Programmers should learn about signature cracking and programmer signature cracking

Programmers should learn about signature cracking and programmer signature cracking

Taking "XXXX Butler" as an example, the apk uses signature protection. After we repackage the apk, the program cannot run. The reason is that the current application signature is obtained and compared with the official signature when the program runs. If any inconsistency is found, the program will be terminated. Step on how to prevent apk from being repacked: http://blog.csdn.net/lz201234/article/details/45073029 http://t.cn/Rz0bhUA

Next we will crack the signature protection

First, we need to change the APK logic. Baidu cloud disk download: http://pan.baidu.com/share/linkshareid=164149&uk=3291471913#dir/path=%2Fmysoft%2Fapkide

 

Click "project"-> "Open apk" to decompile the apk.

The java code for obtaining the application signature is:

<span style="font-family:Arial;font-size:14px;">PackageInfo packageInfo = getPackageManager().getPackageInfo(                    "xx.xxx.xx", PackageManager.GET_SIGNATURES);Signature[] signs = packageInfo.signatures;</span>

The smali code corresponding to "Signature" is

“Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature” 

 

We are modifying this.

Search for "Landroid/content/pm/PackageInfo;-> signatures: [Landroid/content/pm/Signature"

 

Two files use signatures. First, let's take a look at ct. smali.

We found that this S (Ljava/lang/String;) is the method for obtaining the signature. Ctrl + F search for "-> s (" to see who has called the s method. The gy () method is located after the search. The returned value is boolean.

This method queries the signature of the current apk in line 2 and stores it in the v0 register.

Row 3 obtains the saved official signature and stores it in the v1 register.

The second line determines whether v0 and v1 are equal. The returned values are stored in the v0 register.

583 rows, return v0

Through analysis, we find that the gy () method is the place where the signature is determined. We only need to modify it so that the method returns true, and the signature protection can be broken.

 

In row 3, the Force return value v0 is true.

Save, re-compile and run. The program can be opened normally.

I reiterate that this tutorial is just a simple sharing. Please do not use it for bad things! Thank you!