Is theres a way to modify and run this apks without unlocking secrecy or auth token? i pulled it from my oppo and when i run the app it'll update the existing app
norimee said:
Is theres a way to modify and run this apks without unlocking secrecy or auth token? i pulled it from my oppo and when i run the app it'll update the existing app
Click to expand...
Click to collapse
You can't modify an APK, as it's in binary. You could remove it though - Let me know if you need help.
An APK ( read: Android Application Package ) file by nature is a ZIP file - not a binray - what can get extracted with any zip utility (e.g. 7zip), you can view all resources correctly but all java files are not correctly decompiled.
Content of an APK file looks like
You can also see the contents of an APK file within the Android device itself, which helps a lot in debugging, using
https://play.google.com/store/apps/details?id=com.dasmic.android.apkpeek
All files including the manifest of an app can be viewed and also shared using email, cloud etc., no rooting required.
Related
EDIT: Figured it out.
Care to share?
Yeah, will be nice if you could share this information with others
aitorTheRed said:
Yeah, will be nice if you could share this information with others
Click to expand...
Click to collapse
Man, I hate it when people do that...
1. Search for APK Manager in XDA and install it on your PC
2. Download and Install the Android SDK kit on your PC
3. Follow the instructions for APK Manager and place the APK file in the modding folder
4. Open APK Manager and select Decompile APK (Your APK file will be placed in a separate folder for you to work on)
5. Change what you want to change in the APK
6. Recompile the APK and sign it (unless it's a system file like framework, those are not signed)
A lot more is involved in modding an APK file and you really should know something about how the files inside the APK work before you go changing things, but in a nutshell, that's the basics.
Hope that helps!
What I have learned.
I had a specific question, but here is what I can tell you.
1. Setup APK Manager, it saves a lot of command line typing.
2. Pretty much always use option 9 and 11, never 1 or 3.
3. If you are simply changing graphics and not smali or XML files, don't use this, open it in 7zip and drag the files. Decompiling changes the image darkness sometimes.
4. Unless you are working on your own apk file, always say yes to 'is it a system apk', when it asks you to keep existing files, say yes. Delete from the 'keep' folder what you edited.
5. If you edit XLM files, delete resources.arsc from the file, this is where they all get compiled to.
6. You can use this for jar files, just rename to apk then back to jar when finished.
7. If you get an error try using option 20 to increase the memory to 1024.
8. If you edit jar files, delete classes.dex in the 'keep' folder when compiling.
9. Treat all files as signed system files (as noted above) and you will be much safer. If the file has a signature on it, this will save it.
Thanks for the info
Is there anything that can install system files. They won't install with ap manager so does it have to be pushed?
Sent from my Desire HD using XDA Premium App
I am trying to install some pre-compiled binary files along with my app but I am having a hard time finding documentation or code samples that I can use.
I have successfully pushed the files to the device using adb and I have been executing the files from the filesystem, but I would like to package them right in my app(apk file).
I am not sure if it is better to store them from assets folder or res/raw.
I also have two seperate directories with scripts in them that will need to be used by calling options from the executable binary.
I would like to have the binaries installed to the /data/data/com.<company_name>/<app_name>/bin directory, and the script folders installed to the /data/data/com/<company_name>/app_name/bin/scripts1 and scripts2 directories.
Are there any good tutorials or docs that can get me going?
i'm looking for something similar, too
is there a way to create an apk that only unzips a file to sdcard on install and deletes it on uninstall? (to prevent unfair use of 15min moneyback in market)
Was this ever solved? I am working towards a similar goal and cannot find information on this process.
Hi, I have recently tried to create a program which outputs the permissions required by a apk using the command "aapt d permissions apkfilename.apk". I tried it on a list of apk files and most of it worked. However there appears to be 1 apk which provides an error stating: dump failed because no AndroidManifest.xml found. There is also another second apk file which provides no error message when the aapt command is used, however no permissions are listed. Based on that observation I have a couple of questions regarding permissions.
1.) I was wondering, is it possible for a apk file to work on a phone despite not having a androidmanifest.xml file (after the apk is installed into the phone)?
2.) In addition to that, is it possible for a apk file (after the apk is installed into the phone) to use permissions without asking the user for permission?
3.)Is there any another file/command which could definitely list the permissions required by the apk, assuming if the person who created the apk tried to hide the permissions required?
4.)The aapt program output two types of permission, uses-permission and permission. What are the differences between the two?
dk3498 said:
Hi, I have recently tried to create a program which outputs the permissions required by a apk using the command "aapt d permissions apkfilename.apk". I tried it on a list of apk files and most of it worked. However there appears to be 1 apk which provides an error stating: dump failed because no AndroidManifest.xml found. There is also another second apk file which provides no error message when the aapt command is used, however no permissions are listed. Based on that observation I have a couple of questions regarding permissions.
1.) I was wondering, is it possible for a apk file to work on a phone despite not having a androidmanifest.xml file (after the apk is installed into the phone)?
Click to expand...
Click to collapse
To my knowledge, no, it wouldn't work.
dk3498 said:
2.) In addition to that, is it possible for a apk file (after the apk is installed into the phone) to use permissions without asking the user for permission?
Click to expand...
Click to collapse
Yes, this is possible. This is usually done by malicious applications.
dk3498 said:
3.)Is there any another file/command which could definitely list the permissions required by the apk, assuming if the person who created the apk tried to hide the permissions required?
Click to expand...
Click to collapse
XPrivacy, an android app, could be of use here.
dk3498 said:
4.)The aapt program output two types of permission, uses-permission and permission. What are the differences between the two?
Click to expand...
Click to collapse
See here.
Hi Theonew, thanks for the help :good:. So am i right to assume that malicious apk files could avoid stating the permission used/required in the androidmanifest.xml but still be able to use it behind the scenes?
dk3498 said:
Hi Theonew, thanks for the help :good:. So am i right to assume that malicious apk files could avoid stating the permission used/required in the androidmanifest.xml but still be able to use it behind the scenes?
Click to expand...
Click to collapse
Yes, this is possible. XPrivacy comes in handy here since it shows you the permissions which the app requested upon installation (hence you granted), and also shows the permissions the app actually used. Sometimes these include ones which were not requested/granted.
This and this may be in your interest. If not, they're still interesting reads .
Hi there,
we have a secured infrastructure where the play store is deactivated on the devices. You cant sideload apk manually, we push them by a special software.
Until Apps where developed more and more with AAB / Split APK we can't update different apps. Is there any possibility to extract those AAB Apps from a open PlayStore device and convert this AAB to an APK for a sideload with the special deployment software (own secured store)?
We can partly extract some data with adb (e.g. Twitter: com.twitter.android.8.53.0-release.01.apk, split_config.arm64_v8a.apk, split_config.de.apk, split_config.xxhdpi.apk) but we can't put them together to an single apk.
Is it possible? Maybe with a rooted phone or special software? For security reasons an apk mirror is not the best choice.
Thanks
@CrazyOlli
You can extract APKs from .AAB-files by means of Google's Bundletool what is a command-line tool to manipulate Android App Bundles.
jwoegerbauer said:
@CrazyOlli
You can extract APKs from .AAB-files by means of Google's Bundletool what is a command-line tool to manipulate Android App Bundles.
Click to expand...
Click to collapse
Hi and thank you.
I found that tool already, but i didn't have access to an complete aab file. I only can extract Split APK from a Play Store connected device and tried to bundle it with the "universal" mode. But it didn't worked for me and my actual skill level ends at that point. Or is there an option to extract the whiole aab file from google?
Hi every1,
Important threads:
- https://www.thecobraden.com/posts/unblocking_firebase_ids/
Explanation:
I've been messing, for some time now, with android tampering/reverse engineering. But, there is a problem that I can't seem to overcome, neither find any solution for it on any foruns, that is "Signing In with Google" on the app after modifying it (decompiling/recompiling).
The process I follow is as simple as:
Pulling the APK file from my android using adb;
Opening the APK file using jadx-gui to see the contents and search for what I want to change;
Decompiling the APK using APKEasyTool and searching for the .smali file I previously wanted to change;
Changing the file and recompiling the APK with APKEasyTool;
(optional) In case the APK file is splitted, installing it on my device using SAI.
Results:
After this process the app works fine, but as mentioned, I can't no longer sign in on the app with Google. As far as I know, when you click the sign-in button, an HTTP request is made to Google Servers, asking for a token, than can later be used to sign-in on the app (this is made by integrating Firebase in the android project). And, it's in this process that it fails, because on this request it is also sent the SHA-1 fingerprint as a Request Header, which was changed when signing the APK file.
Using a tool like MITMProxy I was able to repeat this request with the APK original SHA-1 (retrieved with keytool -printcert -jarfile <original.apk>), but this requires moving traffic through, for instance, my computer - as a proxy server. (And for some reason it didn't always worked).
Question:
Does anyone have any thoughts on this, or have successfully been able to decompile/recompile an apk and still be able to use Google Sign In option? How can I modify an apk file and still be able to sign in on it with my Google account?
i mean if your device is rooter, you can login in origin apk and use lucky patcher backup data ,install modified apk then do a restore data in to app
Play Services will not allow it unless the apk is signed by Google. The solution is to set the public key for the modified apk and patch Android Framework's signature check to make the system think it's valid.
The yellow smiley face app mentioned above does this, as well as microg.