[HN Gopher] Apk.sh is a Bash script that makes reverse engineeri...
___________________________________________________________________
Apk.sh is a Bash script that makes reverse engineering Android apps
easier
Author : petodo
Score : 251 points
Date : 2022-12-17 15:38 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| fareesh wrote:
| Can this be used to create a version of YouTube with no ads?
| dariosalvi78 wrote:
| https://newpipe.net/
| Lammy wrote:
| https://github.com/revanced/revanced-manager
| Mogzol wrote:
| That already exists
|
| https://github.com/revanced
| fareesh wrote:
| Cool they resurrected vanced - I must have missed this
| danuker wrote:
| Scripts like this empowering the end-user is why I consider the
| Android ecosystem superior.
| userbinator wrote:
| I've noticed that a lot of the people who do Android modding,
| custom ROMs, etc. don't otherwise actually have any formal
| training in software or computing; they're just pursuing a goal
| of "I want my phone to do X" and end up learning a lot in the
| process. Indeed, this may be their first and only exposure to
| Java.
| Waterluvian wrote:
| *superior when evaluated against one of many different criteria
| for what's important to many different users.
|
| (A good time to remind tech people: 98% of users are not our
| user persona)
| dec0dedab0de wrote:
| I think 98% is a bit high, but even if it were true the
| desires of the masses only matter if you're trying to sell
| something. I think it's safe to just assume that all opinions
| and suggestions on hn are for a technical audience.
| Waterluvian wrote:
| The timeless problem is when the n% confidently declare
| they know what's best and impose their perspective on
| everyone else. The most common way I see this happen is the
| pitfall of someone assuming everyone experiences something
| the same way they do.
| otachack wrote:
| Right, but the transparency and access allow the 2% to put in
| the work and advocate for the rest.
| black3r wrote:
| i used to be an android poweruser in high school and college, I
| rooted my phones, played around with lots of custom roms, had a
| terminal emulator and full power of arm debian installed in a
| chroot environment, tried different keyboard apps, launchers,
| and all other customization possibilities...
|
| then I started working full-time and had way less free time and
| realized 99% of the time I now use my phone to read news sites
| and take quick photos, and then switched to iPhone...
| tpush wrote:
| Why the switch, though? You can check the news and take quick
| photos on an Android, too; The vast majority of Android
| phones aren't being used for tinkering.
| hansel_der wrote:
| i would say that ios is the better un-tinkered experience
| because less will go wrong and if it does, there is not
| much you can do anyway.
|
| probably the same reason why it's never the year of the
| linux desktop.
| danuker wrote:
| Among the top 5 deathbed regrets is working too much.
|
| Many indicators of quality of life face diminishing returns
| past a $30k/yr (2005) threshold.
| ta988 wrote:
| I switched to a job that gives me more free time, can't be
| happier. Money past a comfortable level (enough for food,
| living and some savings) clearly can't buy not having to
| run around everywhere and think about your next move all
| the time. I've seen so many people regretting they spent
| their life just for their job(s) chasing they didn't even
| knew what. I feel so sorry when I ask how are you and the
| reply is "busy".
| quacksilver wrote:
| Is it more socially acceptable or expected in society to
| say 'I worked too much' rather than 'my family and wife
| were dull and annoying and took up loads of time, I wish I
| had got better at my passions / done more research instead'
| or similar platitudes?
|
| I imagine some people who genuinely think stuff similar the
| latter won't say it, and others may have it written off as
| deathbed delirium / psychosis and ignored if they do
| freedomben wrote:
| This is fascinating, I really want to understand.
|
| Was Android (even stock) insufficient for reading news sites
| and quick photos? Or is iOS much better for you at those
| tasks? If that's all you need, then I would consider both
| Android or iOS sufficient, but I don't quite get why you'd
| give up so many options and capabilities to switch, unless
| iOS is much better at reading news and taking photos.
|
| Maybe an analogy to help with my question. If all I need to
| do is unscrew Phillips number 2 screws and the occasional
| flathead, and I already had a great power drill with a bunch
| of bits in the kit (and had mastered it), why then buy a
| different power drill that that takes a proprietary bit and
| can only do Phillips and flathead? At some point I might have
| a need to do torx or hex or square, etc. Wouldn't you be
| better off having the capability should you need it? Why is
| it better to not have the capability?
| tatami wrote:
| I have a similar background. Used Androids from 2010-2018
| and switched to iOS.
|
| Some arguments were: Android's capabilities became less
| over time. I had cool apps until 4.4 Kitkat which automated
| toggling on/off WLAN/GPS/mobile network among others, but
| these APIs were restricted more and more over time so the
| benefits became less.
|
| Another fact was that I calculated that iPhones were
| cheaper than all Android I owned when taking resale value
| into the calculation. That Apple gives OS updates for 5+
| years helped a lot here, I had experienced <1 year on
| flagship models before. (buying 2 year old iPhone and
| selling it at 4 year old was cheapest/year)
|
| But one of the biggest reasons was that I never trusted
| Google much. For example I never used the feature to use
| WiFi networks to get coarse location. Which meant worse UX
| (had to click NO on a dialogue each time I activated GPS)
| but also a "feature" the iPhone had (better location).
|
| This is obviously a very personal point of view and it
| might be very different today, as I used Android in its
| earlier years.
| ignoramous wrote:
| > _Another fact was that I calculated that iPhones were
| cheaper than all Android I owned when taking resale value
| into the calculation._
|
| Low-end Android phones by Realme, Poco, Xiaomi, iQOO,
| Moto/Lenovo, Samsung et al are super capable and super
| cheap.
|
| African, Indo-Chinese, and South Asian markets are awash
| with these phones, for a reason.
| black3r wrote:
| iOS's UI/UX is far more responsive and consistent in
| reaction times and input latency than Android. I suspect
| Android's use of Java to be the main culprit, but not
| really sure on that...
|
| For browsing, it means that even phones which perform
| better in CPU bound benchmarks than my old iPhone 11 have
| random UI stutters & non-smooth scrolling in browser mostly
| while content is still loading, and these make me miss-
| click somewhere where I didn't want to, frequently enough
| to notice (compared to iPhones where it rarely happens)...
| 120Hz displays on Android make the UI smoother, but random
| janks & stutters still happen a lot more than on iPhones...
|
| When I'm taking photos most of the time I want to take a
| good picture as fast as possible, sometimes I want to take
| more in quick succession, this is also somehow easier on
| iPhones from my experience.. (although I admit it's been a
| long time since I held a top-tier Android phone, my only
| contact with Androids is with my friends & family phones
| which are mostly Xiaomi/Huawei/OnePlus priced around
| 300-400EUR which is half the price of my iPhone)
|
| Also, switching to a newer iPhone is seamless compared to
| buying a new Android, and UI/UX/Settings don't change much
| with new versions, compared to Android version updates
| (although from what I've heard this has gotten better in
| Androids recently)
|
| In your analogy I'd be talking about a power drill that
| just makes me work faster because it's better designed and
| more intuitive to use, even though it might have less RPM
| and less bits support.., if I did a lot of drilling just on
| Philips and Flathead and it saved me enough time, it would
| be worth the saved time I can use for other stuff...
| BoorishBears wrote:
| This right here is it for me. I was the same, in high
| school there was a 50/50 chance if on a given day the rom
| I had installed could actually make phone calls, but I
| didn't mind... but obviously priority change over time.
|
| Switching the iPhone I was struck by how damn smooth
| everything was. Years of XDA tweaks couldn't touch my
| iPhone 6 out of the box despite specs I had always seen
| as inferior.
|
| My tongue in cheek saying will always be: I'll switch
| back to Android when you can rotate an app correctly.
|
| For those not familiar with Android internals, the UI
| "framework" the OS provides doesn't support that basic
| use case. Phones are fast enough that it can be hidden
| with an animation, but unless an app explicitly signs out
| every view is torn down and redrawn in a new orientation.
|
| It's a tiny thing, but to me it's the iconic symptom of
| Android vs iOS. That's a decision Android made to support
| devices with 256mb of RAM, but never prioritized
| improving on, and now Android UX is stuck with that nit
| for eternity.
| sodality2 wrote:
| As someone who switched to iPhone in almost the same way as
| parent comment, it really does do those things far better.
| I frequently had to hard-reboot my android, install
| different versions of apps, etc because of _something_
| going wrong. Photos not saving was the last straw for me.
| It wasn 't even because I was a particularly power user - I
| customized everything on it, but even after resetting it
| and wanting a clean slate, it still couldn't handle basic
| tasks. I just became sick of it and switched to an iPhone.
| This was on one of LG's flagships, as well.
|
| Edit: I'll add a bit here - I didn't realize just how much
| maintenance and fixing I was doing on android, because I
| was so used to it. I would frequently have to fix some
| issue and I didn't think twice because it was something I
| either did often, or I just wasn't in a rush and I went
| into "fix broken tech" auto pilot mode. But I started to
| realize how often I was doing it and how it wasn't really
| normal to have to do that, because I would just zone out
| and focus on fixing the issue at hand.
| nequo wrote:
| When did you switch to the iPhone?
|
| I had a bad experience with an Android tablet. Apps would
| crash regularly and the OS refused to update. (The system
| update crashed too.) I never touched an Android device
| again. But this was 10 years ago.
| sodality2 wrote:
| I switched this June, the device was an LG G7 ThinQ
| freedomben wrote:
| Android tablets were indeed largely trash 10 years ago,
| with a couple small exceptions that were super expensive
| (Samsung). I loved my Nexus 7, but alas it wasn't meant
| to be.
|
| I love that there are so many super cheap android
| tablets, but I hate that there are so many super cheap
| android tablets.
| freedomben wrote:
| interesting, thanks. May I ask how long ago that was?
| sodality2 wrote:
| This past June, I switched to iPhone.
| freedomben wrote:
| thanks. I don't doubt you, but it's shocking to hear that
| a modern LG flagship struggles to take photos and read
| news (I'm assuming a web browser?). That would indeed be
| maddening. I've been using either Nexus, Pixel, or
| OnePlus for many years now so I'm not familiar with The
| LGs, Samsungs, Motos, etc, but I was under the impression
| that they were all pretty stable (though underpowered
| when you buy a cheap model).
| mardifoufs wrote:
| I use android but most of my experiences with LG phones
| was very buggy and just messy (the G2 was pretty good
| though). I only ever buy samsung or google phones now,
| but it makes sense that someone wouldn't want to touch
| android if they had a subpar experience with another
| manufacturer.
| freedomben wrote:
| indeed. it's very easy to blame the whole OS/ecosystem
| when your experience is with one particular manufacturer.
| In the iphone world there aren't different makers, so
| it's easy for people to consider any "android" as all
| androids.
| celsoazevedo wrote:
| LG left the mobile market last year. I think it's fair to
| say that they were struggling to keep up with everyone
| else.
| nortonham wrote:
| interesting, those things (especially photos not saving)
| never happened to me on Samsung or google phones
| lucb1e wrote:
| Or huawei or lenovo or xiaomi or... I doubt there is any
| brand where this affected a large fraction of users, but
| those are the brands (besides google and samsung) that I
| have experience with from myself or (grand)parents (who
| would call me when that happens).
| petodo wrote:
| I'm on Android since 2011, but reasons I'd go for iphone
| would be phone dimensions, consistent photo quality and
| long updates
|
| Android seems to fixed only one of them (updates) while
| becoming more and more locked as iOS, quality photos with
| good shutter speed are offered only by pixel with bad
| availability in most of the world and pretty bad VFM
| besides A models
| StockHuman wrote:
| I switched to iPhone this summer for that very reason,
| after maybe a decade on Android.
|
| Coming from the Essential PH-1 which I'd grown tired of
| maintaining past it's official support life and looking
| for something the same size or smaller, I settled on one
| of the few options on the market that offered both small
| size and performance: the iPhone 13 mini.
|
| Barring a vastly inferior notification experience, it's a
| stellar device. I suppose I wish for something that was
| both small and well-supported on Android. If the timing
| was different, I may have gone with the Zenfone, but then
| again seeing Google send texts as me to their numbers sat
| wrong with me, so I may have switched systems anyway.
| t00 wrote:
| Sounds like a step back, both in terms of creativity achieved
| by tinkering, and a downgrade of the quality of photos and
| videos.
| saagarjha wrote:
| Sounds like a recommendation for the author of the script,
| rather than the platform, no?
| bool3max wrote:
| Is it possible to even create such a script for iOS
| applications?
| jacob019 wrote:
| It seems to be made for injecting Frida into APKs. I'm having
| trouble understanding what Frida is. Can I do something cool with
| it?
| saagarjha wrote:
| Frida lets you hook behavior in apps. Think of it like mocking
| but for reverse engineers.
| jacob019 wrote:
| Would this help to reverse engineer an encrypted API?
| jefficient wrote:
| Yes. For example you could hook the function that encrypts
| the outgoing payload and print it out before it is
| encrypted. And then for decryption you could hook the
| function that decrypts the payload as it comes in print out
| the result.
|
| Going further, the API likely uses some secret key for
| encryption/decryption and you could hook that value out of
| the app as well.
| varenc wrote:
| Sadly the name "Frida" suffers from poor googleability. But
| here you go: https://frida.re/
|
| Basically it's _the_ reverse engineering toolkit for security
| researchers. Has excellent support across Android, iOS, macOS,
| Windows, etc.
| biosboiii wrote:
| I did not know that Frida is used for anything but Mobile
| apps, thanks :D
| varenc wrote:
| I love seeing more excellent tooling made with bash/shell
| scripts. For situations like this one, where all the underlying
| heavy lifting is done with other CLI utilities, shellscript is
| the perfect fit.
| chasil wrote:
| The Android system shell is the MirBSD Korn shell.
|
| Why not use the preferred tool?
|
| Otherwise, why not write it in dash for strict POSIX
| conformance?
|
| I do admit that there are some profound bash applications that
| are important to me, principally rear.
| simmonmt wrote:
| IME that's true until around 250 lines or so (this one is
| 500+). Then you've passed the point where "rewrite it in
| something more scalable / testable / maintainable" can easily
| be done, and you start having endless iterations of "it needs
| to be rewritten but I just want this one feature added so we'll
| do the rewrite later." And heaven help you if the script
| changes owners, gets additional owners, or you have to pick it
| up again after ignoring it for a year.
|
| That's not to say the above doesn't happen with other
| languages/systems. It most certainly does. It just seems to
| happen faster in shell (especially when people start getting
| adventuresome in their use of fancy shell features).
| tommieb wrote:
| Reminds me of the old days of running this tool - kitchen sink,
| https://forum.xda-developers.com/t/kitchen-android-kitchen-v...
| those days of cyanogenmod/rolling your own rom based off
| Gingerbread 2.3.7 and hacking... happy memories :)
| Group_B wrote:
| You recommend any projects that are similar to this and up to
| date?
| lazycow wrote:
| LineageOS build guides are a great resource to get started:
| https://wiki.lineageos.org/build_guides
| jrm4 wrote:
| While I'm here:
|
| What is going on with "Android Emulation on Linux???"
|
| I feel like I have to be missing something obvious, I can't see
| how it can be so darn hard to just run android apps on (desktop)
| Linux given..you know, that it is Linux.
| tpush wrote:
| The API of 'Linux' is its system calls, and I guess very few
| Android apps are coded against that; most use the Android SDK.
| So presumably Android's services and API surface need to be
| ported to desktop Linux, which is probably very involved.
| MishaalRahman wrote:
| Is it hard? Check out Waydroid if you haven't already.
|
| https://waydro.id/
| bembo wrote:
| Why do you think it's hard? Waydroid is very good.
| mmastrac wrote:
| If you haven't tried Jadx [1], give it a shot. It's by far the
| easiest way to reverse Android APKs. It doesn't do patching or
| reassembly, but I used it for reversing the Delong'hi APK for
| longshot [2][3] and the quality of output was fantastic.
|
| Note that scripts like this are extremely useful, but in the long
| term they're cobbling together a lot of tools and will become
| brittle or difficult to use across versions. I suggest that even
| if it works for you today, understanding exactly what's happening
| under the hood will help if the tool becomes unsupported long-
| term.
|
| [1] https://github.com/skylot/jadx
|
| [2] https://github.com/mmastrac/longshot
|
| [3] https://grack.com/blog/2022/12/02/hacking-bluetooth-to-
| brew-...
| anfractuosity wrote:
| Jadx is really neat :), I've used it to work out how an android
| app turned on the wifi of a wildlife camera via bluetooth.
|
| I was also trying to use it to see how an app sends images to
| an NFC e-ink pricetag, but that looks rather more tricky at the
| moment.
| motohagiography wrote:
| These are great. I used jadx to pull apart a conference
| attendee app I was supposed to install to see what it hoovered
| up. There is a level of reverse engineering that people can
| just get comfortable with doing without ahcieving the
| virtuosity of the stuff people publish papers and get talks
| about.
|
| Simple things like, what SDKs does this thing use (adware),
| what external APIs does it call (trackers), what interfaces
| does it use (mic, gps, etc), what data does it hoover up
| (contacts, sms messages, etc), what parties does it send them
| to, how much effort do the authors go to obfuscate or hide what
| they are doing (packers, code obfuscators), does it use a
| static encryption key or derive one from predictable
| components, does it have hidden features from triggers and
| arguments - are all achievable for someone with a bit of
| interest and an afternoon. The more niche the app, the less
| sophisticated the protections on it, I find.
| blacksmith_tb wrote:
| I have used ClassyShark[1] to get some of that (from F-droid)
| with pretty good results.
|
| 1: https://fossdroid.com/a/classyshark3xodus.html
| j-bos wrote:
| How did you get the apk file to reverse without having
| already installed it?
| mmastrac wrote:
| Check apkpure.
___________________________________________________________________
(page generated 2022-12-17 23:00 UTC)