apk: Support replacing existing debuggable attribute

If a package explicitly specifies debuggable="false", adding a new entry setting it to "true" has no effect. To properly patch such APKs, we need to replace the entry.
frida · Oct 2, 2024 · 18674f4 · 18674f4
1 parent 0733699
commit 18674f4
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/frida_tools/apk.py b/frida_tools/apk.py
@@ -191,18 +191,25 @@ def insert_debuggable(self, name: int, resource_map: ResourceMap) -> None:
 
         # Some parts of Android expect this to be sorted by resource ID.
         attr_offset = None
+        replace = False
         for insert_pos in range(self.attribute_count + 1):
             attr_offset = 0x24 + 20 * insert_pos
             idx = int.from_bytes(chunk_data[attr_offset + 4 : attr_offset + 8], "little")
-            if resource_map.get_resource(idx) > ResourceMap.DEBUGGING_RESOURCE:
+            res = resource_map.get_resource(idx)
+            if res >= ResourceMap.DEBUGGING_RESOURCE:
+                replace = res == ResourceMap.DEBUGGING_RESOURCE
                 break
-        chunk_data[attr_offset:attr_offset] = debuggable
 
-        self.header.size = len(chunk_data)
-        chunk_data[4 : 4 + 4] = struct.pack("<I", self.header.size)
+        if replace:
+            chunk_data[attr_offset:attr_offset+20] = debuggable
+        else:
+            chunk_data[attr_offset:attr_offset] = debuggable
+
+            self.header.size = len(chunk_data)
+            chunk_data[4 : 4 + 4] = struct.pack("<I", self.header.size)
 
-        self.attribute_count += 1
-        chunk_data[28 : 28 + 2] = struct.pack("<H", self.attribute_count)
+            self.attribute_count += 1
+            chunk_data[28 : 28 + 2] = struct.pack("<H", self.attribute_count)
 
         self.header.chunk_data = bytes(chunk_data)