iBotPeaches
[BUG] Decoding only manifest without remaining resources corrupts APK wrt signing
Information
-
Apktool Version (
apktool -version) - 2.9.0 - Operating System (Mac, Linux, Windows) - Windows
- APK From? (Playstore, ROM, Other) - FDroid
-
Java Version (
java --version) - 15.0.2
Steps to Reproduce
$ java -jar ~/Downloads/apktool_2.9.0.jar d -r --force-manifest com.zola.bmi.apk -f
I: Using Apktool 2.9.0 on com.zola.bmi.apk
I: Copying raw resources...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\Michael\AppData\Local\apktool\framework\1.apk
I: Sparsely packed resources detected.
W: Could not decode attr value, using undecoded value instead: ns=android, name=theme, value=0x7f0d0005
W: Could not decode attr value, using undecoded value instead: ns=android, name=label, value=0x7f0c0029
W: Could not decode attr value, using undecoded value instead: ns=android, name=icon, value=0x7f070054
W: Could not decode attr value, using undecoded value instead: ns=android, name=label, value=0x7f0c0029
I: Regular manifest package...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
$ cat AndroidManifest.xml
<?xml version="1.0" encoding="utf-8" standalone="no"?><manifest xmlns:android="http://schemas.android.com/apk/res/android" android:compileSdkVersion="28" android:compileSdkVersionCodename="9" package="com.zola.bmi" platformBuildVersionCode="400" platformBuildVersionName="4.0.0">
<application android:allowBackup="true" android:appComponentFactory="android.support.v4.app.CoreComponentFactory" android:icon="@2131165268" android:label="@2131492905" android:theme="@2131558405">
<activity android:label="@2131492905" android:name="com.zola.bmi.BMIMain">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
</activity>
</application>
</manifest>
$ java -jar ~/Downloads/apktool_2.9.0.jar b
I: Using Apktool 2.9.0
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Copying raw resources...
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk into: .\dist\com.zola.bmi.apk
$ signAPK dist/com.zola.bmi.apk
Exception in thread "main" com.android.apksig.apk.MinSdkVersionException: Failed to determine APK's minimum supported platform version. Use --min-sdk-version to override
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:350)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:84)
Caused by: com.android.apksig.apk.MinSdkVersionException: Unable to determine APK's minimum supported Android platform version: malformed binary resource: AndroidManifest.xml
at com.android.apksig.apk.ApkUtils.getMinSdkVersionFromBinaryAndroidManifest(ApkUtils.java:387)
at com.android.apksig.ApkSigner.getMinSdkVersionFromApk(ApkSigner.java:912)
at com.android.apksig.ApkSigner.sign(ApkSigner.java:271)
at com.android.apksig.ApkSigner.sign(ApkSigner.java:207)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:344)
... 1 more
Caused by: com.android.apksig.internal.apk.AndroidBinXmlParser$XmlParserException: No XML chunk in file
at com.android.apksig.internal.apk.AndroidBinXmlParser.<init>(AndroidBinXmlParser.java:101)
at com.android.apksig.apk.ApkUtils.getMinSdkVersionFromBinaryAndroidManifest(ApkUtils.java:348)
... 5 more
rm: cannot remove 'dist/com.zola.bmi.apk.idsig': No such file or directory
Frameworks
If this APK is from an OEM ROM (Samsung, HTC, LG). Please attach framework files
(.apks that live in /system/framework or /system/priv-app)
APK
If this APK can be freely shared, please upload/attach a link to it. https://github.com/iBotPeaches/Apktool/files/12774551/com.zola.bmi.apk.zip
Questions to ask before submission
- Have you tried
apktool d,apktool bwithout changing anything? YES - If you are trying to install a modified apk, did you resign it? YES
- Are you using the latest apktool version? YES
I am not even sure if this is a real bug since decoding only the manifest succeeded as above output showed? Btw, I did not try the suggested option by apksigner to overwrite the min sdk version manually.
I don't think a bug here. If you force manifest decoding (ie you don't decode resources.arsc) we cannot resolve those references.
How it actually built is the odd thing. I'll investigate that and either look towards a doc change or making this actually fail during compilation with a forced manifest.
Here is the decoded AndroidManifest.xml code
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
android:versionCode="400"
android:versionName="4.0.0"
android:compileSdkVersion="28"
android:compileSdkVersionCodename="9"
package="com.zola.bmi"
platformBuildVersionCode="400"
platformBuildVersionName="4.0.0">
<uses-sdk
android:minSdkVersion="14"
android:targetSdkVersion="28" />
<application
android:theme="@style/AppTheme"
android:label="@string/app_name"
android:icon="@drawable/ic_launcher"
android:allowBackup="true"
android:appComponentFactory="android.support.v4.app.CoreComponentFactory">
<activity
android:label="@string/app_name"
android:name="com.zola.bmi.BMIMain">
<intent-filter>
<action
android:name="android.intent.action.MAIN" />
<category
android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>
This is so interesting to me that we built an obviously invalid Manifest and aapt2 was fine with it. My guess is all the protections we've ripped out over the years to lessen the strictness of the build has caught up to us.
For example, once its built (without an error). Its clearly invalid.
➜ 3389 aapt2 d xmltree com.zola.bmi/dist/com.zola.bmi.apk --file AndroidManifest.xml
ResourceType W 10-10 06:36:21 503121 503121] Bad XML block: header size 28024 or total size 1702240364 is larger than data size 816
com.zola.bmi/dist/com.zola.bmi.apk: error: failed to parse binary AndroidManifest.xml: failed to initialize ResXMLTree.
➜ 3389
Not sure what I want to do here yet.
- Building an application after a forced manifest decode paired with no resources just simply shouldn't be allowed.
- An assembly of an invalid manifest should be rejected during aapt2 build/link