-1

I'm doing instrumentation on an apk to add more ids (like in R.id.name) and set id for a specific widget, but I noticed something interesting:

  • If I set an existing id (by "existing" I mean it is declared in ids.xml before compilation) to the widget, UiAutomator can capture that information when I'm dumping the view
    • Result: <node index="2" text="Hello World" resource-id="com.example.example:id/testId" class="android.widget.TextView" ...>
  • For an id I instrumented (by "instrumented" I mean, it is inserted into R.id class using soot), for example R.id.inserted, the value is assigned correctly to the widget ( inspected through debugger), but UiAutomator cannot capture it
    • Result: <node index="2" text="Hello World" resource-id="" class="android.widget.TextView" ...>

I wonder what is missing here? Are the ids declared in xmls compiled into something more than just R.id?

Ok, seems like the id is also contained in the resources.arsc file. Without instrumenting it, UiAutomator cannot figure out the id. But I am confused how to do that, is there a way to do so?

WatashiJ
  • 722
  • 6
  • 19

1 Answers1

0

After quite a few attempts, I have finally understand how the ids work. For anyone else having troubles with the same issue, here is what you need to do:

  1. Insert ids into resources.arsc file (explained later)
  2. Instrument the integer (reference, explained later) into R.id class

First, let's talk about how the id system works. A compiled apk has a class R.id, which has many static int fields. The int value of each field in hex format can be interpreted as 0xPPTTEEEE,

  • P stands for Package in arsc file,
  • T is Type, such as "anim", "style", and of course "id"
  • E is the entry id, which can be understand as the index in the Type

So, we need to first use some tool to insert the new id into arsc file, then instrument R.id to point to the entry.

For inserting ids, my solution is parsing the arsc file into a formatted structure, and modify it, then write it out. You can find more information about the byte structure from ResourceTypes.h. Or if you want, you can use the library I wrote in Rust arsc.

Hopefully this is clear enough for anyone trying to mess up the arsc file. Feel free to leave comments and other answers.

WatashiJ
  • 722
  • 6
  • 19