1

In this instance I used this app: Perfect_Piano_v7.1.3_apkpure.com

Apktool version: v2.3.3 IBotPeaches fork https://github.com/iBotPeaches/Apktool/releases/tag/v2.3.3

The original app works fine on my device and emulator, but after I unpack and repack it with and reinstall it, the app crashes instantly. I made no changes to the app before rebuilding, and use --no-src flag to not decompile smali files.

apktool d -f --no-src Perfect_Piano_v7.1.3_apkpure.com.apk
rm Perfect_Piano_v7.1.3_apkpure.com.apk
apktool b -f Perfect_Piano_v7.1.3_apkpure.com
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore Perfect_Piano_v7.1.3_apkpure.com.apk alias_name

I also tried building with --use-aapt2 flag.

Logcat throws the following error:

05-30 19:59:13.781 1691-1714/? W/WindowManager: Failed looking up window
                                                java.lang.IllegalArgumentException: Requested window android.view.ViewRootImpl$W@29a1c85 does not exist
                                                    at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:8733)
                                                    at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:8724)
                                                    at com.android.server.wm.WindowManagerService.removeWindow(WindowManagerService.java:2697)
                                                    at com.android.server.wm.Session.remove(Session.java:187)
                                                    at android.view.ViewRootImpl.dispatchDetachedFromWindow(ViewRootImpl.java:3099)
                                                    at android.view.ViewRootImpl.doDie(ViewRootImpl.java:5606)
                                                    at android.view.ViewRootImpl$ViewRootHandler.handleMessage(ViewRootImpl.java:3409)
                                                    at android.os.Handler.dispatchMessage(Handler.java:102)
                                                    at android.os.Looper.loop(Looper.java:148)
                                                    at android.os.HandlerThread.run(HandlerThread.java:61)
                                                    at com.android.server.ServiceThread.run(ServiceThread.java:46)

You may find full logcat log in this pastebin

Hypothesis

  • Since I don't actually decode .dex files, hence --no-src flag, the problem is probably have nothing to do with smali compiling.
  • Could it be some kind of anti-tamper protection?
  • The result file is smaller than original (original 16.67 Mb result 13.96 Mb), all resources are exactly the same, but when viewed in the archive they are more compressed, so maybe issues with resource compression?

I'm clueless at this point, I'm experiencing the same issues with some other .apk files as well.

I submitted this issue in github.

Community
  • 1
  • 1
Ben
  • 3,989
  • 9
  • 48
  • 84
  • 1
    Is that the only error in logcat? My first instinct is that that is a secondary error, that only happens because there's some other primary error beforehand. But that's purely a guess. – JesusFreke May 30 '18 at 17:46
  • 1
    Oh, I just saw the link to the full logcat. Here's the actual cause: "05-30 19:59:13.737 7341-7341/? I/art: System.exit called, status: 0". The app itself is calling System.exit for some reason. Likely some form of tamper protection, as you had guessed. – JesusFreke May 30 '18 at 17:50
  • @JesusFreke yeah, that's full log – Ben May 30 '18 at 18:01
  • @JesusFreke I'm not completely sure it originates from the app, as there's no way of filtering for the process only... – Ben May 30 '18 at 18:06
  • 1
    The logcat message contains the pid of the process. For the example I pasted, the pid is 7341. Just a bit earlier, you can see ActivityManager starting that pid, for "com.gamestame.perfectpiano": "05-30 19:59:13.658 1691-1702/? I/ActivityManager: Start proc 7341:com.gamestar.perfectpiano/u0a93 for activity com.gamestar.perfectpiano/.Splash" – JesusFreke May 30 '18 at 18:42
  • @JesusFreke have a look at this piece. https://pastebin.com/wM9n5XMP , it was in the prefect piano apk. – Ben May 30 '18 at 18:53
  • @JesusFreke there's a single place in code where `a` is invoked with true. https://pastebin.com/reCyHGi7 . Not exactly sure what to make of it – Ben May 30 '18 at 19:06

0 Answers0