so basically patching breaks at "Reassembling DEX..." step.
disassembly is fine, everything looks ok at first, but when dex is being written back it just dies
my goal was to patch the APK with frida fadget enabled, since the idea was to have runtime hooks and debugging features inside the app
i tried doing it with frida fadget included in the build first, but it didnt work just app even didnt patch
after that I also tried rebuilding and patching without frida gadget at all, just a clean patch pipeline, but the result was exactly the same: same crash at the DexWriter stage.
So at this point it doesn’t look like the issue is related to frida gadget itself.
and im not even sure if frida gadget is actually being injected correctly into the APK. From the structure it should go into lib/arm64-v8a or lib/armeabi-v7a as libgadget.so and also be loaded via assets/frida config, but im not fully sure if its actually getting loaded at runtime
im not sure if i understood it correctly but im trying to figure out the proper way to inject frida gadget into the app through this patching flow
could you please clarify the correct way to do it so it actually gets loaded and works inside the patched apk?
what happens
DEX build goes:
Reassembling DEX...
and after some time:
FATAL in DexWriter
crash points to this method:
Lcom/google/gson/internal/$Gson$Types$ParameterizedTypeImpl;->
looks like dexlib2 just can’t handle some of these generic / type heavy classes?
full erorr:
Reassembling DEX...
X FATAL: com.android.tools.smali.util. ExceptionWithContext:
Exception occurred while writing code_item
for method Lcom/google/gson/internal/
$Gson$Types$ParameterizedTypeImpl;-> (Ljava/lang/reflect/Type;Ljava/lang/reflect/Type; [Ljava/lang/reflect/Type;)V
com.android.tools.smali.dexlib2.writer.DexWriter.writeDebugAn
dCodeltems(DexWriter.java:1119)
com.android.tools.smali.dexlib2.writer.DexWriter.writeTo(DexWri
ter.java:415)
com.android.tools.smali.dexlib2.writer.DexWriter.writeTo(DexWri
ter.java:370)
in.startv.hspatcher.PatchEngine.patchHookDex(PatchEngine.jav a:1206)
in.startv.hspatcher.PatchEngine.access$300(PatchEngine.java:40)
in.startv.hspatcher.PatchEngine$2.call(PatchEngine.java:190)
in.startv.hspatcher.PatchEngine$2.call(PatchEngine.java:187)
java.util.concurrent.FutureTask.run(FutureTask.java:317)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolEx ecutor.java:1156)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPool Executor.java:651)
java.lang.Thread.run(Thread.java:1119)
log part:
Exception while writing code_item
DexWriter.writeDebugAndCodeItems
...then crash
what i noticed
-
main issue seems to be that Gson internal class
ParameterizedTypeImpl is kinda “too complex” for dex writer
-
SmaliMod fails on a lot of files (like 1000+)
btw that basically means those smali files cant be parsed back properly
probably baksmali output is too messy or has weird debug info
-
i tried just deleting all those broken files
build actually went through after that
but app instantly crashes on launch so yeah thats useless lol
what i tried to fix it (but didn’t fully work)
- lowered target api to 26 (older = more stable for dex writer)
- removed stuff like .signature and .param lines
(just debug metadata, not needed for runtime)
idea was to make smali cleaner so dex writer doesn’t choke
result
- build sometimes passes now
- but in many cases still crashes at dex writing stage
- or app just dies after launch if too many classes removed
so issue is not just one thing
its like combination of:
- dexlib2 limitations
- heavy generic classes (gson stuff)
- messy smali output after disassembly
and yeah the app i used to patch was brawl stars from the official google play
so basically patching breaks at "Reassembling DEX..." step.
disassembly is fine, everything looks ok at first, but when dex is being written back it just dies
my goal was to patch the APK with frida fadget enabled, since the idea was to have runtime hooks and debugging features inside the app
i tried doing it with frida fadget included in the build first, but it didnt work just app even didnt patch
after that I also tried rebuilding and patching without frida gadget at all, just a clean patch pipeline, but the result was exactly the same: same crash at the DexWriter stage.
So at this point it doesn’t look like the issue is related to frida gadget itself.
and im not even sure if frida gadget is actually being injected correctly into the APK. From the structure it should go into lib/arm64-v8a or lib/armeabi-v7a as libgadget.so and also be loaded via assets/frida config, but im not fully sure if its actually getting loaded at runtime
im not sure if i understood it correctly but im trying to figure out the proper way to inject frida gadget into the app through this patching flow
could you please clarify the correct way to do it so it actually gets loaded and works inside the patched apk?
what happens
DEX build goes:
Reassembling DEX...
and after some time:
FATAL in DexWriter
crash points to this method:
Lcom/google/gson/internal/$Gson$Types$ParameterizedTypeImpl;->
looks like dexlib2 just can’t handle some of these generic / type heavy classes?
full erorr:
Reassembling DEX...
X FATAL: com.android.tools.smali.util. ExceptionWithContext:
Exception occurred while writing code_item
for method Lcom/google/gson/internal/
$Gson$Types$ParameterizedTypeImpl;-> (Ljava/lang/reflect/Type;Ljava/lang/reflect/Type; [Ljava/lang/reflect/Type;)V
com.android.tools.smali.dexlib2.writer.DexWriter.writeDebugAn
dCodeltems(DexWriter.java:1119)
com.android.tools.smali.dexlib2.writer.DexWriter.writeTo(DexWri
ter.java:415)
com.android.tools.smali.dexlib2.writer.DexWriter.writeTo(DexWri
ter.java:370)
in.startv.hspatcher.PatchEngine.patchHookDex(PatchEngine.jav a:1206)
in.startv.hspatcher.PatchEngine.access$300(PatchEngine.java:40)
in.startv.hspatcher.PatchEngine$2.call(PatchEngine.java:190)
in.startv.hspatcher.PatchEngine$2.call(PatchEngine.java:187)
java.util.concurrent.FutureTask.run(FutureTask.java:317)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolEx ecutor.java:1156)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPool Executor.java:651)
java.lang.Thread.run(Thread.java:1119)
log part:
Exception while writing code_item
DexWriter.writeDebugAndCodeItems
...then crash
what i noticed
main issue seems to be that Gson internal class
ParameterizedTypeImpl is kinda “too complex” for dex writer
SmaliMod fails on a lot of files (like 1000+)
btw that basically means those smali files cant be parsed back properly
probably baksmali output is too messy or has weird debug info
i tried just deleting all those broken files
build actually went through after that
but app instantly crashes on launch so yeah thats useless lol
what i tried to fix it (but didn’t fully work)
(just debug metadata, not needed for runtime)
idea was to make smali cleaner so dex writer doesn’t choke
result
so issue is not just one thing
its like combination of:
and yeah the app i used to patch was brawl stars from the official google play