Login/Register
APK injection, recompiling android manifest
Asked Answered
Solved javaandroidapkcode-injectionapktool
G

3

24

What I'd like to achieve

Decompile AndroidManifest.xml packaged in apk from binary form into normal xml file, edit it and recompile it back into binary file acceptable for apk. Basically I need a driver for AXML files

Short background

I'm working on an APK injection project. My goal is

  1. Disassemble the dalvik binary
  2. Read AndroidManifest xml and add modifications to it, like change main activity and add permissions
  3. rebuild and sign the apk file

I use apktool for assembling and disassembling the apk. However the apk tool works only with --no-res option, if apk is disassemled with resources it can not be built back. Here's a github issue describing this bug.

The problem

Since I disassemle the apktool d --no-res app-debug.apk with no res flag the Generated android manifest comes in binary form. I can disassemble the manifest using apktool but I can not assemnle it back.

What I want to be able to do

I need to either:

  • Find a way to disassemble the manifest and then assemble it back into binary form
  • Find a way to use apktool with resources

What I have tried so far

Disclaimer

Although stackoverflow is a community for knowledge sharing, and not judging what it's used for - I see a lot of people picking on others in similar questions with accusations for illegal activities.

What I'm doing is absolutely legal and will not be used to exploit anyone.

Greatuncle answered 19/4, 2018 at 22:50 Comment(7)
but the app does not run what happens then? Does it produce any meaningful logs in LogCat?Protecting
@MattClark Well, actually it does not even install, the device just displays parse error. I can't pinpoint logcat logs.Greatuncle
I assume you are using adb install /path/to/new.apk and Parse error there is a problem while parsing the package is the response from that? Okay, makes sense then that you might not see the LogCat logs as that will be within the Android OS and may be suppressed. Also, when you say you 'resign the apk file' are you resigning it with the same keystore that it was signed with when you first installed it? else you will have a signature conflict. Finally, you decompiled without resource, wouldn't you also need them when you recompile the APK?Protecting
Yes, there are no problems with signing. If i rebuild same project with binary manifest everything works fine. @MattClarkGreatuncle
Just to clarify, you want to do this without changing the signature, or is it OK to change the signature?Keyte
Have you tried Santoku Linux? It's a distro that's dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform. santoku-linux.comTypesetter
@Keyte changing the signature is no problemGreatuncle
G
4

The only reliable way I found to repackage the application with plain text androiod manifest is by repacking it using aapt directly.

aapt package -f -M ./AndroidManifest.xml -S res1/ -S res2/ ... -I android.jar -F MyProject.apk.unaligned

To create the apk, and then :

aapt add -f MyProject.apk.unaligned classes.dex

To add compiled sources to the package.

Then using jarsigner to sign the package:

jarsigner -storepass <keystore password> -keystore <keystore filename> MyProject.apk.unaligned <key name>
Greatuncle answered 29/4, 2018 at 16:4 Comment(1)
jarsigner is deprecated as it only creates v1 signatures. better use apksigner from Android-SDK build-tools.Koa
W
8

Installation can give parse error on following condition, see if any met with you -

  • Name of the package is changed after signing: Use the exact name as the signed package is (instead, adjust the name in Manifest)
  • Package. is compiled against on higher API level: Correct the API level in Manifest file.
  • Package is executed from SD-card: Run (install) the apk -file from phones memory OR use adb command to install it.

You can manually sign your apk as given here.

Wonky answered 27/4, 2018 at 6:44 Comment(2)
I'm 100% sure it's not a signing problem. There's this thing called axml, which is a binary xml standard for android resources. Apk has to be packed with those kind of resources, so I would not expect the problem to install since I did not recopiled the android xml into axml type. Which is what this question is aboutGreatuncle
I'm sure because I repackaged the apk without decompiling resources, then repackaged it back to apk and signed manually and it worksGreatuncle
G
4

The only reliable way I found to repackage the application with plain text androiod manifest is by repacking it using aapt directly.

aapt package -f -M ./AndroidManifest.xml -S res1/ -S res2/ ... -I android.jar -F MyProject.apk.unaligned

To create the apk, and then :

aapt add -f MyProject.apk.unaligned classes.dex

To add compiled sources to the package.

Then using jarsigner to sign the package:

jarsigner -storepass <keystore password> -keystore <keystore filename> MyProject.apk.unaligned <key name>
Greatuncle answered 29/4, 2018 at 16:4 Comment(1)
jarsigner is deprecated as it only creates v1 signatures. better use apksigner from Android-SDK build-tools.Koa
I
0

I also experienced similar problems, but I had luck with Easy APK tool.

I opened the app, then navigated to options -> apktool and checked don't decode classes.dex. Then I was able to successfully recompile the app.

The other alternative is using aapt, as Ben already said, but it requires significantly more knowledge/effort.

Irritable answered 20/5, 2021 at 14:31 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.