Open
Description
Information
- Apktool Version (
apktool -version
) - 2.11.1 - Operating System (Mac, Linux, Windows) - Mac
- APK From? (Playstore, ROM, Other) - Other
- Java Version (
java --version
) - 23.0.2 2025-01-21
Stacktrace/Logcat
apktool d 98e9f3443c60777079d7885c4159fc0858a90aa8.apk
I: Using Apktool 2.11.1 on 98e9f3443c60777079d7885c4159fc0858a90aa8.apk with 8 threads
I: Baksmaling classes.dex...
I: Baksmaling classes3.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes4.dex...
I: Baksmaling classes5.dex...
I: Baksmaling classes6.dex...
I: Baksmaling 0iT3deJLk6eEUmShl7r7/躙.dex...
I: Loading resource table...
W: Skipping unknown chunk data of size 264
I: Baksmaling 1hpALmadpQ6QV9dkODPx/奔.dex...
I: Baksmaling 1KZWEeTDZwX737pEKuB9/燳.dex...
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 65681 out of bounds for length 6
at brut.androlib.res.data.value.ResPluralsValue.<init>(SourceFile:39)
at brut.androlib.res.decoder.ARSCDecoder.readResourceTable(SourceFile:97)
at brut.androlib.res.decoder.ARSCDecoder.decode(SourceFile:79)
at brut.androlib.res.data.ResTable.loadResPackagesFromApk(SourceFile:179)
at brut.androlib.res.ResourcesDecoder.decodeResources(SourceFile:126)
at brut.androlib.ApkDecoder.decodeResources(SourceFile:212)
at brut.androlib.ApkDecoder.decode(SourceFile:83)
at brut.apktool.Main.main(SourceFile:244)
APK
https://drive.google.com/file/d/15lNxSrCRT-V37TwSQUDRoeJmIGq10OGM/view
7z pass: apktool
Questions to ask before submission
- Have you tried
apktool d
,apktool b
without changing anything? - Y - If you are trying to install a modified apk, did you resign it? - Y
- Are you using the latest apktool version? - Y
Activity
iBotPeaches commentedon Apr 14, 2025
Confirmed, but the issue isn't with the dex name. This is another iteration of ApkEditor tweaks, i.e the protect feature.
Probably something in this new protector. https://github.com/REAndroid/APKEditor/blob/master/src/main/java/com/reandroid/apkeditor/protect/Protector.java#L60
[-][BUG] decode error with big unicode character in dex name[/-][+][BUG] ApkEditor Protect: decode error with big unicode character in dex name[/+]IgorEisberg commentedon Jun 10, 2025
That APK can't be reasobably decoded to a rebuildable source. APKEditor switched around the type name, and Apktool wholly relies on type names to parse the items correctly in a way aapt2 understands.
https://github.com/REAndroid/APKEditor/blob/master/src/main/java/com/reandroid/apkeditor/protect/TableConfuser.java#L91
From Android's perspective, type names make little difference and what matters is the context where each resource is used.
e.g. APKEditor renamed "attr" to "style", but the resources are still used as an attribute in XMLs.
That obfuscation does, however, break dynamic resource ID lookup via
Resources.getIdentifier(String name, String defType, String defPackage)
due to reliance on type names.IgorEisberg commentedon Jun 11, 2025
By the way, @iBotPeaches this particular "Index out of bounds" exception is due to how this was not explicitly checked for a valid key:
Apktool/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/data/value/ResPluralsValue.java
Line 39 in 42f94d5
iBotPeaches commentedon Jun 11, 2025
Damn that bug then is as old as 2012.
IgorEisberg commentedon Jun 11, 2025
Yeah I cleaned a lot of it, but the old stuff worked well for unadulterated APKs. This one was easily exploitable.