[BUG] Directory Traversal is not allowed in a subst filesystem #3942
Description
Information
- Apktool Version (
apktool -version) - 2.12.0 - Operating System (Mac, Linux, Windows) - Windows
- APK From? (Playstore, ROM, Other) - Other
- Java Version (
java --version) - openjdk version "24.0.1" 2025-04-15
Stacktrace/Logcat
I: Using Apktool 2.12.0 on base.apk with 8 threads
I: Baksmaling classes.dex...
I: Loading resource table...
I: Decoding file-resources...
I: Loading resource table from file: C:\Users\29800\AppData\Local\apktool\framework\1.apk
I: Decoding values */* XMLs...
I: Decoding AndroidManifest.xml with resources...
I: Copying original files...
W: Skipping file META-INF/CERT.SF (Directory Traversal is not allowed)
W: Skipping file META-INF/CERT.RSA (Directory Traversal is not allowed)
W: Skipping file META-INF/MANIFEST.MF (Directory Traversal is not allowed)
I: Copying assets...
W: Skipping file assets/log.txt (Directory Traversal is not allowed)
I: Copying lib...
W: Skipping file lib/armeabi-v7a/libxwalkcore.so (Directory Traversal is not allowed)
W: Skipping file lib/armeabi-v7a/libxwalkdummy.so (Directory Traversal is not allowed)
I: Copying unknown files...
Steps to Reproduce
1.Create a case sensitive file directory and copy base.apk in it.
2.Open PowerShell and run:
subst X: .
cd X:
./apktool d base.apk
If I don't use subst, apktool works fine.
But the scripts in my workflow are very complex, they require subst to work,I can't replace them.
./apktool b trigger the same issue.
Frameworks
This APK is not from an OEM ROM.
APK
If this APK can be freely shared, please upload/attach a link to it.
The base.apk is a private program,so I can't share it. But I have tried many APKs, and they all trigger this issue.
Questions to ask before submission
- Have you tried
apktool d,apktool bwithout changing anything? Yes, they all trigger this issue. - If you are trying to install a modified apk, did you resign it? No.
- Are you using the latest apktool version? Yes.