androidreversesmali

Why APK could not be installed after Smali patching?

Here is the TestClass and MainActivity.

enter image description here

enter image description here

In order to always show the Toast, I changed TestClass constructor using smali patching to following:

enter image description here

but after compiling and signing, the new patched apk could not be installed.

where is the problem??

Here is the patching code:

iput-boolean p1, p0, Lcom/example/test1/TestClass;->testB:Z

if-nez p1, :cond_0

const/4 p1, 0x1

iput-boolean p1, p0, Lcom/example/test1/TestClass;->testB:Z

:cond_0

This is the LOGCAT during installation:

1772  1772 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<

1772  1772 D AndroidRuntime: CheckJNI is OFF

1772  1772 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat

1772  1772 E memtrack: Couldn't load memtrack module (No such file or directory)

1772  1772 E android.os.Debug: failed to load memtrack module: -2

1772  1772 I Radio-JNI: register_android_hardware_Radio DONE

1772  1772 D AndroidRuntime: Calling main entry com.android.commands.pm.Pm

1594  1606 D DefContainer: Copying /data/local/tmp/app-release_SIGNED_UNALIGNED.apk to base.apk

 637   662 D NativeLibraryHelper: Library 'libtoolChecker.so' is not page-aligned - will not be able to open it directly from apk.

 637   662 W NativeHelper: Failure copying native libraries [errorCode=-2]

 637   662 I art     : Starting a blocking GC Explicit

 637   662 I art     : Explicit concurrent mark sweep GC freed 34438(1881KB) AllocSpace objects, 2(40KB) LOS objects, 33% free, 6MB/9MB, paused 267us total 14.270ms

1772  1772 I art     : System.exit called, status: 1

1772  1772 I AndroidRuntime: VM exiting with result code 1.
Solution

  • Short answer

    Align the APK file using zipalign and (if not already) sign using apksigner which handles the v2 signature, an additional requirement.

    Long answer

    There are two mentions of alignment in your logcat, which strongly suggests that your APK file is not aligned. Since Android 11, there is a requirement that the APK file contains an uncompressed resources.asrc file, which is aligned to 4 bytes in the file.

    Replicating the issue via ADB, I used the following:

    # 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Attempt installation of the rebuilt APK file
adb install -r rebuilt.apk

    which results in the following error:

    adb: failed to install rebuilt.apk: Failure [-124: Failed parse during installPackageLI: Targeting R+ (version 30 and above) requires the resources.arsc of installed APKs to be stored uncompressed and aligned on a 4-byte boundary]

    My first thought was to simply use zipalign after using jarsigner to sign the APK like so:

    # 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

    However, this resulted in the following error:

    adb: failed to install rebuilt-aligned.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Scanning Failed.: No signature found in package of version 2 or newer for package au.com.msbit.a68855123]

    This then indicated that there was another requirement with Android 11; that the APK files be signed with the v2 signature scheme, which requires apksigner. Putting both those together, something like the following works:

    # 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 6) Sign the rebuilt APK file
apksigner sign --ks keystore --ks-pass pass:password rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

    As noted in the documentation for apksigner, it must be run after any modifications have been made to the APK file, so, as opposed to the order when using jarsigner, zipalign must be run before apksigner.