Zenyte originally released a mobile client back in July 2019, being the first private server to release an OSRS mobile client to the public.
The server had only released a month prior, and it actually only took us about 2 weeks of working on it part-time before releasing it, most of which being research.
In this thread I will be covering how to take an Android .apk file, decoding it, modifying it, and turning it back into an apk file.
This thread is only going to cover Android and using smali.
My numbers may be slightly off, but OSRS stopped obfuscating/scrambling/shuffling (whatever the right word is!) between 176 and 183.
This means that, during this time, each revision upgrade did not have a different set of shuffled packets/opcodes, meaning revisions could be upgraded much easier as packets did not have to be reidentified each time.
At the time, mobile packets were the same as desktop, meaning each opcode and packet contents was identical to the desktop client.
Because of this, one did not have to separately identify the packets of the mobile client, and instead use the already-identified desktop packets for mobile too.
These days, mobile packets are both shuffled/obfuscated differently to desktop, as well as changed every revision, again just like desktop.
Therefore if you plan on using a recent revision of OSRS you must identify the packets in the mobile client separately, and support multiple protocols server side.
If you are familiar with dex2jar, it may be the elephant in the room.
Why bother with apktool and smali if you can just use dex2jar and use java instead?
dex2jar does not completely decompile/translate the mobile client, and many methods fail, especially within the client class.
That being said, you may find it useful to partially turn smali into java in order to modify the client, and turn those modifications back into smali.
It may also prove useful for identifying post-183 mobile packets, however that is out of the scope of this thread.
As the title states, this thread is about Android only.
Can you use the iOS OSRS mobile app for your RSPS? Yes, it's absolutely possible.
There are many obstacles in every step of the way, which Android does not face. [Only registered and activated users can see links. ]
It's definitely possible, albeit a lot more annoying for both developing and installing, so hopefully one day someone will post some info about it.
At Zenyte, we didn't bother pursuring it very far outside of a bit of research and unpacking an .ipa - mostly because of the hoops you have to jump through to even install the thing in the first place, which Android does not face.
It probably doesn't have to be stated, however you won't get your RSPS mobile client on any official App Stores (i,e. Google Play Store).
Even if you did, Jagex would most likely swiftly get it removed and send something your way. Not something anyone, including the community as a whole, particularly wants happening.
For Android, you can easily host the .apk yourself on your website, and require users to download it there. They may have to enable an option to trust 3rd party apps.
For iOS, there do exist unofficial sites for side-loading apps, however it can get complicated and I won't be going into it in this thread.
i) What is 'smali'?
I'm not going to write out an explanation myself, instead here are some things from the internet.
Here's what Quora has to say about it:
smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
The names "smali" and "baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Why Icelandic you ask? Because dalvik was named for an Icelandic fishing village.
Okay, what is 'dex'?
[Only registered and activated users can see links. ]Spoiler for dex:
ii) Getting an .apk
The easiest way to source an apk is to use an online mirror.
One of the largest sites is aptly named apkmirror.org
You can view and download the different updates/revisions of OSRS mobile using this link:
[Only registered and activated users can see links. ]
apktool can be used to decode an apk file and basically 'unpack' it and turn the .dex code into workable .smali files at the same time.
Using apktool we can unpack our .apk, make modifications to it, and turn it back into an .apk file and install it on our device.
Documentation - [Only registered and activated users can see links. ]
Install guide - [Only registered and activated users can see links. ]
The latest version, as of writing, is 2.5.0 and works fine for what we need.
2) Working with apktool
There may be some discrepancies depending on the version of Java you have installed, as well as apktool version.
For the purposes of this thread, I used Java 8 and apktool 2.5.0
To decode an .apk file, use the command
apktool d -o ./output/ myfile.apk
Spoiler for .:
After decoding, you should end up with something similar to this:
To build an apk from 'source', use the command
apktool b -o myfile.apk ./input/
Spoiler for .:
After building an .apk file, you must sign it using something like [Only registered and activated users can see links. ].
jarsigner may already be installed on your system if you have Java installed.
If you don't sign the .apk, it will fail to install when it comes to installing it on an Android device (it won't give any sort of reason for failing).
At Zenyte, and for this thread, I just used a debug keystore, to which you can find a download link here: [Only registered and activated users can see links. ]
Alternatively, you can source your own by following this: [Only registered and activated users can see links. ] (note, you may need android studio and android sdk installed)
Using debug.keystore was fine for us, we had no problems with it and had hundreds of unique devices installing and using the app. Obviously it's not suitable for a real production environment.
Use this command to sign your .apk - make sure to update the name of the file
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ./debug.keystore 180.apk androiddebugkey -storepass android
The output is too large to post a picture of, but here is the start and end of what you should expect (there should be no errors):Spoiler for .:
I highly suggest making bat/bash scripts for the above which you can call easily to automate this process.
3) Working with OSRS mobile
Once you get used to smali and the structure of OSRS mobile you can do various things.
Doing many, if any, changes to the client (both mobile and desktop) are not recommended.
In general, you can treat the mobile client virtually the same as desktop, minus some interface changes.
Most strings are hardcoded and easy to search for, so we can do a basic change as an example of making a change and rebuilding:
Making a change, rebuilding:
I am using the latest OSRS revision, 193, as it still connects to the live OSRS servers.
Using older versions, pointing to OSRS, will redirect you to the Play Store and get you to download the new version.
If you've worked with Android before, you'll know about strings.xml
This file contains a lot of string constants which are used throughout the app.
For example, changing
<string name="app_name">will change the actual app name, i.e.
You must change
package="com.jagex.oldscape.android"to something else, i.e.
com.mywebsite.oldscape.android(it can be anything)
This means you can have both the real OSRS mobile app and your own app installed at the same time, otherwise they will collide and you can only have one installed at a time.
In newer revisions (I don't have an exact number, however it just wasn't in older ones) you must also change
android:authorities="com.jagex.oldscape.android.firebaseinitprovider". Again, change it to your website domain or something.
If you don't change the above, you end up with thisSpoiler for .:
In order to start pointing the mobile client elsewhere, i.e. your servers, you need to host your own jav_config file and change the ip in there
I won't be going over how or what to change within the file itself, but this is what I'm talking about: [Only registered and activated users can see links. ]
To point it at your own link, change the
jav_config_urlproperty within strings.xml, and find the following code:
There will be a few results, but here are some tips:
v1) in the above screenshot
.runescape.com underneath, followed by 127.0.0.1
You should change
runescape.comin the example to the same domain name your jav_config is hosted on.
For example if you had
https://files.mywebsite.com/blah/jav_config.ws, you should change
To change your RSA keys, search for
You should recognise what you need to change if you've done it before.
Handling mobile/device at login
[Only registered and activated users can see links. ]
(shout out to @[Only registered and activated users can see links. ] and rsmod)
Doing server-sided changes for mobile specific interfaces is out of the scope of this thread.
Handling client updates
If you change the server revision/sub-revision you can trigger an update client-side.
On start up, if the revision has changed OSRS mobile will open the play store and prompt you to download the latest version, which we want to change.
Find and change the following URI
You can change it to a website link instead, i.e.
There will be a few results, so notice the
:try_start_0above, as well as the relatively longer method compared to the others.
Eventually you'll figure out smali, and might be able to do some custom changes to it.
At Zenyte we did a few changes including
- supporting a non-symmetrical login screen background
- removing flames on the login screen
- support for multiple crowns in chat
- custom cs2 instruction for parsing integers
- changing clan chat to allow up to 2000 members
Q: Will you implement this for me?
Q: Can I pay you to implement this for me?
A: Still no.
Q: Can I implement this on my 317?
A: Absolutely not. There are a ton of changes required. If you really want this on your server, convert it to OSRS first.
Q: Can I run this in an emulator?
A: Yes! You can run it in something like BlueStacks easily, or in an Android Virtual Device.
Note, for older revisions you may need to copy the librenderer.so for arm64 from a newer revision over to yours in order to run it in an AVD.
All you have to do is copy the folder containing the lib into the same folder as the armeabi-v7a version - shoutout to @[Only registered and activated users can see links. ] for finding this
Q: Is there any way to use Java instead of smali?
A: This was briefly covered in the preface, but yes. It is possible to turn the entire mobile client into java, and from java back into an apk, without touching any smali.
We prototyped it at Zenyte when preparing for a revision upgrade, but it never went live. The process is entirely different.
Q: Can I run this on iOS?
A: No, refer to the preface for more info.
Q: Where do I change the app icon?
A: You'll find some folders inside res/ named mipmap-[blah], these are related to the screen resolution of the device so you can have different sized icons depending on the device.
@[Only registered and activated users can see links. ]
@[Only registered and activated users can see links. ]
Any others mentioned in the thread already
Thank you for coming to my ted talk
I'll probably work on the formatting of this thread over time and add anything new as I think of it, it's quite late rn.
If anyone has any questions, feedback, or wants to add anything, feel free to leave a reply.
Feel free to leave a thanks if this helps you or you find it interesting, it took me a few hours to write.
tldr, absolute nerd.
wheres my credits for emotional support and enthusiasm
Thanks for your contribution Keep it up!
This is a top goat release!!!! Good work, Corey ==]
fuck me, i wasn't expecting this. Took me a while to read it all but thanks Corey.
rep++ it means a lot.
are you going through my browser history or something?
nah in all seriousness, thanks for this it's very helpful although I figured I would have missed something but you pretty much did the exact thing I did lol.
great to have a reference for it now though. +rep
Also, in regards to iOS (non jailbroken devices).
You might have some luck with altstore.io and a few of the android emulators running around, this way you'd only need to work on the one mobile client for both platforms.
There is no easy process for this at the moment though and I expect the performance to be less tgan ideal on anything other than a recent generation iPad.
thx works great on switch
|« RuneScape queues. | [WIP] The Master Exploitation Guide »|
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)