first one Android Crackme
?
0x00 background
recently in the study Android the reverse, the basic environment, after the look at the first line of code --android ", and then follow the non-worm Daniel's Android software security and reverse analysis begins the first apk of the crack .
This article right when is recorded, there is no technical content.
?
0x01 Preliminary study
first , let's take a look crack of the apk Look, start an Android virtual machine, and then use adb will be apk install to the virtual machine with the following command:
you can see that the virtual machine is already installed in the apk :
?
start this apk , enter any user name and registration code, click the Register button, you can see that there is a Toast message:
?
Toast the text content is " Invalid user name or registration code " , and record this feedback information.
?
0x02 Anti-compilation
Use Apktool will be apk anti-compilation, generating Smali format of the disassembly code, this step can be used with many GUI of tools such as apk change the rationale, Androidkiller And so , at present, in view of beginners, in order to better understand the whole process, so still use Apktool command line to operate on.
folder in the output of the decompile OutDir found in Strings.xml , open with any text editor:
Here you can see justToastthe text content, corresponding to the name of"unsuccessed". String.xmlall the string resources in the file are then"Gen</packagename>/r.java"of the fileStringis identified in the class, each string has a uniqueinttype index value, using theApktoolAnti-compilationapkafter the file, all index values are saved in theString.,xmlfiles under the same directoryPublic.xmlfile. ViewPublic.xmlFile:
unsuccessed corresponding to the ID to be 0x7f05000b, Search all the file contents of the decompile, and find that only Mainactivity$1.smali file on 0x7f05000b There is a reference:
even for smali syntax is unfamiliar, see called function can also guess, this is called toast function to unsuccessed 0x7f05000b a little before, You can see that there is a command to jump: "If-nez V0,cond_0" toast unsuccessed otherwise jump to cond_0 cond_0 code:
structure and references of code 0x7f05000b The same method can be used to find 0x7f05000c corresponds to a string " Congratulations to you! Registered successfully ". So if you can make this jump successful, it means that the registration is successful. So the code "If-nez v0,:cond_0" is the key to the program crack, the "If-nez" to the opposite instruction "IF-EQZ" Save exit.
?
0x03 re-compiling
Next Use Apktool The modified file is re-compiled and packaged into a apk file, the command is as follows:
?
generated by apk file is in Dist folder, and the original apk same name.
compile the generated crackme02.apk no signature is not available for installation, use Signapk.jar on this apk to sign.
?
next Test the modified apk if it works, first uninstall the newly installed Crackme Application:
then use adb install The modified apk to install in a virtual machine:
as you can see, enter any user name and registration code, Toast the message shows that the registration was successful.
First Android Crackme (2016-05)