Reputation: 61
Throw exception while apktool try to decompile/unarchive my apk
I tried to harden my APK from reverse engineering. I know it's impossible preventing decompile APK but I saw some APKs used a trick to throw exception apktool in decompile process (Not just APK tool, all of decompiler like QARK can't return a classes.dex APK), so I decided to do that for take longer time in reverse engineering
Here you can see some result of result of hardened application : winrar:winrar.winrar2
apktool:
sudo apktool d -f app/TTT.apk --keep-broken-res
I: Using Apktool 2.3.1-dirty on TTT.apk
I: Loading resource table...
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/lab/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
Exception in thread "main" java.lang.NullPointerException
at brut.androlib.res.data.value.ResEnumAttr.serializeBody(ResEnumAttr.java:56)
at brut.androlib.res.data.value.ResAttr.serializeToResValuesXml(ResAttr.java:64)
at brut.androlib.res.AndrolibResources.generateValuesFile(AndrolibResources.java:555)
at brut.androlib.res.AndrolibResources.decode(AndrolibResources.java:269)
at brut.androlib.Androlib.decodeResourcesFull(Androlib.java:132)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:124)
at brut.apktool.Main.cmdDecode(Main.java:163)
at brut.apktool.Main.main(Main.java:72)
Please explain for me, how it's possible ?(I need detail of implementation)
Upvotes: -1
Views: 979
Answers (2)
Reputation: 61
That's encryption java classes feature (Like dexgaurd or Bangcle kh); and also that's protected with Native Library Encryption (NLE) + JNI Obfuscation (JNI) From Something like dexprotector (i found that in dynamic analysis tools)
and many tanks to semanticscholar for This article and this
Upvotes: -1
Reputation: 48592
The first APK you linked to isn't a valid APK. It's just a plain text file, with the following text repeated over and over:
HTTP/1.1 200 OK
Date: Sat, 27 Oct 2018 17:35:36 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
Last-Modified: Sat, 28 Jul 2018 11:40:03 GMT
ETag: "23b1fe5-5720db0636ac0"
Accept-Ranges: bytes
Content-Length: 37429221
Keep-Alive: timeout=20
Connection: Keep-Alive
Obviously, just HTTP response headers repeated don't form a valid APK. The reason that your tools are failing on that file isn't that it's encrypted/obfuscated/hardened, but that it's not really an APK at all, and wouldn't work if you tried to install it.
The second APK you linked to extracts for me fine when I unzip it.
My conclusion is that the "hardening" you mention doesn't exist (it seemed to only due to mixing up valid and invalid APKs), and that any APK that successfully installs can also be successfully extracted.
Upvotes: 0
Related Questions
- Using apktool to decompile apk file
- Exception while decompiling apk
- How to correctly re-compile an apk file?
- apptool decompile with AND APKTOOL
- Error: throw new UnsupportedOperationException("Method not decompiled
- Apktool decompiling/decoding exception
- Decompile apk, problems lambda
- Decompiling using apktool giving error
- apktool error while decompiling .apk
- Unable to read decompress classes.dex file ?