Erro to parse new obfuscation method used by malwares on AndroidManifest.xml

[NoThrowForwardIt]

Describe the bug

Erro to parse new obfuscation method used by malwares

AXML file has an unusual resource type! Malware likes to to such stuff to anti androguard! But we try to parse it anyways. Resource Type: 0x0000
Error parsing resource header: declared header size is smaller than required size of 8! Offset=6736
Error while parsing AndroidManifest.xml - is the file valid?
Traceback (most recent call last):
File "/usr/local/bin/quark", line 8, in
sys.exit(entry_point())
File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1128, in call
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1053, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1395, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.10/site-packages/click/core.py", line 754, in invoke
return __callback(*args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/quark/cli.py", line 286, in entry_point
else Quark(apk[0], core_library)
File "/usr/local/lib/python3.10/site-packages/quark/core/quark.py", line 53, in init
self.apkinfo = AndroguardImp(apk)
File "/usr/local/lib/python3.10/site-packages/quark/core/apkinfo.py", line 31, in init
self.apk, self.dalvikvmformat, self.analysis = AnalyzeAPK(apk_filepath)
File "/usr/local/lib/python3.10/site-packages/androguard/misc.py", line 67, in AnalyzeAPK
df = DalvikVMFormat(dex, using_api=a.get_target_sdk_version())
File "/usr/local/lib/python3.10/site-packages/androguard/core/bytecodes/dvm.py", line 7560, in init
self._load(buff)
File "/usr/local/lib/python3.10/site-packages/androguard/core/bytecodes/dvm.py", line 7566, in _load
self.header = HeaderItem(0, self, self.CM)
File "/usr/local/lib/python3.10/site-packages/androguard/core/bytecodes/dvm.py", line 518, in init
raise ValueError("Wrong Adler32 checksum for DEX file!")
ValueError: Wrong Adler32 checksum for DEX file!

To Reproduce
Steps to reproduce the behavior:

quark -p -a 5C27990A38A703D843BB5184541A92C46D90B637FCA6F4B6259202FF3A5D7DC4.apk

Expected behavior
read permissions

Screenshots

Additional context
apk attached to this report

5C27990A38A703D843BB5184541A92C46D90B637FCA6F4B6259202FF3A5D7DC4.zip

[sidra-asa]

@NoThrowForwardIt

Thank you for reporting this issue.
I've checked the error with this sample. None of the core analysis libraries in the Quark engine seem to be able to analyze the obfuscated androidmanifest.xml. I will continue to look into this issue.

Please let me know if you have any suggestions.