APK File Analysis-Android

APK File Analysis-Android
 

After Android is packaged, an APK file is generated.
The APK file is actually a zip file.

For example, if you change the suffix of filecycler.apk to zip, it becomes filecycler.zip.
The ultimate file also has an Excel file, such as fansunion.xlsx, which is suffixed with fansunion.zip. After decompression:
_ Rels
DocProps
Xl
[Content_Types]. xml
If you are interested, try it by yourself ~



After decompression:
META-INF
-- CERT. RSA
-- CERT. SF
-- MANIFEST. MF .)

(1) MANIFEST. MF: This is the summary file. The program traverses all the files (entries) in the Apk package, generates abstract information for non-Folder non-signature files one by one using SHA1, and then uses Base64 for encoding. If you change the file in the apk package, the modified file summary information is different from the MANIFEST. MF check information during apk installation verification, so the program cannot be successfully installed.
Note: if an attacker modifies the program content and generates a new digest, the Digest can be verified. Therefore, this is a very simple verification.
(2) CERT. SF: This is the signature file for the Digest. The MANIFEST. MF generated in the previous step is signed with the developer's private key using the SHA1-RSA algorithm. Only the public key can be used for decryption during installation. After decryption, it is compared with the unencrypted summary information (that is, the MANIFEST. MF file). If it is consistent, it indicates that the content is not modified abnormally.
Note: In this step, even if the developer modifies the program content and generates a new digest file, the attacker cannot generate a correct signature file (CERT. SF ). When the system authenticates the program, it uses the developer's public key to decrypt the incorrect signature file and obtain the result and digest file (MANIFEST. MF) does not match, so it cannot pass the test and the file cannot be successfully installed.
(3) The CERT. RSA file stores information such as the public key and the encryption algorithm used.
Note: The system decrypts the signature file. The required public key is obtained from the file.
Conclusion: from the above summary, we can see that the file in the META-INFO is interlocking, so as to ensure the security of the Android program. (It only prevents the developer's program from being modified by attackers. If the developer's public/private key pair is obtained by the attacker or the developer develops an attack program, the Android system cannot detect it .)

Res (Various XML resource files)
-- Drawable
-- Layout
-- And so on

This directory has a special "strategic significance "~
Last time I read an Android article about Chinese. Android app in Chinese: Decompress the APK file, modify the res resource file, package it again, and then install it,
In this way, the Android program is written into Chinese. I think the theory is feasible and I have not tried it yet.

AndroidManifest. xml (standard file of the Android Project)

Classes. dex (. Java->. class->. dex)
Resources. arsc (also a resource file)
Only the res/animator, res/anim, res/color, res/drawable(non-bitmapfile, that is, non-.png).9.png).jpg).gif files ),
Resource files of res/layout, res/menu, res/values, and res/xml are compiled from XML files in text format into XML files in binary format.
The benefit should be efficiency.