Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
APK with relative path entries can't be extracted #1498
I'm having a problem extracting an APK that contains entries with relative paths. One entry in the APK/Zip file is
I want to provide a pull request that will just ignore entries like these when extracting the APK archive, but I want to make sure beforehand that the maintainers agree that this is a case that should be handled within Apktool.
Steps to Reproduce
If this APK is from an OEM ROM (Samsung, HTC, LG). Please attach framework files
Unfortunately I can't share the original APK with the problem, but I crafted an APK illustrating the problem. I think that this APK cannot be installed on real devices because I didn't codesign it: https://www.dropbox.com/s/fgx2gelpewflfwy/apk_with_relative_paths.apk?dl=1
Questions to ask before submission
Interesting. Definitely the first time I've heard about this. Let me get home and test this out on a real device and go from there. Thanks for the report and example application to make this easier. Pending that, I'm not sure what our course of action would be so can't advise anything just yet.
The only two options off the top of my head.
I think the most desirable solution would be one that unzips these resources safely and then stores them in the APK again in subsequent
However, just ignoring the resources will be easier to implement, and I don‘t expect it to cause practical problems.
added a commit
May 9, 2017
Maybe this is interesting: I think copying the assets file actually works. But then it also tries to copy the same asset file as an "unknown" file. (See the path in the stack trace).
The path "assets/0/logo.png" would be recognized as being inside the standard assets folder, but the relative path "../assets/0/logo.png" isn't, because it fails the second check in that loop.
Maybe this offers an even easier way to fix it, without discarding the files?
Took a look this morning. Interesting failure, because of the relative
I feel like if we ignore these resources, it will become an obvious solution for authors to create applications dumping resources into relative path directories knowing apktool will ignore them.
I'm also not aware of a make directories command that treats each directory depth literally, ie makes
I think there are two separate issues here:
However, the APK file I attached is highlighting a different problem:
I feel that a valid approach going forward is to focus on scenario (B) for now and to just ignore files if they point outside of the directory hierarchy. We should continue to fail when encountering scenario (A). This is my proposal to implement this: playtestcloud@693f592
Sorry for the delay. (A) looks like some research I need to do whether its legal in the zip file to do such a thing.
As for (B), throw up a PR with this commit playtestcloud@693f592 and I'll get it merged. I'll add a test apk to prevent regression and we can get this merged.