[Soot-list] Android App Manipulation with Soot

Dave Webb Dave.Webb at gmx.de
Sun May 29 09:39:09 EDT 2016 

Hi,
I want to use Soot in order to modify Android Apps.
However, I do *not* want to use the Instrumentation API shown in [1], but instead I want to transform an APK to Jimple, then manually manipulate the Jimple code with my own tools and afterwards transform the modified Jimple code back into an APK.

In order to setup this toolchain, I'm currently doing the following:
1. Use soot to transform an APK file into Jimple files
2. Use soot to transform the Jimple files into a DEX file
3. Repack the new DEX file with the original resources/assets/...
4. Sign and zipalign the APK

Although none of these steps produces an error, the final APK is not executable and crashes instantly when launched (see [2]).

My questions are:
1. Is my goal as described above achievable with Soot at all?
2. If so, which of the previously described steps is most likely the culprit?

Any help is highly appreciated!

[1] https://github.com/Sable/soot/wiki/Instrumenting-Android-Apps-with-Soot
[2] adb logcat output:

05-29 15:12:51.841  4274  4274 E dex2oat : Failed to create oat file: /data/dalvik-cache/arm/data at app@com.example.webb.test4-1 at base.apk@classes.dex: Permission denied
05-29 15:12:51.841  4274  4274 I dex2oat : dex2oat took 854.492us (threads: 4) 
05-29 15:12:51.844  4255  4255 W art     : Failed execv(/system/bin/dex2oat --runtime-arg -classpath --runtime-arg  --instruction-set=arm --instruction-set-features=smp,div,atomic_ldrd_strd --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --compiler-filter=speed --instruction-set-variant=krait --instruction-set-features=default --dex-file=/data/app/com.example.webb.test4-1/base.apk --oat-file=/data/dalvik-cache/arm/data at app@com.example.webb.test4-1 at base.apk@classes.dex) because non-0 exit status
05-29 15:12:51.962  4255  4255 W art     : Failure to verify dex file '/data/app/com.example.webb.test4-1/base.apk': Invalid type descriptor: 'Ljava/lang/'annotation'/Annotation;'
05-29 15:12:51.963  4255  4255 W System  : ClassLoader referenced unknown path: /data/app/com.example.webb.test4-1/lib/arm
05-29 15:12:51.966  4255  4255 D AndroidRuntime: Shutting down VM
05-29 15:12:51.968  4255  4255 E AndroidRuntime: FATAL EXCEPTION: main
05-29 15:12:51.968  4255  4255 E AndroidRuntime: Process: com.example.webb.test4, PID: 4255
05-29 15:12:51.968  4255  4255 E AndroidRuntime: java.lang.RuntimeException: Unable to instantiate activity ComponentInfo{com.example.webb.test4/com.example.webb.test4.MainActivity}: java.lang.ClassNotFoundException: Didn't find class "com.example.webb.test4.MainActivity" on path: DexPathList[[zip file "/data/app/com.example.webb.test4-1/base.apk"],nativeLibraryDirectories=[/data/app/com.example.webb.test4-1/lib/arm, /vendor/lib, /system/lib]]
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2361)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2520)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.app.ActivityThread.-wrap11(ActivityThread.java)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.os.Handler.dispatchMessage(Handler.java:102)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.os.Looper.loop(Looper.java:148)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.app.ActivityThread.main(ActivityThread.java:5466)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at java.lang.reflect.Method.invoke(Native Method)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: Caused by: java.lang.ClassNotFoundException: Didn't find class "com.example.webb.test4.MainActivity" on path: DexPathList[[zip file "/data/app/com.example.webb.test4-1/base.apk"],nativeLibraryDirectories=[/data/app/com.example.webb.test4-1/lib/arm, /vendor/lib, /system/lib]]
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.app.Instrumentation.newActivity(Instrumentation.java:1068)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2351)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	... 9 more
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	Suppressed: java.io.IOException: Failed to open dex files from /data/app/com.example.webb.test4-1/base.apk
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.DexFile.openDexFileNative(Native Method)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.DexFile.openDexFile(DexFile.java:295)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.DexFile.<init>(DexFile.java:80)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.DexFile.<init>(DexFile.java:59)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.DexPathList.loadDexFile(DexPathList.java:279)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.DexPathList.makePathElements(DexPathList.java:248)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.DexPathList.<init>(DexPathList.java:120)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.BaseDexClassLoader.<init>(BaseDexClassLoader.java:48)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at dalvik.system.PathClassLoader.<init>(PathClassLoader.java:65)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at android.app.ApplicationLoaders.getClassLoader(ApplicationLoaders.java:58)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at android.app.LoadedApk.getClassLoader(LoadedApk.java:376)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at android.app.LoadedApk.makeApplication(LoadedApk.java:569)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4729)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at android.app.ActivityThread.-wrap1(ActivityThread.java)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1424)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		... 6 more
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	Suppressed: java.lang.ClassNotFoundException: com.example.webb.test4.MainActivity
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at java.lang.Class.classForName(Native Method)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at java.lang.BootClassLoader.findClass(ClassLoader.java:781)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 		... 12 more
05-29 15:12:51.968  4255  4255 E AndroidRuntime: 	Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack trace available
05-29 15:12:51.970   721  3302 W ActivityManager:   Force finishing activity com.example.webb.test4/.MainActivity

More information about the Soot-list mailing list