Some folders in my phone storage include files like this:
dzG럫saᡑῑ.sg
존Ὣ 졼).sg
So when I try to read files from this folder with File.listFiles() function my app crashes:
JNI DETECTED ERROR IN APPLICATION: input is not valid Modified UTF-8:
illegal start byte ...... string: 'dzG럫saᡑῑ.sg'
I found out which app creates them, but it doesn't matter, for example if other users would have similar files on their phone memory, I can't just ask them to remove it
I just want to avoid app crashing
Even try...catch doesn't help (cause error with JNI/LINUX/C++):
try {
... = dir.listFiles();
} catch (RuntimeException e) {
//
}
So how am I supposed to solve this problem?
Same issue here File.listFiles crashes for invalid UTF-8 characters
But answer with signing apk isn't good, how is it even related to this issue?
Any other solutions?
And seems debug apk is signed automatically (with debug certificate):
When running or debugging your project from the IDE, Android Studio
automatically signs your APK with a debug certificate generated by the
Android SDK tools. The first time you run or debug your project in
Android Studio, the IDE automatically creates the debug keystore and
certificate in $HOME/.android/debug.keystore, and sets the keystore
and key passwords.
As a workaround for API>=26 you can use DirectoryStream
Related
Using Xamarin.Android 10.3 I'm trying to sign a Release package from Visual Studio 16.6.5. In order not to include the password as plaintext on the csproj file, I've added a file in the project folder called Pass.txt and exluded it in the git.ignore file
But when it comes to the signing process it fails with:
Failed to load signer "signer #1"
java.io.IOException: Failed to read Key "myapp" password for signer #1 : end of file reached in C:\Users\myuser\source\repos\MyApp.Xamarin\Pass.txt
If I remove the file:Pass.txt and past the password it works fine.
According to this release we can use file: in Xamarin 10.1 an later.
<PropertyGroup>
<AndroidSigningStorePass>file:C:\Users\Windows User\AndroidSigningPassword.txt</AndroidSigningStorePass>
<AndroidSigningKeyPass>file:C:\Users\Windows User\AndroidSigningPassword.txt</AndroidSigningKeyPass>
</PropertyGroup>
Missed "Note that if the same file is specified for both settings, the file must contain two lines. The first line must be the keystore password, and the second line must be the alias password. – Fritjof Berggren just now"
Adding the password twice on the file fixed it
Sometimes the issue just fixes and you well never know how.
This is what I did and it is fixed.
Goto Tools>> Android >> Android ADB Command Prompt
Type C:\Android\SDK>adb remove {your Package Name}
Clean Project
Build in Release Mode
after that clean and rebuild in Debug mode.
For me this issue was that I have the folder in One Drive and I have set the option for saving space, so I just have the link in my machine,as soon as I download the file, it works
I want to ask if there is a possibility to debug a release apk without having source code and how we can prevent user to do this action ?
I thought that I can't debug an apk without a source code ( manifest has by default android:debuggable="false") until I sent it to a client and he asks me to disable debuggable mode because he got this issue . I try to reproduce the problem and I'm thinking if he did a reverse engineering.
You can debug an already signed APK with a number of different tools. Most approaches would be considered a form of reverse engineering. At a high level, a common approach (for dynamic "live" debugging) would be to:
Use APKTool to enable debugging via the property in the AndroidManifest.xml. Align and sign the newly modified APK.
Use ADB to push the new "debuggable" APK to the device/emulator.
Use a debugger such as GDB (NDK includes a gdbserver with the arm toolchain).
It's worth mentioning that static analysis can be an option too, whereby the APK could be unpacked and decompiled to SMALI/Java.
There are a number of tools available to help reverse and debug APK's. Some I use frequently are; dex2jar, JDGUI, APK Studio, JEB, IDA Pro, VisualGDB.
You can debug APKs without having source code, using Android Studio 3.0 and higher
First make sure to Enable Debugging
To start debugging an APK, click Profile or debug APK from the Android
Studio Welcome screen. Or, if you already have a project open, click
File > Profile or Debug APK from the menu bar. In the next dialog
window, select the APK you want to import into Android Studio and
click OK.
Some prevention tricks against debugging:
1. Checking the Debuggable Flag in ApplicationInfo
The android:debuggable flag in the Android Manifest determines whether the JDWP thread is started for the app. Its value can be determined programmatically, via the app's ApplicationInfo object. If the flag is set, the manifest has been tampered with and allows debugging.
public static boolean isDebuggable(Context context){
return ((context.getApplicationContext().getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0);
}
2. isDebuggerConnected
The Android Debug system class offers a static method to determine whether a debugger is connected. The method returns a boolean value.
public static boolean detectDebugger() {
return Debug.isDebuggerConnected();
}
The same API can be called via native code by accessing the DvmGlobals global structure.
JNIEXPORT jboolean JNICALL Java_com_test_debugging_DebuggerConnectedJNI(JNIenv * env, jobject obj) {
if (gDvm.debuggerConnected || gDvm.debuggerActive)
return JNI_TRUE;
return JNI_FALSE;
}
3. APK Signatures check
If APK is resigned, its signature would have changed. Check that against your original APK signature.
we can not debug apk.
You can check only logs if used for release build.
open Android Monitor in android studio at the bottom
and select No Filter from drop down appears at top-left.
You will be able to see logs of released .apk
The new Android Studio allows us to save keystore passwords for later use. Where are these passwords stored on my computer (OSX), and is there a way to retrieve the saved values?
EDIT
I am looking for the Alias password, not the Keystore password
You can find this in the idea.log files generated by Android Studio:
Search for "Pandroid.injected.signing.key.password" and you can see the key password.
Example logs:
2015-11-13 10:22:48,844 [ 709463] INFO -
a.gradle.invoker.GradleInvoker - Build command line options:
[--configure-on-demand, -Pandroid.injected.invoked.from.ide=true,
-Pandroid.injected.signing.st ore.file=/Users/varun/Projects/myapp/mykey.jks,
-Pandroid.injected.signing.store.password=mykeystorepassword, -Pandroid.injected.signing.key.alias=myalias, -Pandroid.injected.signing.key.password=mykeypassword , -Pandroid.injected.apk.location=/Users/varun/code/android/workspace/myapp,
--init-script, /private/var/folders/vk/z504nlhd6v30p7zvtgjp5sjm0000gn/T/asLocalRepo0.gradle]
Note 1: On OSX the idea.log file can be found at ~/Library/Logs/AndroidStudio2.0
Note 2: If you don't find the password in idea.log, then also look at the files called idea.log.1, idea.log.2 and so on.
Source
On macOS the latest versions of Android Studio (tested on 3.2) store keystore/key passwords in the Keychain under the following items:
org.jetbrains.android.exportSignedPackage.KeystoreStep$KeyStorePasswordRequestor
org.jetbrains.android.exportSignedPackage.KeystoreStep$KeyPasswordRequestor
The former stores the password of the keystore itself, and the latter – the password to the key.
You can access them using system Keychain Access app. Locate corresponding entry and double-click it. The Account field should contain the path to your keystore or the path to the key alias within the keystore in the following form:
KEY_STORE_PASSWORD__/Users/username/keystorename or KEY_STORE_PASSWORD__/Users/username/keystorename__alias
Click Show password and enter your macOS password when requested. That's it!
Method 1: Read from gradle build runtime
Step 1: add below code to app/build.gradle
afterEvaluate {
if (project.hasProperty("android.injected.signing.store.file")) {
println "key store path: ${project.property("android.injected.signing.store.file")}"
}
if (project.hasProperty("android.injected.signing.store.password")) {
println "key store password: ${project.property("android.injected.signing.store.password")}"
}
if (project.hasProperty("android.injected.signing.key.alias")) {
println "key alias: ${project.property("android.injected.signing.key.alias")}"
}
if (project.hasProperty("android.injected.signing.key.password")) {
println "key password: ${project.property("android.injected.signing.key.password")}"
}
}
Step 2: from menu Build -> Generate Signed apk/bundle to start a build.
Step 3: open Build window located in Android Studio's bottom, lookup key store info
Method 2: Read from Idea persistent storage
I wrote a Idea plugin, named RestoreKeystorePlugin
Step 1: download jar file from download link
Step 2: install the plugin to Android Studio
then restart Android Studio if required
Step 3: select Tools -> Restore Keystore Info menu, it will show key store info on a dialog
For anyone attempting keystore password recovery on more recent versions of Android Studio and Ubuntu, it seems that most documented suggestions to recover the password from logs, gradle, etc no longer work. Corneliu's excellent brute force script is great - unless you chose a 16 character password with no dictionary words in it and would like a result some time this month :) Using the Intellij security.xml solution is no longer available to retrieve saved passwords from Android Studio either, as far as I can tell.
However - having dug around a bit, Android Studio 3.1 seems to use the OS keychain in Ubuntu 18.04, so retrieving a saved keystore password is as simple as:
open 'Passwords and Keys' (use super key and search 'password')
filter results by 'android'
look at each entry, they will be
something like org.jetbrains.android...KeyPasswordRequestor, and
open each one up in turn
expand the password dropdown and select
'Show password', it will look something like:
KEY_STORE_PASSWORD__/home/pathto/keystore/keystore-name.jks#mycoolpassword
Find the keystore you're looking for and the bit after # is your missing password. Hope that helps someone out there!
Gradle stores them within your project directory in a binary file. You can get them like this (from the project directory):
strings .gradle/GRADLE_VERSION/taskArtifacts/taskArtifacts.bin | grep storePassword -A1
(Thanks to https://stackoverflow.com/a/33624636/1982087 for the taskArtifacts.bin pointer)
look for the log file from the date which you had signed your apk and you can find your key info there like below.
-Pandroid.injected.signing.store.password=[store_password],
-Pandroid.injected.signing.key.alias=[alias],
-Pandroid.injected.signing.key.password=[key_password]
you can find your log files under
C:\Users\username.AndroidStudio[versionNum]\system\log\
I had the same problem!
it makes me crazy but I found a little script that it´s saves me: https://github.com/corneliudascalu/intellij-decrypt
I think it could help you.
Good Look
I have small problem with displaying cyrillic app name on PlayBook and BB10 simulator. Looks like it's incorrectly encoded from russian.
Problem appeared after updating bb eclipse plugin from version 1.3 to 1.5, with plugin v.1.3 it worked just ok.
I'll appreciate any help or ideas.
Here is screenshot from bb10 simulator:
I found workaround myself.
When I got problems with encodding with bb eclipse plugin, I decided to do the same thing with comandline tools.
After tools setup (sing keys, debug tokens, etc), I've tried to repackage my apk file with this command (source apk file was in apk/ folder and destination for bar file was bar/ folder)
./apk2bar apk/ -d bbplaybookdebugtoken.bar -t bar/ -a "zasadnyy" -cg
When I've got .bar file, I've installed it with command:
/batchbar-deploy bar/ 192.168.1.35 mysecretpass
Unfortunatelly result was unsuccsessful, app name was incorrectly encoded again. After first fail I've read documentation a bit more and tried to use this approach: http://developer.blackberry.com/android/documentation/creating_a_custom_manifest_file_2016828_11.htm...
When I unzipped bar file and opened MANIFEST.MS - I've found this line:
Application-Name: –ì–µ—Ä–æ–∏
According to documentation solution should be quite strainforward:
1. Rename MANIFEST.MS to <you apk name>.mf
2. Update incorrect properties, in my case I've changed line from above to "Application-Name: Герои"
3. Put edited manifest file in the same folder as <your apk name>.apk and rerun apk2bar tool with **-m** parameter, e.g.:
./apk2bar apk/ -d bbplaybookdebugtoken.bar -t bar/ -a "zasadnyy" -m -cg
Repackage, deploy, run and ..... and again FAIL. Application name was "–ì–µ—Ä–æ–∏".
After second fail, I decided to make dirty hack, I've edited MANIFEST.MF directly in repackaged bar file (Unzip -> edit manifest -> zip -> change file extension to .bar).
Deploy updated .bar file to playbook and .... YEAH, we've got cyrilic app name!
Conclusion and FIX:
Looks like in 1.5 release if apk2bar tool manifest encoding is misconfigured (in ver. 1.3 it worked just ok)
In oder to FIX issue: Unzip unsigned bar file -> edit manifest -> zip -> change file extension back to .bar
I had the same problem I believe, but the symptoms have been different. I was not even able to install the app on my test device and explicitly running blackberry-signer -verify confronted me with the Invalid signature file digest for Manifest. error.
The MANIFEST.MF file seems to be properly encoded in utf-8 by the apk2bar tool, but the following signing process seems to read this using the platform's default encoding. I added the following java parameter to the blackberry-signer.bat as well as the apk2bar.bat batch file scripts of the command line tools to make it work properly:
-Dfile-encoding=utf-8
(This is for version 1.5.2 of the tools)
According to the 'help' target documentation:
debug: builds the applications and
signs it with a debug key
release; builds the application: the
generated APK file must be signed
before it is published
Here is what I found, which is a bit different than what I expected:
debug: ignores keystore definitions in build.properties whether you specify them or not. Which kesystore file is it using? The same as Eclipse: the default debug.keystore file in your Documents and Settings?
It creates two files:
-debug-unaligned.apk (signed, unaligned)
-debug.apk (signed, aligned)
release: 'help' says it doesn't sign it. It creates these files:
-unsigned.apk (unsigned, unaligned)
The next two are only if you have the values specified in build.properties:
-unaligned.apk (signed, unaligned)
-release.apk (signed, aligned)
Any helpful comments / verifications will be greatly appreciated.
Which kesystore file is it using? The same as Eclipse: the default debug.keystore file in your Documents and Settings?
Yes.
As far as the release target goes, you will get behaviour like this:
If you have lines like:
key.store=c:/users/me/my-release-key.keystore
key.alias=release_alias
key.store.password=myStorePassword
key.alias.password=myAliasPassword
in your build.properties, it will automatically build and sign your apk with no prompting for anything.
If you comment out the last two lines, then it will prompt you for the passwords, then complete a signed build if the passwords are OK.
If you don't have any of the above lines, then it will just build you an unsigned apk with no prompting for anything and end with:
-release-nosign:
[echo] No key.store and key.alias properties found in build.properties.
[echo] Please sign C:\dev\projects\AntBuilds\MyProject\bin\MyProject-unsigned.apk manually
[echo] and run zipalign from the Android SDK tools.
.
This answer works for me, I am using ant to auto-compile android app, it prompts and need password, I wrote one file named password, and using the command ---ant release < passwd,
However, it also prompts that I need input password.
Using the tips here
key.store=c:/users/me/my-release-key.keystore
key.alias=release_alias
key.store.password=myStorePassword
key.alias.password=myAliasPassword
I solved this problem.