these-android-re/androscalpel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

poc repackaging

Browse source
This commit is contained in:
Jean-Marie Mineau 2024-01-22 16:50:26 +01:00
parent 0f5764c340
commit d3e005fd68
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
3 changed files with 121 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apk_frauder/.gitignore vendored
View file

@ -1,2 +1,4 @@
*.apk
*.zip
*.dex
*.idsig

130
apk_frauder/src/main.rs
View file

@ -1,76 +1,78 @@
use apk_frauder::external_file_attributes;
use apk_frauder::file_header::FileHeader;
use apk_frauder::ZipFileReader;
use apk_frauder::ZipFileWriter;
use std::fs::File;
use std::io::Cursor;
use std::process::Command;
fn main() {
//let file = File::open("app-release.apk").expect("failed to open file");
//let file = File::open("tst_64.zip").expect("failed to open file");
//let zip_file = ZipFileReader::new(file);
/*
//println!("{}", zip_file.get_file_names().join("\n"));
for file in &zip_file.files {
println!("{}", file.get_name());
println!("local: {:?}", file.local_header.malformed_extra_field);
println!("central dir: {:?}", file.header.malformed_extra_field);
println!();
// Remove previous generation
println!("Remove files from previous run");
Command::new("rm").arg("app-striped.apk").status().unwrap();
Command::new("rm")
.arg("app-instrumented.apk")
.status()
.unwrap();
Command::new("rm")
.arg("app-instrumented-signed.apk")
.status()
.unwrap();
Command::new("rm")
.arg("app-instrumented-aligned.apk")
.status()
.unwrap();
println!("Read the headers of the existing dex file and strip the apk signature and dex files");
let file = File::open("app-release.apk").expect("failed to open file");
let mut apk = ZipFileReader::new(file);
let mut file_info_ref = (*apk.get_classes_file_info().first().unwrap()).clone();
apk.unlink_signature_files();
apk.unlink_bytecode_files();
let out_file = File::create("app-striped.apk").expect("failed to create file");
let mut apk_out = ZipFileWriter::new(out_file, apk.zip64_end_of_central_directory.clone());
for f in apk.files.clone() {
apk_out.insert_file_from_zip(f, &mut apk);
}
apk_out.write_central_directory();
println!(
"uncompressed size: {}",
zip_file.files[0].get_uncompressed_size()
);
println!(
"{}",
zip_file
.get_jar_sig_files()
.iter()
.map(|f| f.get_name())
.collect::<Vec<_>>()
.join("\n")
);
if zip_file.is_signed_v2() {
println!("Signed >= v2");
} else {
println!("Not signed whith scheme >= v2");
println!("Insert the dex file to the stripped apk with the header of the original dex file");
let file = File::open("app-striped.apk").expect("failed to open file");
let mut bytecodes = File::open("classes.dex").expect("failed to open file");
let mut apk = ZipFileReader::new(file);
let out_file = File::create("app-instrumented.apk").expect("failed to create file");
let mut apk_out = ZipFileWriter::new(out_file, apk.zip64_end_of_central_directory.clone());
for f in apk.files.clone() {
apk_out.insert_file_from_zip(f, &mut apk);
}
zip_file.check_holes();
*/
//println!("{:#?}", zip_file.get_file_info("classes.dex"));
/*
let file = File::open("tst_64.zip").expect("failed to open file");
let out_file = File::create("tst_64.out.zip").expect("failed to create file");
let mut zip_file = ZipFileReader::new(file);
let mut out_file =
ZipFileWriter::new(out_file, zip_file.zip64_end_of_central_directory.clone());
for f in zip_file.files.clone() {
out_file.insert_file_from_zip(f, &mut zip_file);
}
out_file.write_central_directory();
*/
//println!("{:#?}", zip_file.zip64_end_of_central_directory);
let out_file = File::create("test_write.zip").expect("failed to create file");
let mut out_file = ZipFileWriter::new(out_file, None);
out_file.insert_file(
&mut Cursor::new(b"plop\n"),
FileHeader::new_default("plop.txt"),
None,
);
out_file.insert_file(
&mut Cursor::new(b"Hello World !!!\n"),
FileHeader::new_default("plip.txt"),
None,
file_info_ref.set_name("classes.dex");
apk_out.insert_file(
&mut bytecodes,
file_info_ref.header,
Some(file_info_ref.local_header),
);
apk_out.write_central_directory();
//let mut header_dir = FileHeader::new_default("dir");
//header_dir.set_file_type(external_file_attributes::DIR_FILE);
//out_file.insert_file(&mut Cursor::new(b""), header_dir, None);
let mut header_link = FileHeader::new_default("dir/link");
header_link.set_file_type(external_file_attributes::SYMBOLIC_LINK_FILE);
out_file.insert_file(&mut Cursor::new(b"../plop.txt"), header_link, None);
println!("Align the apk");
// This could probably be performed by ourself
Command::new("/home/histausse/Android/Sdk/build-tools/34.0.0/zipalign")
.arg("-v")
.arg("-p")
.arg("4")
.arg("app-instrumented.apk")
.arg("app-instrumented-aligned.apk")
.status()
.unwrap();
out_file.write_central_directory();
println!("Sign the apk");
Command::new("/home/histausse/Android/Sdk/build-tools/34.0.0/apksigner")
.arg("sign")
.arg("--ks")
.arg("/home/histausse/AndroidStudioProjects/TestApplication/my-release-key.jks")
.arg("--out")
.arg("app-instrumented-signed.apk")
.arg("app-instrumented-aligned.apk")
.status()
.unwrap();
}

63
apk_frauder/src/zip_reader.rs
View file

@ -207,15 +207,7 @@ impl<T: Read + Seek> ZipFileReader<T> {
pub fn get_jar_sig_files(&self) -> Vec<&FileInfo> {
self.files
.iter()
.filter(|file| {
let name = file.get_name();
let l = name.len();
(name == "META-INF/MANIFEST.MF")
|| (l >= 13 && &name[..9] == "META-INF/" && &name[l - 3..] == ".SF")
|| (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".DSA")
|| (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".RSA")
|| (l >= 14 && &name[..13] == "META-INF/SIG-")
})
.filter(|file| match_v1_signature_file(&file.get_name()))
.collect()
}
@ -237,6 +229,24 @@ impl<T: Read + Seek> ZipFileReader<T> {
self.apk_sign_block.is_some()
}
/// Remove v1 signature files from the file index.
///
/// This function does no modify the original file, only the index store
/// in the struct.
pub fn unlink_signature_files(&mut self) {
self.files
.retain(|file| !match_v1_signature_file(&file.get_name()));
}
/// Unlink bytecode files.
///
/// This function does no modify the original file, only the index store
/// in the struct.
pub fn unlink_bytecode_files(&mut self) {
self.files
.retain(|file| !match_dexfile_name(&file.get_name()));
}
pub fn check_holes(&self) {
let mut files: Vec<&FileInfo> = self.files.iter().collect();
files.sort_by_key(|f| f.get_offset_local_header());
@ -262,7 +272,7 @@ impl<T: Read + Seek> ZipFileReader<T> {
);
}
lst_offset += apk_sign_block.size() as u64;
lst_offset = self.get_cd_offset();
}
if self.get_cd_offset() != lst_offset {
println!(
@ -285,4 +295,37 @@ impl<T: Read + Seek> ZipFileReader<T> {
pub fn get_file_info(&self, name: &str) -> Option<&FileInfo> {
self.files.iter().find(|&file| file.get_name() == name)
}
pub fn get_classes_file_info(&self) -> Vec<&FileInfo> {
self.files
.iter()
.filter(|&file| match_dexfile_name(&file.get_name()))
.collect()
}
}
// Not worth a regex
/// Check if a file is a bytecode file (from its name)
fn match_dexfile_name(name: &str) -> bool {
if name.len() < 11 {
return false;
}
if &name[0..7] != "classes" {
return false;
}
if &name[name.len() - 4..name.len()] != ".dex" {
return false;
}
name.len() == 11 || name[7..name.len() - 4].parse::<u32>().is_ok()
}
/// Check if a file is used to sign the APK with signature scheme v1.
fn match_v1_signature_file(name: &str) -> bool {
let l = name.len();
(name == "META-INF/MANIFEST.MF")
|| (l >= 13 && &name[..9] == "META-INF/" && &name[l - 3..] == ".SF")
|| (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".DSA")
|| (l >= 14 && &name[..9] == "META-INF/" && &name[l - 4..] == ".RSA")
|| (l >= 14 && &name[..13] == "META-INF/SIG-")
}