How to analyze the first program of Android program hack

Source: Internet
Author: User

The usual way to hack the Android program is to use the APK file to decompile the Apktool, generate the Smali format of the disassembly code, and then read the Smali file code to understand the program's operating mechanism, to find a breach of the program to modify, Finally, use Apktool to recompile the APK file and sign it, run the test, and then loop until the program is successfully cracked.

1. Anti-compilation APK file

Apktool is a cross-platform tool that can be used directly under the Windows platform and Linux platforms. Pre-use to: http://code.google.com/p/android-apktool/download Apktool, currently the latest version for the 1.4.3,windows platform need to download APKTOOL1.4.3.TAR.BZ2 and apktool-install-windows-r04-brut1.tar.bz2 Two compressed packages, if the Linux system you need to download apktool1.4.3.tar.bz2 and apktool-install-l INUX-R04-BRUT1.TAR.BZ2, unzip the downloaded file to the same directory. Go to the command line to extract the directory, execute the apktool command will list the use of the program:

The command to decompile the APK file is: Apktool D[ecode] [OPTS] <file.apk> [<dir>]

The command to compile the apk file is: Apktool b[uild] [OPTS] [<app_path>] [<out_file>]

Then go to the Apktool tool directory under the command line and enter the command:

$./apktool d/home/fuhd/apk/gnapk/nice/com.nice.main.apk OutDir

Wait a moment, the program will be anti-compilation completed,

2. Analysis APK file

As in the example above, when the anti-compilation apk file succeeds, a series of directories and files are generated in the current OutDir directory. Where the Smali directory contains all the disassembly code of the program, the RES directory is the program of all the resource files, the subdirectories and files of these directories and the development of the source directory organization structure is consistent.

How to find a breakthrough is the key to analyzing a program. For Android generally, the error message is usually the vane that guides the key code. For example, in the book registration examples, near the error prompt is generally the program's core validation code, the analyst needs to read this code to understand the software registration process.

Error prompt is a string resource in Android program, when developing Android program, these strings may be hard coded into the source code, may also reference from "Res/values" Directory in the Strings.xml file, the APK file is packaged, the strings in the Strings.xml are stored as "RESOURCES.ARSC" files in the APK package, and the file is decrypted after the APK is successfully recompiled.

In the book 2.1.2 error when running the program, the software registration fails when the toast POPs "Invalid user name or registration code", we use this as a clue to find the key code. Open the "res/values/strings.xml" file with the following contents:

<?xml version= "1.0"  encoding= "Utf-8"  ?><resources>    < String name= "App_name" >crackme0201</string>    <string name= "Hello_ World ">hello world!<string>    <string name=" menu_settings "> Settings</string>    <string name= "Title_activity_main" >crackme02</ String>    <string name= "Info" >android program cracked demo Example </string>     <string name= "username" > User name: </string>    <string name = "SN" > Registration code: </string>    <string name= "Register" > Registration </string>     <string name= "Hint_username" > Please enter your username </string>    < String name= "HINT_SN" > Please enter the 16-digit registration code </string>    <string name= " Unregister "> program not registered </string>&nbsP;   <string name= "registered" > Program registered </string>    < String name= "unsuccessed" > Invalid user name or registration code </string>    <!--  This is the line  -- >    <string name= "successed" > Congratulations! Registration Success </string></resources>

When developing an Android program, all string resources in the Strings.xml file are identified in the string class of the "Gen/<packagename>/r.java" file and each string has a unique int type index value. After using Apktool to decompile the apk file, all index values are saved in the Public.xml file in the same directory as the Strings.xml file.

How to analyze the first program of Android program hack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.