New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error decompiling Hangouts v.20+ #1534

Closed
PerLycke opened this Issue Jun 19, 2017 · 4 comments

Comments

Projects
None yet
2 participants
@PerLycke

PerLycke commented Jun 19, 2017

Information

  1. 2.2.4-acb004-SNAPSHOT (and 2.2.3)
  2. Mac
  3. Play Store

Stacktrace/Logcat

I: Using Apktool 2.2.4-acb004-SNAPSHOT on Hangouts.apk
I: Loading resource table...
Exception in thread "main" brut.androlib.AndrolibException: Could not decode arsc file
	at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:52)
	at brut.androlib.res.AndrolibResources.getResPackagesFromApk(AndrolibResources.java:562)
	at brut.androlib.res.AndrolibResources.loadMainPkg(AndrolibResources.java:72)
	at brut.androlib.res.AndrolibResources.getResTable(AndrolibResources.java:64)
	at brut.androlib.Androlib.getResTable(Androlib.java:68)
	at brut.androlib.ApkDecoder.setTargetSdkVersion(ApkDecoder.java:207)
	at brut.androlib.ApkDecoder.decode(ApkDecoder.java:109)
	at brut.apktool.Main.cmdDecode(Main.java:166)
	at brut.apktool.Main.main(Main.java:81)
Caused by: java.io.IOException: Expected: 0x00000008, got: 0x00000202
	at brut.util.ExtDataInput.skipCheckShort(ExtDataInput.java:56)
	at brut.androlib.res.decoder.ARSCDecoder.readValue(ARSCDecoder.java:309)
	at brut.androlib.res.decoder.ARSCDecoder.readEntry(ARSCDecoder.java:241)
	at brut.androlib.res.decoder.ARSCDecoder.readTableType(ARSCDecoder.java:226)
	at brut.androlib.res.decoder.ARSCDecoder.readTableTypeSpec(ARSCDecoder.java:156)
	at brut.androlib.res.decoder.ARSCDecoder.readTablePackage(ARSCDecoder.java:118)
	at brut.androlib.res.decoder.ARSCDecoder.readTableHeader(ARSCDecoder.java:80)
	at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:47)
	... 8 more

Steps to Reproduce

  1. apktool d Hangouts.apk

@iBotPeaches iBotPeaches self-assigned this Jun 20, 2017

@iBotPeaches iBotPeaches added this to the 2.2.4 milestone Jun 20, 2017

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Jun 20, 2017

Owner

Confirmed.

Owner

iBotPeaches commented Jun 20, 2017

Confirmed.

@iBotPeaches iBotPeaches removed the Accepted label Jun 23, 2017

@iBotPeaches iBotPeaches modified the milestones: 2.2.5, 2.2.4 Jul 25, 2017

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Jul 26, 2017

Owner

Started looking into this. It failed on resource 0x7f0e0449 which was supposed to be an id type attribute.

➜  Bug1534 aapt d resources hangouts.apk | grep '0x7f0e0449'                                                             
      INVALID TYPE CONFIG FOR RESOURCE 0x7f0e0449
        INVALID RESOURCE 0x7f0e0449: t=0x00 d=0x0000016c (s=0x0202 r=0x10)

This group has 1098 resources. We have 1097. Will need to create some work-around for this.

Owner

iBotPeaches commented Jul 26, 2017

Started looking into this. It failed on resource 0x7f0e0449 which was supposed to be an id type attribute.

➜  Bug1534 aapt d resources hangouts.apk | grep '0x7f0e0449'                                                             
      INVALID TYPE CONFIG FOR RESOURCE 0x7f0e0449
        INVALID RESOURCE 0x7f0e0449: t=0x00 d=0x0000016c (s=0x0202 r=0x10)

This group has 1098 resources. We have 1097. Will need to create some work-around for this.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Jul 26, 2017

Owner

The ResChunk_header on every chunk has the size of the entire chunk. We are reading too much data, hence the error. We incorrectly trusted that entrySize correctly reflected the amount of resources.

So at the 1098 resource we are at position 8567862 in the file, however with the max size according to the "chunk" is 8567860.

We are exceeded the chunk. We need to add a check if position is equal to the max, then quit that chunk.

Owner

iBotPeaches commented Jul 26, 2017

The ResChunk_header on every chunk has the size of the entire chunk. We are reading too much data, hence the error. We incorrectly trusted that entrySize correctly reflected the amount of resources.

So at the 1098 resource we are at position 8567862 in the file, however with the max size according to the "chunk" is 8567860.

We are exceeded the chunk. We need to add a check if position is equal to the max, then quit that chunk.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Jul 26, 2017

Owner
➜  Bug1534 apktool debug d hangouts.apk -f
Listening for transport dt_socket at address: 5005
I: Using Apktool 2.2.4-98138b-SNAPSHOT on hangouts.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /Users/connortumbleson/Library/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
➜  Bug1534 apktool b hangouts
I: Using Apktool 2.2.4-98138b-SNAPSHOT
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs... (/lib)
I: Building apk file...
I: Copying unknown files/dir...
➜  Bug1534 

:) Patch up soon. Will be in 2.2.4 release slated for next week.

Owner

iBotPeaches commented Jul 26, 2017

➜  Bug1534 apktool debug d hangouts.apk -f
Listening for transport dt_socket at address: 5005
I: Using Apktool 2.2.4-98138b-SNAPSHOT on hangouts.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /Users/connortumbleson/Library/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
➜  Bug1534 apktool b hangouts
I: Using Apktool 2.2.4-98138b-SNAPSHOT
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs... (/lib)
I: Building apk file...
I: Copying unknown files/dir...
➜  Bug1534 

:) Patch up soon. Will be in 2.2.4 release slated for next week.

iBotPeaches added a commit that referenced this issue Jul 26, 2017

@iBotPeaches iBotPeaches closed this in #1568 Jul 26, 2017

alebcay added a commit to alebcay/opengapps that referenced this issue Jul 31, 2017

Update APKtool to 2.2.3
- Android O Final Dev Preview support (iBotPeaches/Apktool#1520)
- SnakeYAML 1.1.8 Android Support (iBotPeaches/Apktool#591)
- Fix issue with APKs taking longer than usual to parse resources (iBotPeaches/Apktool#1489)
- Fix issue with internal binaries not accessible in a Spring boot environment. (iBotPeaches/Apktool#1543)
- Fix issues with rebuilding applications originally built with aapt2. (iBotPeaches/Apktool#1520)
- Patch aapt to support the $ character in resource filenames. (iBotPeaches/Apktool#1532)
- Fix issue where apktool was holding locks onto files during execution. (iBotPeaches/Apktool#1561)
- Fix issue with APKs that last resource in pool is INVALID_TYPE_CONFIG. (iBotPeaches/Apktool#1534)
- Fix issue with APKs that are including malformed characters to break parser. (iBotPeaches/Apktool#1564)
- Only exit with 0 error code during version commands.
- Enforce license header on all source files.
- [Security] Prevent malicous directory traversal with unknown files.
- [Security] Prevent XXE vulnerability when given a malicious AndroidManifest.xml
- Upgrade to gradle 4.0.

alebcay added a commit to alebcay/opengapps that referenced this issue Jul 31, 2017

Update APKtool to 2.2.4
- Android O Final Dev Preview support (iBotPeaches/Apktool#1520)
- SnakeYAML 1.1.8 Android Support (iBotPeaches/Apktool#591)
- Fix issue with APKs taking longer than usual to parse resources (iBotPeaches/Apktool#1489)
- Fix issue with internal binaries not accessible in a Spring boot environment. (iBotPeaches/Apktool#1543)
- Fix issues with rebuilding applications originally built with aapt2. (iBotPeaches/Apktool#1520)
- Patch aapt to support the $ character in resource filenames. (iBotPeaches/Apktool#1532)
- Fix issue where apktool was holding locks onto files during execution. (iBotPeaches/Apktool#1561)
- Fix issue with APKs that last resource in pool is INVALID_TYPE_CONFIG. (iBotPeaches/Apktool#1534)
- Fix issue with APKs that are including malformed characters to break parser. (iBotPeaches/Apktool#1564)
- Only exit with 0 error code during version commands.
- Enforce license header on all source files.
- [Security] Prevent malicous directory traversal with unknown files.
- [Security] Prevent XXE vulnerability when given a malicious AndroidManifest.xml
- Upgrade to gradle 4.0.

mfonville added a commit to opengapps/opengapps that referenced this issue Jul 31, 2017

Update APKtool to 2.2.4
- Android O Final Dev Preview support (iBotPeaches/Apktool#1520)
- SnakeYAML 1.1.8 Android Support (iBotPeaches/Apktool#591)
- Fix issue with APKs taking longer than usual to parse resources (iBotPeaches/Apktool#1489)
- Fix issue with internal binaries not accessible in a Spring boot environment. (iBotPeaches/Apktool#1543)
- Fix issues with rebuilding applications originally built with aapt2. (iBotPeaches/Apktool#1520)
- Patch aapt to support the $ character in resource filenames. (iBotPeaches/Apktool#1532)
- Fix issue where apktool was holding locks onto files during execution. (iBotPeaches/Apktool#1561)
- Fix issue with APKs that last resource in pool is INVALID_TYPE_CONFIG. (iBotPeaches/Apktool#1534)
- Fix issue with APKs that are including malformed characters to break parser. (iBotPeaches/Apktool#1564)
- Only exit with 0 error code during version commands.
- Enforce license header on all source files.
- [Security] Prevent malicous directory traversal with unknown files.
- [Security] Prevent XXE vulnerability when given a malicious AndroidManifest.xml
- Upgrade to gradle 4.0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment