View Single Post
Old 02-08-2020, 06:21 PM   #18
Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.Peripathetic composes epic poetry in binary.
Posts: 38
Karma: 90402
Join Date: Feb 2019
Device: Tolino Shine 3
Fun with APKs

Most Android devices use a number of different APKs to implement specific functions (launcher, dialer, file explorer, file viewer, browser, etc.). While the Tolino also comes with a lot of APKs, they are all very low-level, and practically all the interesting functionality is concentrated in EPubProd.apk, which is the launcher, book browser, book reader, Internet browser, and settings menu all at the same time.

To Keep or Not to Keep

Some people might at this point be inclined to just delete this APK from device and install their custom launcher and book reader applications. This is definitely an option, although with a few caveats: most importantly, full screen refresh would have to be reimplemented in the reader app, which was apparently already done in KOReader, and almost done in CoolReader. Another app would have to be used to allow the adjustment of backlight settings (there's one written by Ryogo of TWRP fame). The device also wouldn't support automatic suspend and resume with smart cover but in principle it would still work fine with EPubProd.apk gone, as long as you installed a replacement launcher.

Yet another option is to keep EPubProd.apk but not as a launcher. If more than one application provides launcher functionality, Android will prompt the user to make the choice. We can force this prompt to appear programmatically with ADB:

adb shell am start -c android.intent.category.HOME -a android.intent.action.MAIN

EPubProd.apk's manifest could also be modified to not make it appear as a launcher and perhaps go back to another launcher instead of its home screen. There are a lot of possibilities.

As for my Tolino however, I decided to mostly leave the EPubProd app (is that short for "EPub Product?") working the way it was originally intended to, only changing some relatively minor aspects of it, so this is what I'm going to describe.

The Right Tools for the Job

Android application packages are not supposed to be reverse engineered but of course they can be. There exists a great utility for meddling with them called Apktool. Other useful tools include Android Asset Packaging Tool (AAPT) and Smali/Baksmali. All these require Java Runtime Environment (JRE) to run, I suggest getting a portable version of it to avoid cluttering your system with unneeded Oracle garbage.

Applications are generally written in a high-level language such as Java or Kotlin but can be decompiled only to Dalvik virtual machine pseudo-assembly language. The numerous .smali files can then be edited with a text editor. Afterwards, the APK can be compiled together again. While this is doable even with the Notepad bundled with Windows, I suggest getting a better editor such as Notepad++. Two more useful tools are GrepWin to search for text or regular expression patterns in many files at once, and WinMerge to compare the contents of two (or even three) files or directories. All these utilities are open source and cost nothing.

As a rule APKs need to be signed but this is not strictly enforced for system apps, and we can take advantage of this to keep things simpler. When making changes, you can keep the original signature metadata. A recompiled (and signed) APK should be processed by Zipalign, a small command-line utility distributed with Android Studio. It will still work without this step but might run slower and there might be a warning message written to the system log.

What Also Works Sometimes

While Apktool is the proper tool of choice for serious APK modification, there exists another way. An APK file is just a ZIP archive at the core and can be unpacked and packed with a tool like 7-Zip. While all the code is inside classes.dex and cannot be conveniently edited this way, resources (data) can easily be replaced. XML files inside the APK are in "binary" format and will look like gibberish but other than that, assets and resources generally can be modified without having to resort to Apktool. This is sufficient for some of the modifications I describe in the next post.

Installing the Modified APK

This in fact can be done on a live system, and the commands are as follows:
  • adb shell mount -o remount,rw /system
  • adb push EPubProd.apk /system/app/
  • adb shell chown root.root /system/app/EPubProd.apk
  • adb shell chmod 644 /system/app/EPubProd.apk
  • adb shell chcon u:object_r:system_file:s0 /system/app/EPubProd.apk
  • adb shell mount -o remount,ro /system
Now the only missing piece of the puzzle is the modified APK itself.

Last edited by Peripathetic; 02-08-2020 at 06:57 PM.
Peripathetic is offline   Reply With Quote