Android app cracking-SSHDroid for advertising

 

SSHDroid is used to set up an ssh server on an android mobile phone. This small application has two versions: one free version and one pro version. The difference is whether there is advertisement.

 

After the application Adfree android is installed, SSHDroid will not work, saying that the ad is blocked, and then you can only choose to "quit" or "Buy a paid version ".

This makes me somewhat uncomfortable.

 

I have the idea of cracking it ~~ As a result, the chrysanthemum was violent and cool.

 

In linux, the adb is not running, and there is no output after running, somehow. Get this app in win first.

The violent chrysanthemum tool used:

 

Reference:

Adb.rar (downloaded from the Internet, which contains adb and its dependent libraries. I am too lazy to install the android sdk ...)

Auto-sign(win7 .rar is used to sign the app.

Apktool1.4.1.tar.bz2 at google Project: http://code.google.com/p/android-apktool/

Apktool-install-windows-r04-brut1.tar.bz2

EmEditor)

Let's talk about how adfree android shields advertisements. In fact, this software modifies the andorid/system/etc/hosts file, direct the ip address of the ad domain name to 127.0.0.1 to shield the advertisement.

 

Debug the claw machine.

 

Drag the program from the machine (if you do not know the app file name, use ls to find it ):

Code:

Adb pull/data/app/berserker.android.apps.sshdroid-1.apk

Use apktool to decompress and decompile it.

Code:

Apktool d berserker.android.apps.sshdroid-1.apk reversing

Go to the reversing Directory, which contains the exposed chrysanthemum (decompiled stuff ):

Code:

Cd reversing

The following is the official violent chrysanthemum.

Zhiwei. li provides three solutions to deal with ad:

 

 

Reference:

1. Patch com. google. ads. This will be a common method and will be effective for all applications that use com. google. ads.

2. patch the app. Find the place where the app calls com. google. ads.

3. Patch resource files to make ad resources invisible.

Here I am using a combination of 2 and 3, which is quite thorough.

Go to the smali directory and use emeditor to open a. smali file. Search for/etc/hosts in the directory and Its subdirectories.

Two items are found:

 

Reference:

Smali \ berserker \ android \ a. smali (59)

Smali \ berserker \ android \ a \ f. smali (227)

Open the disassembly file. The first one is the defined hosts class. Soon we can find that:

Code:

Const-string v3, "admob"

This program is the admob advertisement.

Code:

Const-string v3, "admob"

 

Invoke-virtual {v2, v3}, Ljava/lang/String;-> contains (Ljava/lang/CharSequence;) Z

 

Move-result v2

 

If-eqz v2,: cond_0

 

Sget-object v1, Ljava/lang/Boolean;-> TRUE: Ljava/lang/Boolean;

 

Sput-object v1, Lberserker/android/a;-> B: Ljava/lang/Boolean;

From the code above, it can be seen that it is to check whether there is an admob string in hosts, and then decide whether to jump or not based on the returned results.

 

Here, you can modify the constant or if-eqz to if-nez. I used to modify the constant,

Set the preceding

Code:

Const-string v3, "admob"

To:

Code:

Const-string v3, "notexistsdomain"

The string here is casual, and the requirement is that all entries in the hosts file of your mobile phone do not appear.

 

 

If this is the case, no matter whether the hosts file is modified or not, there will be no problem. Relatively common.

The changes here are based on reading the disassembly Code and are not randomly modified.

 

 

 

For the JVM instruction set of android, see here for details:

Http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html

 

Http://loda.hala01.com/dalvik-opcodes/

 

Http://thinkinmylife.iteye.com/blog/443900

 

I read the second file and there is nothing to modify.

 

Then, modify the resource file.

Under the res/layout directory, you will probably know what the banner. xml and hosts_alert_dialog.xml files are named.

Change the height to 0.

For example:

Code:

Android: layout_height = "0.0dip"

After finishing, start to close the job:

Repackage the apk

Code:

Apktools B reversing cracked_berserker.android.apps.sshdroid-1.apk

Sign it so that it can be installed on most android devices. If you have installed the SDK, you can use the debug key Certificate.

Code:

Jarsigner-keystrore ~ /. Android/debug. keystore cracked_berserker.android.apps.sshdroid-1.apk androiddebugkey

Then enter android as the password)

 

I can use auto-sign to directly drag the cracked file to Sign. bat to generate the file.

Code:

Cracked_berserker.android.apps.sshdroid-1.apk.apk

Okay.

 

You can uninstall the original software on your mobile phone and run the following command:

Code:

Adb uninstall berserker. android. apps. sshdroid-1

Then install

Code:

Adb isntall berserker.android.apps.sshdroid-1.apk

The attack is complete. After testing, it has been used for nearly a month and runs normally.

 

Author's wilderness without lights