From <android software security and Reverse analysis >
One. Configuring the Android Environment
1. Installing the JDK
Http://www.oracle.com/technetwork/java/javase/downloads/index.html
dwonloads-> Download JDK
The version I downloaded is
Jdk-8u91-windows-x64.exe
After you've installed it all the way, add the user variable
The Java_home value is the installation directory I:\ANDROID\JDK
and add the I:\Android\jdk\bin to the path
Cmd-> Input Java-version version information indicates successful installation
2. Install the Android SDK
Http://developer.android.com/intl/zh-cn/sdk/index.html
I downloaded the android-studio-bundle-143.2790544-windows.exe.
Add paths to path after installation
I:\Android\Android\sdk\platform-tools
I:\Android\Android\sdk\tools
Open cmd input emulator-version see if successful
Open the SDK Manager.exe in the I:\Android\Android\sdk\ directory
Choose the version you want to download
I chose 6.0, 5.0, and 4.1.
3. Install Android NDK
The Android NDK is a toolkit that Google offers to develop native Android programs.
Http://developer.android.com/intl/zh-cn/tools/sdk/ndk/index.html
The version I downloaded is
Android-ndk-r11c-windows-x86_64.zip
Unzip to any directory
New variable ANDROID_NDK I:\Android\android-ndk-r11c
and add android_ndk to path.
4.Eclipse
http://www.eclipse.org/downloads/
The version I installed is Eclipse-java-mars-2-win32-x86_64.zip
Click to run and then
5. Installing the CDT, ADT Plugin
If Eclipse chooses Eclipse IDE for Java developers, it needs to be installed
The eclipse for Mobile developers is selected to bring your own
CDT installation Method
1. Start Eclipse Help->install New software
Enter URL Http://download.eclipse.org/tools/cdt/releases/juno This place I'm not right.
2. Download the latest version of CDT to the Eclipse website
http://www.eclipse.org/cdt/downloads.php
Download a good offline package directly help->install New software, ADD, Archive
Select All Next
Adt
Http://developer.android.com/intl/zh-cn/tools/sdk/eclipse-adt.html
This URL has been unable to find the download page
And then directly download the
Http://dl.google.com/android/ADT-23.0.7.zip
Open Eclipse Window---Preferences Select Android list item
Select the installation location of the Android SDK at the site of the SDK
Choose the installation location of the Android NDK at the NDK locations
The CDT and ADT are complete.
AVD Manager.exe Create a virtual device, I choose 4.1.2
Two. Create an Android program
New Android project, there is a problem here is the last step point finish did not respond
Because of the 2.2 that was chosen at the time of creation, it's no problem on top of 4.0.
Then set the login control on the Activity_main.xml file
A user name, a password, a registration button on the line
Then write the constant string in the Strings.xml
Finally, set the listener in Mainactivity.java
PrivateEditText Edit_username; PrivateEditText edit_sn; PrivateButton Btn_register; @Override Public voidonCreate (Bundle savedinstancestate) {super.oncreate (savedinstancestate); Setcontentview (R.layout.activity_main); Settitle (R.string. Unregister);//Simulation program not registeredEdit_username =(EditText) Findviewbyid (r.id.edit_username); EDIT_SN=(EditText) Findviewbyid (R.ID.EDIT_PASSWD); Btn_register=(Button) Findviewbyid (R.ID.BUTTONRG); //Listener for Button's Click eventBtn_register.setonclicklistener (NewOnclicklistener () { Public voidOnClick (View v) {if(!CHECKSN (Edit_username.gettext (). ToString (). Trim (), Edit_sn.gettext (). ToString (). Trim ())) { Toast.maketext (mainactivity. This,//Popup Invalid user name or registration code hintR.string. unsuccessed, Toast.length_short). Show (); } Else{toast.maketext (mainactivity). This,//Popup Registration Success PromptR.string. successed, Toast.length_short). Show (); Btn_register.setenabled (false); Settitle (R.string. registered);//Emulator is registered } } }); }
Privateboolean CHECKSN (String username,string sn) {Try{ if((username==NULL)|| (username.length () = =0)) return false; if((sn==NULL)|| (sn.length () = =0)) return false; MessageDigest Digest= Messagedigest.getinstance ("MD5"); Digest.reset (); Digest.update (Username.getbytes ()); byte[] bytes = Digest.digest ();//using MD5 to hash user namesString hexstr = tohexstring (Bytes,"");//Convert The result of the calculation into a stringStringBuilder SB =NewStringBuilder (); for(intI=0; I2) {sb.append (Hexstr.charat (i)); } String USERSN= Sb.tostring ();//the calculated SN if(!usersn.equalsignorecase (SN))//Compare registration codes correctly return false; } Catch(nosuchalgorithmexception e) {e.printstacktrace (); return false; } return false; } Private StaticString tohexstring (byte[] bytes, String separator) {StringBuilder hexstring=NewStringBuilder (); for(byteb:bytes) {String hex= Integer.tohexstring (0xFF&b); if(hex.length () = =1) {hexstring.append ('0'); } hexstring.append (hex). append (separator); } returnhexstring.tostring (); }
Simple one registration code verification, success or failure popup corresponding string hint
Three. Hack the registration process
Here we use Apktool Anti-compilation to generate the Smali format of the disassembly code
Read the code of the Smali file to understand the program's operating mechanism and find a breach to modify it.
Use Apktool to recompile the APK file and sign it and run the test last
http://ibotpeaches.github.io/Apktool/
Unzip, add environment variable
I'm using it.
Apktool_2.0.0rc4.jar
apktool-install-windows-r05-ibot.tar.bz2
Extract the total of three files in a directory, add environment variables, convenient cmd command directly use
Modify the Apktool_2.0.0rc4.jar name to Apktool.jar
Anti-compile command apktool D crackmemz02.apk
In the anti-compilation also encountered a lot of problems, here is a list of search results
1. Use Apktool tool to encounter could not decode ARSC file workaround
Solution: Download the latest version of Apktool.jar
2.Input file is not found or is not readable.
3.Destination directory (C:\Users\user\a) already exists. Use-f switch if you want to overwrite it.
4.Exception in thread "main" Brut.androlib.AndrolibException:Could not decode ARS C fil .....
Solution:
2 and 3 is because the Apktool upgrade to more than 2.0, the use of the way has been replaced by: Apktool D [-S]-f <apkPath>-O <folderpath>, the specific meaning of the parameter can be directly hit Apktool enter ( Windows) View Help
1 and 4 are due to apktool version too low, please upgrade to the latest version, address: https://bitbucket.org/iBotPeaches/apktool/downloads
One of the anti-compiled folders is the whole project.
We found it in the res\valuse\strings.xml.
<string name= "unsuccessed" > Invalid user name or registration code </string>
The ID of unsuccessed found in Res\valuse\public.xml is 0x7f050004
<public type= "string" name= "unsuccessed" id= "0x7f050004"/>
We search for this ID in Smali
Found Mainactivity$1.smali file has called this place
. Line 43
Const V1, 0x7f050004
if it is not valid, the prompt does not jump. Line +# invokes:lcom/EXAMPLE/CRACKMEMZ021/MAINACTIVITY;->CHECKSN (ljava/lang/string; ljava/lang/String;) Z invoke-Static{v0, V1, v2}, lcom/example/crackmemz021/mainactivity;->access$2(lcom/example/crackmemz021/mainactivity; ljava/lang/string; ljava/lang/String;) Z #检查注册码是否合法 Move-result v0. Line A if- nez V0,: Cond_0 #如果结果不为0, jump to the cond_0 marking place . Line theIget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; . Line + ConstV1,0x7f050004#unsuccessed字符串. Line theInvoke-Static{v0, v1, v3}, Landroid/widget/toast;->maketext (LANDROID/CONTENT/CONTEXT;II) landroid/widget/Toast; success jumps to Cond_0, showing success. Line $: Cond_0 iget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; . Line $ ConstV1,0x7f050005#successed string represents success. $Invoke-Static{v0, v1, v3}, Landroid/widget/toast;->maketext (LANDROID/CONTENT/CONTEXT;II) landroid/widget/Toast; Move-result-ObjectV0. Line $Invoke-Virtual{V0}, landroid/widget/toast;->Show () V Line -Iget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; # getter for: lcom/example/crackmemz021/mainactivity;->btn_register:landroid/widget/Button; Invoke-Static{V0}, lcom/example/crackmemz021/mainactivity;->access$3(lcom/example/crackmemz021/mainactivity;) landroid/widget/Button; Move-result-ObjectV0 Invoke-Virtual{v0, v3}, landroid/widget/button;->setenabled (Z) V #设置注册按钮不可用. Line -Iget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; ConstV1,0x7f050003#registered字符串 Demo Registration successful invoke-Virtual{v0, v1}, lcom/example/crackmemz021/mainactivity;->settitle (I) VGoto: goto_0
Just change the If-nez to IF-EQZ, so the program changes successfully.
We're recompiling with Apktool.
Apktool b crackmemz02
There is a regenerated apk in the directory's Dist directory, this time the APK is unsigned
The apk file needs to be signed using the Signapk.jar tool
signapk crackmemz.apk
Generate signed.apk after signing
Installation test
Turn on the virtual appliance
ADB install signed.apk
Here we are done, the first time the Android hack
Anti-compilation tool: Http://pan.baidu.com/s/1c1XNiBA password fyn7
Android Environment build tool: Http://pan.baidu.com/s/1bIslFS password DMMJ
Android Code: Http://pan.baidu.com/s/1mi6cIhE Apk.zip for the post-compilation project
Simply record the build of the Android environment and the first hack of the Android program