Programmers should learn about signature cracking and programmer signature cracking

Source: Internet
Author: User

Programmers should learn about signature cracking and programmer signature cracking

Taking "XXXX Butler" as an example, the apk uses signature protection. After we repackage the apk, the program cannot run. The reason is that the current application signature is obtained and compared with the official signature when the program runs. If any inconsistency is found, the program will be terminated. Step on how to prevent apk from being repacked: http://blog.csdn.net/lz201234/article/details/45073029 http://t.cn/Rz0bhUA

Next we will crack the signature protection

First, we need to change the APK logic. Baidu cloud disk download: http://pan.baidu.com/share/linkshareid=164149&uk=3291471913#dir/path=%2Fmysoft%2Fapkide

 

Click "project"-> "Open apk" to decompile the apk.

The java code for obtaining the application signature is:

<span style="font-family:Arial;font-size:14px;">PackageInfo packageInfo = getPackageManager().getPackageInfo(                    "xx.xxx.xx", PackageManager.GET_SIGNATURES);Signature[] signs = packageInfo.signatures;</span>


The smali code corresponding to "Signature" is

“Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature” 
 

We are modifying this.

Search for "Landroid/content/pm/PackageInfo;-> signatures: [Landroid/content/pm/Signature"

 

Two files use signatures. First, let's take a look at ct. smali.

We found that this S (Ljava/lang/String;) is the method for obtaining the signature. Ctrl + F search for "-> s (" to see who has called the s method. The gy () method is located after the search. The returned value is boolean.

This method queries the signature of the current apk in line 2 and stores it in the v0 register.

Row 3 obtains the saved official signature and stores it in the v1 register.

The second line determines whether v0 and v1 are equal. The returned values are stored in the v0 register.

583 rows, return v0

Through analysis, we find that the gy () method is the place where the signature is determined. We only need to modify it so that the method returns true, and the signature protection can be broken.

 

In row 3, the Force return value v0 is true.

Save, re-compile and run. The program can be opened normally.

I reiterate that this tutorial is just a simple sharing. Please do not use it for bad things! Thank you!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.