Novice Android reverse cracking conventional thinking

News 2023-08-07 00:03:49 views: null

1. First reverse engineer an app software, first check whether it is hardened (MT Manager or ApkScan and other tools to check the shell)
2. If it is hardened (360 hardening, etc.), you can unpack the reflection master apk . (I won’t go into details here for the time being)
3. To analyze the code, you can use the jadx tool to view the app source code.
4. Modify the code, the code here is smali code, which can be modified using the AndroidKiller tool.

Here’s how to modify the membership of the app [Note: It will not be verified with the server]
I use the app I wrote as an example, assuming that this is the current membership time

 

Then open monitor.bat in the tools folder under the SDK folder, as shown in the figure,
you can see the time display id, then use jadx to view the source code analysis, drag the APK into jadx, as shown in the figure,

 

 

 

 

 At this point, we search for the id name we just checked, and we can see the compiled code, and we select one for step-by-step analysis.

 

 

It can be seen that there is a time code here, because this is an assumption, the flag here is used to simulate whether there are members on the server, because if the flag is written here as false, the current member time will be displayed.
At this time, use the AndroidKiller tool to decompile the apk and analyze the smali code

 

 

iget-boolean v1, p0, Lcom/hba/Testapplication/MainActivity;->flag:Z This means that the value of flag is given to p0, and then p0 is given to v1 if-eqz v1, :cond_0 judges v1, if v1 is true,


continue Execute the following code, otherwise jump to cond_0
because the flag here is false, then jump to here
: cond_0
invoke-virtual {v0, v2}, Landroid/widget/TextView;->setVisibility(I)VModify


member
ideas One step, let the flag be true, you only need to modify v1, and write const/4 v1,0x1 on the line above if-eqz.


The second step is to modify the time. Because there is no verification with the back-end server, you only need to modify the time when the code is generated.


I wrote a date tool class, as shown in the figure

 

Then convert java code into smali code, the tool used here is java2smali tool

 

Then paste this code into the class

 

The modified code is changed to the following,

 

Then save, compile and package into apk, and install it.

success!

 

Guess you like

Origin blog.csdn.net/2302_76405773/article/details/132067924
Recommended
Ranking
Reason Codes enhanced accounting documents
The first test case appium
Force command and dispatch emergency communication plan
Interview - What is concurrent programming
21 classic Python interview questions [recommended collection]
[Dahua Data Structure-Introduction to Data Structure ①]
Spring @ConfigurationProperties
Why do we want to broadcast live on WeChat public account? What are the advantages?
How to bring up the toolbar under the desktop of Apple laptop
Dialog: Manually enter information
Daily
More
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)

Code World

© 2018 codetd.com