-1

I tried to harden my APK from reverse engineering. I know it's impossible preventing decompile APK but I saw some APKs used a trick to throw exception apktool in decompile process (Not just APK tool, all of decompiler like QARK can't return a classes.dex APK), so I decided to do that for take longer time in reverse engineering

Here you can see some result of result of hardened application : winrar:winrar.winrar2

apktool:

    sudo apktool d -f app/TTT.apk --keep-broken-res
    I: Using Apktool 2.3.1-dirty on TTT.apk
I: Loading resource table...
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/lab/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
Exception in thread "main" java.lang.NullPointerException
    at brut.androlib.res.data.value.ResEnumAttr.serializeBody(ResEnumAttr.java:56)
    at brut.androlib.res.data.value.ResAttr.serializeToResValuesXml(ResAttr.java:64)
    at brut.androlib.res.AndrolibResources.generateValuesFile(AndrolibResources.java:555)
    at brut.androlib.res.AndrolibResources.decode(AndrolibResources.java:269)
    at brut.androlib.Androlib.decodeResourcesFull(Androlib.java:132)
    at brut.androlib.ApkDecoder.decode(ApkDecoder.java:124)
    at brut.apktool.Main.cmdDecode(Main.java:163)
    at brut.apktool.Main.main(Main.java:72)

Please explain for me, how it's possible ?(I need detail of implementation)

learner
  • 61
  • 1
  • 7

2 Answers2

0

The first APK you linked to isn't a valid APK. It's just a plain text file, with the following text repeated over and over:

HTTP/1.1 200 OK
Date: Sat, 27 Oct 2018 17:35:36 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
Last-Modified: Sat, 28 Jul 2018 11:40:03 GMT
ETag: "23b1fe5-5720db0636ac0"
Accept-Ranges: bytes
Content-Length: 37429221
Keep-Alive: timeout=20
Connection: Keep-Alive

Obviously, just HTTP response headers repeated don't form a valid APK. The reason that your tools are failing on that file isn't that it's encrypted/obfuscated/hardened, but that it's not really an APK at all, and wouldn't work if you tried to install it.

The second APK you linked to extracts for me fine when I unzip it.

My conclusion is that the "hardening" you mention doesn't exist (it seemed to only due to mixing up valid and invalid APKs), and that any APK that successfully installs can also be successfully extracted.

Joseph Sible-Reinstate Monica
  • 45,431
  • 5
  • 48
  • 98
  • Then the file you installed isn't the one that you linked to. – Joseph Sible-Reinstate Monica Oct 30 '18 at 02:08
  • yes you right , i think that file damaged while transferring, but this time i checked out (i download from this link and installed that it's work !) ,sorry about that , please download it again please https://ufile.io/ewhz6 (Now You Can Test it) – learner Oct 30 '18 at 02:22
  • @learner That one is indeed valid, and it doesn't appear "hardened" to me. Answer updated. – Joseph Sible-Reinstate Monica Oct 30 '18 at 02:38
  • so why apktool throw exception or QARK dosent know that as APK file ? – learner Oct 30 '18 at 02:44
  • you go on wrong why because when you unpack that apk , you can saw classes.dex no res Directory you can saw just some files encrypted (I think) So its hardened and you dose not give me a True Answer ! – learner Oct 30 '18 at 08:23
  • an other way i ask **how** **throw** **exception** **apktool** **while** **decompile**; your answer is without ANY relation to my question ! – learner Oct 30 '18 at 08:26
-1

That's encryption java classes feature (Like dexgaurd or Bangcle kh); and also that's protected with Native Library Encryption (NLE) + JNI Obfuscation (JNI) From Something like dexprotector (i found that in dynamic analysis tools)

and many tanks to semanticscholar for This article and this

learner
  • 61
  • 1
  • 7