67 lines
1.9 KiB
Markdown
67 lines
1.9 KiB
Markdown
# APK Recovery Notes
|
|
|
|
## Output
|
|
|
|
- Main APK decompile: `out_location/`
|
|
- Xposed APK decompile: `out_xposed/`
|
|
|
|
## What Was Recovered
|
|
|
|
### `location.apk`
|
|
|
|
- `resources/AndroidManifest.xml`
|
|
- `resources/assets/**`
|
|
- `resources/res/**`
|
|
- Shell Java sources under `sources/com/stub/**` and `sources/com/tianyu/**`
|
|
- Third-party/library sources that were still visible to JADX
|
|
|
|
Key manifest package:
|
|
|
|
- `com.lerist.fakelocation`
|
|
|
|
Observed shell characteristics:
|
|
|
|
- `application android:name="com.stub.StubApp"`
|
|
- assets contain `.jgapp`, `libjiagu*.so`
|
|
- runtime extracts `/data/user/0/com.lerist.fakelocation/.jiagu/libjiagu_64.so`
|
|
- `oatdump` on the installed app only shows shell classes:
|
|
- `Lcom/stub/StubApp;`
|
|
- `Lcom/tianyu/util/Configuration;`
|
|
- `Lcom/tianyu/util/DtcLoader;`
|
|
- `Lcom/tianyu/util/a;`
|
|
|
|
Conclusion:
|
|
|
|
- This APK is protected by a Jiagu-style shell.
|
|
- The original business DEX was not recovered by static JADX decompile.
|
|
- Runtime checks on the server/emulator confirmed that the installed `odex/vdex` still exposed only the shell DEX.
|
|
|
|
### `location-Xposed.apk`
|
|
|
|
- Decompiled successfully.
|
|
- Main entry recovered:
|
|
- `sources/com/lerist/fakelocation/common/xposed/FLBooter.java`
|
|
- Manifest package:
|
|
- `com.lerist.fakelocation.common.xposed`
|
|
- Xposed init:
|
|
- `resources/assets/xposed_init`
|
|
|
|
## Practical Meaning
|
|
|
|
- `out_xposed/` is usable as a recovered source baseline.
|
|
- `out_location/` is only a partial recovery:
|
|
- manifest
|
|
- resources
|
|
- assets
|
|
- shell loader code
|
|
- visible third-party code
|
|
- The protected main business Java/Kotlin source is still missing.
|
|
|
|
## If You Want To Continue
|
|
|
|
The next realistic paths are:
|
|
|
|
1. Dump the real DEX from a physical/rooted device while the app is running.
|
|
2. Reverse the loaded `libjiagu_64.so` flow and recover the payload decryption logic.
|
|
3. Recover native-side logic separately from the APK's `.so` assets if the app moved core features into native code.
|