24541c3943
* fix: decoding APK with many compact entries and unknown uses-sdk attrs This fixes 2 new issues with a stock APK sourced from an Android 15 ROM. https://drive.google.com/file/d/1x9udLN4W5I7chyGp1ZY8Cyfhu1vXezU9/view 1) mIn.readShort() for size in readEntryData is incorrect and the size < 0 check is not possible. Entry size is stored by AAPT2 as an unsigned short and thus will never be negative. Reading it as a signed short will cause negative entry sizes in compactly packed entries in very large string pools and will result in a lot of "APKTOOL_DUMMYVAL_" values. 2) sdkInfo isn't stored properly for APKs with unexpected properties in uses-sdk tag. As far as I can tell, these attributes serve no purpose and can be ignored. In the given APK, additional "android:versionCode" and "android:versionName" attributes appear in the uses-sdk tag, purpose unknown and they don't represent the actual version of the app. E: uses-sdk (line=26) A: http://schemas.android.com/apk/res/android:minSdkVersion(0x0101020c)=35 A: http://schemas.android.com/apk/res/android:versionCode(0x0101021b)=31 A: http://schemas.android.com/apk/res/android:versionName(0x0101021c)="3.1" A: http://schemas.android.com/apk/res/android:targetSdkVersion(0x01010270)=35 * test: add assertion for issue 3705 --------- Co-authored-by: Connor Tumbleson <connor.tumbleson@gmail.com> Co-authored-by: Connor Tumbleson <iBotPeaches@users.noreply.github.com>
Apktool
This is the repository for Apktool. The website is on the Apktool docs branch.
Apktool is a tool for reverse engineering third-party, closed, binary, Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes it possible to debug smali code step-by-step. It also makes working with apps easier thanks to project-like file structure and automation of some repetitive tasks such as building apk, etc.
Apktool is NOT intended for piracy and other non-legal uses. It could be used for localizing and adding features, adding support for custom platforms, and other GOOD purposes. Just try to be fair with the authors of an app, that you use and probably like.
Support
Security Vulnerabilities
If you discover a security vulnerability within Apktool, please send an e-mail to Connor Tumbleson at connor.tumbleson(at)gmail.com. All security vulnerabilities will be promptly addressed.
Links
- Downloads
- Downloads Mirror
- How to Build
- Documentation
- Bug Reports
- Changelog/Information
- XDA Post
- Source (Github)
- Source (Bitbucket)
Sponsors
Special thanks goes to the following sponsors:
Sourcetoad
Sourcetoad is an award-winning software and app development firm committed to the co-creation of technology solutions that solve complex business problems, delight users, and help our clients achieve their goals.
Emerge Tools
Emerge Tools is a suite of revolutionary products designed to supercharge mobile apps and the teams that build them.
