Reputation: 116
Unpack aab resources.pb
I have the .aab that I'm planning to upload on play store for publish, and before publishing I'm trying a decompile to see which data may be exposed to user in a reverse engineering process.
In .aab_FILES/base/ I see the assets.pb and resources.pb protobuffs - can these files be open some in some way? Cause for the moment I haven't found any method to reveal their content.
I am actually looking to see where are values/strings.xml packed - cause they are missing from .aab_FILES/base/res/ location and I wanna make sure my maps API key (which resides in strings.xml) won't be exposed to users.
Upvotes: 4
Views: 2677
Answers (2)
Reputation: 747
The resources.pb is a serialization of the strings data, so they can't be directly extracted to xml.
There are 2 ways to go around this:
Convert from aab to apk
Use bundletool to convert the aab to a universal apk and read the xmls from there:
java -jar bundletool-all-1.8.0.jar build-apks --mode=universal --bundle=~/test.aab --output=~/universal.apks
The universal.apks file can now be unzipped. It contains a universal.apk file, which the resources can be taken from like any apk. The easiest way to get readable xml files from the apk is by using apktool:
apktool d ~/unzipped_universal_apks/universal.apk -o ~/unzipped_universal
The folder ~/unzipped_universal now contains the decoded universal.apk and the xml resources should be decoded and readable inside it.
Read the protobuf values directly from the protobuf file
In order to read a protobuf file, you need its scheme (or proto file). The proto files for an aab are in the aapt2 repository: Resources.proto which depends on Configuration.proto.
These files can be compiled to workable code in a number of programming languages. I'll show it using python as described here.
First though, the Resources.proto should be modified to import Configuration.proto from the same folder location instead of the original (unless you create the whole necessary folder structure).
So, change:
import "frameworks/base/tools/aapt2/Configuration.proto";
To:
import "Configuration.proto";
Now, in the terminal, run:
protoc --python_out=~/proto_output Configuration.proto Resources.proto
Inside ~/proto_output there will now be 2 files: Configuration_pb2.py Resources_pb2.py. These files contain the python code to access the protobuf structure for the resources.pb file, as well as the protobuf encoded AndroidManifest.xml.
In order to read the protobuf file run:
from google.protobuf.json_format import MessageToDict
from Resources_pb2 import ResourceTable
res_obj = ResourceTable()
res_pb_file_path = '~/unzipped_app_bundle/base/resources.pb'
with open(res_pb_file_path, 'rb') as f:
content = f.read()
res_obj.ParseFromString(content)
# converting the protobuf object to a nice dictionary representation
res_dict = MessageToDict(res_obj)
Upvotes: 3
Reputation: 343
Try this given de-compile jar BundleDecompiler
de-compile option:
java -jar BundleDecompiler.jar decompile --in=input_app.aab --out=output_dir
Upvotes: 0
Related Questions
- How to unzip, edit and zip an android apk
- Reverse engineering from an APK file to a project
- Decompile XAPK file
- How to decompile aab AndroidManifest.xml
- Android - How to decode and decompile any APK file?
- any lib extract android resources.arsc
- Unable to read decompress classes.dex file ?
- Decompiling of .apk files
- apk file that cannot be decompiled