Skip to content

[BUG] ApkEditor Protect: decode error with big unicode character in dex name #3847

Open
@4ft35t

Description

@4ft35t

Information

  1. Apktool Version (apktool -version) - 2.11.1
  2. Operating System (Mac, Linux, Windows) - Mac
  3. APK From? (Playstore, ROM, Other) - Other
  4. Java Version (java --version) - 23.0.2 2025-01-21

Stacktrace/Logcat

apktool d 98e9f3443c60777079d7885c4159fc0858a90aa8.apk

I: Using Apktool 2.11.1 on 98e9f3443c60777079d7885c4159fc0858a90aa8.apk with 8 threads
I: Baksmaling classes.dex...
I: Baksmaling classes3.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes4.dex...
I: Baksmaling classes5.dex...
I: Baksmaling classes6.dex...
I: Baksmaling 0iT3deJLk6eEUmShl7r7/躙.dex...
I: Loading resource table...
W: Skipping unknown chunk data of size 264
I: Baksmaling 1hpALmadpQ6QV9dkODPx/奔.dex...
I: Baksmaling 1KZWEeTDZwX737pEKuB9/燳.dex...
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 65681 out of bounds for length 6
	at brut.androlib.res.data.value.ResPluralsValue.<init>(SourceFile:39)
	at brut.androlib.res.decoder.ARSCDecoder.readResourceTable(SourceFile:97)
	at brut.androlib.res.decoder.ARSCDecoder.decode(SourceFile:79)
	at brut.androlib.res.data.ResTable.loadResPackagesFromApk(SourceFile:179)
	at brut.androlib.res.ResourcesDecoder.decodeResources(SourceFile:126)
	at brut.androlib.ApkDecoder.decodeResources(SourceFile:212)
	at brut.androlib.ApkDecoder.decode(SourceFile:83)
	at brut.apktool.Main.main(SourceFile:244)

APK

https://drive.google.com/file/d/15lNxSrCRT-V37TwSQUDRoeJmIGq10OGM/view
7z pass: apktool

Questions to ask before submission

  1. Have you tried apktool d, apktool b without changing anything? - Y
  2. If you are trying to install a modified apk, did you resign it? - Y
  3. Are you using the latest apktool version? - Y

Activity

iBotPeaches

iBotPeaches commented on Apr 14, 2025

@iBotPeaches
Owner

Confirmed, but the issue isn't with the dex name. This is another iteration of ApkEditor tweaks, i.e the protect feature.

00.007 I: [DECOMPILE] Loading ...
00.201 I: [DECOMPILE] /media/ibotpeaches/AOSP/Apktool/3847/98e9f3443c60777079d7885c4159fc0858a90aa8.apk
00.201 I: [DECOMPILE] PROTECTED

Probably something in this new protector. https://github.com/REAndroid/APKEditor/blob/master/src/main/java/com/reandroid/apkeditor/protect/Protector.java#L60

changed the title [-][BUG] decode error with big unicode character in dex name[/-] [+][BUG] ApkEditor Protect: decode error with big unicode character in dex name[/+] on Apr 14, 2025
IgorEisberg

IgorEisberg commented on Jun 10, 2025

@IgorEisberg
Contributor

That APK can't be reasobably decoded to a rebuildable source. APKEditor switched around the type name, and Apktool wholly relies on type names to parse the items correctly in a way aapt2 understands.
https://github.com/REAndroid/APKEditor/blob/master/src/main/java/com/reandroid/apkeditor/protect/TableConfuser.java#L91

From Android's perspective, type names make little difference and what matters is the context where each resource is used.
e.g. APKEditor renamed "attr" to "style", but the resources are still used as an attribute in XMLs.
That obfuscation does, however, break dynamic resource ID lookup via Resources.getIdentifier(String name, String defType, String defPackage) due to reliance on type names.

IgorEisberg

IgorEisberg commented on Jun 11, 2025

@IgorEisberg
Contributor

By the way, @iBotPeaches this particular "Index out of bounds" exception is due to how this was not explicitly checked for a valid key:

mItems[item.getLeft() - BAG_KEY_PLURALS_START] = item.getRight();

iBotPeaches

iBotPeaches commented on Jun 11, 2025

@iBotPeaches
Owner

Damn that bug then is as old as 2012.

IgorEisberg

IgorEisberg commented on Jun 11, 2025

@IgorEisberg
Contributor

Damn that bug then is as old as 2012.

Yeah I cleaned a lot of it, but the old stuff worked well for unadulterated APKs. This one was easily exploitable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @iBotPeaches@4ft35t@IgorEisberg

        Issue actions

          [BUG] ApkEditor Protect: decode error with big unicode character in dex name · Issue #3847 · iBotPeaches/Apktool