Thread: Android Mobile Client - smali

Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1 Android Mobile Client - smali 
    Corey's Avatar
    Join Date
    Feb 2012
    Thanks given
    Thanks received
    Rep Power

    Zenyte originally released a mobile client back in July 2019, being the first private server to release an OSRS mobile client to the public.
    The server had only released a month prior, and it actually only took us about 2 weeks of working on it part-time before releasing it, most of which being research.

    In this thread I will be covering how to take an Android .apk file, decoding it, modifying it, and turning it back into an apk file.
    This thread is only going to cover Android and using smali.


    Packet scrambling/shuffling

    My numbers may be slightly off, but OSRS stopped obfuscating/scrambling/shuffling (whatever the right word is!) between 176 and 183.
    This means that, during this time, each revision upgrade did not have a different set of shuffled packets/opcodes, meaning revisions could be upgraded much easier as packets did not have to be reidentified each time.

    At the time, mobile packets were the same as desktop, meaning each opcode and packet contents was identical to the desktop client.
    Because of this, one did not have to separately identify the packets of the mobile client, and instead use the already-identified desktop packets for mobile too.

    These days, mobile packets are both shuffled/obfuscated differently to desktop, as well as changed every revision, again just like desktop.
    Therefore if you plan on using a recent revision of OSRS you must identify the packets in the mobile client separately, and support multiple protocols server side.


    If you are familiar with dex2jar, it may be the elephant in the room.
    Why bother with apktool and smali if you can just use dex2jar and use java instead?

    dex2jar does not completely decompile/translate the mobile client, and many methods fail, especially within the client class.
    That being said, you may find it useful to partially turn smali into java in order to modify the client, and turn those modifications back into smali.
    It may also prove useful for identifying post-183 mobile packets, however that is out of the scope of this thread.


    As the title states, this thread is about Android only.
    Can you use the iOS OSRS mobile app for your RSPS? Yes, it's absolutely possible.

    There are many obstacles in every step of the way, which Android does not face. [Only registered and activated users can see links. ]
    It's definitely possible, albeit a lot more annoying for both developing and installing, so hopefully one day someone will post some info about it.
    At Zenyte, we didn't bother pursuring it very far outside of a bit of research and unpacking an .ipa - mostly because of the hoops you have to jump through to even install the thing in the first place, which Android does not face.

    App stores

    It probably doesn't have to be stated, however you won't get your RSPS mobile client on any official App Stores (i,e. Google Play Store).
    Even if you did, Jagex would most likely swiftly get it removed and send something your way. Not something anyone, including the community as a whole, particularly wants happening.

    For Android, you can easily host the .apk yourself on your website, and require users to download it there. They may have to enable an option to trust 3rd party apps.
    For iOS, there do exist unofficial sites for side-loading apps, however it can get complicated and I won't be going into it in this thread.

    1) Introduction

    i) What is 'smali'?

    I'm not going to write out an explanation myself, instead here are some things from the internet.

    Here's what Quora has to say about it:
    smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
    The names "smali" and "baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Why Icelandic you ask? Because dalvik was named for an Icelandic fishing village.

    Okay, what is 'dex'?
    Spoiler for dex:

    [Only registered and activated users can see links. ]

    ii) Getting an .apk

    The easiest way to source an apk is to use an online mirror.
    One of the largest sites is aptly named

    You can view and download the different updates/revisions of OSRS mobile using this link:
    [Only registered and activated users can see links. ]

    iii) apktool

    apktool can be used to decode an apk file and basically 'unpack' it and turn the .dex code into workable .smali files at the same time.
    Using apktool we can unpack our .apk, make modifications to it, and turn it back into an .apk file and install it on our device.

    Documentation - [Only registered and activated users can see links. ]
    Install guide - [Only registered and activated users can see links. ]

    The latest version, as of writing, is 2.5.0 and works fine for what we need.

    2) Working with apktool

    There may be some discrepancies depending on the version of Java you have installed, as well as apktool version.
    For the purposes of this thread, I used Java 8 and apktool 2.5.0


    To decode an .apk file, use the command apktool d -o ./output/ myfile.apk

    Spoiler for .:

    After decoding, you should end up with something similar to this:


    To build an apk from 'source', use the command apktool b -o myfile.apk ./input/

    Spoiler for .:


    After building an .apk file, you must sign it using something like [Only registered and activated users can see links. ].
    jarsigner may already be installed on your system if you have Java installed.

    If you don't sign the .apk, it will fail to install when it comes to installing it on an Android device (it won't give any sort of reason for failing).

    At Zenyte, and for this thread, I just used a debug keystore, to which you can find a download link here: [Only registered and activated users can see links. ]
    Alternatively, you can source your own by following this: [Only registered and activated users can see links. ] (note, you may need android studio and android sdk installed)
    Using debug.keystore was fine for us, we had no problems with it and had hundreds of unique devices installing and using the app. Obviously it's not suitable for a real production environment.

    Use this command to sign your .apk - make sure to update the name of the file
    jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ./debug.keystore 180.apk androiddebugkey -storepass android

    The output is too large to post a picture of, but here is the start and end of what you should expect (there should be no errors):
    Spoiler for .:


    I highly suggest making bat/bash scripts for the above which you can call easily to automate this process.

    3) Working with OSRS mobile

    Once you get used to smali and the structure of OSRS mobile you can do various things.
    Doing many, if any, changes to the client (both mobile and desktop) are not recommended.

    In general, you can treat the mobile client virtually the same as desktop, minus some interface changes.

    Most strings are hardcoded and easy to search for, so we can do a basic change as an example of making a change and rebuilding:

    Making a change, rebuilding:

    I am using the latest OSRS revision, 193, as it still connects to the live OSRS servers.
    Using older versions, pointing to OSRS, will redirect you to the Play Store and get you to download the new version.

    Notable files:

    - res/values/strings.xml

    If you've worked with Android before, you'll know about strings.xml
    This file contains a lot of string constants which are used throughout the app.

    For example, changing <string name="app_name"> will change the actual app name, i.e.

    - AndroidManifest.xml

    You must change package="" to something else, i.e. (it can be anything)
    This means you can have both the real OSRS mobile app and your own app installed at the same time, otherwise they will collide and you can only have one installed at a time.

    In newer revisions (I don't have an exact number, however it just wasn't in older ones) you must also change android:authorities="". Again, change it to your website domain or something.

    If you don't change the above, you end up with this
    Spoiler for .:


    In order to start pointing the mobile client elsewhere, i.e. your servers, you need to host your own jav_config file and change the ip in there
    I won't be going over how or what to change within the file itself, but this is what I'm talking about: [Only registered and activated users can see links. ]

    To point it at your own link, change the jav_config_url property within strings.xml, and find the following code:

    There will be a few results, but here are some tips:

    Notice the v0 (vs v1) in the above screenshot underneath, followed by

    You should change in the example to the same domain name your jav_config is hosted on.
    For example if you had, you should change to

    Changing RSA

    To change your RSA keys, search for 10001
    You should recognise what you need to change if you've done it before.

    Handling mobile/device at login

    [Only registered and activated users can see links. ]
    (shout out to @[Only registered and activated users can see links. ] and rsmod)

    Doing server-sided changes for mobile specific interfaces is out of the scope of this thread.

    Handling client updates

    If you change the server revision/sub-revision you can trigger an update client-side.
    On start up, if the revision has changed OSRS mobile will open the play store and prompt you to download the latest version, which we want to change.

    Find and change the following URI
    You can change it to a website link instead, i.e.

    There will be a few results, so notice the :try_start_0 above, as well as the relatively longer method compared to the others.

    Eventually you'll figure out smali, and might be able to do some custom changes to it.

    At Zenyte we did a few changes including
    - supporting a non-symmetrical login screen background
    - removing flames on the login screen
    - support for multiple crowns in chat
    - custom cs2 instruction for parsing integers
    - changing clan chat to allow up to 2000 members


    Q: Will you implement this for me?
    A: No.

    Q: Can I pay you to implement this for me?
    A: Still no.

    Q: Can I implement this on my 317?
    A: Absolutely not. There are a ton of changes required. If you really want this on your server, convert it to OSRS first.

    Q: Can I run this in an emulator?
    A: Yes! You can run it in something like BlueStacks easily, or in an Android Virtual Device.
    Note, for older revisions you may need to copy the for arm64 from a newer revision over to yours in order to run it in an AVD.
    All you have to do is copy the folder containing the lib into the same folder as the armeabi-v7a version - shoutout to @[Only registered and activated users can see links. ] for finding this

    Q: Is there any way to use Java instead of smali?
    A: This was briefly covered in the preface, but yes. It is possible to turn the entire mobile client into java, and from java back into an apk, without touching any smali.
    We prototyped it at Zenyte when preparing for a revision upgrade, but it never went live. The process is entirely different.

    Q: Can I run this on iOS?
    A: No, refer to the preface for more info.

    Q: Where do I change the app icon?
    A: You'll find some folders inside res/ named mipmap-[blah], these are related to the screen resolution of the device so you can have different sized icons depending on the device.

    @[Only registered and activated users can see links. ]
    @[Only registered and activated users can see links. ]
    Any others mentioned in the thread already

    Thank you for coming to my ted talk
    I'll probably work on the formatting of this thread over time and add anything new as I think of it, it's quite late rn.

    If anyone has any questions, feedback, or wants to add anything, feel free to leave a reply.
    Feel free to leave a thanks if this helps you or you find it interesting, it took me a few hours to write.
    [Only registered and activated users can see links. ]
    Reply With Quote  

  2. #2  
    🎶 As you're falling down 🎶

    uint32_t's Avatar
    Join Date
    Feb 2015
    Thanks given
    Thanks received
    Rep Power
    Nice thread, thanks for sharing. Lots of good information in this post.
    [Only registered and activated users can see links. ]

    Quote Originally Posted by Idiot Bird View Post
    Quote Originally Posted by Velocity View Post
    lol np mate looks like the community brought ur rep down to ur IQ
    Not too sure about that, it's at 0 . It would have to go minus to even be remotely close to his IQ.
    Reply With Quote  

  3. #3  
    Kris's Avatar
    Join Date
    Jun 2016
    Thanks given
    Thanks received
    Rep Power
    tldr, absolute nerd.
    wheres my credits for emotional support and enthusiasm
    Reply With Quote  

  4. Thankful users:

  5. #4  

    _jordan's Avatar
    Join Date
    Nov 2012
    Thanks given
    Thanks received
    Rep Power
    Thanks for your contribution Keep it up!

    Spoiler for signature:
    When your vision is crystal clear, they say it's razor-sharp
    A focused mind is said to be like a knife, but the scalpel is wisdom
    All one can do is accept that life is a double-edged sword
    Stay on the edge


    Reply With Quote  

  6. #5  
    Fake Love

    Join Date
    Jun 2008
    Thanks given
    Thanks received
    Rep Power
    Decent thread
    Reply With Quote  

  7. #6  

    Join Date
    Jun 2010
    Thanks given
    Thanks received
    Rep Power
    This is a top goat release!!!! Good work, Corey ==]
    Reply With Quote  

  8. #7  
    Cywir RS3 - Coming soon

    Scythe's Avatar
    Join Date
    Apr 2019
    Thanks given
    Thanks received
    Rep Power

    The ultimate RuneScape 3 private server experience.
    View the Project thread
    [Only registered and activated users can see links. ]

    Disclaimer: account sometimes used by NoX
    Reply With Quote  

  9. Thankful users:

  10. #8  
    Respected Member

    Luke132's Avatar
    Join Date
    Dec 2007
    Thanks given
    Thanks received
    Rep Power
    fuck me, i wasn't expecting this. Took me a while to read it all but thanks Corey.

    rep++ it means a lot.

    Reply With Quote  

  11. Thankful user:

  12. #9  
    Registered Member

    Join Date
    May 2016
    Thanks given
    Thanks received
    Rep Power
    are you going through my browser history or something?

    nah in all seriousness, thanks for this it's very helpful although I figured I would have missed something but you pretty much did the exact thing I did lol.
    great to have a reference for it now though. +rep

    Also, in regards to iOS (non jailbroken devices).

    You might have some luck with and a few of the android emulators running around, this way you'd only need to work on the one mobile client for both platforms.

    There is no easy process for this at the moment though and I expect the performance to be less tgan ideal on anything other than a recent generation iPad.
    Reply With Quote  

  13. Thankful users:

  14. #10  
    number 1 sponsor

    Join Date
    Aug 2017
    Thanks given
    Thanks received
    Rep Power
    thx works great on switch

    Reply With Quote  

Page 1 of 2 12 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

User Tag List

Similar Threads

  1. Replies: 77
    Last Post: Today, 03:59 AM
  2. Replies: 0
    Last Post: 10-08-2020, 06:13 PM
  3. RS3 rsps mobile client
    By Splioghi in forum Help
    Replies: 13
    Last Post: 10-09-2019, 04:26 AM
  4. Mobile Client
    By PavSwag in forum Buying
    Replies: 3
    Last Post: 07-30-2019, 10:25 AM
  5. Replies: 20
    Last Post: 04-25-2018, 04:20 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts