|
Backstory:
Zenyte originally released a mobile client back in July 2019, being the first private server to release an OSRS mobile client to the public.
The server had only released a month prior, and it actually only took us about 2 weeks of working on it part-time before releasing it, most of which being research.
In this thread I will be covering how to take an Android .apk file, decoding it, modifying it, and turning it back into an apk file.
This thread is only going to cover Android and using smali.
Preface
Packet scrambling/shuffling
My numbers may be slightly off, but OSRS stopped obfuscating/scrambling/shuffling (whatever the right word is!) between 176 and 183.
This means that, during this time, each revision upgrade did not have a different set of shuffled packets/opcodes, meaning revisions could be upgraded much easier as packets did not have to be reidentified each time.
At the time, mobile packets were the same as desktop, meaning each opcode and packet contents was identical to the desktop client.
Because of this, one did not have to separately identify the packets of the mobile client, and instead use the already-identified desktop packets for mobile too.
These days, mobile packets are both shuffled/obfuscated differently to desktop, as well as changed every revision, again just like desktop.
Therefore if you plan on using a recent revision of OSRS you must identify the packets in the mobile client separately, and support multiple protocols server side.
dex2jar
If you are familiar with dex2jar, it may be the elephant in the room.
Why bother with apktool and smali if you can just use dex2jar and use java instead?
dex2jar does not completely decompile/translate the mobile client, and many methods fail, especially within the client class.
That being said, you may find it useful to partially turn smali into java in order to modify the client, and turn those modifications back into smali.
It may also prove useful for identifying post-183 mobile packets, however that is out of the scope of this thread.
iOS
As the title states, this thread is about Android only.
Can you use the iOS OSRS mobile app for your RSPS? Yes, it's absolutely possible.
There are many obstacles in every step of the way, which Android does not face. Example
It's definitely possible, albeit a lot more annoying for both developing and installing, so hopefully one day someone will post some info about it.
At Zenyte, we didn't bother pursuring it very far outside of a bit of research and unpacking an .ipa - mostly because of the hoops you have to jump through to even install the thing in the first place, which Android does not face.
App stores
It probably doesn't have to be stated, however you won't get your RSPS mobile client on any official App Stores (i,e. Google Play Store).
Even if you did, Jagex would most likely swiftly get it removed and send something your way. Not something anyone, including the community as a whole, particularly wants happening.
For Android, you can easily host the .apk yourself on your website, and require users to download it there. They may have to enable an option to trust 3rd party apps.
For iOS, there do exist unofficial sites for side-loading apps, however it can get complicated and I won't be going into it in this thread.
1) Introduction
i) What is 'smali'?
I'm not going to write out an explanation myself, instead here are some things from the internet.
Here's what Quora has to say about it:
smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
The names "smali" and "baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Why Icelandic you ask? Because dalvik was named for an Icelandic fishing village.
Okay, what is 'dex'?
SourceSpoiler for dex:
ii) Getting an .apk
The easiest way to source an apk is to use an online mirror.
One of the largest sites is aptly named apkmirror.org
You can view and download the different updates/revisions of OSRS mobile using this link:
https://www.apkmirror.com/uploads/?q...hool-runescape
iii) apktool
apktool can be used to decode an apk file and basically 'unpack' it and turn the .dex code into workable .smali files at the same time.
Using apktool we can unpack our .apk, make modifications to it, and turn it back into an .apk file and install it on our device.
Documentation - https://ibotpeaches.github.io/Apktool/documentation/
Install guide - https://ibotpeaches.github.io/Apktool/install/
The latest version, as of writing, is 2.5.0 and works fine for what we need.
2) Working with apktool
Note:
There may be some discrepancies depending on the version of Java you have installed, as well as apktool version.
For the purposes of this thread, I used Java 8 and apktool 2.5.0
Decode
To decode an .apk file, use the commandapktool d -o ./output/ myfile.apk
Example:
Spoiler for .:
After decoding, you should end up with something similar to this:
Build
To build an apk from 'source', use the commandapktool b -o myfile.apk ./input/
Example:
Spoiler for .:
Signing
After building an .apk file, you must sign it using something like jarsigner.
jarsigner may already be installed on your system if you have Java installed.
If you don't sign the .apk, it will fail to install when it comes to installing it on an Android device (it won't give any sort of reason for failing).
At Zenyte, and for this thread, I just used a debug keystore, to which you can find a download link here: https://www.dropbox.com/s/456lnofku8....keystore?dl=0
Alternatively, you can source your own by following this: https://stackoverflow.com/questions/...android-studio (note, you may need android studio and android sdk installed)
Using debug.keystore was fine for us, we had no problems with it and had hundreds of unique devices installing and using the app. Obviously it's not suitable for a real production environment.
Use this command to sign your .apk - make sure to update the name of the file
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ./debug.keystore 180.apk androiddebugkey -storepass android
The output is too large to post a picture of, but here is the start and end of what you should expect (there should be no errors):Spoiler for .:
I highly suggest making bat/bash scripts for the above which you can call easily to automate this process.
3) Working with OSRS mobile
Once you get used to smali and the structure of OSRS mobile you can do various things.
Doing many, if any, changes to the client (both mobile and desktop) are not recommended.
In general, you can treat the mobile client virtually the same as desktop, minus some interface changes.
Most strings are hardcoded and easy to search for, so we can do a basic change as an example of making a change and rebuilding:
Making a change, rebuilding:
I am using the latest OSRS revision, 193, as it still connects to the live OSRS servers.
Using older versions, pointing to OSRS, will redirect you to the Play Store and get you to download the new version.
Notable files:
- res/values/strings.xml
If you've worked with Android before, you'll know about strings.xml
This file contains a lot of string constants which are used throughout the app.
For example, changing<string name="app_name">
will change the actual app name, i.e.
- AndroidManifest.xml
You must changepackage="com.jagex.oldscape.android"
to something else, i.e.com.mywebsite.oldscape.android
(it can be anything)
This means you can have both the real OSRS mobile app and your own app installed at the same time, otherwise they will collide and you can only have one installed at a time.
In newer revisions (I don't have an exact number, however it just wasn't in older ones) you must also changeandroid:authorities="com.jagex.oldscape.android.firebaseinitprovider"
. Again, change it to your website domain or something.
If you don't change the above, you end up with thisSpoiler for .:
jav_config
In order to start pointing the mobile client elsewhere, i.e. your servers, you need to host your own jav_config file and change the ip in there
I won't be going over how or what to change within the file itself, but this is what I'm talking about: https://oldschool.runescape.com/jav_config.ws
To point it at your own link, change thejav_config_url
property within strings.xml, and find the following code:
There will be a few results, but here are some tips:
Notice thev0
(vsv1
) in the above screenshot
.runescape.com underneath, followed by 127.0.0.1
You should changerunescape.com
in the example to the same domain name your jav_config is hosted on.
For example if you hadhttps://files.mywebsite.com/blah/jav_config.ws
, you should changerunescape.com
tofiles.mywebsite.com
Changing RSA
To change your RSA keys, search for10001
You should recognise what you need to change if you've done it before.
Handling mobile/device at login
https://github.com/rsmod/rsmod/blob/...ecoder.kt#L128
(shout out to @Tomm0017 and rsmod)
Doing server-sided changes for mobile specific interfaces is out of the scope of this thread.
Handling client updates
If you change the server revision/sub-revision you can trigger an update client-side.
On start up, if the revision has changed OSRS mobile will open the play store and prompt you to download the latest version, which we want to change.
Find and change the following URI
You can change it to a website link instead, i.e.https://files.mywebsite.com/mobile.apk
There will be a few results, so notice the:try_start_0
above, as well as the relatively longer method compared to the others.
Eventually you'll figure out smali, and might be able to do some custom changes to it.
At Zenyte we did a few changes including
- supporting a non-symmetrical login screen background
- removing flames on the login screen
- support for multiple crowns in chat
- custom cs2 instruction for parsing integers
- changing clan chat to allow up to 2000 members
FAQ
Q: Will you implement this for me?
A: No.
Q: Can I pay you to implement this for me?
A: Still no.
Q: Can I implement this on my 317?
A: Absolutely not. There are a ton of changes required. If you really want this on your server, convert it to OSRS first.
Q: Can I run this in an emulator?
A: Yes! You can run it in something like BlueStacks easily, or in an Android Virtual Device.
Note, for older revisions you may need to copy the librenderer.so for arm64 from a newer revision over to yours in order to run it in an AVD.
All you have to do is copy the folder containing the lib into the same folder as the armeabi-v7a version - shoutout to @uint32_t for finding this
Q: Is there any way to use Java instead of smali?
A: This was briefly covered in the preface, but yes. It is possible to turn the entire mobile client into java, and from java back into an apk, without touching any smali.
We prototyped it at Zenyte when preparing for a revision upgrade, but it never went live. The process is entirely different.
Q: Can I run this on iOS?
A: No, refer to the preface for more info.
Q: Where do I change the app icon?
A: You'll find some folders inside res/ named mipmap-[blah], these are related to the screen resolution of the device so you can have different sized icons depending on the device.
Credits
@hacker
Myself
@Tommeh
Any others mentioned in the thread already
Thank you for coming to my ted talk
I'll probably work on the formatting of this thread over time and add anything new as I think of it, it's quite late rn.
If anyone has any questions, feedback, or wants to add anything, feel free to leave a reply.
Feel free to leave a thanks if this helps you or you find it interesting, it took me a few hours to write.
Thanks for your contribution Keep it up!
Decent thread
noele:
are you going through my browser history or something?
nah in all seriousness, thanks for this it's very helpful although I figured I would have missed something but you pretty much did the exact thing I did lol.
great to have a reference for it now though. +rep
Also, in regards to iOS (non jailbroken devices).
You might have some luck with altstore.io and a few of the android emulators running around, this way you'd only need to work on the one mobile client for both platforms.
There is no easy process for this at the moment though and I expect the performance to be less tgan ideal on anything other than a recent generation iPad.
thx works great on switch
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |