New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cannot parse apk file when encrypted flag is set #550

Closed
iBotPeaches opened this Issue Mar 18, 2015 · 10 comments

Comments

Projects
None yet
2 participants
@iBotPeaches
Owner

iBotPeaches commented Mar 18, 2015

Original issue 439 created by thuxnder@dexlabs.org on 2013-03-25T19:54:56.000Z:

What steps will reproduce the problem?

  1. convert apk file with encrypted flag set

What is the expected output? What do you see instead?
apktool cannot handle the file at all:

java -jar brut.apktool/apktool-cli/build/libs/apktool-cli-1.5.3-SNAPSHOT.jar d -d delta.apk ooooo
Exception in thread "main" brut.androlib.AndrolibException: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry)
at brut.androlib.ApkDecoder.hasSources(ApkDecoder.java:201)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:83)
at brut.apktool.Main.cmdDecode(Main.java:148)
at brut.apktool.Main.main(Main.java:77)
Caused by: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry)
at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:55)
at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:38)
at brut.androlib.res.util.ExtFile.getDirectory(ExtFile.java:55)
at brut.androlib.ApkDecoder.hasSources(ApkDecoder.java:199)
... 3 more
Caused by: java.util.zip.ZipException: invalid CEN header (encrypted entry)
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:214)
at java.util.zip.ZipFile.<init>(ZipFile.java:144)
at java.util.zip.ZipFile.<init>(ZipFile.java:158)
at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:53)
... 6 more

What version of the product are you using? On what operating system?
fresh checkout 69ee710
linux

Please provide any additional information below.
example file can be found here:
https://github.com/blueboxsecurity/DalvikBytecodeTampering

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #1 originally posted by connor.tumbleson on 2013-03-26T01:02:49.000Z:

The apk has password protected files inside of it. Thats not standard nor proper.

This isn't a bug.

Owner

iBotPeaches commented Mar 18, 2015

Comment #1 originally posted by connor.tumbleson on 2013-03-26T01:02:49.000Z:

The apk has password protected files inside of it. Thats not standard nor proper.

This isn't a bug.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #2 originally posted by thuxnder@dexlabs.org on 2013-03-26T09:09:15.000Z:

there is no password protection! Everything is stored as normal. Only the flag is set, and it is a valid APK file, it can be installed.

Owner

iBotPeaches commented Mar 18, 2015

Comment #2 originally posted by thuxnder@dexlabs.org on 2013-03-26T09:09:15.000Z:

there is no password protection! Everything is stored as normal. Only the flag is set, and it is a valid APK file, it can be installed.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #3 originally posted by connor.tumbleson on 2013-03-26T11:48:35.000Z:

Remove isEncrypted flag then. I don't see anyway to trick our Zip reader to ignore isEncrypted unless we use our own implementation.

Owner

iBotPeaches commented Mar 18, 2015

Comment #3 originally posted by connor.tumbleson on 2013-03-26T11:48:35.000Z:

Remove isEncrypted flag then. I don't see anyway to trick our Zip reader to ignore isEncrypted unless we use our own implementation.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #4 originally posted by connor.tumbleson on 2013-03-27T13:42:23.000Z:

On second thought. More people are doing this now :/

Will have to figure something out.

Owner

iBotPeaches commented Mar 18, 2015

Comment #4 originally posted by connor.tumbleson on 2013-03-27T13:42:23.000Z:

On second thought. More people are doing this now :/

Will have to figure something out.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #5 originally posted by Brut.alll on 2013-03-28T09:20:46.000Z:

I was talking with Connor about this problem. My first idea was to copy apk file to tmp, remove encryption flags and use it. Then I got another idea:


Maybe it would be better not to copy apk file, but add a new command to apktool to remove encryption flags in original file. It might be useful, because such files are actually broken and as you said they can't be opened by many other utilities. Also modified file will be still valid and properly signed - from Android point of view it will be the same as original.

"apktool d" can try to detect ZipException with "encrypt" in the message and suggest a solution to user.

Do you think it's a proper way to solve this? Or maybe fixing apk while decoding it is better for some reason?

Owner

iBotPeaches commented Mar 18, 2015

Comment #5 originally posted by Brut.alll on 2013-03-28T09:20:46.000Z:

I was talking with Connor about this problem. My first idea was to copy apk file to tmp, remove encryption flags and use it. Then I got another idea:


Maybe it would be better not to copy apk file, but add a new command to apktool to remove encryption flags in original file. It might be useful, because such files are actually broken and as you said they can't be opened by many other utilities. Also modified file will be still valid and properly signed - from Android point of view it will be the same as original.

"apktool d" can try to detect ZipException with "encrypt" in the message and suggest a solution to user.

Do you think it's a proper way to solve this? Or maybe fixing apk while decoding it is better for some reason?

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #6 originally posted by thuxnder@dexlabs.org on 2013-03-28T09:59:08.000Z:

i would say providing a further command to 'repair' the apk file is the best. By this the user has more control over this process and can observe the modification and can do further repairing steps if necessary.
On the other hand a build in step within the normal work flow is more handy.

btw. dex2jar is fixing it on the fly while decoding it.

Owner

iBotPeaches commented Mar 18, 2015

Comment #6 originally posted by thuxnder@dexlabs.org on 2013-03-28T09:59:08.000Z:

i would say providing a further command to 'repair' the apk file is the best. By this the user has more control over this process and can observe the modification and can do further repairing steps if necessary.
On the other hand a build in step within the normal work flow is more handy.

btw. dex2jar is fixing it on the fly while decoding it.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #7 originally posted by connor.tumbleson on 2013-04-04T13:55:03.000Z:

Okay, I've fixed this.

It then fails on the disassembling of classes.dex, since that uses JF's reader and not Apktool's. I'll either poke him to fix it, but since hes working on dexlib2, I might just do a quick hacky fix for dexlib1.

Owner

iBotPeaches commented Mar 18, 2015

Comment #7 originally posted by connor.tumbleson on 2013-04-04T13:55:03.000Z:

Okay, I've fixed this.

It then fails on the disassembling of classes.dex, since that uses JF's reader and not Apktool's. I'll either poke him to fix it, but since hes working on dexlib2, I might just do a quick hacky fix for dexlib1.

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Mar 18, 2015

Owner

Comment #8 originally posted by connor.tumbleson on 2013-04-06T18:22:35.000Z:

Fixed in revision https://code.google.com/p/android-apktool/source/detail?r=42f69fd74597fd42a5bb1e0c3d3564d207d0eb4b&name=wip-2.0

Owner

iBotPeaches commented Mar 18, 2015

Comment #8 originally posted by connor.tumbleson on 2013-04-06T18:22:35.000Z:

Fixed in revision https://code.google.com/p/android-apktool/source/detail?r=42f69fd74597fd42a5bb1e0c3d3564d207d0eb4b&name=wip-2.0

@nguyenvulong

This comment has been minimized.

Show comment
Hide comment
@nguyenvulong

nguyenvulong Jul 19, 2018

I just tried apktool (2.2.1) but it failed. So I guess this was not fixed in dexlib2?

Exception in thread "main" brut.androlib.AndrolibException: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry) at brut.androlib.ApkDecoder.hasResources(ApkDecoder.java:272) at brut.androlib.ApkDecoder.decode(ApkDecoder.java:96) at brut.apktool.Main.cmdDecode(Main.java:166) at brut.apktool.Main.main(Main.java:81) Caused by: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry) at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:55) at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:38) at brut.androlib.res.util.ExtFile.getDirectory(ExtFile.java:55) at brut.androlib.ApkDecoder.hasResources(ApkDecoder.java:270) ... 3 more Caused by: java.util.zip.ZipException: invalid CEN header (encrypted entry) at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.<init>(ZipFile.java:219) at java.util.zip.ZipFile.<init>(ZipFile.java:149) at java.util.zip.ZipFile.<init>(ZipFile.java:163) at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:53)

I just tried apktool (2.2.1) but it failed. So I guess this was not fixed in dexlib2?

Exception in thread "main" brut.androlib.AndrolibException: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry) at brut.androlib.ApkDecoder.hasResources(ApkDecoder.java:272) at brut.androlib.ApkDecoder.decode(ApkDecoder.java:96) at brut.apktool.Main.cmdDecode(Main.java:166) at brut.apktool.Main.main(Main.java:81) Caused by: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry) at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:55) at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:38) at brut.androlib.res.util.ExtFile.getDirectory(ExtFile.java:55) at brut.androlib.ApkDecoder.hasResources(ApkDecoder.java:270) ... 3 more Caused by: java.util.zip.ZipException: invalid CEN header (encrypted entry) at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.<init>(ZipFile.java:219) at java.util.zip.ZipFile.<init>(ZipFile.java:149) at java.util.zip.ZipFile.<init>(ZipFile.java:163) at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:53)

@iBotPeaches

This comment has been minimized.

Show comment
Hide comment
@iBotPeaches

iBotPeaches Jul 19, 2018

Owner

@nguyenvulong Encrypted flag isEncrypted no longer work on Android, so the hacky patches were removed. If it no longer works on Android, there is no reason to keep those patches in the tool.

If you are using an old Android version and still using this trick, you are welcome to use an old build.

Owner

iBotPeaches commented Jul 19, 2018

@nguyenvulong Encrypted flag isEncrypted no longer work on Android, so the hacky patches were removed. If it no longer works on Android, there is no reason to keep those patches in the tool.

If you are using an old Android version and still using this trick, you are welcome to use an old build.

Repository owner locked as resolved and limited conversation to collaborators Jul 19, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.