Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR: Failed to process zip file #2420

Open
1 of 3 tasks
irrisolto opened this issue Feb 23, 2025 · 3 comments
Open
1 of 3 tasks

ERROR: Failed to process zip file #2420

irrisolto opened this issue Feb 23, 2025 · 3 comments
Labels
bug Core Issues in jadx-core module

Comments

@irrisolto
Copy link

Issue details

Hi, i was trying to reverse a malware sample i found on internet but i can't decompile it using jadx. Here's the error:

jadx.core.utils.exceptions.JadxRuntimeException: Failed to process zip file: C:\Users\Linux\Downloads\chrome_update_v136.apk
	at jadx.api.plugins.utils.ZipSecurity.visitZipEntries(ZipSecurity.java:148)
	at jadx.api.plugins.utils.ZipSecurity.readZipEntries(ZipSecurity.java:154)
	at jadx.plugins.input.dex.DexFileLoader.collectDexFromZip(DexFileLoader.java:89)
	at jadx.plugins.input.dex.DexFileLoader.load(DexFileLoader.java:72)
	at jadx.plugins.input.dex.DexFileLoader.loadDexFromFile(DexFileLoader.java:49)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
	at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
	at jadx.plugins.input.dex.DexFileLoader.collectDexFiles(DexFileLoader.java:44)
	at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:42)
	at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:38)
	at jadx.api.JadxDecompiler.loadInputFiles(JadxDecompiler.java:156)
	at jadx.api.JadxDecompiler.load(JadxDecompiler.java:120)
	at jadx.gui.JadxWrapper.open(JadxWrapper.java:75)
	at jadx.gui.ui.MainWindow.lambda$loadFiles$3(MainWindow.java:537)
	at jadx.core.utils.tasks.TaskExecutor.wrapTask(TaskExecutor.java:166)
	at jadx.core.utils.tasks.TaskExecutor.runStages(TaskExecutor.java:142)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.util.zip.ZipException: invalid CEN header (encrypted entry)
	at java.base/java.util.zip.ZipFile$Source.zerror(Unknown Source)
	at java.base/java.util.zip.ZipFile$Source.checkAndAddEntry(Unknown Source)
	at java.base/java.util.zip.ZipFile$Source.initCEN(Unknown Source)
	at java.base/java.util.zip.ZipFile$Source.<init>(Unknown Source)
	at java.base/java.util.zip.ZipFile$Source.get(Unknown Source)
	at java.base/java.util.zip.ZipFile$CleanableResource.<init>(Unknown Source)
	at java.base/java.util.zip.ZipFile.<init>(Unknown Source)
	at jadx.core.utils.files.ZipFile.<init>(ZipFile.java:30)
	at jadx.core.utils.files.ZipFile.<init>(ZipFile.java:18)
	at jadx.core.utils.files.ZipFile.<init>(ZipFile.java:14)
	at jadx.api.plugins.utils.ZipSecurity.visitZipEntries(ZipSecurity.java:130)
	... 24 common frames omitted

Decompiling other applications works. This one is the problem. I know this was an issue while decompiling some malwares but i tought it was fixed in 1.51. Here's the sample

Jadx version

1.51

Java version

23.0.1

OS

  • Windows
  • Linux
  • macOS
@irrisolto irrisolto added bug GUI Issues in jadx-gui module labels Feb 23, 2025
@skylot
Copy link
Owner

skylot commented Feb 23, 2025

@irrisolto thank you for sample 👍

Now we have several approaches for fix zip parsing issues

  1. First one (currently used) is a zip patching implemented by @qfalconer in PR Adding automatic patching for semi-corrupted APKs #2298.
    Maybe he will help to adjust it for this case.
  2. Another is to implement a custom zip parser to fight tampering. I have done an attempt on it (check zip branch) and it worked for this sample, although some other issues still preventing decompilation.
    I will continue my work on it 🙂

Related to #2171

@skylot skylot added Core Issues in jadx-core module and removed GUI Issues in jadx-gui module labels Feb 23, 2025
@skylot skylot changed the title [gui] ERROR: Failed to process zip file ERROR: Failed to process zip file Feb 23, 2025
@irrisolto
Copy link
Author

thanks for your work

@jpstotz jpstotz mentioned this issue Feb 24, 2025
Closed
skylot added a commit that referenced this issue Mar 13, 2025
@skylot
fix(gui): allow file and directory have same name in tree (#2420)
5d720dd
@skylot
Copy link
Owner

skylot commented Mar 13, 2025

I merged zip branch into master and code in sample can be decompiled now, check latest unstable build.
Although, sample contains several weird files which have zip magic, but can't be decoded, looks like these are fake zip files.
Also, resources decoding still failing 😢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Core Issues in jadx-core module
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skylot @irrisolto