While reviewing new Android reverse engineering questions on Stack Overflow, I came across this request to decompile an
.xapk. A brief, non-technical description of the format is described on APKPure’s website:
XAPK is a brand new file format standard for Android APK package file. Contains all APK package and obb cache asset file to keep Android games or apps working, it always ends in “.xapk”. To ensure games, applications run perfectly, APK Install one click install makes it easy for Android users directly install .apk, .xapk file to the root directory.
obb cache data?
The “OBB cache files” are usually pretty big for games and include all of the assets like maps, models, images, music, whatever.
Ok, so it looks like we have a new APK format specifically designed for games and it comes with its own installer. Since there’s an installer, that might mean the actual
.apk is encrypted and embedded in the OBB. Maybe there’s some metadata in the
.xapk that tells the installer how to lookup the decryption key from their servers? Maybe I’ll need to search for the ZIP magic bytes and carve out the
Nope. The original
.apk is at the root of the
.xapk archive. EASY. (read: boring) Shit, I was looking for a challenge!
I downloaded and examined Side Lift King.
Here’s the shasum:
.xapk is just a ZIP file:
org.ammarz.MT.apk is just floating around:
It’s not encrypted or anything.
It decompiles fine with apktool:
The OBB file, in case you’re curious, is just a JAR which contains lots of files in an
manifest.json must be the file used by the installer. It must be the metadata used by the installer app. Here is a pretty formatted version:
If you want to decompile an
.xapk, all you have to do is unzip it, look for the original
.apk, and decompile it normally.