Simply record the build of the Android environment and the first hack of the Android program

Source: Internet
Author: User
Tags intl

From <android software security and Reverse analysis >

One. Configuring the Android Environment

1. Installing the JDK
Http://www.oracle.com/technetwork/java/javase/downloads/index.html
dwonloads-> Download JDK
The version I downloaded is
Jdk-8u91-windows-x64.exe
After you've installed it all the way, add the user variable
The Java_home value is the installation directory I:\ANDROID\JDK
and add the I:\Android\jdk\bin to the path
Cmd-> Input Java-version version information indicates successful installation

2. Install the Android SDK
Http://developer.android.com/intl/zh-cn/sdk/index.html
I downloaded the android-studio-bundle-143.2790544-windows.exe.
Add paths to path after installation
I:\Android\Android\sdk\platform-tools
I:\Android\Android\sdk\tools
Open cmd input emulator-version see if successful

Open the SDK Manager.exe in the I:\Android\Android\sdk\ directory
Choose the version you want to download
I chose 6.0, 5.0, and 4.1.

3. Install Android NDK
The Android NDK is a toolkit that Google offers to develop native Android programs.
Http://developer.android.com/intl/zh-cn/tools/sdk/ndk/index.html
The version I downloaded is
Android-ndk-r11c-windows-x86_64.zip
Unzip to any directory
New variable ANDROID_NDK I:\Android\android-ndk-r11c
and add android_ndk to path.

4.Eclipse
http://www.eclipse.org/downloads/
The version I installed is Eclipse-java-mars-2-win32-x86_64.zip
Click to run and then

5. Installing the CDT, ADT Plugin
If Eclipse chooses Eclipse IDE for Java developers, it needs to be installed
The eclipse for Mobile developers is selected to bring your own
CDT installation Method
1. Start Eclipse Help->install New software
Enter URL Http://download.eclipse.org/tools/cdt/releases/juno This place I'm not right.
2. Download the latest version of CDT to the Eclipse website
http://www.eclipse.org/cdt/downloads.php
Download a good offline package directly help->install New software, ADD, Archive
Select All Next


Adt
Http://developer.android.com/intl/zh-cn/tools/sdk/eclipse-adt.html
This URL has been unable to find the download page
And then directly download the
Http://dl.google.com/android/ADT-23.0.7.zip

Open Eclipse Window---Preferences Select Android list item
Select the installation location of the Android SDK at the site of the SDK
Choose the installation location of the Android NDK at the NDK locations

The CDT and ADT are complete.

AVD Manager.exe Create a virtual device, I choose 4.1.2

Two. Create an Android program

New Android project, there is a problem here is the last step point finish did not respond

Because of the 2.2 that was chosen at the time of creation, it's no problem on top of 4.0.

Then set the login control on the Activity_main.xml file

A user name, a password, a registration button on the line

Then write the constant string in the Strings.xml

Finally, set the listener in Mainactivity.java

         PrivateEditText Edit_username; PrivateEditText edit_sn; PrivateButton Btn_register; @Override Public voidonCreate (Bundle savedinstancestate) {super.oncreate (savedinstancestate);            Setcontentview (R.layout.activity_main); Settitle (R.string. Unregister);//Simulation program not registeredEdit_username =(EditText) Findviewbyid (r.id.edit_username); EDIT_SN=(EditText) Findviewbyid (R.ID.EDIT_PASSWD); Btn_register=(Button) Findviewbyid (R.ID.BUTTONRG); //Listener for Button's Click eventBtn_register.setonclicklistener (NewOnclicklistener () { Public voidOnClick (View v) {if(!CHECKSN (Edit_username.gettext (). ToString (). Trim (), Edit_sn.gettext (). ToString (). Trim ())) { Toast.maketext (mainactivity. This,//Popup Invalid user name or registration code hintR.string. unsuccessed, Toast.length_short). Show (); } Else{toast.maketext (mainactivity). This,//Popup Registration Success PromptR.string. successed, Toast.length_short). Show (); Btn_register.setenabled (false); Settitle (R.string. registered);//Emulator is registered                    }                                }            }); }
Privateboolean CHECKSN (String username,string sn) {Try{            if((username==NULL)|| (username.length () = =0))                return false; if((sn==NULL)|| (sn.length () = =0))                return false; MessageDigest Digest= Messagedigest.getinstance ("MD5");            Digest.reset ();            Digest.update (Username.getbytes ()); byte[] bytes = Digest.digest ();//using MD5 to hash user namesString hexstr = tohexstring (Bytes,"");//Convert The result of the calculation into a stringStringBuilder SB =NewStringBuilder ();  for(intI=0; I2) {sb.append (Hexstr.charat (i)); } String USERSN= Sb.tostring ();//the calculated SN            if(!usersn.equalsignorecase (SN))//Compare registration codes correctly                return false; }        Catch(nosuchalgorithmexception e) {e.printstacktrace (); return false; }        return false; }           Private StaticString tohexstring (byte[] bytes, String separator) {StringBuilder hexstring=NewStringBuilder ();  for(byteb:bytes) {String hex= Integer.tohexstring (0xFF&b); if(hex.length () = =1) {hexstring.append ('0');            } hexstring.append (hex). append (separator); }            returnhexstring.tostring (); }        

Simple one registration code verification, success or failure popup corresponding string hint

Three. Hack the registration process


Here we use Apktool Anti-compilation to generate the Smali format of the disassembly code
Read the code of the Smali file to understand the program's operating mechanism and find a breach to modify it.
Use Apktool to recompile the APK file and sign it and run the test last

http://ibotpeaches.github.io/Apktool/
Unzip, add environment variable
I'm using it.
Apktool_2.0.0rc4.jar
apktool-install-windows-r05-ibot.tar.bz2

Extract the total of three files in a directory, add environment variables, convenient cmd command directly use

Modify the Apktool_2.0.0rc4.jar name to Apktool.jar

Anti-compile command apktool D crackmemz02.apk

In the anti-compilation also encountered a lot of problems, here is a list of search results

1. Use Apktool tool to encounter could not decode ARSC file workaround
Solution: Download the latest version of Apktool.jar

2.Input file is not found or is not readable.

3.Destination directory (C:\Users\user\a) already exists. Use-f switch if you want to overwrite it.
4.Exception in thread "main" Brut.androlib.AndrolibException:Could not decode ARS C fil .....

Solution:
2 and 3 is because the Apktool upgrade to more than 2.0, the use of the way has been replaced by: Apktool D [-S]-f <apkPath>-O <folderpath>, the specific meaning of the parameter can be directly hit Apktool enter ( Windows) View Help
1 and 4 are due to apktool version too low, please upgrade to the latest version, address: https://bitbucket.org/iBotPeaches/apktool/downloads

One of the anti-compiled folders is the whole project.

We found it in the res\valuse\strings.xml.
<string name= "unsuccessed" > Invalid user name or registration code </string>
The ID of unsuccessed found in Res\valuse\public.xml is 0x7f050004
<public type= "string" name= "unsuccessed" id= "0x7f050004"/>
We search for this ID in Smali


Found Mainactivity$1.smali file has called this place
. Line 43
Const V1, 0x7f050004

if it is not valid, the prompt does not jump. Line +# invokes:lcom/EXAMPLE/CRACKMEMZ021/MAINACTIVITY;-&GT;CHECKSN (ljava/lang/string; ljava/lang/String;) Z invoke-Static{v0, V1, v2}, lcom/example/crackmemz021/mainactivity;->access$2(lcom/example/crackmemz021/mainactivity; ljava/lang/string; ljava/lang/String;) Z #检查注册码是否合法 Move-result v0. Line A   if- nez V0,: Cond_0 #如果结果不为0, jump to the cond_0 marking place . Line theIget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; . Line +    ConstV1,0x7f050004#unsuccessed字符串. Line theInvoke-Static{v0, v1, v3}, Landroid/widget/toast;->maketext (LANDROID/CONTENT/CONTEXT;II) landroid/widget/Toast; success jumps to Cond_0, showing success. Line $: Cond_0 iget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; . Line $    ConstV1,0x7f050005#successed string represents success. $Invoke-Static{v0, v1, v3}, Landroid/widget/toast;->maketext (LANDROID/CONTENT/CONTEXT;II) landroid/widget/Toast; Move-result-ObjectV0. Line $Invoke-Virtual{V0}, landroid/widget/toast;->Show () V Line -Iget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; # getter for: lcom/example/crackmemz021/mainactivity;->btn_register:landroid/widget/Button; Invoke-Static{V0}, lcom/example/crackmemz021/mainactivity;->access$3(lcom/example/crackmemz021/mainactivity;) landroid/widget/Button; Move-result-ObjectV0 Invoke-Virtual{v0, v3}, landroid/widget/button;->setenabled (Z) V #设置注册按钮不可用. Line -Iget-ObjectV0, P0, lcom/example/crackmemz021/mainactivity$1;-> This$0: lcom/example/crackmemz021/mainactivity; ConstV1,0x7f050003#registered字符串 Demo Registration successful invoke-Virtual{v0, v1}, lcom/example/crackmemz021/mainactivity;->settitle (I) VGoto: goto_0

Just change the If-nez to IF-EQZ, so the program changes successfully.
We're recompiling with Apktool.
Apktool b crackmemz02
There is a regenerated apk in the directory's Dist directory, this time the APK is unsigned

The apk file needs to be signed using the Signapk.jar tool

signapk crackmemz.apk
Generate signed.apk after signing

Installation test
Turn on the virtual appliance
ADB install signed.apk

Here we are done, the first time the Android hack

Anti-compilation tool: Http://pan.baidu.com/s/1c1XNiBA password fyn7

Android Environment build tool: Http://pan.baidu.com/s/1bIslFS password DMMJ

Android Code: Http://pan.baidu.com/s/1mi6cIhE Apk.zip for the post-compilation project

Simply record the build of the Android environment and the first hack of the Android program

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.