Android Smali Code injection combat One

There are students in the service inside work, has recently been busy 4g base station building work, test equipment (Android) measurement mobile network data, not automatically save the record of the function, can only manually record a variety of test parameters, do not know how the test software vendors think, unexpectedly do not provide such a function! For my help to automatically import the test data into the Excel table, I have to bite the bullet to try. Online there are Smali grammar and injection of the introduction, but the reference value is not small, share their own Smali injection process and experience (here Smali Grammar does not speak).

Case

1. Requirements

The data interface needs to be extracted as follows:

Extract data field information: Location Address cell identification code cellid, location Code ARESID signal Strength RX

2. Determine if there is a required data table in the application data and export the SQLite data.

1) The phone does not have root privileges, can be injected from the Smali application internal copy dada/data/xxxxx/directory file function code.

2) The phone has root authority, ADB pull/data/data/inet. Gdtel.com/e:\ unsuccessful (no permission), and the ADB shell does not have PULL,CP instructions, of course, the installation of BusyBox, CP to SDcard, in the pull to the computer, or through the Phone assistant pull computer.

There are corresponding tables corresponding to the requirements of the data entity, do not have to extract from the interface, that can be retrieved from the database to Excel documents, no, then extract data from the interface one by one, in the Excel document.

3. Open the interface that needs to be extracted, determine the activity of the interface, method: Check the mobile phone current Activity activity,adb instruction

ADB shell Dumpsys Activity Activities | Sed-en-e '/running activities/,/run #0/P '

The query results are as follows:

From the query results, we can see the project process of this interface: inet. Gdtel.com, where activity:com.wellcell.inet.Cust.CustTestActivity

4.apktool decompile apk to determine the data source for the desired data

1) Enter com.wellcell.inet.Cust.CustTestActivity, search OnCreate, Setcontentview, determine layout.xml

Like what:

  . Line +   const V0, 0x7f03000f  //layoutid  invoke-virtual {p0, v0}, lcom/wellcell/inet/cust/ Custtestactivity;->setcontentview (I) V

According to LayoutID, in R (does not exist, the anti-compilation file into eclipse, whether there is no fault, after running this project to generate R class, according to this r class, there may be a problem, I tested, no problem) class search layouid corresponding layout.xml.

2) View the Layout.xml interface in Eclipse, determine the ID name of the control that contains the data you want, and then query the R class for the specific value of the control ID.

3) in your activity or fragment, determine the control's property name based on the control ID, such as

4) Determine the data source based on the name of the control, search M_txlacgsm,settext

Cellid,lacid from Telstrengthinfo entity, other data analogy.

5. Inject code

1) Injection Code implementation:

Method 1: Write the injected code directly according to the Smali syntax

Method 2: Start with the injected project package name new project, according to the injected class name class, write the injection function module code, and test, and then decompile the APK, from the Smali file copy code to the injection point, and then Apktool packaging even if the Smali syntax does not work, can also be competent.

2) Common errors:

1. The package name of the class is not correct

For example, when the package naming is confusing, it's easy to make mistakes.

　　

2. When packing, the attribute forgets the declaration definition

3.. line number of lines (method call in the number of rows in the Java file) has duplicate

4. Refer to the three-party jar package or add a new class and forget to copy to the anti-compilation project.

6.smali Commissioning

Smali debugging is a pain in the egg, even if the injected code problems will not crash.

Debugging method:

1) Debug Smali through Eclipse. The process seems to be troublesome, tried, there will be various problems, JDK version problems, remote JVM reject links, etc., may be related to the development environment.

2) through the powerful ADB function, solve the run-time error, commonly used three methods, vfy information will give the Smali code error file, function and error reasons, DALVIKVM information can give the call stack, and the context of the execution process.

ADB logcat > E:\log.txt | grep inet. Gotel.com
ADB logcat > E:\log.txt | grep DALVIKVM
ADB logcat > E:\log.txt | grep vfy

For example, using adb logcat > E:\log.txt | grep inet. Gotel.com

　　

3) in the injection point is usually added log, tracking code path, and method parameters, execution results and so on.

7. Injection recommendations

1) As far as possible at the injection point, the function calls a line of code injection, and put the injected function implementation behind the walk, to avoid other original code.

2) The injected code into the class, to avoid the injection of time, to manually modify a lot of.

Reference URL:

MIUI V4 transplant Experience Sharing (c)--smali code injection

Android Smali Code injection combat One