Is your feature request related to a problem? Please describe. Quark engine is a apk analyzer that can quicky tell users what this apk does. So we're thinking about integrating quark as one of the analyzers. Users can first use quark to have a quick look of the apk and then dive in the details with the features apklab provides.

Belows are features and reports released recently.

Describe the bug When I am developing in a Remote Container, apktool, jadx or uber-sign-apk are not found while extracting the apk

To Reproduce Steps to reproduce the behavior:

1. Launch VSCode in a remote container (base: ubuntu for isntance)
2. Required Add-ons are installed automatically through the vscode/.devcontainer file
3. The apk to test is on the folder from where I launched the Remote Container
4. Launch the ApkLab add-on
5. java -jar d /workspaces/ApkLab-VSCode/InsecureBankv2.apk -o /workspaces/ApkLab-VSCode/InsecureBankv2 apktool.jar is not found. In the add-on settings the Remote (devcontainer) and Worksapce, the path to the tools are properly identified. In the filesystem, apktool.jar and uber-sign-apk.jar are executable (chmod +x).

Expected behavior Just want the apktool to be found so that the apk can be decompiled.

Console Logs

Extracted /root/.apklab/jadx-1.1.0.zip into /root/.apklab/jadx-1.1.0
-------------------------------------------------------------------------
Decoding InsecureBankv2.apk into /workspaces/ApkLab-VSCode/InsecureBankv2
-------------------------------------------------------------------------
java -jar  d /workspaces/ApkLab-VSCode/InsecureBankv2.apk -o /workspaces/ApkLab-VSCode/InsecureBankv2
Error: Unable to access jarfile
Decoding process exited with code 1

Please paste all your console output here... between the details HTML tags!

System Information:

• OS: Ubuntu 20.04
• VSCode Version: 1.50.1
• VSCode Add-on :
  • Docker
  • Remote Container

Additional context Working in a remote container. Here is the Dockerfile I am using :

FROM ubuntu:20.04 as ubuntu-downloader

ENV HACKTOOLS_DIR=/home/Developpement/HackingTools

WORKDIR $HACKTOOLS_DIR

# Install adb tools, unzip, wget, signapk and apktool
RUN apt update -y && apt install -y  --no-install-recommends \
    wget \
    unzip

# Download apktool-2 & Rename downloaded jar to apktool.jar
RUN mkdir -p /home/Developpement/HackingTools/ApkTool && \
    wget --no-check-certificate --quiet -O /home/Developpement/HackingTools/ApkTool/apktool https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool && \
    wget --no-check-certificate --quiet -O /home/Developpement/HackingTools/ApkTool/apktool.jar https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.1.jar



# Pull Ubuntu LTS image.
FROM ubuntu:20.04

# Labels and Credits
LABEL \
    name="Apk Lab Env" \
    author="Rémi Lavedrine <[email protected]>" \
    maintainer="Rémi Lavedrine <[email protected]>" \
    description="Android Security Test (AndroSecTest) is an automated, all-in-one mobile application (Android) security assessment framework capable of performing static."

ENV SRC_DIR=/root/home/apkLab-Results
ENV HACKTOOLS_DIR=/home/Developpement/HackingTools
WORKDIR $SRC_DIR

# Set up the time as Europe/Paris
ENV TZ=Europe/Paris
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \
    && echo $TZ > /etc/timezone


# Install adb tools, unzip, wget, signapk and apktool
RUN apt update -y && apt install -y --no-install-recommends \
    openjdk-8-jdk \
    usbutils \
    unzip \
    wget \
    android-tools-adb \
    bash-completion \
    golang-go \
    gcc


# Download apktool-2 & Rename downloaded jar to apktool.jar
RUN wget --no-check-certificate --quiet -O /usr/local/bin/apktool https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool && \
    wget --no-check-certificate --quiet -O /usr/local/bin/apktool.jar https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.1.jar && \
    chmod +x /usr/local/bin/apktool && \
    chmod +x /usr/local/bin/apktool.jar


# Install zsh as the default shell within the container.
RUN apt install -y --no-install-recommends git zsh && chsh -s /usr/bin/zsh

RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/v1.1.1/zsh-in-docker.sh)" -- \
    -t https://github.com/denysdovhan/spaceship-prompt \
    -a 'SPACESHIP_PROMPT_ADD_NEWLINE="false"' \
    -a 'SPACESHIP_PROMPT_SEPARATE_LINE="false"' \
    -p git \
    -p sudo \
    -p https://github.com/zsh-users/zsh-autosuggestions \
    -p https://github.com/zsh-users/zsh-completions

Describe the bug When I decompile an apk, it always initializes git in my vscode installation directory whenever it's time to initialize git. When APKLab initialize Git, It always initialize it in my VScode installation directory

To Reproduce Steps to reproduce the behavior:

1. I Click on”open an APK“
2. Select apK file (any one)
3. Check ”decompile_java“ and "--only-main-classes"
4. See error

Expected behavior It does not initialize Git in the decompilated directory as expected

Console Logs

----------------------------------------------------------------------------------------
Decoding apkxxx.apk into c:\Users\User\Desktop\ts\debug\apkxxx
----------------------------------------------------------------------------------------
java -jar C:\Users\User\.apklab\apktool_2.6.0.jar d c:\Users\User\Desktop\ts\debug\apkxxx.apk -o c:\Users\User\Desktop\ts\debug\apkxxx --only-main-classes
I: Using Apktool 2.6.0 on apkxxx.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\User\AppData\Local\apktool\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes3.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes4.dex...
I: Copying raw assets/audience_network.dex file...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
I: Copying META-INF/services directory
Decoding process was successful
----------------------------------------------------------------------------------------------------
Decompiling apkxxx.apk into c:\Users\User\Desktop\ts\debug\apkxxx\java_src
----------------------------------------------------------------------------------------------------
C:\Users\User\.apklab\jadx-1.2.0\bin\jadx.bat -r -q -v -ds c:\Users\User\Desktop\ts\debug\apkxxx\java_src c:\Users\User\Desktop\ts\debug\apkxxx.apk
Decompiling process was successful
----------------------------------------------------------------------------------
Initializing c:\Users\User\Desktop\ts\debug\apkxxx as Git repository
----------------------------------------------------------------------------------
cd "c:\Users\User\Desktop\ts\debug\apkxxx" && git init && git config core.safecrlf false && git add -A && git commit -q -m "Initial APKLab project" 
Reinitialized existing Git repository in E:/code/Microsoft VS Code/.git/
On branch main
nothing to commit, working tree clean
Initializing Git process exited with code 1

System Information:

• OS: Window 10
• VSCode Version: 1.63.1

Additional context Add any other context about the problem here.

Quark-Engine integration

Requirements:

• Python 3.7+
• Quark-Engine 21.01.3+

Add "Quark Analysis" option

Add "Quark Analysis" as one of the "decode quick pick" items.

Then Quark will be executed after the decompilation of Jadx. And the report will appear as a JSON file in the decoded directory.

A warning message pops up when Quark is not installed

When "Quark Analysis" is selected, it will first check whether Quark-Engine has been installed. If not, it will show an error message and exit the process.

Show report as WebView

The summary report of the APK will be shown as a WebView at the bottom panel.

You can also right-click the report file to show the WebView (summary report).

Righ-click quark report file to show WebView (summary report).

Source Code Navigation

In WebView (summary report), click on the description of potential malicious activities, the editor panel will open the exact .smali file and highlight the whole block of the function where the activities are detected.

Note: Meaning of colors in the highlighted smali codes.

• Green: The whole block of function.
• Yellow: Where the native APIs are called.

Is your feature request related to a problem? Please describe. No problem. Just a new feature.

Describe the solution you'd like Provide an option to apply apk-mitm patch once the APK is opened.

Describe alternatives you've considered Install apk-mitm and let it do the job.

Additional context Since APKLab has all the tools needed(Apktool, uber-apk-signer, etc.) and ApkTool will have ability to make an APK debuggable too. So less work overall.

Bumps @types/vscode from 1.45.0 to 1.52.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

This Container is supposed to be used with the VSCode Remote Container extension.

➜ It has every required tools ready to be used at the proper location. ➜ It copies inside the container all the .apk files that are in the folder where you start the Remote Container extension. ➜ You can either attach a running container or build it from the Dockerfile.

Add the VSCode devcontainer.json file

➜ The devcontainer.json file describes everything we want to install in the VSCode development container.

Signed-off-by: Rémi Lavedrine

So now, apktool, jadx and uber-apk-signer are not downloaded and installed somewhere on your machine, but everything stays in the Container and is already downloaded at the proper location within the container.

It works like a charm. 👌🏼 I launched it with InsecureBankv2.apk in the folder and everything was decoded perfectly. 👍🏼

hello, as an exercise I wanted to try checking out the https traffic from this apk: https://apkcombo.com/it-it/wenano/com.tipanano.WeNanoLight/download/apk

I followed all the steps and everything is ok -- I can adb the app onto an android device and start it up. I'm using Proxyman to intercept https traffic, device is configured properly (trusted cert, proxy settings).

However I still see handshake failures (app uses firebase I guess) and cannot proceed beyond the first screen.

--------------------------------------------
Applying patches for HTTPS inspection (MITM)
--------------------------------------------
Using apk-mitm v0.11.1 (https://github.com/shroudedcode/apk-mitm)

[1/3] Modifying app manifest
[2/3] Replacing network security config
[3/3] Disabling certificate pinning
Scanning Smali files...
okhttp3/CertificatePinner: Applied CertificatePinner#check (OkHttp 3.x) patch
com/squareup/okhttp/CertificatePinner: Applied HostnameVerifier#check (OkHttp 2.5) patch
okhttp3/internal/tls/OkHostnameVerifier: Applied HostnameVerifier#verify (javax) patch
io/grpc/okhttp/internal/OkHostnameVerifier: Applied HostnameVerifier#verify (javax) patch
com/squareup/okhttp/internal/tls/OkHostnameVerifier: Applied HostnameVerifier#verify (javax) patch

Successfully applied MITM patches!

should I ask @shroudedcode about this? thanks for the tool!

The bug Upon executing any command, the jar path file (either apktool or uber signer) isn't getting used in the command line, e.g:

java -jar d <path/to/my/apk>

The path of the jar is missing, although the extension downloads it. I hardcoded a correct path in the extension settings, without success.

Expected behavior The extension should not re-download the jar files at every command, and should be using them in the final command lines e.g:

java -jar <path/to/apktool> d <path/to/my/apk>

Console Logs

System Information:

• OS: Ubuntu 18.04.1
• VSCode Version: 1.48.1

I've been using APKLab for a while now, and it's great, so kudos!

However, often the decompile process takes a minute or so, and then I'm stuck waiting for over ten minute for the GIT repo to initialise. And I don't actually need the GIT repo.

Would it be possible to add an option to not create the GIT repo after decompiling?

Thanks

Describe the bug When creating a git repository, it takes too long. In my statistics, it usually takes an average of 30 seconds to work. However, the execution of the 'git init' command takes less than a second.

To Reproduce I made a video of the relevant steps. apklab.mp4 in google drive

In this video, From the 15th second, it executes the 'git init' command until the 41st second, which takes 26 seconds. My previous tests sometimes took 35 seconds to execute this command. But it's just an order. From the 47th second, I started to switch to the corresponding directory to manually execute the 'git init' command, but it took less than 1 second. I checked the source code and probably spent extra time in 'await executeprocess'. But why?

Expected behavior

Correctly speaking, this step takes less than a second to execute the 'git init' command. Then the execution time of this step should not be about 30 seconds.

Console Logs

Nothing different from normal output

System Information:

• OS: Windows 10 professional edition 21H1 19043.1415
• VSCode Version: 1.63.2

Additional context

This is an obvious time consumption. Obviously, it can't be regarded as a bug, but I think it should be improved

Is your feature request related to a problem? Please describe. Some classes like kotlin libs or android core and ad libraries and popular opensource libraries can be ignore for decompiling Describe the solution you'd like Had an ignore list to filter out known package names

Additional context list like https://github.com/niranjan94/show-java/blob/development/app/src/main/assets/ignored.basic.list https://github.com/niranjan94/show-java/blob/development/app/src/main/assets/ignored.list

Currently If there is conflicting class, conflicting class will be renamed to some random class name.

But for multi dex(most of them are) apps, classes are split into multiple dex files, where same class exists in multiple files, but with different methods. this makes unnecessary code complexity to viewer.

Is your feature request related to a problem? Please describe. Add a feature to rename a package name

Describe the solution you'd like Don't know how

Describe alternatives you've considered Couldn't do it manually

Additional context Please

Is your feature request related to a problem? Please describe. No, this is a simple feature request to integrate the CLI APK downloader tool apkeep into this tool. Disclaimer: I'm apkeeps author.

Describe the solution you'd like Integrate apkeep into APKLab's features

Describe alternatives you've considered I don't know of any other generic CLI APK downloader.

Additional context https://github.com/EFForg/apkeep https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader https://www.eff.org/deeplinks/2022/01/eff-threat-labs-apkeep-apk-downloader-now-more-capable-and-available-more-places

Is your feature request related to a problem? Please describe. I'm always frustrated when I click on an apk file but get an unsupported binary warning (see figure 1), can you add a feature like figure 2?

Additional context figure 1

figure 2