-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[core] Caused by: java.util.zip.ZipException: invalid CEN header (bad compression method: 7261) #2171
Comments
It is a known problem that ZIP implementation of Java does not support archives with unknown compression methods. As you can see from the stack trace this happens when creating the The only way to solve this problem would be using a completely different ZIP implementation. |
You are right. Maybe we can analyze the source code by referring to the zip of the source code and ignore some of the verification fields that throw exceptions. |
To my knowledge there is no option or other possibility to skip this check. |
It is true that Java is very difficult to implement. Perhaps introducing an external decompression tool is a better choice. Instead of calling the system library directly, it can be made into a configuration option. When encountering confusion, users can choose the decompression tool themselves. In this way, decompilation can continue. I think this implementation is better than exiting directly. |
You have the sample file. Feel free to test other libraries but to my knowledge there are not many like ZIP libraries that have an own implementation. Just two candidates come to my mind: apache-commons-compress and zip4j. |
@jpstotz
Will try other lib 😕 |
Apache Commons Compress also doesn't support fake compression method:
Looks like the only way to fight such tampering is to write own zip reader implementation 🤣 |
It must be what JEB has done (link to JEB API). It's working fine for me with JEB 5.12: |
I actually implemented my own zip parser, and it is working fine 🤣 |
Fixed in PR #2298 by @qfalconer 🎉 |
Well done, I provide another idea: I first check whether the apk file has modified the zip file format through a third-party tool. If so, use it to decompress, and then use jadx to analyze the dex file. Since this implementation requires the use of third-party tools, I did not provide a PR |
Issue details
The malware exploits the Android system's failure to verify zip flag tampering, causing an exception to be thrown when parsing the apk.
Relevant log output or stacktrace
Provide sample and class/method full name
test.zip
Jadx version
1.5.0
The text was updated successfully, but these errors were encountered: