Thread: Android Mobile Client - smali

Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1 Android Mobile Client - smali 
    Blurite

    Corey's Avatar
    Join Date
    Feb 2012
    Age
    26
    Posts
    1,491
    Thanks given
    1,245
    Thanks received
    1,729
    Rep Power
    5000
    Backstory:

    Zenyte originally released a mobile client back in July 2019, being the first private server to release an OSRS mobile client to the public.
    The server had only released a month prior, and it actually only took us about 2 weeks of working on it part-time before releasing it, most of which being research.



    In this thread I will be covering how to take an Android .apk file, decoding it, modifying it, and turning it back into an apk file.
    This thread is only going to cover Android and using smali.


    Preface

    Packet scrambling/shuffling

    My numbers may be slightly off, but OSRS stopped obfuscating/scrambling/shuffling (whatever the right word is!) between 176 and 183.
    This means that, during this time, each revision upgrade did not have a different set of shuffled packets/opcodes, meaning revisions could be upgraded much easier as packets did not have to be reidentified each time.

    At the time, mobile packets were the same as desktop, meaning each opcode and packet contents was identical to the desktop client.
    Because of this, one did not have to separately identify the packets of the mobile client, and instead use the already-identified desktop packets for mobile too.

    These days, mobile packets are both shuffled/obfuscated differently to desktop, as well as changed every revision, again just like desktop.
    Therefore if you plan on using a recent revision of OSRS you must identify the packets in the mobile client separately, and support multiple protocols server side.


    dex2jar

    If you are familiar with dex2jar, it may be the elephant in the room.
    Why bother with apktool and smali if you can just use dex2jar and use java instead?

    dex2jar does not completely decompile/translate the mobile client, and many methods fail, especially within the client class.
    That being said, you may find it useful to partially turn smali into java in order to modify the client, and turn those modifications back into smali.
    It may also prove useful for identifying post-183 mobile packets, however that is out of the scope of this thread.


    iOS


    As the title states, this thread is about Android only.
    Can you use the iOS OSRS mobile app for your RSPS? Yes, it's absolutely possible.

    There are many obstacles in every step of the way, which Android does not face. Example
    It's definitely possible, albeit a lot more annoying for both developing and installing, so hopefully one day someone will post some info about it.
    At Zenyte, we didn't bother pursuring it very far outside of a bit of research and unpacking an .ipa - mostly because of the hoops you have to jump through to even install the thing in the first place, which Android does not face.


    App stores

    It probably doesn't have to be stated, however you won't get your RSPS mobile client on any official App Stores (i,e. Google Play Store).
    Even if you did, Jagex would most likely swiftly get it removed and send something your way. Not something anyone, including the community as a whole, particularly wants happening.

    For Android, you can easily host the .apk yourself on your website, and require users to download it there. They may have to enable an option to trust 3rd party apps.
    For iOS, there do exist unofficial sites for side-loading apps, however it can get complicated and I won't be going into it in this thread.



    1) Introduction

    i) What is 'smali'?

    I'm not going to write out an explanation myself, instead here are some things from the internet.

    Here's what Quora has to say about it:
    smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
    The names "smali" and "baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Why Icelandic you ask? Because dalvik was named for an Icelandic fishing village.

    Okay, what is 'dex'?
    Spoiler for dex:

    Attached image
    Source



    ii) Getting an .apk

    The easiest way to source an apk is to use an online mirror.
    One of the largest sites is aptly named apkmirror.org

    You can view and download the different updates/revisions of OSRS mobile using this link:
    https://www.apkmirror.com/uploads/?q...hool-runescape



    iii) apktool

    apktool can be used to decode an apk file and basically 'unpack' it and turn the .dex code into workable .smali files at the same time.
    Using apktool we can unpack our .apk, make modifications to it, and turn it back into an .apk file and install it on our device.

    Documentation - https://ibotpeaches.github.io/Apktool/documentation/
    Install guide - https://ibotpeaches.github.io/Apktool/install/

    The latest version, as of writing, is 2.5.0 and works fine for what we need.



    2) Working with apktool

    Note:
    There may be some discrepancies depending on the version of Java you have installed, as well as apktool version.
    For the purposes of this thread, I used Java 8 and apktool 2.5.0


    Decode

    To decode an .apk file, use the command apktool d -o ./output/ myfile.apk

    Example:
    Spoiler for .:

    Attached image

    After decoding, you should end up with something similar to this:

    Attached image


    Build

    To build an apk from 'source', use the command apktool b -o myfile.apk ./input/

    Example:
    Spoiler for .:

    Attached image


    Signing

    After building an .apk file, you must sign it using something like jarsigner.
    jarsigner may already be installed on your system if you have Java installed.

    If you don't sign the .apk, it will fail to install when it comes to installing it on an Android device (it won't give any sort of reason for failing).

    At Zenyte, and for this thread, I just used a debug keystore, to which you can find a download link here: https://www.dropbox.com/s/456lnofku8....keystore?dl=0
    Alternatively, you can source your own by following this: https://stackoverflow.com/questions/...android-studio (note, you may need android studio and android sdk installed)
    Using debug.keystore was fine for us, we had no problems with it and had hundreds of unique devices installing and using the app. Obviously it's not suitable for a real production environment.

    Use this command to sign your .apk - make sure to update the name of the file
    jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ./debug.keystore 180.apk androiddebugkey -storepass android

    The output is too large to post a picture of, but here is the start and end of what you should expect (there should be no errors):
    Spoiler for .:

    Attached image
    ...
    Attached image


    I highly suggest making bat/bash scripts for the above which you can call easily to automate this process.



    3) Working with OSRS mobile

    Once you get used to smali and the structure of OSRS mobile you can do various things.
    Doing many, if any, changes to the client (both mobile and desktop) are not recommended.

    In general, you can treat the mobile client virtually the same as desktop, minus some interface changes.

    Most strings are hardcoded and easy to search for, so we can do a basic change as an example of making a change and rebuilding:

    Attached image

    Making a change, rebuilding:
    Attached image


    I am using the latest OSRS revision, 193, as it still connects to the live OSRS servers.
    Using older versions, pointing to OSRS, will redirect you to the Play Store and get you to download the new version.


    Notable files:


    - res/values/strings.xml

    If you've worked with Android before, you'll know about strings.xml
    This file contains a lot of string constants which are used throughout the app.

    For example, changing <string name="app_name"> will change the actual app name, i.e.
    Attached image



    - AndroidManifest.xml

    You must change package="com.jagex.oldscape.android" to something else, i.e. com.mywebsite.oldscape.android (it can be anything)
    This means you can have both the real OSRS mobile app and your own app installed at the same time, otherwise they will collide and you can only have one installed at a time.

    In newer revisions (I don't have an exact number, however it just wasn't in older ones) you must also change android:authorities="com.jagex.oldscape.android.firebaseinitprovider". Again, change it to your website domain or something.

    If you don't change the above, you end up with this
    Spoiler for .:

    Attached image


    jav_config

    In order to start pointing the mobile client elsewhere, i.e. your servers, you need to host your own jav_config file and change the ip in there
    I won't be going over how or what to change within the file itself, but this is what I'm talking about: https://oldschool.runescape.com/jav_config.ws

    To point it at your own link, change the jav_config_url property within strings.xml, and find the following code:

    Attached image

    There will be a few results, but here are some tips:

    Notice the v0 (vs v1) in the above screenshot
    .runescape.com underneath, followed by 127.0.0.1

    You should change runescape.com in the example to the same domain name your jav_config is hosted on.
    For example if you had https://files.mywebsite.com/blah/jav_config.ws, you should change runescape.com to files.mywebsite.com


    Changing RSA

    To change your RSA keys, search for 10001
    You should recognise what you need to change if you've done it before.


    Handling mobile/device at login

    https://github.com/rsmod/rsmod/blob/...ecoder.kt#L128
    (shout out to @Tomm0017 and rsmod)

    Doing server-sided changes for mobile specific interfaces is out of the scope of this thread.


    Handling client updates

    If you change the server revision/sub-revision you can trigger an update client-side.
    On start up, if the revision has changed OSRS mobile will open the play store and prompt you to download the latest version, which we want to change.

    Find and change the following URI
    You can change it to a website link instead, i.e. https://files.mywebsite.com/mobile.apk

    Attached image

    There will be a few results, so notice the :try_start_0 above, as well as the relatively longer method compared to the others.


    Eventually you'll figure out smali, and might be able to do some custom changes to it.

    At Zenyte we did a few changes including
    - supporting a non-symmetrical login screen background
    - removing flames on the login screen
    - support for multiple crowns in chat
    - custom cs2 instruction for parsing integers
    - changing clan chat to allow up to 2000 members




    FAQ

    Q: Will you implement this for me?
    A: No.

    Q: Can I pay you to implement this for me?
    A: Still no.

    Q: Can I implement this on my 317?
    A: Absolutely not. There are a ton of changes required. If you really want this on your server, convert it to OSRS first.

    Q: Can I run this in an emulator?
    A: Yes! You can run it in something like BlueStacks easily, or in an Android Virtual Device.
    Note, for older revisions you may need to copy the librenderer.so for arm64 from a newer revision over to yours in order to run it in an AVD.
    All you have to do is copy the folder containing the lib into the same folder as the armeabi-v7a version - shoutout to @uint32_t for finding this

    Q: Is there any way to use Java instead of smali?
    A: This was briefly covered in the preface, but yes. It is possible to turn the entire mobile client into java, and from java back into an apk, without touching any smali.
    We prototyped it at Zenyte when preparing for a revision upgrade, but it never went live. The process is entirely different.

    Q: Can I run this on iOS?
    A: No, refer to the preface for more info.

    Q: Where do I change the app icon?
    A: You'll find some folders inside res/ named mipmap-[blah], these are related to the screen resolution of the device so you can have different sized icons depending on the device.



    Credits
    @hacker
    Myself
    @Tommeh
    Any others mentioned in the thread already



    Thank you for coming to my ted talk
    I'll probably work on the formatting of this thread over time and add anything new as I think of it, it's quite late rn.

    If anyone has any questions, feedback, or wants to add anything, feel free to leave a reply.
    Feel free to leave a thanks if this helps you or you find it interesting, it took me a few hours to write.
    Attached image
    Reply With Quote  
     


  2. #2  
    🎶 As you're falling down 🎶


    uint32_t's Avatar
    Join Date
    Feb 2015
    Posts
    1,396
    Thanks given
    6,177
    Thanks received
    776
    Rep Power
    5000
    Nice thread, thanks for sharing. Lots of good information in this post.
    Quote Originally Posted by Idiot Bird View Post
    Quote Originally Posted by Velocity View Post
    lol np mate looks like the community brought ur rep down to ur IQ
    Not too sure about that, it's at 0 . It would have to go minus to even be remotely close to his IQ.
    Reply With Quote  
     

  3. #3  
    Respected Member


    Kris's Avatar
    Join Date
    Jun 2016
    Age
    26
    Posts
    3,638
    Thanks given
    820
    Thanks received
    2,642
    Rep Power
    5000
    tldr, absolute nerd.
    wheres my credits for emotional support and enthusiasm
    Reply With Quote  
     

  4. Thankful users:


  5. #4  
    WVWVWVWVWVWVWVW

    _jordan's Avatar
    Join Date
    Nov 2012
    Posts
    3,046
    Thanks given
    111
    Thanks received
    1,848
    Rep Power
    5000
    Thanks for your contribution Keep it up!
    Attached image
    Attached image
    Reply With Quote  
     

  6. #5  
    Fake Love


    Join Date
    Jun 2008
    Age
    28
    Posts
    439
    Thanks given
    224
    Thanks received
    312
    Rep Power
    4385
    Decent thread
    Reply With Quote  
     

  7. #6  
    Registered Member
    Tyluur's Avatar
    Join Date
    Jun 2010
    Age
    26
    Posts
    5,103
    Thanks given
    1,818
    Thanks received
    1,767
    Rep Power
    2438
    This is a top goat release!!!! Good work, Corey ==]
    Quote Originally Posted by blakeman8192 View Post
    Keep trying. Quitting is the only true failure.
    Spoiler for skrrrrr:

    Attached image
    Reply With Quote  
     

  8. #7  
    Extreme Donator


    Join Date
    Apr 2019
    Posts
    332
    Thanks given
    140
    Thanks received
    167
    Rep Power
    1248
    noele:
    Attached image
    Reply With Quote  
     

  9. Thankful users:


  10. #8  
    Member Android Mobile Client - smali Market Banned


    Luke132's Avatar
    Join Date
    Dec 2007
    Age
    35
    Posts
    12,574
    Thanks given
    199
    Thanks received
    7,106
    Rep Power
    5000
    fuck me, i wasn't expecting this. Took me a while to read it all but thanks Corey.


    rep++ it means a lot.

    Attached imageAttached image
    Reply With Quote  
     

  11. Thankful user:


  12. #9  
    Registered Member

    Join Date
    May 2016
    Age
    26
    Posts
    281
    Thanks given
    162
    Thanks received
    64
    Rep Power
    96
    are you going through my browser history or something?
    Attached image
    Attached image

    nah in all seriousness, thanks for this it's very helpful although I figured I would have missed something but you pretty much did the exact thing I did lol.
    great to have a reference for it now though. +rep

    Also, in regards to iOS (non jailbroken devices).

    You might have some luck with altstore.io and a few of the android emulators running around, this way you'd only need to work on the one mobile client for both platforms.

    There is no easy process for this at the moment though and I expect the performance to be less tgan ideal on anything other than a recent generation iPad.
    Reply With Quote  
     

  13. Thankful users:


  14. #10  
    Registered Member
    rebecca's Avatar
    Join Date
    Aug 2017
    Posts
    1,071
    Thanks given
    862
    Thanks received
    915
    Rep Power
    5000
    thx works great on switch

    Attached image
    Reply With Quote  
     

  15. Thankful users:


Page 1 of 2 12 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 130
    Last Post: 08-21-2021, 06:04 AM
  2. Replies: 0
    Last Post: 10-08-2020, 06:13 PM
  3. RS3 rsps mobile client
    By Splioghi in forum Help
    Replies: 13
    Last Post: 10-09-2019, 04:26 AM
  4. Mobile Client
    By PavSwag in forum Buying
    Replies: 3
    Last Post: 07-30-2019, 10:25 AM
  5. Replies: 20
    Last Post: 04-25-2018, 04:20 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •