1

Here is the TestClass and MainActivity.

enter image description here

enter image description here

In order to always show the Toast, I changed TestClass constructor using smali patching to following:

enter image description here

but after compiling and signing, the new patched apk could not be installed.

where is the problem??

Here is the patching code:

iput-boolean p1, p0, Lcom/example/test1/TestClass;->testB:Z

if-nez p1, :cond_0

const/4 p1, 0x1

iput-boolean p1, p0, Lcom/example/test1/TestClass;->testB:Z

:cond_0

This is the LOGCAT during installation:

1772  1772 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<

1772  1772 D AndroidRuntime: CheckJNI is OFF

1772  1772 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat

1772  1772 E memtrack: Couldn't load memtrack module (No such file or directory)

1772  1772 E android.os.Debug: failed to load memtrack module: -2

1772  1772 I Radio-JNI: register_android_hardware_Radio DONE

1772  1772 D AndroidRuntime: Calling main entry com.android.commands.pm.Pm

1594  1606 D DefContainer: Copying /data/local/tmp/app-release_SIGNED_UNALIGNED.apk to base.apk

 637   662 D NativeLibraryHelper: Library 'libtoolChecker.so' is not page-aligned - will not be able to open it directly from apk.

 637   662 W NativeHelper: Failure copying native libraries [errorCode=-2]

 637   662 I art     : Starting a blocking GC Explicit

 637   662 I art     : Explicit concurrent mark sweep GC freed 34438(1881KB) AllocSpace objects, 2(40KB) LOS objects, 33% free, 6MB/9MB, paused 267us total 14.270ms

1772  1772 I art     : System.exit called, status: 1

1772  1772 I AndroidRuntime: VM exiting with result code 1.
Mehran
  • 73
  • 7
  • Is the old apk still installed? Did you sign with the same certificate? Logcat would contain concrete info why the installation failed. – adnan_e Aug 19 '21 at 23:19
  • Old APK is installed successfully and signing is same for the both. – Mehran Aug 20 '21 at 11:31
  • In that case post the logcat when installation fails. I'm almost certain that it will contain detailed information what went wrong. – adnan_e Aug 20 '21 at 11:43
  • Just edited the Q and posted what you needed. @adnan_e – Mehran Aug 20 '21 at 12:29

2 Answers2

6

Short answer

Align the APK file using zipalign and (if not already) sign using apksigner which handles the v2 signature, an additional requirement.

Long answer

There are two mentions of alignment in your logcat, which strongly suggests that your APK file is not aligned. Since Android 11, there is a requirement that the APK file contains an uncompressed resources.asrc file, which is aligned to 4 bytes in the file.

Replicating the issue via ADB, I used the following:

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Attempt installation of the rebuilt APK file
adb install -r rebuilt.apk

which results in the following error:

adb: failed to install rebuilt.apk: Failure [-124: Failed parse during installPackageLI: Targeting R+ (version 30 and above) requires the resources.arsc of installed APKs to be stored uncompressed and aligned on a 4-byte boundary]

My first thought was to simply use zipalign after using jarsigner to sign the APK like so:

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

However, this resulted in the following error:

adb: failed to install rebuilt-aligned.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Scanning Failed.: No signature found in package of version 2 or newer for package au.com.msbit.a68855123]

This then indicated that there was another requirement with Android 11; that the APK files be signed with the v2 signature scheme, which requires apksigner. Putting both those together, something like the following works:

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 6) Sign the rebuilt APK file
apksigner sign --ks keystore --ks-pass pass:password rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

As noted in the documentation for apksigner, it must be run after any modifications have been made to the APK file, so, as opposed to the order when using jarsigner, zipalign must be run before apksigner.

msbit
  • 4,152
  • 2
  • 9
  • 22
  • 1
    You're right. The problem is Zipalign. After signing using ApkSigner, I just zipaligned using "zipalign.exe -p -v 4 inApp.apk outApp.apk" and it installed successfully. TNX. – Mehran Aug 21 '21 at 10:33
  • @msbit Are you sure `apksigner` does also aligning? The [apksigner help text](https://developer.android.com/studio/command-line/apksigner) still mentions zipalign and that you have to use it before using apksigner. If apksigner would also align the apk this note would not be necessary or would be written differently. Also apksigner misses the necessary aligning parameters, as some apks have to be aligned to 4096 bytes and not 4 bytes. – Robert Aug 23 '21 at 16:18
  • @Robert actually, no, I'm not sure; the signing may have just pushed things around so the result was aligned. I'll take a look and update the answer with the outcome. – msbit Sep 01 '21 at 11:46
0

While @msbit answer works as expected, if you get this error :

W: invalid resource directory name: /Users/{username}/Desktop/reverse/original/res navigation brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1):

you wanna use : --use-aapt2 in build command

apktool build --output rebuilt.apk --use-aapt2 orignal

https://github.com/iBotPeaches/Apktool/issues/1978#issuecomment-452894225

Nilesh Deokar
  • 2,975
  • 30
  • 53