decoding and re-encoding of a /system application breaks the app

[Thorben]

Specifically, I am looking into patching my version of the Google
Android Market application (i.e., Vending.apk) to remove/change some
questionable functionality (such as the remote application delete
functionality).

However, if I decode the Vending.apk and just after that build it
again (with no changes whatsoever), then sign the built package with
my (bogus) private key before aligning it and then pushing it back to
the device, the application can't be launched any more.

In adb logcat, I see the following fatal exception:

01-26 20:38:54.040 1151 1151 E AndroidRuntime: FATAL EXCEPTION: main
01-26 20:38:54.040 1151 1151 E AndroidRuntime:
java.lang.RuntimeException: Unable to start activity
ComponentInfo{com.android.vending/
com.android.vending.AssetBrowserActivity}:
android.view.InflateException: You must specifiy a valid layout
reference. The layout ID @layout/title is not valid.

To rule out this particular error source, I pulled the /system/
framework/framework-res.apk (which should be standard, I am using a
Nexus one) and made apktool aware of it, with no change in the above
outcome.

I don't know what I am missing here.

FYI: I am not using any IDE and the Nexus One runs the cyanogen mod
(version 6.1, i.e., hacked/modded froyo rom)

any ideas?

[Brut[all]]

Which version of apktool do you use? If 1.3.2, then try 1.3.1.

[nate]

Why bother doing all of that when you can use PackageManager to disable that component.

Specifically:

InstallAssetReceiver uses android.intent.action.REMOTE_INTENT and InvalidateAuthTokenReceiver uses com.android.vending.INVALIDATE_AUTH_TOKEN

While the Market could enable them later, it would be pretty easy to use pm to manage this and you can then disable it again.

[Thorben Krueger]

No luck with version 1.3.1, same error. Here is roughly what I did,
you try it if you have an android phone/emulator with working market
lying around.

# adb pull /system/app/Vending.apk /tmp/
# apktool d /tmp/Vending.apk /tmp/Vending
# apktool b /tmp/Vending
# keytool -genkey -v -keystore /tmp/Unknown.keystore -alias Unknown
-keyalg RSA -keysize 2048 -validity 10000
< interact with the keytool in the obvious way >
# jarsigner -verbose -keystore /tmp/Unknown.keystore
/tmp/Vending/dist/Vending.apk Unknown
< enter password for the key you chose above >
# zipalign 4 /tmp/Vending/dist/Vending.apk /tmp/Vending/Vending.apk
# adb shell mount -o remount,rw `adb shell mount | grep system | cut
-f 1 -d' '` /system
# adb push /tmp/Vending/Vending.apk /system/app
# adb shell mount -o remount,ro `adb shell mount | grep system | cut
-f 1 -d' '` /system
# adb logcat -v threadtime *:V
< try to launch market on the phone/emulator >
< observe exception reported earlier >

incidentally, the Vending.apk version for which this fails is 1.82

will try with different system apks next to see if I get more/different errors

[Thorben Krueger]

Ok, in an emulator with market 2.2 running, I get a different
exception after doing the above described method and apktool 1.3.2:

01-27 13:05:20.560 291 291 E AndroidRuntime: FATAL EXCEPTION: main
01-27 13:05:20.560 291 291 E AndroidRuntime:

java.lang.RuntimeException: Unable to start activity
ComponentInfo{com.android.vending/com.android.vending.AssetBrowserActivity}:
android.view.InflateException: You must specifiy a valid layout

reference. The layout ID @layout/asset_list_no_loading is not valid.

I am however happy to report that with apktool 1.3.1 this _doesn't_ happen. \o/

I am not ruling out to have made a mistake earlier.

One issue remains however. The reassembled apk doesn't appear to have
be granted the same permissions as the original (and so is unusable).
Any ideas on that? Is that a problem with apktool or might that be
simply an apk authentication issue (because I signed it myself)?

I will post a more specific debug message on that one later.

[nate]

> simply an apk authentication issue (because I signed it myself)?

Yes. Resign the system to match the key