Apktool
Apktool copied to clipboard
iBotPeaches
[BUG] Supporting malformed Apk with missing END header of CentralDirectory
Information
- Apktool Version (
apktool -version) - Using Apktool 2.5.0 - Operating System (Mac, Linux, Windows) - Windows
- APK From? (Playstore, ROM, Other) - https://sj.qq.com/myapp/
Stacktrace/Logcat
I: Using Apktool 2.5.0 on xxqg.apk
Exception in thread "main" brut.androlib.AndrolibException: brut.directory.DirectoryException: java.util.zip.ZipException: error in opening zip file
at brut.androlib.ApkDecoder.hasResources(ApkDecoder.java:315)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:103)
at brut.apktool.Main.cmdDecode(Main.java:179)
at brut.apktool.Main.main(Main.java:82)
Caused by: brut.directory.DirectoryException: java.util.zip.ZipException: error in opening zip file
at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:55)
at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:38)
at brut.directory.ExtFile.getDirectory(ExtFile.java:52)
at brut.androlib.ApkDecoder.hasResources(ApkDecoder.java:313)
... 3 more
Caused by: java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:225)
at java.util.zip.ZipFile.<init>(ZipFile.java:155)
at java.util.zip.ZipFile.<init>(ZipFile.java:169)
at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:53)
... 6 more
Steps to Reproduce
apktool d xxqg.apk
Frameworks
If this APK is from an OEM ROM (Samsung, HTC, LG). Please attach framework files
(.apks that live in /system/framework or /system/priv-app)
APK
If this APK can be freely shared, please upload/attach a link to it.
APK Download
Questions to ask before submission
- Have you tried
apktool d,apktool bwithout changing anything? Y - If you are trying to install a modified apk, did you resign it? Y
- Are you using the latest apktool version? Y
@CunningLogic - You have any idea with this one? It seems like an iteration of the high bit set on the zip to trick unzippers from disassembling. Though, I thought that was patched at AOSP years ago at this point.
@iBotPeaches I'm so sorry lol, I did not see this notification until today when I was looking for another issue.
Some files have bit 13 set, so yes its the encryption trick, there are also some other oddities in it, like missing end of central directory and central directory entries.
Thanks.
Newer Java has a much more detailed stacktrace and it appears to be a missing end of central directory.
Caused by: java.util.zip.ZipException: zip END header not found
at java.base/java.util.zip.ZipFile$Source.findEND(ZipFile.java:1469)
at java.base/java.util.zip.ZipFile$Source.initCEN(ZipFile.java:1477)
at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1315)
at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1277)
at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:709)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:243)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:172)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:186)
at brut.directory.ZipRODirectory.<init>(ZipRODirectory.java:53)
Short of implementing the Zip spec myself or maybe hoping that Apache Commons Compress can handle this. Guess this will sit in backlog. Not sure of a best plan for it at the moment.
@iBotPeaches we talk about version of java inside apk or about installed version of java on laptop/runner/server? I'm try to reproduce the same error on windows or macOS and have problems only on ubuntu with all versions of java which I'm try to install on ubuntu. On macOS and windows have no any problems with apktool d path.to.apk
@artzhel - The version of Java you are using to execute Apktool.
@iBotPeaches I'm try to run it with versions from 8 to 17 and have the same issue. Also I'm try to run it on docker with latest image which you provide and have the same issue. What I'm do wrong?