Home > Developer > Mobile Develop

Android apk Anti-compilation Basics (Apktoos) Graphics tutorial

Source: Internet
Author: User
Tags what interface
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

This article mainly introduces the Android APK Anti-compilation Foundation, the use of the tool is Apktoos, we will use a graphic way to explain how the Apktoos tool, you can refer to this method to decompile other apk try

A long time has written a wide-industry library homepage A crawler of the demo (because no interface, can only pick static pages), some of the library system to achieve some of the functions. But recently found that the library system on the HTML page to do hands and feet, a page of HTML page embedded in thousands of lines of comments, and have their own app, should be to increase the cost of fetching the traffic to prevent others to pick up the page, but add comments this means not to compliment, intranet access speed is OK, But the external network access experience is very poor.

such as: a bunch of comments, resulting in a Web page to 2MB

The app on the homepage is bound to use the background interface of the library and the server to interact, so try to use the anti-compilation method to see what interface the app uses. (In addition, it is easier to use tcpdump to analyze the interface of the Android phone, and then analyze the TCP packet with Wireshark, but you want to know all the interfaces, you may need to call each interface, it will be more troublesome, using anti-compilation, may be concentrated in a class to find these interfaces).

the first tool to prepare: (Learn more about the anti-compilation tool to see the Snow forum download or learn-link)

Apktool is the APK compilation tool provided by Google and requires a Java runtime environment. You can decompile the apk so that it can be recompiled to be very close to the original format before packaging. Reverse Androidmanifest.xml, resource file RESOURCES.ARSC, and decompile the Dex file into a Smali file that can be debugged. Once modified, it can be compiled back into the apk file. Apktool can also be used to re-package the Android software and release it.
Official: http://code.google.com/p/android-apktool/

Unzip the Apktool and put the apk you want to decompile into the directory

Anti-compilation:

Enter the above directory via cmd, execute command: Apktool decode zhaobenshu.apk OutDir

Wait a moment to complete the decompile, and the anti-compile file will be in the OutDir directory.

---outdir directory structure

Res: Resource files, as in the Adnroid project directory, the same as the res, various UI picture XML layout file of the values XML file (a public.xml, with the ID number of each resource (ID in R.java))
Smail: This is the key folder, which are all Smail format files, is Dalvik virtual machine operation code (Dalvik opcodes), these operations have their own syntax, if you have learned JNI, these grammar is relatively easy to understand and understand. Androidmanifest.xml under the AndroidManifest.xml:Android project
APKTOOL.YML: for re-packaging.

Smail syntax: (all syntax please link)

The data type signature in Smail is the same as in Java, as follows.

B---bytec---chard---doublef---floati---intj---longS---shortv---voidz---boolean[xxx---arraylxxx/yyy---object

Smail code example:

At first glance at the Smail file, you may feel some clutter. However, you can read the Smail file very well as long as you understand some of the syntax.
Smail more commonly used syntax (not all) is divided into: assignment, value, function call, if statement, return value and so on.

Assignment value:

Example: iget-object V6, P0, lcom/zbsh/code/clas/classsystem$9;->val$vbarcodes:ljava/util/arraylist;

Analysis:

Iget a value operation, I=instance, is used to instance filed (instance variable), object is the meaning of the class. V6 is a local register, P0 is represented here (this is represented in the non-static function, and the first parameter is represented in the static function). Lcom/zbsh/code/clas/classsystem is an arrow operator that represents the Classsystem class,-> the package path is Lcom/zbsh/code/clas. The variable in the class or the method Vbarcodes is a variable in the Classsystem, Ljava/util/arraylist is the type of the variable that is vbarcodes (is the signature of the class in Java)

Role:

The value of vbarcodes in Classsystem is stored in the Register V6, the type of vbarcodes must be an object, and the instance variable is a non-static variable.
Where object can be replaced with the base data type: Iget-boolean iget-byte Iget-char Iget-short and so on.

the same :

sget-[Type] is used to get the static variable. (a p0 is missing because the static variable is not this)

Aget-[type] is used to get the array type.

[X]get VX, VY, assigns the value in the register VY to VX.

Assignment value:

There are also the following types:
Iput-[type]
Sput-[type]
Aput-[type]

It also supports assignment between registers and registers, and assigns values between registers and variables.

Function call :
Invoke-direct calling the Private function
Invoke-super calling the parent class function
Invoke-static calling a static function
Invoke-virtual is used to call protected or public functions (equivalent to C + + virtual functions, Java overloaded functions, only protect and public can be overloaded)
There is a more special: Invoke-xxxxx/range: Parameters more than 5 times, to add a/rang


Example:

invoke-virtual {v4, v1}, Ljava/lang/string;->equals (ljava/lang/object;) Z

V4 is this, which represents an instance of ljava/lang/string, and V1 is the first parameter of the function, which is called the Ljava/lang/string () method that is placed in the V4 register as an instance of type equal, and passed in the parameter V1, the result is the Z type , which is the Boolean type.

If it is invoke-static{v4, v1}, the difference is invoke-virtual {v4, v1} is V4 is not this, but the first parameter. V1 is the second parameter, and the method called requires two parameters.

return value:

Get the return value:

Move-result VX: The value returned by the previous method is present in register VX.

Returns the return value:

Return-void did not return.
Return VX returns the value of VX in the register.

If statement:

If-eq vx,vy,target:eq:equal If vx==xy jumps to the target destination code, otherwise executes the next code in the execution order
If-ne Vx,vy,target:nq:not Equal if the vx!=xy jumps to the target object code, otherwise execution order executes the next sentence code
IF-EQZ Vx,target:eqz:equal Zero if the vx==0 jumps to the target destination code, otherwise executes the next code in the execution order
If-nez vx,target:nez:not equal Zero if vx! = 0 jump to target code, otherwise execute the next line of code

Read Smail, find the interface:

Take the search interface as an example:
According to the file name find Gropzbshfind.smali This file, should be search activity.

There is a piece of code in it:

Copy CodeThe code is as follows:
# virtual methods
. method public OnCreate (landroid/os/bundle;) V
. Locals 3
. Parameter "savedinstancestate" </font></p> <p><font face= "Courier New" >. Prologue
. Line 13
Invoke-super {p0, p1}, Lcom/zbsh/code/thrd/groupactivity;->oncreate (Landroid/os/bundle;) V</font></p > <p><font face= "Courier New" >. Line 14
Const-class V0, lcom/zbsh/code/zbshfindmain;</font></p> <p><font face= "Courier New" > invoke-virtual {v0}, Ljava/lang/class;->getname () ljava/lang/string;</font></p> <p><font Face= "Courier new" > Move-result-object v0</font></p> <p><font face= "Courier new" > New-instance v1, landroid/content/intent;</font></p> <p><font face= "Courier New" > Const-class v2, lcom/zbsh/code/zbshfindmain;</font></p> <p><font face= "Courier New" > Invoke-direct {v1, P0, v2}, landroid/content/intent;-> (Landroid/content/context; Ljava/lang/class;) v</font></p> <p><font face= "Courier New" > invoke-virtual {p0, V0, v1}, Lcom/ Zbsh/code/gropzbshfind;->startchildactivity (ljava/lang/string; Landroid/content/intent, v</font></p> <p><font face= "Courier New" >. Line 15
Return-void
. End method

It was obvious that the activity was started by startactivity, Zbshfindmain.

Find the OnClick method in Zbshfindmain.

Copy CodeThe code is as follows:

# virtual methods

. method public OnClick (Landroid/view/view;) V

......... Omit a lump of code .....

Iget-object V0, V5, lcom/zbsh/code/clas/classsystem;->ipaddress:ljava/lang/string;</font></pre> <pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" ">. Line 199

. local V0, ipaddress:ljava/lang/string;

 New-instance V5, Ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-static {v0}, ljava/lang/string;->valueof (Ljava/lang/Object;) Ljava/lang/string;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v6</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Invoke-direct {v5, V6}, Ljava/lang/stringbuilder;-> (Ljava/lang/String ;) V</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Const-string V6," find/getbooklist.aspx?a= "</font></pre>< Pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) Ljava/lang/stringbuilder;</font></pre><pre class= "brush:phP Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Const-string V6," Gdut "</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Const-string V6," &b= "</font></pre><pre class=" brush: Php Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; HighLight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v6</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object v5, P0, lcom/zbsh/code/zbshfindmain$4;->this$0:lcom/zbsh/ Code/zbshfindmain;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5}, Lcom/zbsh/code/zbshfindmain;->getapplication () Landroid/app/application;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Check-cast V5, lcom/zbsh/code/clas/applzbsh;</font></pre> <pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object V5, V5, lcom/zbsh/code/clas/applzbsh;->isystem:lcom/zbsh/ code/clas/classsystem;&Lt;/font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object V5, V5, Lcom/zbsh/code/clas/classsystem;->searchtype:ljava /lang/string;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v6, V5}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Const-string V6," &c= "</font></pre><pre class=" brush: Php Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-scriPt:true "><font face=" "> Move-result-object v6</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object v5, P0, lcom/zbsh/code/zbshfindmain$4;->this$0:lcom/zbsh/ Code/zbshfindmain;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5}, Lcom/zbsh/code/zbshfindmain;->getapplication () Landroid/app/application;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Check-cast V5, lcom/zbsh/code/clas/applzbsh;</font></pre> <pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object V5, V5, lcom/zbsh/code/clas/applzbsh;->isystem:lcom/zbsh/ code/clas/classsystem;</font></pre>&Lt;pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object V5, V5, Lcom/zbsh/code/clas/classsystem;->inputkeywords: Ljava/lang/string;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v6, V5}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Const-string V6," &d= "</font></pre><pre class=" brush: Php Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><fontFace= "" > Move-result-object v5</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Sget V6, Lcom/zbsh/code/clas/classdataparameter;->count:i</font ></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (I) Ljava/ Lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Const-string V6," &e= "</font></pre><pre class=" brush: Php Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (Ljava/lang/ String;) ljava/lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face= "" > Move-result-object v5</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Sget V6, lcom/zbsh/code/clas/classdataparameter;->page:i</font> </pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V6}, Ljava/lang/stringbuilder;->append (I) Ljava/ Lang/stringbuilder;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5}, ljava/lang/stringbuilder;->tostring () Ljava/lang/ String;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v3</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Line 201 

. local v3, urlpath:ljava/lang/string;

 Iget-object V5, P0, Lcom/zbsh/code/zbshfindmain$4;->this$0:lcom/zbsh/code/zbshfindmain;</font></pre ><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5}, Lcom/zbsh/code/zbshfindmain;->getapplication () Landroid/app/application;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Move-result-object v5</font></pre><pre class=" brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Check-cast V5, lcom/zbsh/code/clas/applzbsh;</font></pre> <pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object V5, V5, lcom/zbsh/code/clas/applzbsh;->isystem:lcom/zbsh/ Code/clas/classsystem;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object V6, P0, lcom/zbsh/code/zbshfindmain$4;->this$0:lcom/zbsh/ Code/zbsHfindmain;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> Iget-object V6, V6, Lcom/zbsh/code/zbshfindmain;->muihandler:landroid/ Os/handler;</font></pre><pre class= "brush:php; Highlight: [5, 15]; Html-script:true "><font face=" "> invoke-virtual {v5, V0, V3, V6}, lcom/zbsh/code/clas/classsystem;-> Getfindonthread (ljava/lang/string; ljava/lang/string; Landroid/os/handler;) V



The above code, the implementation is through the StringBuilder, through the Append method, to spell an address, and then call Classsystem;->getfindonthread this method, passed in parameters, an asynchronous book Search task.












Then find some definitions of the host address constants from the Classdataparameter.smali.




Copy CodeThe code is as follows:

. Line 20

Const-string V0, "<a href=" http://59.41.253.11:7778/">http://59.41.253.11:7778/</a>" </p> <p > Sput-object v0, lcom/zbsh/code/clas/classdataparameter;->ipaddress_tel:ljava/lang/string;</p> <p > Line 21

Const-string V0, "<a href=" http://222.200.98.173:7778/">http://222.200.98.173:7778/</a>" </p> <p Sput-object V0, lcom/zbsh/code/clas/classdataparameter;->ipaddress_edu:ljava/lang/string















We can spell out the book Search interface is: http://222.200.98.173:7778/Find/GetBookList.aspx?a=&b=1&c=java&d=40&e=100






The returned JSON data is formatted under:




Copy CodeThe code is as follows:

{

"Error": "0",

"Findtotal": "1612",

"Findcache": "20131124024041.htm",

"Find_list": [

{

"Ctrlno": "70658",

"ISBN": "7-301-03477-6",

"Title": "Java Tutorial (Internet object-oriented programming)",

"Author": "Mary Campione",

"Edition": "",

"Publisher": "North University Edition",

"PubDate": "97.12"

},

{

"Ctrlno": "70657",

"ISBN": "7-301-03476-8",

"Title": "Java class Manual",

"Author": "Patrick Chan",

"Edition": "",

"Publisher": "North University Edition",

"PubDate": "97.12"

},

{

"Ctrlno": "605337",

"ISBN": "978-7-115-30271-7",

"Title": "Basic java 7 tutorial = Java 7 for absolute Beginners",

"Author": "(Mei) Jay Bryant, Li Peng, zhida translation",

"Edition": "",

"Publisher": "People's post and telecommunications press",

"PubDate": "2013.01"

},

{

"Ctrlno": "604835",

"ISBN": "978-7-302-30346-6",

"Title": "Java Error learning method [Monograph]",

"Author": "Zhu Fu Authoring",

"Edition": "",

"publisher": "Tsinghua University Press",

"PubDate": "2013"

}

]

}















Secondly:

The more powerful use of anti-compilation is to modify the Smali code, and then repack the APK, to crack some of the paid software, to remove ads, or to understand some good software implementation logic.






Android apk Anti-compilation Basics (Apktoos) Graphics tutorial



                

                    
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or
complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

                

            


                            
Related Keywords:
                    

                                                    rf basics tutorial
                                                    net basics tutorial pdf
                                                    quickbooks basics tutorial
                                                    imovie basics tutorial
                                                    ftp basics tutorial
                                                    websphere basics tutorial
                                                    powershell basics tutorial
                                            

                

                                                                    

        

            

                

                                        

                        

                    

                

                

    

                    
Contact Us

            
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
                products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
                content of the page makes you feel confusing, please write us an email, we will handle the problem
                within 5 days after receiving your email.

            

                If you find any instances of plagiarism from the community, please send an email to:
                info-contact@alibabacloud.com
                and provide relevant evidence. A staff member will contact you within 5 working days.
            

            



                

            

            
What's Trending

            
        

    


                                    

            

            
Top 10 Tags

                            datastax
                            versions
                            naming convention
                            zookeeper client
                            class definition
                            md5
                            microsoft sql server 2005
                            data structures
                            exception handling
                            error handling
                    

    


                    

            

            
Top 10 Keywords

                            microsoft download center down
                            wordpress address url site address url
                            wordpress address url
                            windows installer 4 0 download
                            302 not found
                            web address url definition
                            site address url wordpress
                            db2 integer
                            mac os installation step by step pdf
                            abbreviation for return
                    

    


                                

                    










  
      
  
            
                
                
            
  
      
  








                

            

        

    

    


    


  

    

      

        

          

            

              
A Free Trial That Lets You Build Big!

              
 Start building with 50+ products and up to 12 months usage for Elastic Compute Service 

              

                Get Started for Free
              

            

          

          

            

              
    
                
  • 
                  
    Sales Support
    
                  
    
                    1 on 1 presale consultation
                  
    
                  
    
                    Chat
                    Contact Sales
                  
    
                
    • 
                
  • 
                  
    After-Sales Support
    
                  
    
                    24/7 Technical Support
                    6 Free Tickets per Quarter
                    Faster Response
                  
    
                  
    
                    Open a Ticket
                  
    
                
    • 
                
  • 
                  
    
                  
     Alibaba Cloud offers highly flexible support services tailored to meet your exact needs. 
    
                  
    
                    Learn More
                  
    
                
    •