Android APK package decompilation and cracking

Android has been studied for nearly a month. In general, it is easier to get started, and the related resources are quite rich. However, some nice applications do not provide source code. If you want to study the implementation principles in depth, you only need to adopt the method of decompilation and cracking. There are many articles on cracking methods on the Internet, but most of them are reposted, which are similar and incomplete. Here we will summarize three methods for study and sharing as follows. First, decompress the APK package with WinRAR to obtain the package directory, classes. Dex, and other files. Then, follow these steps:

 

I. dexdump Method

Dexdump is a tool provided by emulator to view Dex files. You can use commands like this to dump Dex files to TXT files:

D:/program files/android-sdk-windows-1.6_r1/platforms/Android-1.6/tools> dexdump.exe-D classes. Dex> spk.dump.txt

The obtained file content describes the class information, but it is really hard to read ~~~~

 

2. dex2jar + xjad Method

 

This method uses the dex2jar. jar package to decompackage the classes. Dex file into a jar file and perform Java decompilation through xjad (or other class decompilation tools. For example:

1. dex2jar. Bat D:/play/classes. Dex

The default output path is the same as classes. Dex. The generated file name is classes. Dex. dex2jar. jar.

2. decompile the jar package using xjad

You will understand the following usage methods :)

 

The advantage of this method is that after xjad decompilation, you can directly open the Java source file. The disadvantage is that you can only decompile the Java file during development, but the Lib package used during development cannot be decompiled.

 

Iii. axmlprinter2.jar + baksmali. Jar + smali. Jar Method

 

This method is powerful. axmlprinter2 is used to restore androidmanifest. XML and Main. the XML tool directly opens these two XML files with garbled characters, I can clearly see the content (I guess I still use the byte exclusive encryption method ).

Baksmali. jar is a tool for anti-parsing Dex, while smali. jar is a tool for restoring to Dex.

The procedure is as follows:

 

1. Java-jar axmlprinter2.jar D:/play/androidmanifest. xml> androidmanifest.txt

2. Java-jar axmlprinter2.jar D:/play/RES/layout/Main. xml> main.txt

3. Java-jar baksmali-1.2.5.jar-O classout/D:/play/classes. Dex

 

Baksmali can be parsed (Note: it is a parsing, not a decompilation) the original Java package and the referenced lib package. The parsed file can be understood carefully, for example:

 

. Class lcom/Paul/test/a; <br/>. super landroid/View/view; </P> <p> # static fields <br/>. field Private Static final A: landroid/graphics/typeface; </P> <p> # instance fields <br/>. field private B: I <br/>. field private c: I <br/>. field private d: z <br/>. field private e: j <br/>. field private f: I <br/>. field private l: [ljava/lang/string; </P> <p> # direct methods <br/>. method static constructor <clinit> () v <br/>. registers 2 <br/> sget-object v0, landroid/graphics/typeface;-> sans_serif: landroid/graphics/typeface; <br/> const/4 V1, 0x0 <br/> invoke-static {v0, V1}, landroid/graphics/typeface;-> Create (landroid/graphics/typeface; I) landroid/graphics/typeface; <br/> move-result-object v0 <br/> sput-object v0, lcom/wiyun/AD/a;-> A: landroid/graphics/typeface; <br/> return-void <br/>. end method <br/> # Other Methods .......... <br/> # Virtual Methods <br/>. method public onkeyup (ilandroid/View/keyevent;) z <br/>. registers 4 <br/> const/16 v0, 0x42 <br/> If-EQ P1, V0,: cond_8 <br/> const/16 v0, 0x17 <br/> If-ne P1, V0,: cond_ B <br/>: cond_8 <br/> invoke-Direct {P0 }, lcom/Paul/test/a;-> D () v <br/>: cond_ B <br/> const/4 v0, 0x0 <br/> invoke-virtual {P0, V0}, lcom/Paul/test/a;-> setpressed (z) v <br/> invoke-Super {P0, P1, P2}, landroid/View/view;-> onkeyup (ilandroid/View/keyevent ;) z <br/> move-result v0 <br/> return v0 <br/>. end method <br/>

 

Take a closer look and you will know:

# Static fields defining static variable tags

# Instance fields defines the tag of instance variables

# Direct methods defining static method tags

# Virtual Methods defining non-static method tags

 

Taking the onkeyup method as an example, the processing logic is defined. If-EQ P1, V0,: cond_8 indicates that if P1 and V0 are equal, the cond_8 process is executed:

: Cond_8
Invoke-Direct {P0}, lcom/Paul/test/a;-> D () V

Call the D () method of COM. Paul. test..

Not equal: If-ne P1, V0,: cond_ B, The cond_ B process is executed:

: Cond_ B
Const/4 v0, 0x0

Invoke-virtual {P0, V0}, lcom/Paul/test/a;-> setpressed (z) V

Invoke-Super {P0, P1, P2}, landroid/View/view;-> onkeyup (ilandroid/View/keyevent;) Z

Move-result V0

 

The general meaning is to call the setpressed method of COM. Paul. test. A, and then call the onkeyup method of the parent Class View.

Last return V0

 

This method can parse the externally referenced lib package classes and provide a full picture of the package. The disadvantage is that the parsed smali file is not a decompiled Java file, and the readability is reduced, but it can be seen through careful research.

The related toolkit mentioned above can be downloaded on the http://code.google.com.