Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apk: Support replacing existing debuggable attribute #166

Merged
merged 3 commits into from
Oct 18, 2024
Merged

apk: Support replacing existing debuggable attribute #166

merged 3 commits into from
Oct 18, 2024

Conversation

tchebb
Copy link
Contributor

@tchebb tchebb commented Oct 8, 2024
edited
Loading

If a package explicitly specifies debuggable="false", adding a new entry setting it to "true" has no effect. To properly patch such APKs, we need to replace the entry.

This contribution is on behalf of my company.

@s1341
Copy link

s1341 commented Oct 9, 2024

Has this been tested?

@oleavr oleavr force-pushed the main branch 2 times, most recently from d9c9911 to bfaa242 Compare October 17, 2024 13:00
@tchebb
apk: Support replacing existing debuggable attribute
55d67a7 
If a package explicitly specifies debuggable="false", adding a new entry
setting it to "true" has no effect. To properly patch such APKs, we need
to replace the entry.
@tchebb tchebb force-pushed the replace-debuggable branch from 18674f4 to 55d67a7 Compare October 18, 2024 16:32
@tchebb
Copy link
Contributor Author

tchebb commented Oct 18, 2024

Yes. I've tested it on both the Facebook app (com.facebook.katana.456014858.apk as of today, downloadable from here) and the Magisk app (Magisk-v28.0.apk). frida-apk works on Magisk both before and after this PR, while it only works on Facebook after this PR.

Here are how the apps' manifests look on the unmodified APKs:

$ aapt d xmltree com.facebook.katana.456014858.apk AndroidManifest.xml | grep android:debuggable
      A: android:debuggable(0x0101000f)=(type 0x12)0x0
$ aapt d xmltree Magisk-v28.0.apk AndroidManifest.xml | grep android:debuggable
<no output>

Here's how they look after frida-apk, without this PR (note the duplicate entry on the Facebook APK):

$ aapt d xmltree com.facebook.katana.456014858.d-current.apk AndroidManifest.xml | grep android:debuggable
      A: android:debuggable(0x0101000f)=(type 0x12)0x0
      A: android:debuggable(0x0101000f)=(type 0x12)0xffffffff
$ aapt d xmltree Magisk-v28.0.d-current.apk AndroidManifest.xml | grep android:debuggable
      A: android:debuggable(0x0101000f)=(type 0x12)0xffffffff

And here's how they look after frida-apk, with this PR:

$ aapt d xmltree com.facebook.katana.456014858.d-new.apk AndroidManifest.xml | grep android:debuggable
      A: android:debuggable(0x0101000f)=(type 0x12)0xffffffff
$ aapt d xmltree Magisk-v28.0.d-new.apk AndroidManifest.xml | grep android:debuggable
      A: android:debuggable(0x0101000f)=(type 0x12)0xffffffff

On my Pixel 5 running Android 14, xmltree com.facebook.katana.456014858.d-new.apk shows up as debuggable when installed, while com.facebook.katana.456014858.d-current.apk doesn't.

oleavr
oleavr requested changes Oct 18, 2024
View reviewed changes
Copy link
Member

@oleavr oleavr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this! 🙌

frida_tools/apk.py Outdated Show resolved Hide resolved
frida_tools/apk.py Outdated Show resolved Hide resolved
@oleavr oleavr merged commit fe62b4a into frida:main Oct 18, 2024
3 checks passed
@tchebb tchebb deleted the replace-debuggable branch October 18, 2024 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleavr oleavr oleavr requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tchebb @s1341 @oleavr