Android Reverse Engineering Preliminary (i) 15.4.24

Recently looked at the reverse engineering of Android, cracked books, such as "Android Hack's book" and the like, feel very interesting, look at some Smali grammar, try to write a demo of their own to play:

1. Tools:

Latest version of apktool2.0:http://connortumbleson.com/2015/04/20/apktool-v2-0-0-released/

Installation method in: http://ibotpeaches.github.io/Apktool/install/

APK Signature Tool (Lazy manual): http://www.pc6.com/softview/SoftView_60348.html

2. Start!

First byte write a simple demo to test a new blank project on the line:

Then put two buttons:

1<relativelayout xmlns:android= "Http://schemas.android.com/apk/res/android"2xmlns:tools= "Http://schemas.android.com/tools" android:layout_width= "Match_parent"3android:layout_height= "Match_parent" android:paddingleft= "@dimen/activity_horizontal_margin"4android:paddingright= "@dimen/activity_horizontal_margin"5android:paddingtop= "@dimen/activity_vertical_margin"6android:paddingbottom= "@dimen/activity_vertical_margin" tools:context= ". Mainactivity ">7 8<textview android:text= "@string/hello_world" android:layout_width= "Wrap_content"9android:layout_height= "Wrap_content"TenAndroid:id= "@+id/textview"/> One  A<Button -Android:layout_width= "Match_parent" -android:layout_height= "Wrap_content" theandroid:text= "Too young!" -Android:id= "@+id/button" -android:layout_below= "@+id/textview" -android:layout_margintop= "81DP" +Android:layout_alignparentend= "true"/> -  +<Button AAndroid:layout_width= "Match_parent" atandroid:layout_height= "Wrap_content" -android:text= "Too simple!" -Android:id= "@+id/button2" -Android:layout_alignparentbottom= "true" -android:layout_marginbottom= "162DP"/> -  in</RelativeLayout>

1  Packagecom.lfk.myapplication;2 3 ImportAndroid.os.Bundle;4 Importandroid.support.v7.app.ActionBarActivity;5 ImportAndroid.view.View;6 ImportAndroid.widget.Toast;7 8 9  Public classMainactivityextendsActionbaractivityImplementsview.onclicklistener{Ten  One @Override A     protected voidonCreate (Bundle savedinstancestate) { -         Super. OnCreate (savedinstancestate); - Setcontentview (r.layout.activity_main); theFindviewbyid (R.id.button). Setonclicklistener ( This); -Findviewbyid (R.id.button2). Setonclicklistener ( This); -     } -  +  - @Override +      Public voidOnClick (View v) { A         if(V.getid () = =R.id.button) { atToast.maketext (Getapplicationcontext (), "also according to the Basic Law", Toast.length_short). Show (); -         } -         if(V.getid () = =R.id.button2) { -Toast.maketext (Getapplicationcontext (), "My opinion is also very important", Toast.length_short). Show (); -         } -     } in  -}

Then in the activity to tie the fixed-point hit event, here does not use switch, with the if is for a change convenient.

Each button has a pop-up message: Tooyoung corresponds to "Basic Law", toosimple corresponds to "my opinion is also very important"

Then we started to decompile!!!

1. First put our prepared files in a folder and put the generated apk into this folder (the picture forgot =-=)

2. Open the current folder with cmd:

Enter Apktool d <app name >.apk

The appearance is successful.

3. Open the Smali subfolder of the Unpacked folder and go to the folder with the full anti-compile code along the package name:

4. Open the main active file:

1.class  Publiclcom/lfk/myapplication/mainactivity;2.Superlandroid/support/v7/app/actionbaractivity;3. Source "Mainactivity.java"4 5 # interfaces6.Implementslandroid/view/View$onclicklistener;7 8 9 # Direct MethodsTen. method PublicConstructor <init>() V One. Locals 0 A  - . Prologue -. Line 9 theInvoke-direct {p0}, landroid/support/v7/app/actionbaractivity;-><init>() V -  -     return-void - . End Method +  -  + # virtual Methods A. method PublicOnClick (landroid/view/View;) V at. Locals 3 -. param P1, "v" # landroid/view/View; -  - . Prologue -     Const/4 v2, 0x0 -  in. Line 22 -invoke-virtual {P1}, landroid/view/view;->getId () I to  +move-result V0 -  the     ConstV1, 0x7f090040 *  $     if-ne v0, v1,: Cond_0Panax Notoginseng  -. line 23 theinvoke-virtual {p0}, Lcom/lfk/myapplication/mainactivity;->getapplicationcontext () Landroid/content/Context; +  Amove-result-Object V0 the  +     Const-string v1, "\U4E5F\U8981\U6309\U7167\U57FA\U672C\U6CD5" -  $invoke-Static{v0, V1, v2}, Landroid/widget/toast;->maketext (Landroid/content/context; Ljava/lang/charsequence;i) landroid/widget/Toast; $  -move-result-Object V0 -  theinvoke-virtual {v0}, landroid/widget/toast;->Show () V - Wuyi. Line 25 the : Cond_0 -invoke-virtual {P1}, landroid/view/view;->getId () I Wu  -move-result V0 About  $     ConstV1, 0x7f090041 -  -     if-ne v0, v1,: Cond_1 -  A. Line 26 +invoke-virtual {p0}, Lcom/lfk/myapplication/mainactivity;->getapplicationcontext () Landroid/content/Context; the  -move-result-Object V0 $  the     Const-string v1, "\u6211\u7684\u610f\u89c1\u4e5f\u5f88\u91cd\u8981" the  theinvoke-Static{v0, V1, v2}, Landroid/widget/toast;->maketext (Landroid/content/context; Ljava/lang/charsequence;i) landroid/widget/Toast; the  -move-result-Object V0 in  theinvoke-virtual {v0}, landroid/widget/toast;->Show () V the  About. Line 28 the : Cond_1 the     return-void the . End Method +  -. methodprotectedOnCreate (landroid/os/Bundle;) V the. Locals 1Bayi. param P1, "savedinstancestate" # landroid/os/Bundle; the  the . Prologue -. Line 13 -invoke-Super{p0, p1}, Landroid/support/v7/app/actionbaractivity;->oncreate (landroid/os/Bundle;) V the  the. Line 14 the     ConstV0, 0x7f040017 the  -invoke-virtual {p0, v0}, lcom/lfk/myapplication/mainactivity;->Setcontentview (I) V the  the. Line 15 the     ConstV0, 0x7f09004094  theinvoke-virtual {p0, v0}, Lcom/lfk/myapplication/mainactivity;->findviewbyid (I) landroid/view/View; the  themove-result-Object V098  Aboutinvoke-virtual {v0, p0}, Landroid/view/view;->setonclicklistener (landroid/view/View$onclicklistener;) V - 101. line 16102     ConstV0, 0x7f090041103 104invoke-virtual {p0, v0}, Lcom/lfk/myapplication/mainactivity;->findviewbyid (I) landroid/view/View; the 106move-result-Object V0107 108invoke-virtual {v0, p0}, Landroid/view/view;->setonclicklistener (landroid/view/View$onclicklistener;) V109  the. Line 17111     return-void the. End method

You can see the code above: 22-77 of these lines are assembly instructions for the OnClick method:

For 36:if-ne V0, v1,: Cond_0 This line to modify

Change If-ne to If-eq (the former is correct to execute cond_0, which is incorrect to execute COND_0 content)

So click Tooyoung will not react, and Toosimple will have two eject, save exit.

5. Finally enter in CMD:

Apktool B < unzip file name >

At this time you unzip the folder under the dist inside there is a new apk file

6. Finally, add the signature to it:

It's good to use the signature tool directly.

7. Finally, take the generated apk with the signature to test it!

There will be no response when you click Tooyoung, but Toosimple will have two pop-up

This is the use of a simple demo to do reverse engineering, the reverse is profound, operation code and Smali language or to look at more.

That's it, huh? Da, for Praise =-=

Android Reverse Engineering Preliminary (i) 15.4.24