Files
2026-04-05 01:00:07 -05:00

67 lines
1.9 KiB
Markdown

# APK Recovery Notes
## Output
- Main APK decompile: `out_location/`
- Xposed APK decompile: `out_xposed/`
## What Was Recovered
### `location.apk`
- `resources/AndroidManifest.xml`
- `resources/assets/**`
- `resources/res/**`
- Shell Java sources under `sources/com/stub/**` and `sources/com/tianyu/**`
- Third-party/library sources that were still visible to JADX
Key manifest package:
- `com.lerist.fakelocation`
Observed shell characteristics:
- `application android:name="com.stub.StubApp"`
- assets contain `.jgapp`, `libjiagu*.so`
- runtime extracts `/data/user/0/com.lerist.fakelocation/.jiagu/libjiagu_64.so`
- `oatdump` on the installed app only shows shell classes:
- `Lcom/stub/StubApp;`
- `Lcom/tianyu/util/Configuration;`
- `Lcom/tianyu/util/DtcLoader;`
- `Lcom/tianyu/util/a;`
Conclusion:
- This APK is protected by a Jiagu-style shell.
- The original business DEX was not recovered by static JADX decompile.
- Runtime checks on the server/emulator confirmed that the installed `odex/vdex` still exposed only the shell DEX.
### `location-Xposed.apk`
- Decompiled successfully.
- Main entry recovered:
- `sources/com/lerist/fakelocation/common/xposed/FLBooter.java`
- Manifest package:
- `com.lerist.fakelocation.common.xposed`
- Xposed init:
- `resources/assets/xposed_init`
## Practical Meaning
- `out_xposed/` is usable as a recovered source baseline.
- `out_location/` is only a partial recovery:
- manifest
- resources
- assets
- shell loader code
- visible third-party code
- The protected main business Java/Kotlin source is still missing.
## If You Want To Continue
The next realistic paths are:
1. Dump the real DEX from a physical/rooted device while the app is running.
2. Reverse the loaded `libjiagu_64.so` flow and recover the payload decryption logic.
3. Recover native-side logic separately from the APK's `.so` assets if the app moved core features into native code.