About two packs of Android apps (apk files)

many developers, whether individuals or companies, do not pay much attention to the security of their own development of the application, that is, will be criminals to tamper with code, insert malicious code, send some spam ads, or even misappropriation of user information. I don't care too much, including me, until a few days ago, when an app posted on the market was pirated and uploaded to some application market, the seriousness of the problem was found! At the beginning of the period I did not know that the application of the market is pirated, still complacent, and downloaded a loaded in the mobile phone, and later found that the mobile phone notification bar inexplicably appeared a lot of spam ads, there are some applications I did not install, but appear on my phone, I wonder, Long press the notification bar information can display the application to publish the notification information, in a look unexpectedly to self-application, Mom! What's going on here, I didn't advertise! So, I will be the installation package anti-compilation, a look at the original package unexpectedly out of a package called Y6, and the manifest file also added a lot of code including Service,receiver, the most depressing is the package name unexpectedly changed, finally I put the code of the implantation of all deleted, package name also changed back, Re-packaging, unexpectedly successful, see here, how do you feel?? What do you think about when you publish your app?

Wordy so much, so at this point we look at how those bad silver was packaged two times! Decompile everyone should be not unfamiliar, apktool on it, but how to modify or insert the code, and then back to the apk it? (Note: For this process has been recite the "great God" can leave) we apktool the APK after the generated folder contains a Smali folder,

This is the essence of the app, where all the code is here, After opening to see all the suffix is. smali file, and then open a file to see its code, as if not how to see, yes, it is the Dalvik virtual machine instruction language, modify the code is also here to modify, you can Baidu, popularize a bit of knowledge, OK, below will give a simple example, including the use of Apktool anti-compilation --Modify the code--back to compile and sign--Install the modified application to test a series of processes:

1. Using Apktool to decompile the APK:

First I wrote a simple example of using Eclipse to generate a test apk (after the signature), the main code and the results of the run

Mainactivity.java

Next, start the decompile:

Put the test file into the Apktool folder and rename it to 123.apk, run Apktool.cmd:

After selecting 1 decompile, generate a folder named APK, open the folder and see the directory as shown in the first picture, open the Smali folder and locate the Mainactivity.smali file open. Find the following code:

These code in fact, and our source code is one by one corresponding, the source of some, can be found here, just Smali with the assembly language, so, want to make a complex change or to learn Smali grammar.

2. Modify the code:

Because this example is relatively simple, so do not make too much copy of the modification, we put "test my application" to "Haha, your application was cracked" test it!

3. Back to compile:

After the modification is saved, go back to the Apktool root directory, open the CMD, select 2 or 3 to start the execution back to compile, after successful execution remember to press the return to sign, re-signed the application will be reported signature inconsistency error, so need to uninstall the original and then reinstall, run

To this, two times package success! Before I write this article, I also have several games have been reversed and repackaged, which paid for what gold coins to find the corresponding code can be modified, but sometimes in the use of modified gold or diamonds may be networked detection, and with signature parameters, re-packaged signature and the original signature is inconsistent, This in fact, in-depth study can also be cracked!

How do you feel about seeing this? When we publish an application, be sure to check if our application has been two times the risk of packaging, you can use the above method to test, there is a problem to find a way to strengthen ( Note: Only code confusion is not prevented by two times packaging ), or by some criminals use, Loss is not self, the company also includes the interests of users, to their own reputation will also cause a certain harm!

Looking back, let's guess how my app was planted with malicious ads at the beginning of the paragraph. Personally, it is to use the above method to decompile, the already written and generated Smali file into my package, and then in the manifest file configuration, and modify the package name, and finally RePack (to get this result is based on, I have two times packaged apk and another anti-compilation, and the placement of the code and Configuration code to remove all, the package name changed back, the third packaging, the installation is still no problem, but also removed the ads, in addition to the signature of different, and finally a little more than two times packaging is, the version of the list file, version number, package names can be modified, this everyone must pay attention!

Finally attach Apktool tool: http://download.csdn.net/detail/baiyuliang2013/8077501

Note: If you are having problems with your use, you can try to replace the Aapt.exe with your own aapt.exe in eclipse.

About two packs of Android apps (apk files)