Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct Attribute Resolution #3123

Merged
merged 5 commits into from
Jul 4, 2023
Merged

Correct Attribute Resolution #3123

merged 5 commits into from
Jul 4, 2023

Conversation

iBotPeaches
Copy link
Owner

@iBotPeaches iBotPeaches commented Jul 3, 2023
edited

Testing #2615

➜  2615 apktool d 2615.apk --only-main-classes -f
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
I: Using Apktool 2.7.1-7a22af-SNAPSHOT on 2615.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/ibotpeaches/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Baksmaling classes4.dex...
I: Baksmaling classes5.dex...
I: Copying raw assets/39285EFA.dex file...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
➜  2615 apktool b 2615 --use-aapt2
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
I: Using Apktool 2.7.1-7a22af-SNAPSHOT
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes5 folder into classes5.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes4 folder into classes4.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes3 folder into classes3.dex...
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs... (/lib)
I: Copying libs... (/kotlin)
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk into: 2615/dist/2615.apk
➜  2615

Testing #2981

➜  2981 apktool d 2981.apk -f                                                                                                
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
I: Using Apktool 2.7.1-7a22af-SNAPSHOT on 2981.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/ibotpeaches/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
I: Copying META-INF/services directory
➜  2981 apktool b 2981 --use-aapt2
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
I: Using Apktool 2.7.1-7a22af-SNAPSHOT
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes3 folder into classes3.dex...
I: Checking whether resources has changed...
I: Building resources...
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/animator/2130837531.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/animator/2130837531.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/animator/2130837546.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/animator/2130837546.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099651.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099651.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099667.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099667.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099668.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099668.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099669.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099669.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099670.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099670.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099671.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099671.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099672.xml:4: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131099672.xml: error: file failed to compile.
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131100076.xml:5: error: not well-formed (invalid token).
W: /media/ibotpeaches/AOSP/Apktool/2981/2981/res/color/2131100076.xml: error: file failed to compile.
brut.androlib.exceptions.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_92358665789268831771360218877383744211.tmp, compile, --dir, /media/ibotpeaches/AOSP/Apktool/2981/2981/res, --legacy, -o, /media/ibotpeaches/AOSP/Apktool/2981/2981/build/resources.zip]

Remaining issue:

➜  2615 cat /media/ibotpeaches/AOSP/Apktool/2981/2981/res/animator/2130837531.xml 
<?xml version="1.0" encoding="utf-8"?>
<selector xmlns:app="http://schemas.android.com/apk/res-auto"
  xmlns:android="http://schemas.android.com/apk/res/android">
    <item state_enabled="true" 2130969642="true" 2130969643="false">
        <objectAnimator android:duration="150" android:valueTo="0.0dip" android:valueType="floatType" android:propertyName="elevation" />
    </item>
    <item state_enabled="true">
        <objectAnimator android:duration="150" android:valueTo="4.0dip" android:valueType="floatType" android:propertyName="elevation" />
    </item>
    <item>
        <objectAnimator android:duration="0" android:valueTo="0" android:valueType="floatType" android:propertyName="elevation" />
    </item>
</selector>
  • Still have some resources 2130969642 (0x7F04042A) that are not resolving.

So we can ask aapt2

➜  2981 aapt2 d xmltree 2981.apk --file res/raw/J.xml
N: app=http://schemas.android.com/apk/res-auto (line=0)
 N: android=http://schemas.android.com/apk/res/android (line=0)
   E: selector (line=0)
       E: item (line=0)
         A: (0x0101009e)=true
         A: (0x7f04042a)=true
         A: (0x7f04042b)=false
           E: objectAnimator (line=0)
             A: http://schemas.android.com/apk/res/android:duration(0x01010198)=150
             A: http://schemas.android.com/apk/res/android:valueTo(0x010102df)=0.000000dp
             A: http://schemas.android.com/apk/res/android:valueType(0x010102e0)=0
             A: http://schemas.android.com/apk/res/android:propertyName(0x010102e1)="elevation" (Raw: "elevation")
       E: item (line=0)
         A: (0x0101009e)=true
           E: objectAnimator (line=0)
             A: http://schemas.android.com/apk/res/android:duration(0x01010198)=150
             A: http://schemas.android.com/apk/res/android:valueTo(0x010102df)=4.000000dp
             A: http://schemas.android.com/apk/res/android:valueType(0x010102e0)=0
             A: http://schemas.android.com/apk/res/android:propertyName(0x010102e1)="elevation" (Raw: "elevation")
       E: item (line=0)
           E: objectAnimator (line=0)
             A: http://schemas.android.com/apk/res/android:duration(0x01010198)=0
             A: http://schemas.android.com/apk/res/android:valueTo(0x010102df)=0
             A: http://schemas.android.com/apk/res/android:valueType(0x010102e0)=0
             A: http://schemas.android.com/apk/res/android:propertyName(0x010102e1)="elevation" (Raw: "elevation")

We should be able to resolve that private attribute, since its a valid resource.

➜  2981 aapt2 d xmltree 2981.apk --file res/raw/J.xml
➜  2981 aapt2 d resources 2981.apk| grep '0x7f04042b'
    resource 0x7f04042b attr/2130969643
➜  2981 aapt d --values resources 2981.apk | grep '0x7f04042b'
      spec resource 0x7f04042b com.channel4.ondemand:attr/2130969643: flags=0x00000000
        resource 0x7f04042b com.channel4.ondemand:attr/2130969643: <bag>
➜  2981

@iBotPeaches iBotPeaches mentioned this pull request Jul 3, 2023
Closed
@iBotPeaches iBotPeaches changed the title WIP: Correct Attribute Resolution Correct Attribute Resolution Jul 4, 2023
@iBotPeaches iBotPeaches marked this pull request as ready for review July 4, 2023 00:26
@iBotPeaches
fix: reverse order of processing to trust string pool 2nd
21d07bb 
Android prefers the resource map value over what the String block has.
This can be seen quite often in obfuscated apps where values such as:
 <item android:state_enabled="true" app:state_collapsed="false" app:state_collapsible="true">
Are improperly decoded when trusting the String block.
Leveraging the resource map allows us to get the proper value.
 <item android:state_enabled="true" app:d2="false" app:d3="true">
@iBotPeaches
refactor: set default value if no string/res value
7a35f7f
@iBotPeaches iBotPeaches merged commit 79cfdd1 into master Jul 4, 2023
28 checks passed
@iBotPeaches iBotPeaches deleted the fix-attr-resolution branch July 4, 2023 16:06
This was referenced Jul 4, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] AndroidManifest.xml is missing attributes when decoding apk
1 participant
@iBotPeaches