Files
gitlab-instance-0a899031_lo…/recovered_source/RECOVERY_NOTES.md
2026-04-05 01:00:07 -05:00

1.9 KiB

APK Recovery Notes

Output

  • Main APK decompile: out_location/
  • Xposed APK decompile: out_xposed/

What Was Recovered

location.apk

  • resources/AndroidManifest.xml
  • resources/assets/**
  • resources/res/**
  • Shell Java sources under sources/com/stub/** and sources/com/tianyu/**
  • Third-party/library sources that were still visible to JADX

Key manifest package:

  • com.lerist.fakelocation

Observed shell characteristics:

  • application android:name="com.stub.StubApp"
  • assets contain .jgapp, libjiagu*.so
  • runtime extracts /data/user/0/com.lerist.fakelocation/.jiagu/libjiagu_64.so
  • oatdump on the installed app only shows shell classes:
    • Lcom/stub/StubApp;
    • Lcom/tianyu/util/Configuration;
    • Lcom/tianyu/util/DtcLoader;
    • Lcom/tianyu/util/a;

Conclusion:

  • This APK is protected by a Jiagu-style shell.
  • The original business DEX was not recovered by static JADX decompile.
  • Runtime checks on the server/emulator confirmed that the installed odex/vdex still exposed only the shell DEX.

location-Xposed.apk

  • Decompiled successfully.
  • Main entry recovered:
    • sources/com/lerist/fakelocation/common/xposed/FLBooter.java
  • Manifest package:
    • com.lerist.fakelocation.common.xposed
  • Xposed init:
    • resources/assets/xposed_init

Practical Meaning

  • out_xposed/ is usable as a recovered source baseline.
  • out_location/ is only a partial recovery:
    • manifest
    • resources
    • assets
    • shell loader code
    • visible third-party code
  • The protected main business Java/Kotlin source is still missing.

If You Want To Continue

The next realistic paths are:

  1. Dump the real DEX from a physical/rooted device while the app is running.
  2. Reverse the loaded libjiagu_64.so flow and recover the payload decryption logic.
  3. Recover native-side logic separately from the APK's .so assets if the app moved core features into native code.