RECENT NEWS
📢 𝟑𝟎% Discount for all ads only this month ❄️

Android Mobile Client - smali ⭐⭐⭐

Venom
power_settings_new
Seen 2 months ago
Rune Warrior (33/40)
Rune Warrior
0
0
0
33 Posts
Posts
0
Warning level
0
Likes
0
Dislikes
Joined: 2022-04-24

Backstory:

Zenyte originally released a mobile client back in July 2019, being the first private server to release an OSRS mobile client to the public.
The server had only released a month prior, and it actually only took us about 2 weeks of working on it part-time before releasing it, most of which being research.

In this thread I will be covering how to take an Android .apk file, decoding it, modifying it, and turning it back into an apk file.
This thread is only going to cover Android and using smali.

Preface

Packet scrambling/shuffling

My numbers may be slightly off, but OSRS stopped obfuscating/scrambling/shuffling (whatever the right word is!) between 176 and 183.
This means that, during this time, each revision upgrade did not have a different set of shuffled packets/opcodes, meaning revisions could be upgraded much easier as packets did not have to be reidentified each time.

At the time, mobile packets were the same as desktop, meaning each opcode and packet contents was identical to the desktop client.
Because of this, one did not have to separately identify the packets of the mobile client, and instead use the already-identified desktop packets for mobile too.

These days, mobile packets are both shuffled/obfuscated differently to desktop, as well as changed every revision, again just like desktop.
Therefore if you plan on using a recent revision of OSRS you must identify the packets in the mobile client separately, and support multiple protocols server side.

dex2jar

If you are familiar with dex2jar, it may be the elephant in the room.
Why bother with apktool and smali if you can just use dex2jar and use java instead?

dex2jar does not completely decompile/translate the mobile client, and many methods fail, especially within the client class.
That being said, you may find it useful to partially turn smali into java in order to modify the client, and turn those modifications back into smali.
It may also prove useful for identifying post-183 mobile packets, however that is out of the scope of this thread.


iOS

As the title states, this thread is about Android only.
Can you use the iOS OSRS mobile app for your RSPS? Yes, it's absolutely possible.

There are many obstacles in every step of the way, which Android does not face. Example
It's definitely possible, albeit a lot more annoying for both developing and installing, so hopefully one day someone will post some info about it.
At Zenyte, we didn't bother pursuring it very far outside of a bit of research and unpacking an .ipa - mostly because of the hoops you have to jump through to even install the thing in the first place, which Android does not face.

App stores

It probably doesn't have to be stated, however you won't get your RSPS mobile client on any official App Stores (i,e. Google Play Store).
Even if you did, Jagex would most likely swiftly get it removed and send something your way. Not something anyone, including the community as a whole, particularly wants happening.

For Android, you can easily host the .apk yourself on your website, and require users to download it there. They may have to enable an option to trust 3rd party apps.
For iOS, there do exist unofficial sites for side-loading apps, however it can get complicated and I won't be going into it in this thread.

1) Introduction

i) What is 'smali'?

I'm not going to write out an explanation myself, instead here are some things from the internet.

Here's what Quora has to say about it:

smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
The names "smali" and "baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Why Icelandic you ask? Because dalvik was named for an Icelandic fishing village.

Okay, what is 'dex'?

Spoiler for dex:

Source

ii) Getting an .apk

The easiest way to source an apk is to use an online mirror.
One of the largest sites is aptly named apkmirror.org

You can view and download the different updates/revisions of OSRS mobile using this link:
https://www.apkmirror.com/uploads/?q...hool-runescape

iii) apktool

apktool can be used to decode an apk file and basically 'unpack' it and turn the .dex code into workable .smali files at the same time.
Using apktool we can unpack our .apk, make modifications to it, and turn it back into an .apk file and install it on our device.

Documentation - https://ibotpeaches.github.io/Apktool/documentation/
Install guide - https://ibotpeaches.github.io/Apktool/install/

The latest version, as of writing, is 2.5.0 and works fine for what we need.

2) Working with apktool

Note:
There may be some discrepancies depending on the version of Java you have installed, as well as apktool version.
For the purposes of this thread, I used Java 8 and apktool 2.5.0

Decode

To decode an .apk file, use the command apktool d -o ./output/ myfile.apk

Example:

Spoiler for .:

Click here to view the original image of 790x351px.

After decoding, you should end up with something similar to this:

Build

To build an apk from 'source', use the command apktool b -o myfile.apk ./input/

Example:

Spoiler for .:

Signing

After building an .apk file, you must sign it using something like jarsigner.
jarsigner may already be installed on your system if you have Java installed.

If you don't sign the .apk, it will fail to install when it comes to installing it on an Android device (it won't give any sort of reason for failing).

At Zenyte, and for this thread, I just used a debug keystore, to which you can find a download link here: https://www.dropbox.com/s/456lnofku8....keystore?dl=0
Alternatively, you can source your own by following this: https://stackoverflow.com/questions/...android-studio (note, you may need android studio and android sdk installed)
Using debug.keystore was fine for us, we had no problems with it and had hundreds of unique devices installing and using the app. Obviously it's not suitable for a real production environment.

Use this command to sign your .apk - make sure to update the name of the file
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ./debug.keystore 180.apk androiddebugkey -storepass android

The output is too large to post a picture of, but here is the start and end of what you should expect (there should be no errors):

Spoiler for .:

Click here to view the original image of 1415x502px.


...

I highly suggest making bat/bash scripts for the above which you can call easily to automate this process.

3) Working with OSRS mobile

Once you get used to smali and the structure of OSRS mobile you can do various things.
Doing many, if any, changes to the client (both mobile and desktop) are not recommended.

In general, you can treat the mobile client virtually the same as desktop, minus some interface changes.

Most strings are hardcoded and easy to search for, so we can do a basic change as an example of making a change and rebuilding:

Making a change, rebuilding:

Click here to view the original image of 1233x561px.

I am using the latest OSRS revision, 193, as it still connects to the live OSRS servers.
Using older versions, pointing to OSRS, will redirect you to the Play Store and get you to download the new version.


Notable files:

- res/values/strings.xml

If you've worked with Android before, you'll know about strings.xml
This file contains a lot of string constants which are used throughout the app.

For example, changing <string name="app_name"> will change the actual app name, i.e.

- AndroidManifest.xml

You must change package="com.jagex.oldscape.android" to something else, i.e. com.mywebsite.oldscape.android (it can be anything)
This means you can have both the real OSRS mobile app and your own app installed at the same time, otherwise they will collide and you can only have one installed at a time.

In newer revisions (I don't have an exact number, however it just wasn't in older ones) you must also change android:authorities="com.jagex.oldscape.android.firebaseinitprovider". Again, change it to your website domain or something.

If you don't change the above, you end up with this

Spoiler for .:

jav_config

In order to start pointing the mobile client elsewhere, i.e. your servers, you need to host your own jav_config file and change the ip in there
I won't be going over how or what to change within the file itself, but this is what I'm talking about: https://oldschool.runescape.com/jav_config.ws

To point it at your own link, change the jav_config_url property within strings.xml, and find the following code:


Click here to view the original image of 919x903px.

There will be a few results, but here are some tips:

Notice the v0 (vs v1) in the above screenshot
.runescape.com underneath, followed by 127.0.0.1

You should change runescape.com in the example to the same domain name your jav_config is hosted on.
For example if you had https://files.mywebsite.com/blah/jav_config.ws, you should change runescape.com to files.mywebsite.com

Changing RSA

To change your RSA keys, search for 10001
You should recognise what you need to change if you've done it before.

Handling mobile/device at login

https://github.com/rsmod/rsmod/blob/...ecoder.kt#L128
(shout out to @Tomm0017 and rsmod)

Doing server-sided changes for mobile specific interfaces is out of the scope of this thread.

Handling client updates

If you change the server revision/sub-revision you can trigger an update client-side.
On start up, if the revision has changed OSRS mobile will open the play store and prompt you to download the latest version, which we want to change.

Find and change the following URI
You can change it to a website link instead, i.e. https://files.mywebsite.com/mobile.apk


Click here to view the original image of 915x718px.

There will be a few results, so notice the :try_start_0 above, as well as the relatively longer method compared to the others.

Eventually you'll figure out smali, and might be able to do some custom changes to it.

At Zenyte we did a few changes including
- supporting a non-symmetrical login screen background
- removing flames on the login screen
- support for multiple crowns in chat
- custom cs2 instruction for parsing integers
- changing clan chat to allow up to 2000 members

00
  • Like
Reactions: