Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Does anyone have any stories to share involving apktool?

Random note: It's curious how the homepage and the linked repo are on GitHub but the binary downloads are served from bitbucket.



When I moved the project from Google Code to GitHub, GitHub did not allow binary downloads. So I used Bitbucket, changing the download location again after moving did not seem right. So it has just been maintained since the switch. Now in present day they are also uploaded to GitHub and another mirror I host.


Got a bug report about an app I did nothing about (used by some partners to check certain kinds of tickets). No one else knew anything about it. I couldn't find it on our Gitlab nor in our legacy Bitbucket. Turns out the source code was lost a long time ago, but a partner still had the APKs (there were two versions, one in English and another slightly more advanced in Italian).

Using APKTool I managed to decompile the app, add some printf logging to figure out the issue, fix it in the Italian/more advanced one, merge it with the English one and rebuild it.

The only issue is that the signing key was lost too, so partners had to uninstall and reinstall, but nothing I could do about it.

Oh, and another time I cracked the in-app purchase for the password manager I was using on a spare Android device while my Lumia was in RMA (it had separate purchases for each platform). Of course I bought it once I let go of Windows Phone and moved to Android permanently.


Back from 2015, bypassing an APK signature check: https://randywestergren.com/reverse-engineering-the-yik-yak-...


At one of my former jobs, I was working on an automated testing product that could MITM requests (for testing analytics, etc.)

Android has this really annoying feature where apps don't trust self-signed CA certs (but Chrome & webviews do, strangely). You either need to need to add it to the app's network_security_config.xml, or root the device and add it as a system CA.

I looked into using apktool as part of a pipeline to inject our self-signed CA as a custom trust anchor when customers uploaded their APK for testing. But in the end, we found it was easier and simpler to just add a the cert as a system CA on a custom rooted AVD.

That whole project really made me appreciate that no matter how shit I feel web dev is some days, at least I'm not an android developer.


You might be surprised to find how many developers are including AWS private keys inside their apps..


Having found some in vendors' native macos apps (a private key for an IAM user that happened to have the Administrator managed policy attached to it, to boot), I would personally not be the least bit surprised to find them in mobile apps.


I lost the source code of an app I have on the Play store. APKTool enabled me to download my own app and decompile it so I could update it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: