Support for apps using Android App Bundle about apk-mitm HOT 8 CLOSED

Turns out I actually did mess up the signing step somehow (or there's a bug in uber-apk-signer). I got it all working now using the following shell script which takes in a bundle.apks file (exported using SAI) and outputs a modified bundle-patched.apks file:

# Unzip exported .apks file
unzip bundle.apks -d apks
cd apks

# Create debug keystore
keytool \
  -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey \
  -keypass android -keyalg RSA -keysize 2048 -validity 10000 \
  -dname "cn=Unknown, ou=Unknown, o=Unknown, c=Unknown"

# Run apk-mitm on the base.apk
apk-mitm base.apk
rm base.apk
mv base-patched.apk base.apk

# Sign all APKs with the debug keystore
for apk in *.apk; do
  apksigner sign --ks debug.keystore --ks-pass pass:android "$apk"
done

# Delete the keystore, so it's not included in the zip
rm debug.keystore

zip ../bundle-patched.apks *

Assuming that's all there is to modifying Android App Bundles, implementing support in apk-mitm doesn't seem to complicated after all. I'm imagining it to look something like this in the end:

apk-mitm example.apks # => produces example-patched.apks
apk-mitm example.xapk # => produces example-patched.xapk

from apk-mitm.

I spent some time investigating this and I noticed that I'm not even able to install the unmodified APK (that I downloaded from APKPure). That's because Uber uses Android App Bundle — essentially multiple APK files — to distribute their app.

Running adb shell pm path com.ubercab (with the Uber app installed) reveals all the packages:

package:/data/app/com.ubercab-XJUOEpI32eIaVNCi8UFnmg==/base.apk
package:/data/app/com.ubercab-XJUOEpI32eIaVNCi8UFnmg==/split_config.armeabi_v7a.apk
package:/data/app/com.ubercab-XJUOEpI32eIaVNCi8UFnmg==/split_config.xxhdpi.apk

The base.apk is probably the one you downloaded and patched but you can't install that without the architecture split (armeabi_v7a) and the screen density split (xxhdpi) that are specific to your device and automatically installed by Google Play. Without the architecture (ABI) split the app cannot find the appropriate native libraries, hence the error.

I'm not sure if there's a way to manually install these splits alongside the patched base.apk, so you might want to do some research on that. I've run into similar Android App Bundle problems before while reverse-engineering scooter sharing apps (which is something, I noticed, you've done too 😄), so I'd be very happy about a solution.

from apk-mitm.

you're right, I ended up using an older version (4.255) which doesn't use app bundle and thus installs perfectly
thanks for all your support ;)

from apk-mitm.

APKPure provides a new format called XAPK (https://apkpure.com/fr/how-to-install-apk.html) which is their response to the new app bundle format

In Android lollipop there was this new feature called Split APKs that allowed multiple APKs to be added to a device, whilst still behaving as though they were part of a single app. These could be installed as different combinations on different devices — whilst still appearing as a single APK.

I believe it would be possible to download an app bundle directly from the play store and only replace the base.apk
What do you think ?

from apk-mitm.

APKPure provides a new format called XAPK

XAPK actually does seem like an interesting solution to this problem and since its format is actually really simple, adding support for it might be worth it.

I believe it would be possible to download an app bundle directly from the play store and only replace the base.apk

Well, I'm not sure how easy the downloading part is since Google Play doesn't use XAPK as far as I know (the format isn't even official in any way). But once you have an XAPK — whether you've downloaded it from APKPure or created it yourself — it should be very easy to modify the base.apk:

• Rename the XAPK to something.zip and extract all files
• Run apk-mitm on the base APK file
• Compress all files again and rename the output to something.xapk

Could you give this a try (maybe with Uber's XAPK) and let me know if it works?

from apk-mitm.

So there is this tool called Split APK Installer https://static.down-apk.com/files/com.aefyr.sai/Split%20APKs%20Installer.apk that allows you 1) to install app bundle (for example https://apkcombo.com/fr-fr/bzzt/se.bzzt.app.clients/download/apk) and also to export one you already installed on your device

That means It would theoretically be possible to download, export, patch then install an app bundle :)

from apk-mitm.

That means It would theoretically be possible to download, export, patch then install an app bundle

Theoretically yes, but while trying this out with Lime's app I found out that this seems to be quite tricky in practice. Here's exactly what I tried:

I used SAI to export Lime's APKs, uninstalled Lime, and reinstalled it through the exported file which worked without problems. Then, I tried running just the base.apk through apk-mitm, zipped all the APKs again and tried to install the resulting file. Now I got an error saying "Invalid APK files selected". I thought this might be because the APKs have different signatures, so I tried just resigning all of them with the same debug certificate (without even running apk-mitm to be sure) and that produced the same error again.

In order to get some more details on this error, I tried installing the APKs through the adb install-multiple command I discovered. First, I ran it on the orignal APKs I had exported — that worked without problems, then I ran it on the ones I had resigned with the debug certificate — this didn't work and produced the following error:

adb: failed to finalize session
Failure [INSTALL_FAILED_INVALID_APK: Failed to extract native libraries, res=-2]

This is the same error you were getting in the beginning, so somehow the split containing the native libraries still can't be found although it is installed alongside the base.apk in this case. But I ran into some issues while signing, so maybe the APKs just weren't signed properly.

Anyway, the main objective for now is to be able to resign (and zipalign) all the APKs in a bundle with the same debug certificate and successfully install them through adb install-multiple (or the SAI app but adb's output is more useful). When that works we can look into actually modifying one or more of those APKs using apk-mitm, but that can't be done without the signing problem out of the way.

from apk-mitm.

You're amazing dude !!!

I knew it would "only" be a signing problem, glad you figured it out :)

from apk-mitm.