shroudedcode / apk-mitm Goto Github PK
View Code? Open in Web Editor NEW๐ค A CLI application that automatically prepares Android APK files for HTTPS inspection
Home Page: https://npm.im/apk-mitm
License: MIT License
๐ค A CLI application that automatically prepares Android APK files for HTTPS inspection
Home Page: https://npm.im/apk-mitm
License: MIT License
Used this apk https://apkpure.com/fr/starbucks-france/com.starbucks.fr/download?from=details (version 2.0.7)
with latest version of apk-mitm
Error: Command failed with exit code 1: java -jar /Users/jeremie/.npm/_npx/29950/lib/node_modules/apk-mitm/jar/apktool.jar build /private/var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/591646000946a41ea7940be58e0284a7/decode --output /private/var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/591646000946a41ea7940be58e0284a7/tmp.apk
W: /private/var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/591646000946a41ea7940be58e0284a7/decode/res/values/xmls.xml:4: error: Resource entry network_security_config is already defined.
W: res/xml/network_security_config.xml:0: Originally defined here.
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/brut_util_Jar_15094341727105803434.tmp, p, --forced-package-id, 127, --min-sdk-version, 19, --target-sdk-version, 28, --version-code, 1267, --version-name, 2.0.7, --no-version-vectors, -F, /var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/APKTOOL6502468308795034810.tmp, -e, /var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/APKTOOL1751451533765204483.tmp, -0, arsc, -I, /Users/jeremie/Library/apktool/framework/1.apk, -S, /private/var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/591646000946a41ea7940be58e0284a7/decode/res, -M, /private/var/folders/m1/_v6rkfw9115byzhb4nfk2vzr0000gn/T/591646000946a41ea7940be58e0284a7/decode/AndroidManifest.xml]
Hi,
Today I patched an APK which also has unsecured (HTTP) endpoints, and after patching the APK those API calls would be blocked by Android with ERR_CLEARTEXT_NOT_PERMITTED
.
The fix was to run the script with --wait
and add <base-config cleartextTrafficPermitted="true" />
to network-security-config.xml
before rebuilding the APK. Could it be done automatically if the original AndroidManifest.xml
enables cleartext traffic through the usesCleartextTraffic
attribute?
I'm new to all of this and have no experience with Android development so not sure what else should be considered.
Thanks!
Hey! Appreciate all your hard work making this tool. Just a quick question regarding an issue I am experiencing. I've tried a few different apks and always hang on "disabling certificate pinning". The process never completes. I am wondering whether it is just the particular apks, or something on my end.
Thanks very much.
Hello,
First, thanks for your tool! I've an error whenI try to patch an APK :
npx apk-mitm test.apk --apktool apktool_2.3.0.jar
โญ apk-mitm v0.6.1
โ apktool custom version
โฐ uber-apk-signer v1.1.0
Using temporary directory:
/tmp/74eccfd812ae579e107cc604ac214bb9
โ Decoding APK file
โ Modifying app manifest
โ Modifying network security config
โ Disabling certificate pinning
โ Encoding patched APK file
โ ด Signing patched APK file
(node:1126) UnhandledPromiseRejectionWarning: Error: Command failed with exit code 1: java -jar /usr/lib/node_modules/apk-mitm/jar/uber-apk-signer.jar --allowResign --overwrite --apks /tmp/74eccfd812ae579e107cc604ac214bb9/tmp.apk
at makeError (/usr/lib/node_modules/apk-mitm/node_modules/execa/lib/error.js:56:11)
at handlePromise (/usr/lib/node_modules/apk-mitm/node_modules/execa/index.js:114:26)
I tried with others version of apktool. With 2.3.2 and above I've this error:
npx apk-mitm test.apk --apktool apktool_2.3.3.jar
โญ apk-mitm v0.6.1
โ apktool custom version
โฐ uber-apk-signer v1.1.0
Using temporary directory:
/tmp/2f2fba23aedf204118557b72e45c0d1a
โ Decoding APK file
โ Modifying app manifest
โ Modifying network security config
โ Disabling certificate pinning
โฏ Encoding patched APK file
โ Encoding using AAPT2 [skipped]
โ Failed, falling back to AAPT...
โ Encoding using AAPT [fallback]
โ Command failed with exit code 1: java -jar apktool_2.3.3.jar build /tmp/2f2fba23aedf204118557b72e45c0d1a/decode --output /tmp/2f2fba23aedf204118557b72e45c0d
โฆ
Signing patched APK file
Failed! An error occurred:
Error: Command failed with exit code 1: java -jar apktool_2.3.3.jar build /tmp/2f2fba23aedf204118557b72e45c0d1a/decode --output /tmp/2f2fba23aedf204118557b72e45c0d1a/tmp.apk
Do you have an idea?
Thanks
So This App Actually Has Certificate Pinning But When You Run it Through APK-MITM it says no certificate Pinning Method Found
When You Try to Debug the App It Sends Requests to An APi on port 433
https://www.sendspace.com/file/q3v2c2
This is "work in progress"
I have the feeling that something in the patching process has gone wrong.
It is an XAPK split file into 3 and the result of the patch process is a few mb smaller compared to the original.
Basically the error is the same as CandyCrush "uses its own CA list".
Within com.zipow.cmmlib.AppUtil ( AppUtil.smali) there is getCertificateFingerprintMD5 which compares the md5 hash signature of the package with a stored value in split_config.arm64_v8a.apk/lib/arm64-v8a libzLoader.so .
Evil function
com.zipow.cmmlib.AppUtil
public static String getCertificateFingerprintMD5() {
Signature[] signatures = ZMUtils.getSignatures(VideoBoxApplication.getNonNullInstance());
return (signatures == null || signatures.length == 0 || signatures[0] == null) ? "" : StringUtil.safeString(ZMUtils.hexDigest(signatures[0].toByteArray(), MessageDigestAlgorithms.MD5)).toLowerCase();
}
libzWebService.so includes the sha256 hashes of trustworthy public keys
The Java function isIssuedByKnownRoot (us.zoom.net.AndroidCertVerifyResult)
checks for root cas that are legimate cert pinning ca's
I am not sure how well apk-mitm deals with binary shared objects.
@FahmiRR is getting the following error (issue split off from this comment):
โญ apk-mitm v0.8.0
โ apktool v2.4.1
โฐ uber-apk-signer v1.1.0
Using temporary directory:
C:\Users\FAHMI~1.RIZ\AppData\Local\Temp\831d017b5c621c8337f5b653ea760fc1
โ Downloading tools
ร Decoding APK file
โ I: Copying unknown files...
Modifying app manifest
Modifying network security config
Disabling certificate pinning
Encoding patched APK file
Signing patched APK file
Failed! An error occurred:
I: Using Apktool 2.4.1 on gojek.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\FAHMI~1.RIZ\AppData\Local\Temp\831d017b5c621c8337f5b653ea760fc1\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
[ --- 38 more lines like this --- ]
I: Baksmaling classes40.dex...
I: Copying assets and libs...
I: Copying unknown files...
Exception in thread "main" brut.androlib.AndrolibException: brut.directory.DirectoryException: Error copying file: aux.xml
at brut.androlib.Androlib.decodeUnknownFiles(Androlib.java:214)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:180)
at brut.apktool.Main.cmdDecode(Main.java:170)
at brut.apktool.Main.main(Main.java:76)
Caused by: brut.directory.DirectoryException: Error copying file: aux.xml
at brut.directory.DirUtil.copyToDir(DirUtil.java:91)
at brut.directory.AbstractDirectory.copyToDir(AbstractDirectory.java:208)
at brut.androlib.Androlib.decodeUnknownFiles(Androlib.java:207)
... 3 more
Caused by: java.io.FileNotFoundException: C:\Users\FAHMI~1.RIZ\AppData\Local\Temp\831d017b5c621c8337f5b653ea760fc1\decode\unknown\aux (The system cannot find the file specified)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(Unknown Source)
at java.io.FileOutputStream.<init>(Unknown Source)
at java.io.FileOutputStream.<init>(Unknown Source)
at brut.directory.DirUtil.copyToDir(DirUtil.java:87)
... 5 more
I'm trying to run the apt-mitm but i'm getting this error on Disabling certificate pinning step:
TypeError: applicablePatches.flatMap is not a function at Object.processSmaliFile [as default] (/usr/local/lib/node_modules/apk-mitm/dist/tasks/smali/process-file.js:26:49)
Hi,
First of all thanks for the work done, I have the following problem, could you please tell me what it could be?
I copy this from the directory (The full logs of all commands are available here)
I: Using Apktool 2.5.0 on com.someone.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\Username~1\AppData\Local\Temp\apk-mitm-bfe4ff5a1e08401512e8dbdf0609e3cf\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
Exception in thread "main" brut.androlib.AndrolibException: brut.directory.DirectoryException: Error copying file: ? .xml
at brut.androlib.Androlib.decodeUnknownFiles(Androlib.java:216)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:180)
at brut.apktool.Main.cmdDecode(Main.java:179)
at brut.apktool.Main.main(Main.java:82)
Caused by: brut.directory.DirectoryException: Error copying file: ? .xml
at brut.directory.DirUtil.copyToDir(DirUtil.java:91)
at brut.directory.AbstractDirectory.copyToDir(AbstractDirectory.java:208)
at brut.androlib.Androlib.decodeUnknownFiles(Androlib.java:209)
... 3 more
Caused by: java.io.IOException: The filename, directory name, or volume label syntax is incorrect
at java.io.WinNTFileSystem.canonicalize0(Native Method)
at java.io.WinNTFileSystem.canonicalize(Unknown Source)
at java.io.File.getCanonicalPath(Unknown Source)
at brut.util.BrutIO.sanitizeUnknownFile(BrutIO.java:90)
at brut.directory.DirUtil.copyToDir(DirUtil.java:84)
... 5 more
โ Checking prerequisities
โ Decoding APK file
โ Applying patches
> Encoding patched APK file
โ Encoding using AAPT2 [skipped]
โ Failed, falling back to AAPT...
ร Encoding using AAPT [fallback]
โ I: Building resources...
Signing patched APK file
Failed! An error occurred:
I: Using Apktool 2.5.0
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
W: C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\res\values\animators.xml:3: error: Found tag animator where item is expected
W:
W: C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\res\values\anims.xml:3: error: Found tag anim where item is expected
W:
W: C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\res\values\ids.xml:9091: error: Found tag id where item is expected
W:
W: C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\res\values\layouts.xml:3791: error: Found tag layout where item is expected
W:
W: C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\res\values\styles.xml:3782: error: Resource entry InThreadComposerTextArea already has bag item android:textColorHint.
W: C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\res\values\styles.xml:3781: Originally defined here.
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [C:\Users\Udhaya\AppData\Local\Temp\brut_util_Jar_24173194710588018797807579936311536666.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 30, --version-code, 289692181, --version-name, 187.0.0.32.120, --no-version-vectors, -F, C:\Users\Udhaya\AppData\Local\Temp\APKTOOL4306874752780290107.tmp, -e, C:\Users\Udhaya\AppData\Local\Temp\APKTOOL8861453930364176705.tmp, -0, arsc, -I, C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\framework\1.apk, -S, C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\res, -M, C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\decode\AndroidManifest.xml]
The full logs of all commands are available here:
C:\Users\Udhaya\AppData\Local\Temp\apk-mitm-5875c039835a01dd9b0b18b091a8b768\logs
First of all - Thank you for this amazing tool! It works flawlessly on two apps I already tried.
The third one runs into an issue. Would you be able to help here / point me into the right direction (looking into issues in the apk tool library you built this tool on) ?
Log1:
I: Using Apktool 2.5.0
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Building resources...
W: C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\res\drawable-nodpi\placeholder.png: error: failed to read PNG signature: file does not start with PNG signature.
W: C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\res\drawable-nodpi\placeholder.png: error: file failed to compile.
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [C:\Users\\AppData\Local\Temp\brut_util_Jar_12710325543597105796928253852732964286.tmp, compile, --dir, C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\res, --legacy, -o, C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\build\resources.zip]
Log2:
I: Using Apktool 2.5.0
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
W: libpng error: Not a PNG file
W: ERROR: Failure processing PNG image C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\res\drawable-nodpi\placeholder.png
W: C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\res\values\styles.xml:318: error: Resource entry AppTheme already has bag item colorPrimary.
W: C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\res\values\styles.xml:317: Originally defined here.
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [C:\Users\\AppData\Local\Temp\brut_util_Jar_2081721367269981148661765789156865749.tmp, p, --forced-package-id, 127, --min-sdk-version, 23, --target-sdk-version, 30, --version-code, 113, --version-name, 11.3, --no-version-vectors, -F, C:\Users\\AppData\Local\Temp\APKTOOL8040330427725333163.tmp, -e, C:\Users\\AppData\Local\Temp\APKTOOL5450990596732677343.tmp, -0, arsc, -I, C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\framework\1.apk, -S, C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\res, -M, C:\Users\\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\decode\AndroidManifest.xml]
Log3:
I: Using Apktool 2.5.0 on _11_3.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\AppData\Local\Temp\apk-mitm-e0aca39ecedcc4a02dfbff425e785cac\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...
W: Cant find 9patch chunk in file: "drawable-xhdpi-v4/com_facebook_tooltip_blue_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-mdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-mdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-mdpi-v4/com_facebook_tooltip_black_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-mdpi-v4/common_google_signin_btn_text_light_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-hdpi-v4/common_google_signin_btn_text_light_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xhdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xxhdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xxhdpi-v4/common_google_signin_btn_text_light_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xhdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xxhdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-mdpi-v4/com_facebook_tooltip_blue_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xxhdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-hdpi-v4/com_facebook_tooltip_black_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-hdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xhdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-hdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-hdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-mdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-hdpi-v4/com_facebook_tooltip_blue_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xhdpi-v4/com_facebook_tooltip_black_background.9.png". Renaming it to *.png.
W: Cant find 9patch chunk in file: "drawable-xhdpi-v4/common_google_signin_btn_text_light_normal_background.9.png". Renaming it to *.png.
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
I: Copying META-INF/services directory
i'm using "npx apk-mitm" commond . and installed apk-mitm from npm. it should be the latest release ,i think.
I try to use apk-mitm to repack Tiktok Apk . but failed.
Test machine:
Ubuntu server 18.04
JAVA:
openjdk version "1.8.0_275"
OpenJDK Runtime Environment (build 1.8.0_275-8u275-b01-0ubuntu1~18.04-b01)
OpenJDK 64-Bit Server VM (build 25.275-b01, mixed mode)
Nodejs:
v10.23.0 with npm 6.14.8
I attached the logs and the apk ( please change the extension name) for your reference .
Thank you in advance .
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z01.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z02.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z03.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z04.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z05.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z06.zipt
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z07.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z08.zip
aweme_douyin-huidu-gw-control-1014_v1015_140101_176a_1608723172.z09.zip
Hi,
Thanks for the tool, I am trying to use it but I got the following error:
java.lang.VerifyError: Verifier rejected class redacted_name:java.security.cert.X509Certificate[] package.name.of.class$subclass.getAcceptedIssuers() failed to verify java.security.cert.X509Certificate return-void not expected.
Is there anything I can do?
โ Decoding APK file
โ Modifying app manifest
โ Modifying network security config
โ Disabling certificate pinning
โฏ Encoding patched APK file
โ Encoding using AAPT2 [skipped]
โ Failed, falling back to AAPT...
โ Encoding using AAPT [fallback]
โ I: Building resources...
Signing patched APK file
Failed! An error occurred:
Error: Command failed with exit code 1: java -jar /home/provious/.npm/_npx/30859/lib/node_modules/apk-mitm/jar/apktool.jar build /tmp/77eca03adabb59c0655d6505b9e08d30/decode --output /tmp/77eca03adabb59c0655d6505b9e08d30/tmp.apk
W: /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml:2: error: No resource identifier found for attribute 'compileSdkVersion' in package 'android'
W:
W: /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml:2: error: No resource identifier found for attribute 'compileSdkVersionCodename' in package 'android'
W:
W: /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml:14: error: No resource identifier found for attribute 'appComponentFactory' in package 'android'
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_16292214656890575585.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 28, --version-code, 1487, --version-name, 5.7, --no-version-vectors, -F, /tmp/APKTOOL10364285201621465561.tmp, -e, /tmp/APKTOOL5984856679963748565.tmp, -0, arsc, -I, /home/provious/.local/share/apktool/framework/1.apk, -S, /tmp/77eca03adabb59c0655d6505b9e08d30/decode/res, -M, /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml]
I: Using Apktool 2.4.1
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
W: /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml:2: error: No resource identifier found for attribute 'compileSdkVersion' in package 'android'
W:
W: /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml:2: error: No resource identifier found for attribute 'compileSdkVersionCodename' in package 'android'
W:
W: /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml:14: error: No resource identifier found for attribute 'appComponentFactory' in package 'android'
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_16292214656890575585.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 28, --version-code, 1487, --version-name, 5.7, --no-version-vectors, -F, /tmp/APKTOOL10364285201621465561.tmp, -e, /tmp/APKTOOL5984856679963748565.tmp, -0, arsc, -I, /home/provious/.local/share/apktool/framework/1.apk, -S, /tmp/77eca03adabb59c0655d6505b9e08d30/decode/res, -M, /tmp/77eca03adabb59c0655d6505b9e08d30/decode/AndroidManifest.xml]
Getting the following Issue .The App is supplied via a .xapk extension
โญ apk-mitm v0.7.1
โ apktool v2.4.1
โฐ uber-apk-signer v1.1.0
Using temporary directory:
/tmp/6c4b6d953f036593bf5f9ab677558088
โ Extracting APKs
โ Finding base APK path
โฏ Patching base APK
โ Downloading tools
โ Decoding APK file
โ Modifying app manifest
โ Modifying network security config
โ Disabling certificate pinning
โฏ Encoding patched APK file
โ Encoding using AAPT2 [skipped]
โ Failed, falling back to AAPT...
โ Encoding using AAPT [fallback]
โ I: Building resources...
Signing patched APK file
Signing APKs
Compressing APKs
Failed! An error occurred:
Error: Command failed with exit code 1: java -jar /root/.cache/apk-mitm/apktool-v2.4.1.jar build /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode --output /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/tmp.apk --frame-path /tmp/6c4b6d953f036593bf5f9ab677558088/framework
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
W: /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/AndroidManifest.xml:62: Tag <uses-permission> attribute name has invalid character '-'.
W: /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/AndroidManifest.xml:63: Tag <uses-permission> attribute name has invalid character '-'.
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_485912746666702922.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 29, --version-code, 6013, --version-name, 6.0.13, --no-version-vectors, -F, /tmp/APKTOOL14002601331462194736.tmp, -e, /tmp/APKTOOL12807168895037400079.tmp, -0, arsc, -I, /tmp/6c4b6d953f036593bf5f9ab677558088/framework/1.apk, -S, /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/res, -M, /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/AndroidManifest.xml]
I: Using Apktool 2.4.1
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
W: /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/AndroidManifest.xml:62: Tag <uses-permission> attribute name has invalid character '-'.
W: /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/AndroidManifest.xml:63: Tag <uses-permission> attribute name has invalid character '-'.
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_485912746666702922.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 29, --version-code, 6013, --version-name, 6.0.13, --no-version-vectors, -F, /tmp/APKTOOL14002601331462194736.tmp, -e, /tmp/APKTOOL12807168895037400079.tmp, -0, arsc, -I, /tmp/6c4b6d953f036593bf5f9ab677558088/framework/1.apk, -S, /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/res, -M, /tmp/6c4b6d953f036593bf5f9ab677558088/base-apk/decode/AndroidManifest.xml]
How can I export log/debug that? So far I identified in logcat:
Root cause (1 of 1)
javax.net.ssl.SSLPeerUnverifiedException: Hostname foo.com not verified:
certificate: sha256/[...]
DN: CN=foo.com,OU=UNTRUSTED SandroProxy,O=UNTRUSTED SandroProxy
subjectAltNames: []
at okhttp3.internal.connection.RealConnection.b(SourceFile:22)
at okhttp3.internal.connection.RealConnection.f(SourceFile:9)
at okhttp3.internal.connection.RealConnection.connect(SourceFile:15)
at okhttp3.internal.connection.ExchangeFinder.c(SourceFile:32)
at okhttp3.internal.connection.ExchangeFinder.d(SourceFile:1)
at okhttp3.internal.connection.ExchangeFinder.b(SourceFile:6)
at okhttp3.internal.connection.Transmitter.e(SourceFile:5)
at okhttp3.internal.connection.ConnectInterceptor.intercept(SourceFile:5)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:10)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:1)
at okhttp3.internal.cache.CacheInterceptor.intercept(SourceFile:22)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:10)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:1)
at okhttp3.internal.http.BridgeInterceptor.intercept(SourceFile:22)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:10)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(SourceFile:6)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:10)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:1)
at com.myapp.base.network.interceptor.ImageProfilingNetworkInterceptor.intercept(SourceFile:5)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:10)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:1)
at com.myapp.base.network.interceptor.ImageCacheInterceptor.intercept(SourceFile:3)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:10)
at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:1)
at okhttp3.RealCall.e(SourceFile:13)
at okhttp3.RealCall$AsyncCall.execute(SourceFile:2)
at okhttp3.internal.NamedRunnable.run(SourceFile:3)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
Originally posted by @anilatx in #23 (comment)
First i will upload the apk
https://www.virustotal.com/gui/file/d2fd0492c673dba01efd106a246ec8486ada85b23b7705d24e069ee910b33c44/detection
and the link
https://mega.nz/file/hogAza4R#pbbfGAKIlkzjwRDKcS8qKQzK8bXMTtAvjoZI05rW8tE
Hello, so i basically found this for be able to see HTTPS traffic in android 7.0 and above.
Im using a Pocophone f1 with custom pixel rom. full rooted .
I downloaded and run the command.
npx apk-mitm test.apk
โญ apk-mitm v0.8.0
โ apktool v2.4.1
โฐ uber-apk-signer v1.1.0
Using temporary directory:
C:\Users\LOCALH~1\AppData\Local\Temp\73f987887a918a71caaa00af34688d5b
โ Downloading tools
โ Decoding APK file
โ Modifying app manifest
โ Modifying network security config
โ Disabling certificate pinning [skipped]
โ No certificate pinning logic found.
โ Encoding patched APK file
โ Signing patched APK file
Done! Patched file: ./test-patched.apk
after this i installed the patched apk via adb
adb install Tribal-patched.apk
Performing Streamed Install
Success
But when running and trying to debugging HTTPS traffic im getting.
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
The app needs to have certificate pinning cause witouth any mitm it works good(im using charles if that matters)
Do you have any insights on how to fix this issue?
I tried using your program under a x64 Arch installation and on a raspberry pi (both times using openjdk 11). The error report below is from the raspberry pi. The apk was the latest tiktok apk. I'd be very grateful if you could help me solve this error.
โ ~ npx apk-mitm android.apk
npx: installed 139 in 20.205s
โญ apk-mitm v0.6.2
โ apktool v2.4.1
โฐ uber-apk-signer v1.1.0
Using temporary directory:
/tmp/7aef2cab1cc5ca0794c0f29396515b6c
โ Decoding APK file
โ Modifying app manifest
โ Modifying network security config
โ Disabling certificate pinning
โฏ Encoding patched APK file
โ Encoding using AAPT2 [skipped]
โ Failed, falling back to AAPT...
โ Encoding using AAPT [fallback]
โ Command failed with exit code 1: java -jar /home/pi/.npm/_npx/18012/lib/node_modules/a
โฆ
Signing patched APK file
Failed! An error occurred:
Error: Command failed with exit code 1: java -jar /home/pi/.npm/_npx/18012/lib/node_modules/apk-mitm/jar/apktool.jar build /tmp/7aef2cab1cc5ca0794c0f29396515b6c/decode --output /tmp/7aef2cab1cc5ca0794c0f29396515b6c/tmp.apk
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 2): [/tmp/brut_util_Jar_11860541976089287700.tmp, p, --forced-package-id, 127, --min-sdk-version, 16, --target-sdk-version, 28, --version-code, 2021407050, --version-name, 14.7.5, --no-version-vectors, -F, /tmp/APKTOOL15023095336353795217.tmp, -e, /tmp/APKTOOL8221647891385303484.tmp, -0, arsc, -I, /home/pi/.local/share/apktool/framework/1.apk, -S, /tmp/7aef2cab1cc5ca0794c0f29396515b6c/decode/res, -M, /tmp/7aef2cab1cc5ca0794c0f29396515b6c/decode/AndroidManifest.xml]
W: /tmp/brut_util_Jar_11860541976089287700.tmp: 2: /tmp/brut_util_Jar_11860541976089287700.tmp: Syntax error: "(" unexpected
First of all, this is a really excellent tool you've built and I want to say thank you.
Feature request:
It's not always obvious that an app uses Google Maps without first using the app. This leads to some repeated work:
--wait
optionIt would be great if there was a way to pass a Google Maps API key as a CLI option and automatically replace the Google Maps API key in AndroidManifest.xml
with this key (if it exists).
Hi,
This maybe will be a newbie mistake as this is my first time using node.js and tried to follow some instruction that required me to modify my apk
I already had Node.js version 12+ and Java 8+ installed and I have been trying to modify my 'gojek.apk'
D:\my\directory\to\apk>npx apk-mitm gojek.apk
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/@tybys%2fcross-zip - Not found
npm ERR! 404
npm ERR! 404 '@tybys/cross-zip@^3.0.4' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of 'apk-mitm'
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\fahmi.rizaldi\AppData\Roaming\npm-cache\_logs\2020-08-06T08_58_33_260Z-debug.log
Install for [ 'apk-mitm@latest' ] failed with code 1
Is there anything I did incorrectly?
Thanks
I ran your script with https://apkpure.com/de/vimeo/com.vimeo.android.videoapp/download?from=details
and installed the patched apk on my phone.
Connecting to Akamai as CDN for the videos was intercepted but the api.vimeo.com which is used for login and other related functions still failed with a shady error , which roughly translates to "we don't know what went wrong".
Connecting without SSL MITM worked fine.
Please take a look at different result on Windows with same apk file.
There are two issues with current apk-mitm running in Windows.
const smaliFiles = await globby(path.join(directoryPath, 'smali*/**/*.smali'))
METHOD_PATTERNS
is derived from regex which matches Linux's new line character LF
but if you decode an apk on Windows, it will have CRLF
as new line character so the regex won't be able to find the match of method signatures.Originally posted by @amsharma44 in APKLab/APKLab#37 (comment)
This game: https://m.apkpure.com/vn/dragon-city/es.socialpoint.DragonCity
Patched by apk-mitm but still can't capture any packet from this game.
When I try to use your tool for tiktok it says that :
โ Disabling certificate pinning [skipped]
โ No certificate pinning logic found.
> Encoding patched APK file
โ Encoding using AAPT2 [skipped]
โ Failed, falling back to AAPT...
ร Encoding using AAPT [fallback]
โ I: Building resources...
Signing patched APK file
Failed! An error occurred:
Error: Command failed with exit code 1: java -jar C:\Users\axel\AppData\Roaming\npm\node_modules\apk-mitm\jar\apktool.jar build C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode --output C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\tmp.apk
W: C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\res\values-v21\styles.xml:269: error: Resource entry jb already has bag item android:windowContentTransitions.
W: C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\res\values-v21\styles.xml:268: Originally defined here.
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [C:\Users\axel\AppData\Local\Temp\brut_util_Jar_186089372504418090.tmp, p, --forced-package-id, 127, --min-sdk-version, 16, --target-sdk-version, 28, --version-code, 2021505420, --version-name, 15.5.42, --no-version-vectors, -F, C:\Users\axel\AppData\Local\Temp\APKTOOL24414687017095161.tmp, -e, C:\Users\axel\AppData\Local\Temp\APKTOOL1542037057808252243.tmp, -0, arsc, -I, C:\Users\axel\AppData\Local\apktool\framework\1.apk, -S, C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\res, -M, C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\AndroidManifest.xml]
I: Using Apktool 2.4.1
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
W: C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\res\values-v21\styles.xml:269: error: Resource entry jb already has bag item android:windowContentTransitions.
W: C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\res\values-v21\styles.xml:268: Originally defined here.
W:
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [C:\Users\axel\AppData\Local\Temp\brut_util_Jar_186089372504418090.tmp, p, --forced-package-id, 127, --min-sdk-version, 16, --target-sdk-version, 28, --version-code, 2021505420, --version-name, 15.5.42, --no-version-vectors, -F, C:\Users\axel\AppData\Local\Temp\APKTOOL24414687017095161.tmp, -e, C:\Users\axel\AppData\Local\Temp\APKTOOL1542037057808252243.tmp, -0, arsc, -I, C:\Users\axel\AppData\Local\apktool\framework\1.apk, -S, C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\res, -M, C:\Users\axel\AppData\Local\Temp\9dfa59c4aa7e8d231e346c4464da0cba\decode\AndroidManifest.xml]
Hello,
Could support be added to check for environment variables for a proxy server? I'm in an environment that requires the use of a proxy server.
Thanks
I'm not sure if you are aware.
There is a tool https://github.com/sensepost/objection. It does similar patching and support both apk and ipa. It's written on a different language (python) but has more functions (frida integration etc).
So I was wondering, why don't you push your hard work to them and create a single place for all mitm tricks?
For some reason some APKS give this error, all I know is that the APK has some kind of obfuscation. IDK if this can be bypassed.
@edit i will try to fork and bypass it later.
vitor@vitor:~/bugbounty/projects/toketiko$ sudo apk-mitm TikTok\ Lite_v18.0.3_apkpure.com.apk
โญ apk-mitm v0.12.0
โ apktool v2.5.0
โฐ uber-apk-signer v1.2.1
Using temporary directory:
/tmp/apk-mitm-2a8ca65845dd7e990dda2c7babdafe45
โ Downloading tools
โ Decoding APK file
โ I: Loading resource table...
Applying patches
Encoding patched APK file
Signing patched APK file
Failed! An error occurred:
I: Using Apktool 2.5.0 on TikTok Lite_v18.0.3_apkpure.com.apk
I: Loading resource table...
Exception in thread "main" brut.androlib.AndrolibException: Invalid chunk type: expected=0x00000200, got=0x00000203
at brut.androlib.res.decoder.ARSCDecoder.checkChunkType(ARSCDecoder.java:544)
at brut.androlib.res.decoder.ARSCDecoder.readTablePackage(ARSCDecoder.java:88)
at brut.androlib.res.decoder.ARSCDecoder.readTableHeader(ARSCDecoder.java:82)
at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:48)
at brut.androlib.res.AndrolibResources.getResPackagesFromApk(AndrolibResources.java:790)
at brut.androlib.res.AndrolibResources.loadMainPkg(AndrolibResources.java:67)
at brut.androlib.res.AndrolibResources.getResTable(AndrolibResources.java:59)
at brut.androlib.Androlib.getResTable(Androlib.java:66)
at brut.androlib.ApkDecoder.setTargetSdkVersion(ApkDecoder.java:236)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:118)
at brut.apktool.Main.cmdDecode(Main.java:179)
at brut.apktool.Main.main(Main.java:82)
Since it uses nodejs and node is available on termux pleasee make apk-mitm work on termux
$ time npx apk-mitm com.app.apk
npx: installed 126 in 7.604sโญ apk-mitm v0.8.1
โ apktool v2.4.1
โฐ uber-apk-signer v1.1.0Using temporary directory:
/tmp/0f0f18ca6cfc48d6408bf653a3d7f380โ Downloading tools
โ Decoding APK file
โ Modifying app manifest
โ Modifying network security config
โ Disabling certificate pinning
โฏ Encoding patched APK file
โ Encoding using AAPT2 [skipped]
โ Failed, falling back to AAPT...
โ Encoding using AAPT [fallback]
โ I: Building resources...
Signing patched APK fileFailed! An error occurred:
I: Using Apktool 2.4.1
I: Checking whether sources has changed...
[..]
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
W: invalid resource directory name: <tmp_dir>/decode/res navigation
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_7304193504753124805.tmp, p, --forced-package-id, 127, --min-sdk-version, 23, --target-sdk-version, 28, --version-code, 11210064, --version-name, 11.21.0, --no-version-vectors, -F, /tmp/APKTOOL785641988018945239.tmp, -e, /tmp/APKTOOL5119916685202249141.tmp, -0, arsc, -I, <tmp_dir>/framework/1.apk, -S, <tmp_dir>/decode/res, -M, <tmp_dir>/decode/AndroidManifest.xml]
I checked and aapt2 fails on invalid references and names that include '$', but following solves it:
apktool --use-aapt2 --no-res
Could apk-mitm use no-res, or does it need patching resources?
Using the same app I got patched from the previous issue I'm facing this error
I'm using a rooted Oneplus one with android 9
adb install Uber_v4.279.10002_apkpure.com-patched.apk
Performing Streamed Install
adb: failed to install Uber_v4.279.10002_apkpure.com-patched.apk: Failure [INSTALL_FAILED_NO_MATCHING_ABIS: Failed to extract native libraries, res=-113]
I get the following errors when I try to patch the latest tiktok:
npx apk-mitm tiktok-10-0-4.apk
npx: installed 139 in 7.834s
โญ apk-mitm v0.6.2
โ apktool v2.4.1
โฐ uber-apk-signer v1.1.0
Using temporary directory:
C:\cygwin\tmp\99c476153a366865c82410ec6e6432aa
[12:41:37] Decoding APK file [started]
[12:41:37] โ Using Apktool 2.4.1 on tiktok-10-0-4.apk
[12:41:37] โ Loading resource table...
[12:41:39] Decoding APK file [failed]
[12:41:39] โ Command failed with exit code 1: java -jar C:\Users\User\AppData\Roaming\npm-cache\_npx\30608\node_modules\apk-mitm\jar\apktool.jar decode C:\cygwin\home\User\node\tiktok\apk\tiktok-10-0-4.apk --output C:\cygwin\tmp\99c476153a366865c82410ec6e6432aa\decode
Failed! An error occurred:
Error: Command failed with exit code 1: java -jar C:\Users\User\AppData\Roaming\npm-cache\_npx\30608\node_modules\apk-mitm\jar\apktool.jar decode C:\cygwin\home\User\node\tiktok\apk\tiktok-10-0-4.apk --output C:\cygwin\tmp\99c476153a366865c82410ec6e6432aa\decode
Exception in thread "main" brut.androlib.AndrolibException: Invalid chunk type: expected=0x00000200, got=0x00000203
at brut.androlib.res.decoder.ARSCDecoder.checkChunkType(ARSCDecoder.java:542)
at brut.androlib.res.decoder.ARSCDecoder.readTablePackage(ARSCDecoder.java:88)
at brut.androlib.res.decoder.ARSCDecoder.readTableHeader(ARSCDecoder.java:82)
at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:48)
at brut.androlib.res.AndrolibResources.getResPackagesFromApk(AndrolibResources.java:786)
at brut.androlib.res.AndrolibResources.loadMainPkg(AndrolibResources.java:67)
at brut.androlib.res.AndrolibResources.getResTable(AndrolibResources.java:59)
at brut.androlib.Androlib.getResTable(Androlib.java:66)
at brut.androlib.ApkDecoder.setTargetSdkVersion(ApkDecoder.java:236)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:118)
at brut.apktool.Main.cmdDecode(Main.java:170)
at brut.apktool.Main.main(Main.java:76)
To install proxy cas devices are rooted.
Banking apps and other apps try to detect if they run on a rooted device and either open nag screens or do not work at all. Maybe that could be something to make analysis easier.
Here some logs
Failed! An error occurred:
Error: Command failed: java -jar C:\Users\Mastercho\AppData\Roaming\npm\node_modules\apk-mitm\jar\apktool.jar build C:\Users\MASTER~1\AppData\Local\Temp\0034fb560faa867748c450aa2405ed3e\decode --output C:\Users\MASTER~1\AppData\Local\Temp\0034fb560faa867748c450aa2405ed3e\unsigned.apk --use-aapt2
W: C:\Users\MASTER~1\AppData\Local\Temp\0034fb560faa867748c450aa2405ed3e\decode\res\values\layouts.xml:3: error: invalid value for type 'layout'. Expected a reference.
Can be something wrong with java? Java version is 8u231
Sometimes i have applications that are shipped by the device vendor as system applications that do pinning but have no apk available.
you can adb pull the system-apps but you end up with an oat folder having a vdex and an odex file for every system application.
How do we streamline the process of pulling and patching these files and install them back on the device without wiping their user data?
โญ apk-mitm v0.11.1
โ apktool v2.5.0
โฐ uber-apk-signer v1.2.1
Using temporary directory:
/tmp/apk-mitm-de00bd5101216addae0234f5e2d63d22
โ Downloading tools
โ Decoding APK file
โฏ Applying patches
โ Modifying app manifest
โ Replacing network security config
โ Disabling certificate pinning
โ contents.matchAll is not a function
Encoding patched APK file
Signing patched APK file
Failed! An error occurred:
TypeError: contents.matchAll is not a function
at Object.parseSmaliHead [as default] (/usr/local/lib/node_modules/apk-mitm/dist/tasks/smali/parse-head.js:14:41)
at Object.processSmaliFile [as default] (/usr/local/lib/node_modules/apk-mitm/dist/tasks/smali/process-file.js:20:43)
The full logs of all commands are available here:
/tmp/apk-mitm-de00bd5101216addae0234f5e2d63d22/logs
I am using this command:
npx apk-mitm app-release.apk
Error logs are below:
Error: Command failed: java -jar /usr/local/lib/node_modules/apk-mitm/jar/apktool.jar build /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode --output /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/unsigned.apk --use-aapt2
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/layouts.xml:3: error: invalid value for type 'layout'. Expected a reference.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6060: error: resource 'drawable/$avd_hide_password__0' has invalid entry name '$avd_hide_password__0'. Invalid character '$avd_hide_password__0'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6061: error: resource 'drawable/$avd_hide_password__1' has invalid entry name '$avd_hide_password__1'. Invalid character '$avd_hide_password__1'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6062: error: resource 'drawable/$avd_hide_password__2' has invalid entry name '$avd_hide_password__2'. Invalid character '$avd_hide_password__2'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6063: error: resource 'drawable/$avd_show_password__0' has invalid entry name '$avd_show_password__0'. Invalid character '$avd_show_password__0'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6064: error: resource 'drawable/$avd_show_password__1' has invalid entry name '$avd_show_password__1'. Invalid character '$avd_show_password__1'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6065: error: resource 'drawable/$avd_show_password__2' has invalid entry name '$avd_show_password__2'. Invalid character '$avd_show_password__2'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6071: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__10__0' has invalid entry name '$$fingerprint_dialog_error_to_fp__10__0'. Invalid character '$$fingerprint_dialog_error_to_fp__10__0'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6072: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__10__1' has invalid entry name '$$fingerprint_dialog_error_to_fp__10__1'. Invalid character '$$fingerprint_dialog_error_to_fp__10__1'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6073: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__10__2' has invalid entry name '$$fingerprint_dialog_error_to_fp__10__2'. Invalid character '$$fingerprint_dialog_error_to_fp__10__2'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6074: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__10__3' has invalid entry name '$$fingerprint_dialog_error_to_fp__10__3'. Invalid character '$$fingerprint_dialog_error_to_fp__10__3'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6075: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__11__0' has invalid entry name '$$fingerprint_dialog_error_to_fp__11__0'. Invalid character '$$fingerprint_dialog_error_to_fp__11__0'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6076: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__11__1' has invalid entry name '$$fingerprint_dialog_error_to_fp__11__1'. Invalid character '$$fingerprint_dialog_error_to_fp__11__1'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6077: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__12__0' has invalid entry name '$$fingerprint_dialog_error_to_fp__12__0'. Invalid character '$$fingerprint_dialog_error_to_fp__12__0'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6078: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__12__1' has invalid entry name '$$fingerprint_dialog_error_to_fp__12__1'. Invalid character '$$fingerprint_dialog_error_to_fp__12__1'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6079: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__12__2' has invalid entry name '$$fingerprint_dialog_error_to_fp__12__2'. Invalid character '$$fingerprint_dialog_error_to_fp__12__2'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6080: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__12__3' has invalid entry name '$$fingerprint_dialog_error_to_fp__12__3'. Invalid character '$$fingerprint_dialog_error_to_fp__12__3'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6081: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__1__0' has invalid entry name '$$fingerprint_dialog_error_to_fp__1__0'. Invalid character '$$fingerprint_dialog_error_to_fp__1__0'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6082: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__1__1' has invalid entry name '$$fingerprint_dialog_error_to_fp__1__1'. Invalid character '$$fingerprint_dialog_error_to_fp__1__1'.
W: /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res/values/public.xml:6083: error: resource 'drawable/$$fingerprint_dialog_error_to_fp__2__0' has invalid entry name '$$fingerprint_dialog_error_to_fp__2__0'. Invalid character '$$fingerprint_dialog_error_to_fp__2__0'.
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/brut_util_Jar_3385594703786753249.tmp, compile, --dir, /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/res, --legacy, -o, /private/var/folders/1n/70zjlg_92y5dsf_rdgyr6hbh0000gn/T/d6fee2ca20bd6ff3d1ac54ceab1b4597/decode/build/resources.zip]
Is it Possible to Make an Option that let's me Choose what version of apktool to be used in the process, because when I try to patch an app it shows an error in the decompilation stage, it's using the apktool 2.4.* I think, but when I use my apktool 2.3 to decompile it works perfect
Hi,
When I am trying to run mitm, I am getting the following error. Any leads?
PS C:\WINDOWS\system32> apk-mitm C:\Users\Spartan\Desktop\ig\123.apk
โญ apk-mitm v1.0.0
โ apktool v2.5.0
โฐ uber-apk-signer v1.2.1
Using temporary directory:
C:\Users\Spartan\AppData\Local\Temp\apk-mitm-2be1f9e9eb89c90c804fb17571202453
> Checking prerequisities
โ Checking Node.js version
ร Checking Java version
โ Cannot read property '1' of null
Downloading tools
Decoding APK file
Applying patches
Encoding patched APK file
Signing patched APK file
Failed! An error occurred:
TypeError: Cannot read property '1' of null
at Object.getJavaVersion [as default] (C:\Users\Spartan\AppData\Roaming\npm\node_modules\apk-mitm\dist\utils\get-java-version.js:8:57)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at async Task.task (C:\Users\Spartan\AppData\Roaming\npm\node_modules\apk-mitm\dist\tasks\check-prerequisites.js:21:38)
The full logs of all commands are available here:
C:\Users\Spartan\AppData\Local\Temp\apk-mitm-2be1f9e9eb89c90c804fb17571202453\logs
PS C:\WINDOWS\system32> java -version
java version "15" 2020-09-15
Java(TM) SE Runtime Environment (build 15+36-1562)
Java HotSpot(TM) 64-Bit Server VM (build 15+36-1562, mixed mode, sharing)
Also the logs folder it is indicating to check does not exist. Only the folder apk-mitm-2be1f9e9eb89c90c804fb17571202453 is there but it is empty.
Im trying to patch the Lidl Plus App https://play.google.com/store/apps/details?id=com.lidl.eci.lidlplus&hl=de&gl=US
I pulled the App from my Genymotion through ADB (.\adb.exe pull /data/app/com.lidl.eci.lidlplus-1/base.apk)
Any idea how to fix it?
If you run APK MitM on the 1.1.0 xapk of de.mvg.mvgshare connections to their fraud protection identity.mparticle.com still fail due to an unknown cert.
Crawling the code right now
I have already apktool on my device, why to download it again?
what should I do to avoid downloading it?
Victim: Zedge
Where to get xapk:
get version armeabi-v7a from https://apkpure.com/vn/zedge%E2%84%A2-wallpapers-ringtones/net.zedge.android/variant/7.8.3-XAPK
I call above downloaded file: zedge.v7a.xapk
Steps:
-- run apk-mitm zedge.v7a.xapk
, a patched file will be created (its name is zedge.v7a-patched.xapk
)
-- rename patched file to zedge.v7a-patched.xapk.zip
, extract it to folder zedge.v7a-patched.xapk.zip
-- cd to zedge.v7a-patched.xapk.zip
folder
-- install to android device, run adb install-multiple net.zedge.android.apk config.xxhdpi.apk config.en.apk config.armeabi_v7a.apk
Final log:
adb: failed to finalize session
Failure [INSTALL_FAILED_INVALID_APK: /data/app/vmdl411721873.tmp/config.xxhdpi.apk signatures are inconsistent]
The same error with all files exclude base file net.zedge.android.apk
How can I fix it?
Thank you
Error: ENOENT: no such file or directory, open '/tmp/54f37e5561c01f9cc2323574d7b732b9/decode/res/xml/network_security_config.xml
getting this erorr all the time and the directory actually opens it happens on the nextwork security config uartions stage
I tried to run using Ubuntu 18.04.4 LTS and node v14.8.0 but facing this issues?
npx apk-mitm gojek.apk
npx: installed 126 in 10.666s
โญ apk-mitm v0.8.1
โ apktool v2.4.1
โฐ uber-apk-signer v1.1.0
Using temporary directory:
/tmp/a44a4322cefea81b10cd872b953467c3
โ Downloading tools
โ Decoding APK file
โ spawn java ENOENT
Modifying app manifest
Modifying network security config
Disabling certificate pinning
Encoding patched APK file
Signing patched APK file
Failed! An error occurred:
Command failed with ENOENT: java -jar /home/nbnfi/.cache/apk-mitm/apktool-v2.4.1.jar decode /home/nbnfi/Downloads/gojek.apk --output <tmp_dir>/decode --frame-path <tmp_dir>/framework
spawn java ENOENT
Anyone can help? Thanks a lot!
The main code of my apk i want to inspect traffic seems to be written in javascript with webpack. I patched apk with apk-mitm but no http/https traffic will be intercepted. Seems modify AndroidManifest, injecting ssl certificate is useless here or can anybody help in this case?
\assets\app : 2.js 2.js.LICENSE.txt app.js app.js.LICENSE.txt main.js
CandyCrushSaga by King has trouble connecting to mobilecrush.king.com.
HTTPCanary claims "taget app used the non-system ca certificate list" even though apk-mitm patched the apk.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.