if zipalign actually had an error: 

Unable to open '/var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp.objection.apk' as zip archive

Zipalign completed
Copying final apk from /var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp.aligned.objection.apk to base.objection.apk in current directory...
Traceback (most recent call last):
  File "/usr/local/bin/objection", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/objection/console/cli.py", line 352, in patchapk
    patch_android_apk(**locals())
  File "/usr/local/lib/python3.7/site-packages/objection/commands/mobile_packages.py", line 196, in patch_android_apk
    shutil.copyfile(patcher.get_patched_apk_path(), os.path.join(os.path.abspath('.'), destination))
  File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/shutil.py", line 120, in copyfile
    with open(src, 'rb') as fsrc:
FileNotFoundError: [Errno 2] No such file or directory: '/var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp.aligned.objection.apk'
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/var/folders/25/hs76h2h56tj7m4xhlbtfj7640000gn/T/tmptji_htzw.apktemp.objection.apk'

Following your advice:

  1. pull all three
  2. patch base.apk (FAILED?)
  3. install again with the install-multiple adb command.

Should I still try to install?

leonjza commented 4 years ago

No, the patching failed. You will need to manually debug why with apktool. I suggest you make sure you have the latest apktool and have run the apktool empty-framework-dir command.

leonjza commented 4 years ago

Try out 1.9.0, the patching process should be a little smoother now.