[HN Gopher] Apk.sh is a Bash script that makes reverse engineeri... ___________________________________________________________________ Apk.sh is a Bash script that makes reverse engineering Android apps easier Author : petodo Score : 251 points Date : 2022-12-17 15:38 UTC (7 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | fareesh wrote: | Can this be used to create a version of YouTube with no ads? | dariosalvi78 wrote: | https://newpipe.net/ | Lammy wrote: | https://github.com/revanced/revanced-manager | Mogzol wrote: | That already exists | | https://github.com/revanced | fareesh wrote: | Cool they resurrected vanced - I must have missed this | danuker wrote: | Scripts like this empowering the end-user is why I consider the | Android ecosystem superior. | userbinator wrote: | I've noticed that a lot of the people who do Android modding, | custom ROMs, etc. don't otherwise actually have any formal | training in software or computing; they're just pursuing a goal | of "I want my phone to do X" and end up learning a lot in the | process. Indeed, this may be their first and only exposure to | Java. | Waterluvian wrote: | *superior when evaluated against one of many different criteria | for what's important to many different users. | | (A good time to remind tech people: 98% of users are not our | user persona) | dec0dedab0de wrote: | I think 98% is a bit high, but even if it were true the | desires of the masses only matter if you're trying to sell | something. I think it's safe to just assume that all opinions | and suggestions on hn are for a technical audience. | Waterluvian wrote: | The timeless problem is when the n% confidently declare | they know what's best and impose their perspective on | everyone else. The most common way I see this happen is the | pitfall of someone assuming everyone experiences something | the same way they do. | otachack wrote: | Right, but the transparency and access allow the 2% to put in | the work and advocate for the rest. | black3r wrote: | i used to be an android poweruser in high school and college, I | rooted my phones, played around with lots of custom roms, had a | terminal emulator and full power of arm debian installed in a | chroot environment, tried different keyboard apps, launchers, | and all other customization possibilities... | | then I started working full-time and had way less free time and | realized 99% of the time I now use my phone to read news sites | and take quick photos, and then switched to iPhone... | tpush wrote: | Why the switch, though? You can check the news and take quick | photos on an Android, too; The vast majority of Android | phones aren't being used for tinkering. | hansel_der wrote: | i would say that ios is the better un-tinkered experience | because less will go wrong and if it does, there is not | much you can do anyway. | | probably the same reason why it's never the year of the | linux desktop. | danuker wrote: | Among the top 5 deathbed regrets is working too much. | | Many indicators of quality of life face diminishing returns | past a $30k/yr (2005) threshold. | ta988 wrote: | I switched to a job that gives me more free time, can't be | happier. Money past a comfortable level (enough for food, | living and some savings) clearly can't buy not having to | run around everywhere and think about your next move all | the time. I've seen so many people regretting they spent | their life just for their job(s) chasing they didn't even | knew what. I feel so sorry when I ask how are you and the | reply is "busy". | quacksilver wrote: | Is it more socially acceptable or expected in society to | say 'I worked too much' rather than 'my family and wife | were dull and annoying and took up loads of time, I wish I | had got better at my passions / done more research instead' | or similar platitudes? | | I imagine some people who genuinely think stuff similar the | latter won't say it, and others may have it written off as | deathbed delirium / psychosis and ignored if they do | freedomben wrote: | This is fascinating, I really want to understand. | | Was Android (even stock) insufficient for reading news sites | and quick photos? Or is iOS much better for you at those | tasks? If that's all you need, then I would consider both | Android or iOS sufficient, but I don't quite get why you'd | give up so many options and capabilities to switch, unless | iOS is much better at reading news and taking photos. | | Maybe an analogy to help with my question. If all I need to | do is unscrew Phillips number 2 screws and the occasional | flathead, and I already had a great power drill with a bunch | of bits in the kit (and had mastered it), why then buy a | different power drill that that takes a proprietary bit and | can only do Phillips and flathead? At some point I might have | a need to do torx or hex or square, etc. Wouldn't you be | better off having the capability should you need it? Why is | it better to not have the capability? | tatami wrote: | I have a similar background. Used Androids from 2010-2018 | and switched to iOS. | | Some arguments were: Android's capabilities became less | over time. I had cool apps until 4.4 Kitkat which automated | toggling on/off WLAN/GPS/mobile network among others, but | these APIs were restricted more and more over time so the | benefits became less. | | Another fact was that I calculated that iPhones were | cheaper than all Android I owned when taking resale value | into the calculation. That Apple gives OS updates for 5+ | years helped a lot here, I had experienced <1 year on | flagship models before. (buying 2 year old iPhone and | selling it at 4 year old was cheapest/year) | | But one of the biggest reasons was that I never trusted | Google much. For example I never used the feature to use | WiFi networks to get coarse location. Which meant worse UX | (had to click NO on a dialogue each time I activated GPS) | but also a "feature" the iPhone had (better location). | | This is obviously a very personal point of view and it | might be very different today, as I used Android in its | earlier years. | ignoramous wrote: | > _Another fact was that I calculated that iPhones were | cheaper than all Android I owned when taking resale value | into the calculation._ | | Low-end Android phones by Realme, Poco, Xiaomi, iQOO, | Moto/Lenovo, Samsung et al are super capable and super | cheap. | | African, Indo-Chinese, and South Asian markets are awash | with these phones, for a reason. | black3r wrote: | iOS's UI/UX is far more responsive and consistent in | reaction times and input latency than Android. I suspect | Android's use of Java to be the main culprit, but not | really sure on that... | | For browsing, it means that even phones which perform | better in CPU bound benchmarks than my old iPhone 11 have | random UI stutters & non-smooth scrolling in browser mostly | while content is still loading, and these make me miss- | click somewhere where I didn't want to, frequently enough | to notice (compared to iPhones where it rarely happens)... | 120Hz displays on Android make the UI smoother, but random | janks & stutters still happen a lot more than on iPhones... | | When I'm taking photos most of the time I want to take a | good picture as fast as possible, sometimes I want to take | more in quick succession, this is also somehow easier on | iPhones from my experience.. (although I admit it's been a | long time since I held a top-tier Android phone, my only | contact with Androids is with my friends & family phones | which are mostly Xiaomi/Huawei/OnePlus priced around | 300-400EUR which is half the price of my iPhone) | | Also, switching to a newer iPhone is seamless compared to | buying a new Android, and UI/UX/Settings don't change much | with new versions, compared to Android version updates | (although from what I've heard this has gotten better in | Androids recently) | | In your analogy I'd be talking about a power drill that | just makes me work faster because it's better designed and | more intuitive to use, even though it might have less RPM | and less bits support.., if I did a lot of drilling just on | Philips and Flathead and it saved me enough time, it would | be worth the saved time I can use for other stuff... | BoorishBears wrote: | This right here is it for me. I was the same, in high | school there was a 50/50 chance if on a given day the rom | I had installed could actually make phone calls, but I | didn't mind... but obviously priority change over time. | | Switching the iPhone I was struck by how damn smooth | everything was. Years of XDA tweaks couldn't touch my | iPhone 6 out of the box despite specs I had always seen | as inferior. | | My tongue in cheek saying will always be: I'll switch | back to Android when you can rotate an app correctly. | | For those not familiar with Android internals, the UI | "framework" the OS provides doesn't support that basic | use case. Phones are fast enough that it can be hidden | with an animation, but unless an app explicitly signs out | every view is torn down and redrawn in a new orientation. | | It's a tiny thing, but to me it's the iconic symptom of | Android vs iOS. That's a decision Android made to support | devices with 256mb of RAM, but never prioritized | improving on, and now Android UX is stuck with that nit | for eternity. | sodality2 wrote: | As someone who switched to iPhone in almost the same way as | parent comment, it really does do those things far better. | I frequently had to hard-reboot my android, install | different versions of apps, etc because of _something_ | going wrong. Photos not saving was the last straw for me. | It wasn 't even because I was a particularly power user - I | customized everything on it, but even after resetting it | and wanting a clean slate, it still couldn't handle basic | tasks. I just became sick of it and switched to an iPhone. | This was on one of LG's flagships, as well. | | Edit: I'll add a bit here - I didn't realize just how much | maintenance and fixing I was doing on android, because I | was so used to it. I would frequently have to fix some | issue and I didn't think twice because it was something I | either did often, or I just wasn't in a rush and I went | into "fix broken tech" auto pilot mode. But I started to | realize how often I was doing it and how it wasn't really | normal to have to do that, because I would just zone out | and focus on fixing the issue at hand. | nequo wrote: | When did you switch to the iPhone? | | I had a bad experience with an Android tablet. Apps would | crash regularly and the OS refused to update. (The system | update crashed too.) I never touched an Android device | again. But this was 10 years ago. | sodality2 wrote: | I switched this June, the device was an LG G7 ThinQ | freedomben wrote: | Android tablets were indeed largely trash 10 years ago, | with a couple small exceptions that were super expensive | (Samsung). I loved my Nexus 7, but alas it wasn't meant | to be. | | I love that there are so many super cheap android | tablets, but I hate that there are so many super cheap | android tablets. | freedomben wrote: | interesting, thanks. May I ask how long ago that was? | sodality2 wrote: | This past June, I switched to iPhone. | freedomben wrote: | thanks. I don't doubt you, but it's shocking to hear that | a modern LG flagship struggles to take photos and read | news (I'm assuming a web browser?). That would indeed be | maddening. I've been using either Nexus, Pixel, or | OnePlus for many years now so I'm not familiar with The | LGs, Samsungs, Motos, etc, but I was under the impression | that they were all pretty stable (though underpowered | when you buy a cheap model). | mardifoufs wrote: | I use android but most of my experiences with LG phones | was very buggy and just messy (the G2 was pretty good | though). I only ever buy samsung or google phones now, | but it makes sense that someone wouldn't want to touch | android if they had a subpar experience with another | manufacturer. | freedomben wrote: | indeed. it's very easy to blame the whole OS/ecosystem | when your experience is with one particular manufacturer. | In the iphone world there aren't different makers, so | it's easy for people to consider any "android" as all | androids. | celsoazevedo wrote: | LG left the mobile market last year. I think it's fair to | say that they were struggling to keep up with everyone | else. | nortonham wrote: | interesting, those things (especially photos not saving) | never happened to me on Samsung or google phones | lucb1e wrote: | Or huawei or lenovo or xiaomi or... I doubt there is any | brand where this affected a large fraction of users, but | those are the brands (besides google and samsung) that I | have experience with from myself or (grand)parents (who | would call me when that happens). | petodo wrote: | I'm on Android since 2011, but reasons I'd go for iphone | would be phone dimensions, consistent photo quality and | long updates | | Android seems to fixed only one of them (updates) while | becoming more and more locked as iOS, quality photos with | good shutter speed are offered only by pixel with bad | availability in most of the world and pretty bad VFM | besides A models | StockHuman wrote: | I switched to iPhone this summer for that very reason, | after maybe a decade on Android. | | Coming from the Essential PH-1 which I'd grown tired of | maintaining past it's official support life and looking | for something the same size or smaller, I settled on one | of the few options on the market that offered both small | size and performance: the iPhone 13 mini. | | Barring a vastly inferior notification experience, it's a | stellar device. I suppose I wish for something that was | both small and well-supported on Android. If the timing | was different, I may have gone with the Zenfone, but then | again seeing Google send texts as me to their numbers sat | wrong with me, so I may have switched systems anyway. | t00 wrote: | Sounds like a step back, both in terms of creativity achieved | by tinkering, and a downgrade of the quality of photos and | videos. | saagarjha wrote: | Sounds like a recommendation for the author of the script, | rather than the platform, no? | bool3max wrote: | Is it possible to even create such a script for iOS | applications? | jacob019 wrote: | It seems to be made for injecting Frida into APKs. I'm having | trouble understanding what Frida is. Can I do something cool with | it? | saagarjha wrote: | Frida lets you hook behavior in apps. Think of it like mocking | but for reverse engineers. | jacob019 wrote: | Would this help to reverse engineer an encrypted API? | jefficient wrote: | Yes. For example you could hook the function that encrypts | the outgoing payload and print it out before it is | encrypted. And then for decryption you could hook the | function that decrypts the payload as it comes in print out | the result. | | Going further, the API likely uses some secret key for | encryption/decryption and you could hook that value out of | the app as well. | varenc wrote: | Sadly the name "Frida" suffers from poor googleability. But | here you go: https://frida.re/ | | Basically it's _the_ reverse engineering toolkit for security | researchers. Has excellent support across Android, iOS, macOS, | Windows, etc. | biosboiii wrote: | I did not know that Frida is used for anything but Mobile | apps, thanks :D | varenc wrote: | I love seeing more excellent tooling made with bash/shell | scripts. For situations like this one, where all the underlying | heavy lifting is done with other CLI utilities, shellscript is | the perfect fit. | chasil wrote: | The Android system shell is the MirBSD Korn shell. | | Why not use the preferred tool? | | Otherwise, why not write it in dash for strict POSIX | conformance? | | I do admit that there are some profound bash applications that | are important to me, principally rear. | simmonmt wrote: | IME that's true until around 250 lines or so (this one is | 500+). Then you've passed the point where "rewrite it in | something more scalable / testable / maintainable" can easily | be done, and you start having endless iterations of "it needs | to be rewritten but I just want this one feature added so we'll | do the rewrite later." And heaven help you if the script | changes owners, gets additional owners, or you have to pick it | up again after ignoring it for a year. | | That's not to say the above doesn't happen with other | languages/systems. It most certainly does. It just seems to | happen faster in shell (especially when people start getting | adventuresome in their use of fancy shell features). | tommieb wrote: | Reminds me of the old days of running this tool - kitchen sink, | https://forum.xda-developers.com/t/kitchen-android-kitchen-v... | those days of cyanogenmod/rolling your own rom based off | Gingerbread 2.3.7 and hacking... happy memories :) | Group_B wrote: | You recommend any projects that are similar to this and up to | date? | lazycow wrote: | LineageOS build guides are a great resource to get started: | https://wiki.lineageos.org/build_guides | jrm4 wrote: | While I'm here: | | What is going on with "Android Emulation on Linux???" | | I feel like I have to be missing something obvious, I can't see | how it can be so darn hard to just run android apps on (desktop) | Linux given..you know, that it is Linux. | tpush wrote: | The API of 'Linux' is its system calls, and I guess very few | Android apps are coded against that; most use the Android SDK. | So presumably Android's services and API surface need to be | ported to desktop Linux, which is probably very involved. | MishaalRahman wrote: | Is it hard? Check out Waydroid if you haven't already. | | https://waydro.id/ | bembo wrote: | Why do you think it's hard? Waydroid is very good. | mmastrac wrote: | If you haven't tried Jadx [1], give it a shot. It's by far the | easiest way to reverse Android APKs. It doesn't do patching or | reassembly, but I used it for reversing the Delong'hi APK for | longshot [2][3] and the quality of output was fantastic. | | Note that scripts like this are extremely useful, but in the long | term they're cobbling together a lot of tools and will become | brittle or difficult to use across versions. I suggest that even | if it works for you today, understanding exactly what's happening | under the hood will help if the tool becomes unsupported long- | term. | | [1] https://github.com/skylot/jadx | | [2] https://github.com/mmastrac/longshot | | [3] https://grack.com/blog/2022/12/02/hacking-bluetooth-to- | brew-... | anfractuosity wrote: | Jadx is really neat :), I've used it to work out how an android | app turned on the wifi of a wildlife camera via bluetooth. | | I was also trying to use it to see how an app sends images to | an NFC e-ink pricetag, but that looks rather more tricky at the | moment. | motohagiography wrote: | These are great. I used jadx to pull apart a conference | attendee app I was supposed to install to see what it hoovered | up. There is a level of reverse engineering that people can | just get comfortable with doing without ahcieving the | virtuosity of the stuff people publish papers and get talks | about. | | Simple things like, what SDKs does this thing use (adware), | what external APIs does it call (trackers), what interfaces | does it use (mic, gps, etc), what data does it hoover up | (contacts, sms messages, etc), what parties does it send them | to, how much effort do the authors go to obfuscate or hide what | they are doing (packers, code obfuscators), does it use a | static encryption key or derive one from predictable | components, does it have hidden features from triggers and | arguments - are all achievable for someone with a bit of | interest and an afternoon. The more niche the app, the less | sophisticated the protections on it, I find. | blacksmith_tb wrote: | I have used ClassyShark[1] to get some of that (from F-droid) | with pretty good results. | | 1: https://fossdroid.com/a/classyshark3xodus.html | j-bos wrote: | How did you get the apk file to reverse without having | already installed it? | mmastrac wrote: | Check apkpure. ___________________________________________________________________ (page generated 2022-12-17 23:00 UTC)