Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improved patchapk experience #282

merged 2 commits into from Oct 15, 2019


Copy link

dnet commented Oct 15, 2019

This PR contains two patches that improve the overall patchapk experience.

First of all, 5b56e0f flipped the default resource decoding behavior but left a comment and an error message intact, which might lead to confusion, so I corrected it to match the rest of the code.

More importantly, I added a check so that the debug flag could only be flipped if resources are to be decoded. If not, Android binary XML is left as-is, thus when _get_android_manifest tries to parse it with the Python built-in ElementTree parser, your average Android reverse engineer is greeted with the following message:

$ objection patchapk -s victim.apk -d -D
No architecture specified. Determining it using `adb`...
Detected target device architecture as: arm64-v8a
Using latest Github gadget version: 12.7.11
Patcher will be using Gadget version: 12.7.11
Unpacking victim.apk
App already has android.permission.INTERNET
Traceback (most recent call last):
  File "/home/dnet/.local/bin/objection", line 10, in <module>
  File "/home/dnet/.local/lib/python3.7/site-packages/click/", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/home/dnet/.local/lib/python3.7/site-packages/click/", line 717, in main
    rv = self.invoke(ctx)
  File "/home/dnet/.local/lib/python3.7/site-packages/click/", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/dnet/.local/lib/python3.7/site-packages/click/", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/dnet/.local/lib/python3.7/site-packages/click/", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/dnet/.local/lib/python3.7/site-packages/objection/console/", line 344, in patchapk
  File "/home/dnet/.local/lib/python3.7/site-packages/objection/commands/", line 168, in patch_android_apk
  File "/home/dnet/.local/lib/python3.7/site-packages/objection/utils/patchers/", line 413, in flip_debug_flag_to_true
    xml = self._get_android_manifest()
  File "/home/dnet/.local/lib/python3.7/site-packages/objection/utils/patchers/", line 240, in _get_android_manifest
    return ElementTree.parse(os.path.join(self.apk_temp_directory, 'AndroidManifest.xml'))
  File "/usr/lib/python3.7/xml/etree/", line 1197, in parse
    tree.parse(source, parser)
  File "/usr/lib/python3.7/xml/etree/", line 598, in parse
    self._root = parser._parse_whole(source)
xml.etree.ElementTree.ParseError: not well-formed (invalid token): line 1, column 0
Cleaning up temp files...
Failed to cleanup with error: [Errno 2] No such file or directory: '/tmp/tmpesy509ma.apktemp.objection.apk'

Confusing, isn't it? Of course, removing either -d or -D solved the issue, but the second patch makes it a bit easier to understand what the problem is and how to resolve it:

$ objection patchapk -s victim.apk -d -D
The --enable-debug flag is incompatible with the --skip-resources flag.

This comment has been minimized.

Copy link

leonjza commented Oct 15, 2019

Thank you for a nice and clear patch!

@leonjza leonjza merged commit 20533cd into sensepost:master Oct 15, 2019
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
@dnet dnet deleted the dnet:patchapk branch Oct 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.