# APK Recovery Notes ## Output - Main APK decompile: `out_location/` - Xposed APK decompile: `out_xposed/` ## What Was Recovered ### `location.apk` - `resources/AndroidManifest.xml` - `resources/assets/**` - `resources/res/**` - Shell Java sources under `sources/com/stub/**` and `sources/com/tianyu/**` - Third-party/library sources that were still visible to JADX Key manifest package: - `com.lerist.fakelocation` Observed shell characteristics: - `application android:name="com.stub.StubApp"` - assets contain `.jgapp`, `libjiagu*.so` - runtime extracts `/data/user/0/com.lerist.fakelocation/.jiagu/libjiagu_64.so` - `oatdump` on the installed app only shows shell classes: - `Lcom/stub/StubApp;` - `Lcom/tianyu/util/Configuration;` - `Lcom/tianyu/util/DtcLoader;` - `Lcom/tianyu/util/a;` Conclusion: - This APK is protected by a Jiagu-style shell. - The original business DEX was not recovered by static JADX decompile. - Runtime checks on the server/emulator confirmed that the installed `odex/vdex` still exposed only the shell DEX. ### `location-Xposed.apk` - Decompiled successfully. - Main entry recovered: - `sources/com/lerist/fakelocation/common/xposed/FLBooter.java` - Manifest package: - `com.lerist.fakelocation.common.xposed` - Xposed init: - `resources/assets/xposed_init` ## Practical Meaning - `out_xposed/` is usable as a recovered source baseline. - `out_location/` is only a partial recovery: - manifest - resources - assets - shell loader code - visible third-party code - The protected main business Java/Kotlin source is still missing. ## If You Want To Continue The next realistic paths are: 1. Dump the real DEX from a physical/rooted device while the app is running. 2. Reverse the loaded `libjiagu_64.so` flow and recover the payload decryption logic. 3. Recover native-side logic separately from the APK's `.so` assets if the app moved core features into native code.