From 18674f4f4a856a288e1ac6758c7853a947e1e1e2 Mon Sep 17 00:00:00 2001 From: Thomas Hebb Date: Wed, 2 Oct 2024 16:47:00 -0400 Subject: [PATCH] apk: Support replacing existing debuggable attribute If a package explicitly specifies debuggable="false", adding a new entry setting it to "true" has no effect. To properly patch such APKs, we need to replace the entry. --- frida_tools/apk.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/frida_tools/apk.py b/frida_tools/apk.py index f8430817..83acf5de 100644 --- a/frida_tools/apk.py +++ b/frida_tools/apk.py @@ -191,18 +191,25 @@ def insert_debuggable(self, name: int, resource_map: ResourceMap) -> None: # Some parts of Android expect this to be sorted by resource ID. attr_offset = None + replace = False for insert_pos in range(self.attribute_count + 1): attr_offset = 0x24 + 20 * insert_pos idx = int.from_bytes(chunk_data[attr_offset + 4 : attr_offset + 8], "little") - if resource_map.get_resource(idx) > ResourceMap.DEBUGGING_RESOURCE: + res = resource_map.get_resource(idx) + if res >= ResourceMap.DEBUGGING_RESOURCE: + replace = res == ResourceMap.DEBUGGING_RESOURCE break - chunk_data[attr_offset:attr_offset] = debuggable - self.header.size = len(chunk_data) - chunk_data[4 : 4 + 4] = struct.pack("