Android Hack learning Path (one)--Simple login hack

Recent sudden efforts like the tide began to learn the Android hack, beginning, is to record the experience.

preparatory work:1, a login simple app

Before we crack, we need to do a simple login app, enter the corresponding account and password is the popup login successful dialog box, the account and password does not match the popup Login failed dialog box, such as

As I have already written a simple app to make the Login interface blog post, here is not much to say, please enter http://www.cnblogs.com/kexing/p/8000783.html, the picture is copied from that blog.

suggest that you follow my tutorial to do the app, and then the following I said the crack will have a deeper understanding

This is my previous article to do the login app, the address to everyone, everyone download, follow my steps below to start to crack

Link: https://pan.baidu.com/s/1dFew3y5 Password: 6666

2.android hack tool--androidkiller

　　Here to introduce the Android hack tool, Androidkiller, this software is famous, do not know the words can go to Baidu search to see

: Link: https://pan.baidu.com/s/1dET7ce1 Password: 6666

Start cracking:

　　Using Androidkiller to open the apk that needs to be cracked, after the anti-compilation success, click on the project manager, there will be an interface (the first run may appear to die, the workaround is to turn off the software, reopen, and then select Open in the project history)

Here, the original folder contains the original androidmainfest and related signatures, res folder is the relevant layout, color, pictures, music and other resources, Smail folder is to store all the Java files in the app

I am only a relatively rough explanation above, want to learn more about the students can refer to this blog post http://blog.csdn.net/bbzz100/article/details/51568616

Our focus is on the files in the Smail folder.

We can see that there is a mainactivity, this is the main interface of the Java file Smail file, because this is a simple login app, so there is not much interface, we can clear the main interface, but the general app is not only one interface, then, What do we do? The answer is simple, search by keyword, and navigate to the relevant Smail file. So, to crack an app, you have to use it to find the keyword in the process of using it.

As our simple login app, we can search for login failures to find the corresponding Smail

In the upper right corner of the search function box input login failed, click on the bottom right corner of the search all, you can see no results, this is why? Because the development tool will convert the relevant text in the APK to Unicode when the APK is generated, we can turn the login failure into Unicode, search again for the results, and the Androidkiller search box is the one with the ability to convert Unicode, as

we choose to Select Text to Unicodeand search again to see the results

we expand it, double-click on the second row, and you will jump to the Smail file where it resides.

Until now, we need to clarify the idea of the break, we need to enter a mismatch account password, so that it pops up a successful login dialog box.

We have found a popup login failed dialog, we need to do is to modify the condition is not satisfied when the code executed

Here we first add two Smali instructions one is IF-EQZ and the other is If-nez, and the two instructions are relative.
(1) If-eqz va, VB,: cond_** if VA equals vb jump to: cond_**, can be regarded as Boolean a = Va==vb,if-eqz A,: cond_** when A is true, that is, VA equals vb, execute Cond_ * *, otherwise, skip cond_** and execute the next line of code
(2) If-nez va, VB,: cond_** If VA is not equal to VB jump to: cond_**, ibid,boolean a = Va!=vb, If-nez a,:cond_** When A is true, that is, VA is not equal to VB, execute cond_**, otherwise, skip cond_** and execute the next line of code

Add: V5 is false, then the user name is not correct, so pop-up login failed, V5 is true, that is, the user name to, continue to determine whether the password is correct, password is incorrect, is also a popup login failed dialog box

How to hack:

Crack before emphasizing a problem after modifying the Smali code must be ctrl+s save The program or the original Smali code compiled

1. The above two to determine the user name and password judgment, that is, IF-EQZ modified to If-nez, then enter the wrong account name and password will skip cond_0, equivalent to not pop-up Login Failed dialog box, directly down, followed by a successful login dialog box

PS: If the input is the original correct username and password, it will eject the login failure

2. Delete these two if-eqz, regardless of input, even if the correct account name and password are pop-up login successful dialog box

3. Use the goto statement to skip these two IF-EQZ directly

When you're done modifying, click Compile

Then you can see the success of the compilation prompt, click on the red box that line, will jump to the explorer

after that, send the APK to the phone and install the test effect on the phone

Mention here, you can also use the ADB function to connect to the phone for testing, or connect to the Android emulator, install the APK into the simulator test

Android Hack learning Path (one)--Simple login hack