Invalid Smali Code generated from Meitu APK
fmresearchnovak opened this issue · 2 comments
I use apktool to more easily obtain smali code. I noticed that the smali code generated for this particular APK seems to be invalid. Please see the bug I filed on the apktool project. (iBotPeaches/Apktool#2721) The author suggested that the bug is not in apktool, but is actually here in the smali project. For your convenience I have re-written the details of that bug report below.
Information
-
Apktool Version (
apktool -version
) -
$ apktool --version
2.6.0 -
Operating System (Mac, Linux, Windows) -
$ cat /etc/issue
Ubuntu 18.04.6 LTS \n \l -
APK From? (Playstore, ROM, Other) -
Meitu Photo Editor obtained from APKMirror (a copy is NOT attached since github won't allow .apk files)
https://www.apkmirror.com/apk/meitu/meitu-beauty-camera-selfie-drawing-photo-editor/meitu-beauty-camera-selfie-drawing-photo-editor-9-3-6-8-release/
Stacktrace/Logcat
No relevant stracktrace
Steps to Reproduce
-
apktool d meitu.apk
-
open
./meitu/smali_classes4/com/meitu/library/mtmediakit/widget/GestureScissorView.smali
-
Observe the method
.method private d(FF)Landroid/graphics/PointF;
(line 1121) -
Observe the first few instructions which instantiate two 32-bit constants and then attempt to execute an invalid aget-object using them.
.locals 12
const/4 v6, 0x0`
const/4 v7, 0x0
.line 372
aget-object v1, v6, v7
const/4 v8, 0x1
It seems to me that this short sequence of instructions cannot be valid. Am I missing something?
Frameworks
N/A I believe
APK
If this APK can be freely shared, please upload/attach a link to it.
https://www.apkmirror.com/apk/meitu/meitu-beauty-camera-selfie-drawing-photo-editor/meitu-beauty-camera-selfie-drawing-photo-editor-9-3-6-8-release/
Version 9.3.6.8
I found this bug with the apk. I didn't test the bundle.
Questions to ask before submission
- Have you tried
apktool d
,apktool b
without changing anything? Yes - If you are trying to install a modified apk, did you resign it? Not relevant, but yes I can/do re-sign it
- Are you using the latest apktool version? I believe so, yes.
baksmali just disassembles what's there.
using the "dump" functionality, here is an annotated dump of the bytecode you mentioned
158ae8: 1206 | const/4 v6, 0
158aea: 1207 | const/4 v7, 0
158aec: 4601 0607 | aget-object v1, v6, v7
158af0: 1218 | const/4 v8, 1
So yes, that is the bytecode for that method. It looks "valid" at the bytecode level. It would be roughly equivalent to
Object[] array = null;
Object value = array[0];
So it would just result in an NPE if it was ever actually ran.
Interesting! I guess the original Java code of the app is probably also invalid (maybe the original Java code is exactly what you suggested). I wonder if it could be "dead code" that is never executed. That would explain why the Meitu developers haven't removed it.
Anyway, thank you!