We know that the Android program will generate an APK file, which can be installed directly on any Android phone, so the anti-compilation is to decompile the APK. Android's anti-compilation is divided into two parts:
Tools to Decompile code:
Tools to decompile resources:
First we need an APK, here I wrote a, source: http://download.csdn.net/detail/u012891055/9563180, packaged into the apk after downloading to the phone.
Its main function is to simulate the mailbox activation, if we enter the wrong data can not be activated. So our goal is simply to invalidate the judgment logic.
Main Source Code Description:第51行Store the correct two activation numbers by : separating the account password as follows
1 2 3 4 |
private static final string[] Dummy_credentials = new string[]{ "[Email protected]:20135115", "[Email protected]:20135115] }; |
Now only the activation code is correct to activate.
第331行Is the Execute function, part of the logical judgment.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
@Override protected void OnPostExecute (final Boolean success) { Mauthtask = null; ShowProgress (FALSE); if (success) { New Alertdialog.builder (Loginactivity.this) . Settitle ("Congratulations") . Setmessage ("successfully activated!") . Show (); Finish (); } else { Mpasswordview.seterror (getString (R.string.error_incorrect_password)); Mpasswordview.requestfocus (); } } |
Dex2jar decompression down a lot of files, on the Mac we need to use the Dex2jar is these three things (Windows on the application bat file):
AndroidStudioThe packaged APK文件 suffix needs to be changed .zip , and then 解压 . Locate the classes.dex file from the extracted file and put it in the Dex2jar same directory as follows:
It also enters the same directory in CMD, and then executes:
Shell
1 |
SH d2j-dex2jar.sh classes.dex |
EXECUTE as follows:
Then we'll get a Classes-dex2jar.jar file that we can open with the Jd-gui tool and open as follows:
You can see that the code is very clear so that we can see the code logic for the entire app.
Anti-compilation resourcesApktool after the download is complete there is a. sh file and a. jar file, we put the apk in, as follows:
Enter the Apktool directory in cmd and execute the command:
1 |
SH apktool.sh apktool D fooapp.apk |
D is decode means we want to decode the Fooapp, the result is as follows:
Then you will be pleasantly surprised to find a Fooapp folder.
Main Directory Description:
Open our profile, HD uncensored:
You can see that our app icon name is called Ic_launcher, we find all the folders that start with mipmap and replace them with:
Ic_launche
After the final repack, our app icon will be modified, but before repackaging, we have the most important thing not to do is to modify the activation Code judgment logic.
Modify LogicWe can see the code of the Activation code to determine the logic as follows: by source or Jd-gui.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
@Override protected void OnPostExecute (final Boolean success) { Mauthtask = null; ShowProgress (FALSE); if (success) { The activation code is correct New Alertdialog.builder (Loginactivity.this) . Settitle ("Congratulations") . Setmessage ("successfully activated!") . Show (); Finish (); } else { Mpasswordview.seterror (getString (R.string.error_incorrect_password)); Mpasswordview.requestfocus (); } } |
So we just need to find the counter-compiled if(success) statement and modify it to be if(!success) , as follows:
1 2 3 4 5 6 |
if (success)//modify into if (!success) { ... } else { ... } |
So that we can successfully reverse the previous logic, we enter a wrong activation code, it will be judged to be correct. It's quite simple, isn't it.
Now let's fix it:
LoginActivity$UserLoginTask.smali .if-eqz , through AlertDialog keyword-assisted positioning, found in 第228行 :if-eqz changed if-nez to their corresponding Java syntax as follows:| Smail Syntax | Java Syntax |
|---|---|
| IF-EQZ V0, | if (V0 = = 0) |
| If-nez V0, | if (V0! = 0) |
OK, you're done, you can repackage now. With regard to Smail grammar, it is only right to be interested in direct Google.
Re-packagingWe probably modified the next two places, in fact, repackaging is very simple, in cmd execute the following command:
1 |
SH apktool.sh b fooapp-o newfooapp.apk |
where B is the meaning of build, means we want to package the Fooapp folder into an apk file,-O is used to specify the new generated APK filename, here the new file is called newfooapp.apk. The execution results are as follows:
You will then find a new APK file generated in the sibling directory:
But note that this apk is still not installed, because we did not sign it, re-signed it is a veritable pirate software, we must strongly condemn this behavior.
Re-signingRe-signing is also very simple, I directly use an existing signed file, using Android Studio or eclipse can be very simple to generate a signature file.
The execution format in CMD is as follows:
1 |
Jarsigner-verbose-sigalg sha1withrsa-digestalg sha1-keystore Signature file name-storepass signature password The name of the APK filename to be signed alias |
Then we can use this apk to install, in order to achieve faster running speed, we can be a byte-aligned, and here is not said.
Use pirated apkAfter we NewFooApp.apk installed the pirated app, we found that the icon became a basketball, and the random input data can be activated by:
What do you think? Overall is very interesting, but don't use crooked.
Teach you how to understand Android anti-compilation
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
