This example is from the "Android software security and Reverse Analysis" book, the author is the non-worm to see snow, thanks for providing such good books and examples.
First, the tool
you get a good tool for what you do.
1.apkIDE
Anti-compilation, I use here is apkide (apk change), the tools of their own Baidu bar. Individuals do not like to leave some unnecessary things in the network disk, rare finishing, Baidu a lot. I will give an official Internet café here, lest some children's shoes find the wrong place. Now this download website carelessly, what family portrait all come. Well, it's a little far. I am using the latest version, I personally like the newest edition. (The latest version may have some problems)
http://www.popotu.com/popo/apkide.html
Last Sample:
2. Blue Stack
as long as the simulator can be, I personally think this is easy to use. Whatever you want is OK. Official website: http://www.bluestacks.cn/
Sample diagram:
Second, view the source program
Here we drag the crackme02 directly into the blue stack and install .
then we'll open it up and see how it works.
we can see that there is a program not registered in the upper left corner. We randomly enter the characters and click Register. Found toast prompt us, invalid user name or registration code.
at this point, we should be on our tools.
third, anti-compilation
1. Use of tools
here is a detailed description of the use of apkide.
Open Apkide
Click on the item and click on the APK to select our crackme02.
look at the progress of the output box, and then we can do our work.
post-compilation file directory
The disassembly
code is stored in the Smali.
Res is all the resource files.
are consistent with the development catalog.
2.strings.xml
we know that at the beginning, we usually put some characters into the Strings.xml file. Here I will open the Strings.xml file.
files in: Res-values-strings.xml
Now let's look at what's in Strings.xml.
<?xml version= "1.0" encoding= "Utf-8"?><resources> <string name= "App_name" >crackme0201</ string> <string name= "Hello_world" >hello world!</string> <string name= "Menu_settings" >Settings</string> <string name= "Title_activity_main" >crackme02</string> < String Name= "info" >android program cracked demo instance </string> <string name= "username" > user name:</string> <string name= "SN" > Registration code:</string> <string name= "register" > Registration </string> <string Name= "Hint_username" > Please enter your username </string> <string name= "HINT_SN" > Please enter the 16-digit registration code </string> <string name= "Unregister" > program not registered </string> <string name= "registered" > Program registered </string> <string name= "unsuccessed" > Invalid user name or registration code </string> <string name= "successed" > Congratulations! Registration Success </string></resources>
we can easily see that toast prompts us in the wrong place
3.public.xml
we know that each character has a unique index value of type int.
so we opened the Public.xml file above the Strings.xml.
<?xml version= "1.0" encoding= "Utf-8"?><resources> <public type= "drawable" name= "Ic_launcher" id= " 0x7f020001 "/> <public type=" drawable "name=" Ic_action_search "id=" 0x7f020000 "/> <public type=" Layout " Name= "Activity_main" id= "0x7f030000"/> <public type= "dimen" name= "Padding_small" id= "0x7f040000"/> <pu Blic type= "Dimen" name= "Padding_medium" id= "0x7f040001"/> <public type= "dimen" name= "Padding_large" id= "0x7f040 002 "/> <public type=" string "name=" App_name "id=" 0x7f050000 "/> <public type=" string "Name=" Hello_world "Id=" 0x7f050001 "/> <public type=" string "name=" Menu_settings "id=" 0x7f050002 "/> <public type=" string " Name= "Title_activity_main" id= "0x7f050003"/> <public type= "string" name= "info" id= "0x7f050004"/> <pub Lic type= "string" name= "username" id= "0x7f050005"/> <public type= "string" name= "sn" id= "0x7f050006"/> < ;p ublic type= "string" Name= "RegiSter "id=" 0x7f050007 "/> <public type=" string "name=" Hint_username "id=" 0x7f050008 "/> <public type=" str ing "name=" hint_sn "id=" 0x7f050009 "/> <public type=" string "name=" unregister "id=" 0x7f05000a "/> <publi C type= "string" name= "registered" id= "0x7f05000b"/> <public type= "string" name= "unsuccessed" id= "0x7f05000c"/&G T <public type= "string" name= "successed" id= "0x7f05000d"/> <public type= "style" Name= "Apptheme" id= "0x7f060000 "/> <public type=" menu "name=" Activity_main "id=" 0x7f070000 "/> <public type=" id "name=" textView1 "id=" 0x7f080000 "/> <public type=" id "name=" edit_username "id=" 0x7f080001 "/> <public type=" id "name=" edit_sn "Id=" 0x7f080002 "/> <public type=" id "name=" button_register "id=" 0x7f080003 "/> <public type=" id "name= "Menu_settings" id= "0x7f080004"/></resources>
find the unsuccessed we need. If it is difficult to find, then our search function will come.
in the search content to write unsuccessed, and then search scope Select the selected file or folder, on the left we choose Public.xml. Then click Search All.
we can see that the search results shown below, we double click on this line, we will jump to the location we need to find.
then we remember id:0x7f05000c.
3.smali
we'll have to use our search at this time. method is similar, not repeat. We want to select Search Smail
we have found two places.
First Const v1, 0x7f05000c
so we double-click the past.
then go up and find the place to jump.
Move-result v0
If-nez V0,: cond_0
The result of the first line of code returned is stored in V0, and the second line is to Judge V0. If the value is 0, run down, that is, the unregistered place pops up. If it is not 0, jump to cond_0.
so that is the case if the jump success will jump, then the program is successful.
iv. modification of Smali
here is Nez, not equal to 0, then we will change to Eqz, equals 0.
Focus on the focus, after modification, be sure to remember to save. Otherwise, there may be a compile error or the modified code is not compiled.
then we click Compile, compile build apk
look at the progress of the output box and the file path, we go to find our apk. It's usually next to the original APK. After recompiling the signature, the APK name will be preceded by a apkide_
v. Verification
Recompile apk We need to verify the success.
we dragged it to the blue stack and the installation opened.
Here we find that we have cracked the success.
Finally, let's download the APK. Https://yunpan.cn/cMuPerPjatc6S access Password 24cewhere there's something wrong or wrong, welcome to the discussion.
Android Reverse instance note-Crack the first Android program _CRACKME02
