How to analyze the first program of Android program hack

The usual way to hack the Android program is to use the APK file to decompile the Apktool, generate the Smali format of the disassembly code, and then read the Smali file code to understand the program's operating mechanism, to find a breach of the program to modify, Finally, use Apktool to recompile the APK file and sign it, run the test, and then loop until the program is successfully cracked.

1. Anti-compilation APK file

Apktool is a cross-platform tool that can be used directly under the Windows platform and Linux platforms. Pre-use to: http://code.google.com/p/android-apktool/download Apktool, currently the latest version for the 1.4.3,windows platform need to download APKTOOL1.4.3.TAR.BZ2 and apktool-install-windows-r04-brut1.tar.bz2 Two compressed packages, if the Linux system you need to download apktool1.4.3.tar.bz2 and apktool-install-l INUX-R04-BRUT1.TAR.BZ2, unzip the downloaded file to the same directory. Go to the command line to extract the directory, execute the apktool command will list the use of the program:

The command to decompile the APK file is: Apktool D[ecode] [OPTS] <file.apk> [<dir>]

The command to compile the apk file is: Apktool b[uild] [OPTS] [<app_path>] [<out_file>]

Then go to the Apktool tool directory under the command line and enter the command:

$./apktool d/home/fuhd/apk/gnapk/nice/com.nice.main.apk OutDir

Wait a moment, the program will be anti-compilation completed,

2. Analysis APK file

As in the example above, when the anti-compilation apk file succeeds, a series of directories and files are generated in the current OutDir directory. Where the Smali directory contains all the disassembly code of the program, the RES directory is the program of all the resource files, the subdirectories and files of these directories and the development of the source directory organization structure is consistent.

How to find a breakthrough is the key to analyzing a program. For Android generally, the error message is usually the vane that guides the key code. For example, in the book registration examples, near the error prompt is generally the program's core validation code, the analyst needs to read this code to understand the software registration process.

Error prompt is a string resource in Android program, when developing Android program, these strings may be hard coded into the source code, may also reference from "Res/values" Directory in the Strings.xml file, the APK file is packaged, the strings in the Strings.xml are stored as "RESOURCES.ARSC" files in the APK package, and the file is decrypted after the APK is successfully recompiled.

In the book 2.1.2 error when running the program, the software registration fails when the toast POPs "Invalid user name or registration code", we use this as a clue to find the key code. Open the "res/values/strings.xml" file with the following contents:

<?xml version= "1.0"  encoding= "Utf-8"  ?><resources>    < String name= "App_name" >crackme0201</string>    <string name= "Hello_ World ">hello world!<string>    <string name=" menu_settings "> Settings</string>    <string name= "Title_activity_main" >crackme02</ String>    <string name= "Info" >android program cracked demo Example </string>     <string name= "username" > User name: </string>    <string name = "SN" > Registration code: </string>    <string name= "Register" > Registration </string>     <string name= "Hint_username" > Please enter your username </string>    < String name= "HINT_SN" > Please enter the 16-digit registration code </string>    <string name= " Unregister "> program not registered </string>&nbsP;   <string name= "registered" > Program registered </string>    < String name= "unsuccessed" > Invalid user name or registration code </string>    <!--  This is the line  -- >    <string name= "successed" > Congratulations! Registration Success </string></resources>

When developing an Android program, all string resources in the Strings.xml file are identified in the string class of the "Gen/<packagename>/r.java" file and each string has a unique int type index value. After using Apktool to decompile the apk file, all index values are saved in the Public.xml file in the same directory as the Strings.xml file.

How to analyze the first program of Android program hack