The tools used in this article are downloaded:
Link: Http://pan.baidu.com/s/1i3uw4NN Password: 8hz5
Recently in the study of how to reverse the Android app, so there is a summary of this Android reverse introduction to the Internet.
Since the Android APK file is actually a zip file, modifying the file suffix can be opened directly, as shown in the effect:
The files contained in this document are:
Meta-inf: This folder is used to save the signature file, to ensure the integrity of the package
res:apk to use the resource files, are intact to save, we can directly extract, do the Chinese when you can directly read the string file and then modify
Androidmanifest.xml: A compiled configuration file that declares the Activity,service contained in the program and the capabilities that the program has, that is, permissions.
RESOURCES.ARSC: A resource description file after compilation
Classes.dex: The point is that the Android program that we wrote, all of the. java files in the source program are eventually compiled into such 1. dex files that are executed on the Dalvik virtual machine on the Android phone.
Here's how to hack a variety of information about an app.
1. reverse. xml file
Because the XML file in the APK package we open directly with Notepad or some garbled, so we need to restore to better see.
The Axmlprinter2.jar tool is needed here.
The specific is to open the command line we take Androidmanifest.xml as an example, enter the following command:
Java-jar Axmlprinter2.jar androidmanifest.xml > AndroidManifest.txt
Interested can also be written as a. bat script for easy execution.
The Androidmanifest.xml file before execution:
After you perform the anti-compilation:
<?xml version= "1.0" encoding= "Utf-8"? ><manifestxmlns:android= "http://schemas.android.com/apk/res/ Android "android:versioncode=" 322 "android:versionname=" ver 3.2.2 "package=" Com.eoeandroid.wallpapers.christmas " ><applicationandroid:label= "@7f040000" android:icon= "@7f020004" ><activityandroid:label= "@7F040001" Android:name= ". Main "><intent-filter><actionandroid:name=" Android.intent.action.MAIN "></action>< Categoryandroid:name= "Android.intent.category.LAUNCHER" ></category></intent-filter></ Activity><serviceandroid:name= ". Service. Syncdeviceinfosservice "></service><meta-dataandroid:name=" Com.mobclix.APPLICATION_ID "Android:value = "30c0e2bb-a878-43cb-830b-a39fcae33b0c" ></meta-data></application><uses-sdkandroid: minsdkversion= "3" ></uses-sdk><uses-permissionandroid:name= "Android.permission.INTERNET" ></ Uses-permission><uses-permissionandroid:name= "Android.permission.SET_WALLPAPER" ></uses-permission><uses-permissionandroid:name= "Android.permission.WRITE_EXTERNAL_STORAGE" ></ Uses-permission><uses-permissionandroid:name= "Android.permission.ACCESS_NETWORK_STATE" ></ Uses-permission><uses-permissionandroid:name= "Android.permission.READ_PHONE_STATE" ></ Uses-permission><uses-permissionandroid:name= "Android.permission.ACCESS_NETWORK_STATE" ></ Uses-permission></manifest>
Basically can restore the same as the source program.
2, the reverse of Classes.dex
There are two ways to master the reverse of Classes.dex.
The first is to decompile the Classes.dex into a Smali format file, and then look at Smali to see how the program performs.
The second is to decompile the classes.dex into a. jar format file using Dex2jar, and then use Jd-gui to view the Java source code inside the jar package.
The first method is introduced first. There are so many tools in this way that you can search the Internet for a search. I'm using a reverse tool called dipipiapk. interface of the program:
You can decompile the Smali program code by entering the Dex file path or the app path, and then selecting the Smali output path.
This program because of the interface so better, but the author of this program has not updated version, so just start to play with this game is OK, really want to continue to do, but also have to change tools.
Can use Baksmali.jar This tool, a foreign to the Android research of a very deep Daniel do.
Execute code
Java-jar Baksmali.jar-o Classout/classes.dex
The classes.dex can be reversed into a folder.
Click on one of the files we continue to look at:
This code and Java source program is very similar, about how to read the Smali program, you need to further research and study.
We have compiled the classes.dex into a. smali file in the previous step and compiled it into Classes.dex in the trial:
The Smali.jar tool is used here.
Enter the following command:
Java-jar Smali.jar classout/-o classes.dex.
We can plug the newly generated classes.dex into the apkinstaller.apk to overwrite the original Classes.dex file, so our apk is still the same.
However, some APK programs will appear after the changes are installed but not available, the display program is not installed. This is because the program has been modified, but the signature is not modified, and androidresedit can be used to re-sign the software. Here is no longer a detail, you can find the relevant tutorials on the Internet.
The second method is described below.
The first thing to download is two tools: Dex2jar and Jd-gui.
The former converts the Classes.dex in the apk into a jar file, and Jd-gui is an anti-compilation tool that can view the source code of the jar package directly.
First, the apk file, the suffix to zip, unzip, get the Classes.dex, it is the Java file compiled and then packaged with the DX tool;
Unzip the downloaded Dex2jar and copy the Classes.dex to the directory where Dex2jar.bat is located. Navigate to the directory where the Dex2jar.bat is located at the command line
Run:
Dex2jar.bat Classes.dex
Generated:
Classes.dex.dex2jar.jar
The following are the generated jar files:
Run Jd-gui (Jd-gui.exe) and open the jar package generated above to see the source code.
Android Reverse starter and tools download