catalog
1. Understand the file structure of Android studio
2. Create registration function program
2.2 write MainActivity class code
2.3 compile and generate APK file
This tutorial is from "Android Software Security and reverse analysis"
catalog
1. Understand the file structure of Android studio
2. Create registration function program
2.2 write MainActivity class code
2.3 compile and generate APK file
1. Understand the file structure of Android studio
Mainly know which documents we want to use. See:
https://blog.csdn.net/qq_39312230/article/details/80314236
2. Create registration function program
2.1 layout in layout file
activity_main.xml
2.2 write MainActivity class code
//MainActivity.java
package com.example.myapplication;
import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MainActivity extends AppCompatActivity {
private EditText edit_userName;
private EditText edit_sn;
private Button btn_register;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
//Impersonator not registered
setTitle(R.string.unregister);
//User name obtained from editText
edit_userName=findViewById(R.id.editText);
//Registration code obtained from editText
edit_sn=findViewById(R.id.editText2);
btn_register=findViewById(R.id.button2);
//Monitoring button click events
btn_register.setOnClickListener(new View.OnClickListener() {
public void onClick(View v){
if(!checkSN(edit_userName.getText().toString().trim(),edit_sn.getText().toString().trim())){
//Failure prompt
Toast.makeText(MainActivity.this,R.string.unsuccessed,Toast.LENGTH_SHORT).show();
}else {
//Success tips
Toast.makeText(MainActivity.this,R.string.successed,Toast.LENGTH_SHORT).show();
btn_register.setEnabled(false);
//Impersonator registered
setTitle(R.string.registered);
}
}
});
}
private boolean checkSN(String userName,String sn){
try{
if((userName==null)||(userName.length()==0))
return false;
if((sn==null)||(sn.length()!=16))
return false;
MessageDigest digest=MessageDigest.getInstance("MD5");
digest.reset();
digest.update(userName.getBytes());
//Use MD5 to HASH the user name
byte[] bytes=digest.digest();
//Convert results to strings
String hexstr=toHexString(bytes,"");
// String hexstr = new BigInteger(1, bytes).toString(16);
StringBuilder sb=new StringBuilder();
for(int i=0;i<hexstr.length();i+=2){
sb.append(hexstr.charAt(i));
}
String userSN=sb.toString();
//Check whether the registration code is correct
if(!userSN.equalsIgnoreCase(sn))
return false;
}catch (NoSuchAlgorithmException e){
e.printStackTrace();
return false;
}
return true;
}
private static String toHexString(byte[] bytes,String separator){
StringBuilder hexString =new StringBuilder();
for (byte b:bytes){
String hex=Integer.toHexString(0xFF&b);
if(hex.length()==1){
hexString.append('0');
}
hexString.append(hex).append(separator);
}
return hexString.toString();
}
}
//string.xml
<resources>
<string name="app_name">My Application</string>
<string name="registered">Program registered</string>
<string name="unregister">Program not registered</string>
<string name="successed">Registered successfully!</string>
<string name="unsuccessed">Registration failed!</string>
</resources>
2.3 compile and generate APK file
Start simulator execution.
3. Cracking program
Use Android killer (AK) for decompilation and modification, and use night God simulator for later APK installation. See the following for specific installation configuration:
https://www.jianshu.com/p/61a93a6c0c1b
Drag the apk file under the debug directory into AK, and the original apk will get an error prompt when registering, so the character search is performed.
And in strings.xml All strings in the file have unique index values, which are stored in the same directory public.xml File, open public.xml Search to get the id value, search for the corresponding id value in the smali file, and view the code up and down at the searched location. Generally, the key code we need to modify is nearby. A conditional jump instruction is circled in the figure. The opposite instruction is if EqZ. Change 'if Nez' to 'if EqZ' (the figure is modified). Save it, sign it and compile it.
If there is a problem with the version during compilation, you can update apktool to the latest version (2.4.1).
After success, drag the apk file under the project directory into the night God simulator for installation.
Fill in any content after opening to show successful registration:
