APK injection, recompiling android manifest

Question

What I'd like to achieve

Decompile AndroidManifest.xml packaged in apk from binary form into normal xml file, edit it and recompile it back into binary file acceptable for apk. Basically I need a driver for AXML files

Short background

I'm working on an APK injection project. My goal is

Disassemble the dalvik binary
Read AndroidManifest xml and add modifications to it, like change main activity and add permissions
rebuild and sign the apk file

I use apktool for assembling and disassembling the apk. However the apk tool works only with --no-res option, if apk is disassemled with resources it can not be built back. Here's a github issue describing this bug.

The problem

Since I disassemle the apktool d --no-res app-debug.apk with no res flag the Generated android manifest comes in binary form. I can disassemble the manifest using apktool but I can not assemnle it back.

What I want to be able to do

I need to either:

Find a way to disassemble the manifest and then assemble it back into binary form
Find a way to use apktool with resources

What I have tried so far

Replacing the binary AndroidManifest.xml with plain-text version and then build. The apktool would build. However the installation of the app to device fails with "Parse error there is a problem while parsing the package".
Using different versions of apktool : v2.3.2, v2.3.1, v2.3.0, v2.2.0, v2.2.1, v2.2.2
Compiling axml using following projects: https://github.com/rednaga/axmlprinter ; https://github.com/ZaratustraN/axml-parser ; https://github.com/shazam/axmlparser

Disclaimer

Although stackoverflow is a community for knowledge sharing, and not judging what it's used for - I see a lot of people picking on others in similar questions with accusations for illegal activities.

What I'm doing is absolutely legal and will not be used to exploit anyone.

`but the app does not run` what happens then? Does it produce any meaningful logs in LogCat? — Matt Clark, Apr 20 '18 at 00:12
@MattClark Well, actually it does not even install, the device just displays parse error. I can't pinpoint logcat logs. — Ben, Apr 20 '18 at 21:16
I assume you are using `adb install /path/to/new.apk` and `Parse error there is a problem while parsing the package` is the response from that? Okay, makes sense then that you might not see the LogCat logs as that will be within the Android OS and may be suppressed. Also, when you say you 'resign the apk file' are you resigning it with the same keystore that it was signed with when you first installed it? else you will have a signature conflict. Finally, you decompiled without resource, wouldn't you also need them when you recompile the APK? — Matt Clark, Apr 21 '18 at 00:50
Yes, there are no problems with signing. If i rebuild same project with binary manifest everything works fine. @MattClark — Ben, Apr 21 '18 at 11:50
Just to clarify, you want to do this without changing the signature, or is it OK to change the signature? — Budius, Apr 27 '18 at 17:52
Have you tried Santoku Linux? It's a distro that's dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform. https://santoku-linux.com — José Cousiño, Apr 27 '18 at 20:42

score 8 · Answer 1 · answered Apr 27 '18 at 06:44

8

Installation can give parse error on following condition, see if any met with you -

Name of the package is changed after signing: Use the exact name as the signed package is (instead, adjust the name in Manifest)
Package. is compiled against on higher API level: Correct the API level in Manifest file.
Package is executed from SD-card: Run (install) the apk -file from phones memory OR use adb command to install it.

You can manually sign your apk as given here.

answered Apr 27 '18 at 06:44

karanatwal.github.io

3,613
3
25
57

I'm 100% sure it's not a signing problem. There's this thing called axml, which is a binary xml standard for android resources. Apk has to be packed with those kind of resources, so I would not expect the problem to install since I did not recopiled the android xml into axml type. Which is what this question is about – Ben Apr 27 '18 at 10:45
I'm sure because I repackaged the apk without decompiling resources, then repackaged it back to apk and signed manually and it works – Ben Apr 27 '18 at 10:47

score 4 · Accepted Answer · answered Apr 29 '18 at 16:04

The only reliable way I found to repackage the application with plain text androiod manifest is by repacking it using aapt directly.

aapt package -f -M ./AndroidManifest.xml -S res1/ -S res2/ ... -I android.jar -F MyProject.apk.unaligned

To create the apk, and then :

aapt add -f MyProject.apk.unaligned classes.dex

To add compiled sources to the package.

Then using jarsigner to sign the package:

jarsigner -storepass <keystore password> -keystore <keystore filename> MyProject.apk.unaligned <key name>

jarsigner is deprecated as it only creates v1 signatures. better use `apksigner` from Android-SDK build-tools. — Robert, May 27 '21 at 14:37

score 0 · Answer 3 · edited May 21 '21 at 06:41

0

I also experienced similar problems, but I had luck with Easy APK tool.

I opened the app, then navigated to options -> apktool and checked don't decode classes.dex. Then I was able to successfully recompile the app.

The other alternative is using aapt, as Ben already said, but it requires significantly more knowledge/effort.

edited May 21 '21 at 06:41

Lucas Oliveira

668
6
22

answered May 20 '21 at 14:31

Ilija Radosavljević

1