We know that the Android program will generate an APK file, which can be installed directly on any Android phone, so the anti-compilation is to decompile the APK. Android's anti-compilation is divided into two parts:
- One is the anti-compilation of the code , which is the Java file.
- One is to decompile the resource , that is, the res file's anti-compilation.
The tools you need
- Android Studio: Android Development ide:https://developer.android.com/studio/index.html
Tools to Decompile code:
- Dex2jar: Turn dex files into jar files: https://sourceforge.net/projects/dex2jar/files/
- Jd-gui: This tool is used to convert jar files into Java code: http://jd.benow.ca/
Tools to decompile resources:
- Apktool: Important tool in this article, APK Reverse tool, easy to use: http://ibotpeaches.github.io/Apktool/install/
Warm-up preparation
First we need an APK, here I wrote a, source: http://download.csdn.net/detail/u012891055/9563180, packaged into the apk after downloading to the phone.
Its main function is to simulate the mailbox activation, if we enter the wrong data can not be activated. So our goal is simply to invalidate the judgment logic.
Main Source Code Description:
第51行
Store the correct two activation numbers by :
separating the account password as follows
1 2 3 4 |
private static final string[] Dummy_credentials = new string[]{ "[Email protected]:20135115", "[Email protected]:20135115] }; |
Now only the activation code is correct to activate.
第331行
Is the Execute function, part of the logical judgment.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
@Override protected void OnPostExecute (final Boolean success) { Mauthtask = null; ShowProgress (FALSE); if (success) { New Alertdialog.builder (Loginactivity.this) . Settitle ("Congratulations") . Setmessage ("successfully activated!") . Show (); Finish (); } else { Mpasswordview.seterror (getString (R.string.error_incorrect_password)); Mpasswordview.requestfocus (); } } |
Anti-compilation Code
Dex2jar decompression down a lot of files, on the Mac we need to use the Dex2jar is these three things (Windows on the application bat file):
- d2j_invoke.sh
- d2j-dex2jar.sh
- Lib
AndroidStudio
The packaged APK文件
suffix needs to be changed .zip
, and then 解压
. Locate the classes.dex file from the extracted file and put it in the Dex2jar same directory as follows:
It also enters the same directory in CMD, and then executes:
Shell
1 |
SH d2j-dex2jar.sh classes.dex |
EXECUTE as follows:
Then we'll get a Classes-dex2jar.jar file that we can open with the Jd-gui tool and open as follows:
You can see that the code is very clear so that we can see the code logic for the entire app.
Anti-compilation resources
Apktool after the download is complete there is a. sh file and a. jar file, we put the apk in, as follows:
Enter the Apktool directory in cmd and execute the command:
1 |
SH apktool.sh apktool D fooapp.apk |
D is decode means we want to decode the Fooapp, the result is as follows:
Then you will be pleasantly surprised to find a Fooapp folder.
Main Directory Description:
- Androidmanifest.xml: Description File
- Res: Resource File
- Smail: decompile All code, syntax different from Java, similar to assembler, is the register language used by Android virtual machine
Edit App Icon
Open our profile, HD uncensored:
You can see that our app icon name is called Ic_launcher, we find all the folders that start with mipmap and replace them with:
Ic_launche
After the final repack, our app icon will be modified, but before repackaging, we have the most important thing not to do is to modify the activation Code judgment logic.
Modify Logic
We can see the code of the Activation code to determine the logic as follows: by source or Jd-gui.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
@Override protected void OnPostExecute (final Boolean success) { Mauthtask = null; ShowProgress (FALSE); if (success) { The activation code is correct New Alertdialog.builder (Loginactivity.this) . Settitle ("Congratulations") . Setmessage ("successfully activated!") . Show (); Finish (); } else { Mpasswordview.seterror (getString (R.string.error_incorrect_password)); Mpasswordview.requestfocus (); } } |
So we just need to find the counter-compiled if(success)
statement and modify it to be if(!success)
, as follows:
1 2 3 4 5 6 |
if (success)//modify into if (!success) { ... } else { ... } |
So that we can successfully reverse the previous logic, we enter a wrong activation code, it will be judged to be correct. It's quite simple, isn't it.
Now let's fix it:
- Open the file in the Smail
LoginActivity$UserLoginTask.smali
.
- Global search
if-eqz
, through AlertDialog
keyword-assisted positioning, found in 第228行
:
- OK, here it is, and then it will be
if-eqz
changed if-nez
to their corresponding Java
syntax as follows:
Smail Syntax |
Java Syntax |
IF-EQZ V0, |
if (V0 = = 0) |
If-nez V0, |
if (V0! = 0) |
OK, you're done, you can repackage now. With regard to Smail grammar, it is only right to be interested in direct Google.
Re-packaging
We probably modified the next two places, in fact, repackaging is very simple, in cmd execute the following command:
1 |
SH apktool.sh b fooapp-o newfooapp.apk |
where B is the meaning of build, means we want to package the Fooapp folder into an apk file,-O is used to specify the new generated APK filename, here the new file is called newfooapp.apk. The execution results are as follows:
You will then find a new APK file generated in the sibling directory:
But note that this apk is still not installed, because we did not sign it, re-signed it is a veritable pirate software, we must strongly condemn this behavior.
Re-signing
Re-signing is also very simple, I directly use an existing signed file, using Android Studio or eclipse can be very simple to generate a signature file.
The execution format in CMD is as follows:
1 |
Jarsigner-verbose-sigalg sha1withrsa-digestalg sha1-keystore Signature file name-storepass signature password The name of the APK filename to be signed alias |
Then we can use this apk to install, in order to achieve faster running speed, we can be a byte-aligned, and here is not said.
Use pirated apk
After we NewFooApp.apk
installed the pirated app, we found that the icon became a basketball, and the random input data can be activated by:
What do you think? Overall is very interesting, but don't use crooked.
Teach you how to understand Android anti-compilation