Hack The Mob: Modifying Closed-source Android Apps
0 likes241 views
The document discusses modifying closed-source Android apps by decompiling their APK files using tools like Smali and Baksmali, allowing developers to edit the app's code and resources and recompile it. It provides instructions for downloading an APK from a device, decompiling it to Smali code, making modifications, and rebuilding the APK to sideload the changed app. The speaker demonstrates this process and suggests other aspects of apps that can be modified like resources, third party APIs, and the app manifest.
![Lets do this! =]
$ java -jar baksmali-2.0.6.jar FlappyBird.apk
# modify smali code #
$ java -jar smali-2.0.6.jar -o classes.dex out
$ zip FlappyBird.apk classes.dex
$ zip -d FlappyBird.apk META-INF/*
$ jarsigner -keystore ~/.android/debug.keystore
-storepass android -signedjar patched.apk
FlappyBird.apk androiddebugkey](https://image.slidesharecdn.com/hackthemob-190106185131/85/Hack-The-Mob-Modifying-Closed-source-Android-Apps-10-320.jpg)
Hack The Mob: Modifying Closed-source Android Apps
- 1. Hack The Mob Modifying closed-source apps
- 2. What is this talk about? Lets talk about what is Android Lets learn how to download APKs from Play Store Lets modify those APKs Lets push them back to our phone
- 3. `whoami` Gil Megidish CTO @ TestFairy 1337
- 4. Terminology 101 What makes an Android app? Which languages can Android run?
- 5. Anatomy of an Android APK $ unzip -v FlappyFish.apk Length Method Size Ratio Date Time CRC-32 Name -------- ------ ------- ----- ---- ---- ------ ---- 18580 Defl:N 3812 80% 08-02-15 00:57 cf40f8ff AndroidManifest.xml 8518360 Defl:N 3391501 60% 08-02-15 00:57 0e1cd99f classes.dex 395404 Defl:N 122825 69% 08-02-15 00:57 7bffff87 META-INF/MANIFEST.MF 395433 Defl:N 123483 69% 08-02-15 00:57 a657bd16 META-INF/CERT.SF 1139 Defl:N 1039 9% 08-02-15 00:57 6744aa28 META-INF/CERT.RSA
- 6. Getting APK from Play Store $ adb shell pm list packages -f package:/system/app/Gallery.apk=com.android.gallery package:/data/app/com.fiverr.fiverr-1.apk=com.fiverr.fiverr package:/data/app/com.touchtype.swiftkey-1.apk=com.touchtype.swiftkey package:/data/app/com.scoompa.facechanger-1.apk=com.scoompa.facechanger $ adb pull /data/app/com.fiverr.fiverr-1.apk 6620 KB/s (11723728 bytes in 1.729s)
- 7. Introducing Smali & Baksmali Decompiles and compiles Dalvik (DEX) files Written and maintained by Ben Gruver (@JesusFreke) https://bitbucket.org/JesusFreke/smali/ Instructions include: invoke-virtual if-eq new-instance goto return-void add-int
- 8. Sample Java code package com.testfairy.app; public class SecretCookie { private String privateKey; public SecretCookie(String privateKey) { this.privateKey = privateKey; } public boolean verifyPrivateKey(String otherKey) { return privateKey.equals(otherKey); } }
- 9. Same code in Smali .class public Lcom/amazing/app/SecretCookie; .super Ljava/lang/Object; . . . # virtual methods .method public verifyPrivateKey(Ljava/lang/String;)Z .registers 3 iget-object v0, p0, Lcom/testfairy/app/SecretCookie;->privateKey:Ljava/lang/String; invoke-virtual {v0, p1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z move-result v0 return v0 .end method
- 10. Lets do this! =] $ java -jar baksmali-2.0.6.jar FlappyBird.apk # modify smali code # $ java -jar smali-2.0.6.jar -o classes.dex out $ zip FlappyBird.apk classes.dex $ zip -d FlappyBird.apk META-INF/* $ jarsigner -keystore ~/.android/debug.keystore -storepass android -signedjar patched.apk FlappyBird.apk androiddebugkey
- 11. Demo Time !
- 13. Lets shove an entire sdk!
- 15. Demo Time ! (two apps, one dex)
- 16. Whats next? Changing resources (images, texts) 3rd Party APIs (Google Maps and Facebook) Modifying AndroidManifest.xml
- 18. Looking For Your Next Challenge? https://www.testfairy.com/jobs/