Android reinforcement series-4. Learn to crack before reinforcement, and debug apk and androidapk without source code

Android reinforcement series-4. Learn to crack before reinforcement, and debug apk and androidapk without source code

[All Rights Reserved. For more information, see the source .]

The key java code of the project is to set TV to a string read from jni. The cracked content here is to dynamically debug and modify the character content that is finally displayed in TV from apk.

 

1. Tool Introduction

Apktool for decompilation source code

Android studio + smalidea plug-in for dynamic debugging

 

2. Preparations

A. Configure the plug-in

Download plugin smalidea, address https://bitbucket.org/JesusFreke/smali/downloads

This

After the download is complete, open Settings | Plugins of android studio and click the downloaded zip package. And apply.

The purpose of this step is to enable android studio to recognize the smali code and break the breakpoint normally.

B. decompile apk

Download apktool and decompile apk

 

 

3. dynamic debugging

First create a project in android studio, and then decompile the smali source code.

 

Copy all to the project app | src | main | java, and delete all the previous files in this directory.

 

Next breakpoint in the MainActivity $1 file, as shown in figure

 

Next, start the program in debug mode. Note that it is started on the mobile phone.

If you have these options on your phone, set | developer options | select debug application (select crackme) | wait for the debugger (check ),

Then, you can click the program icon to see the Waiting For Debugger dialog box.

If you do not have these options on your phone, you can use the adb command to start it. First, find the corresponding package name com. example. crackme and MainActivity from the decompiled androidmanifest. xml. Then input in the cmd window

Adb shell am start-D-n com. example. crackme/. MainActivity

 

The Waiting For Debugger dialog box appears on the mobile phone.

When the as is opened, it will appear in about two or three seconds.

 

Then click Run | Edit events, create a Remote, and at least assume crack, and enter com. example. crackme port 8700, select source using module's classpath as the project we created earlier, and click OK

Now you can start debugging. Click Run | Debug 'crack '. Be sure to disable other ides to prevent port occupation. Otherwise, errors similar to the following may occur.

 

The program has been debugged, because we need to click the button "check whether it is crack" to set the breakpoint and stop at the breakpoint.

 

This is similar to java breakpoint debugging. You can watch registers v0, v1, v2, etc. Here v1 receives the string returned from the jni layer.

Here, we only need to display the text on the final program interface as huaxiaozhou, and find the string returned from the jni layer set by textView.

 

Right-click mTransformed, Set Value, input huaxiaozhou in double quotation marks, and press Enter. A waiting box is displayed.

 

Then the value of this variable changes. Click Resume or stop.

 

Huaxiaozhou is displayed on the mobile phone interface.

 

【Project address]

【Smalidea address]