Preface
Recently, somebody almost asked me how to change the package name of the packages I had typed. Understanding my classmates probably know that I like to do experiments by myself, and then share my way with you, this time I chose a reading type app, randomly selected. First look at the effect.
How to do that, then share my thoughts with you.
ps: Invasion and deletion! It is only for personal study and not suitable for commercial use.
Dead work
Migu Reading v7.1.1 app
apktool
An editor. (I installed smali highlighting plug-in with vscode)
thinking
- Reading with apktool
- First change the package name in Android Manifest. XML
- Global change of package names similar to com.xxx.xxxx
- Global change of package name string Lcom/xxx/xxxx for smali type code
- Change the name of all com/xxx/xxxx folders globally because the package name and folder path are required to correspond in the java file
- Change the smali code associated with deleting the original package name or signature verification of app
- apktool b packaged apk
- jarsigner signature, install apk
Start reverse
Unpacking
apktool d com.ophone.reader.ui_7.1.1_129.apkChange package name
In AndroidMaifest.xml, we found that his package name was com.ophone.reader.ui.
Let me change my package name to com.ophone.reader.ui01.
Replace all com.ophone.reader.ui with com.ophone.reader.ui01
Change smali's package name
Replace all Lcom/ophone/reader/ui with
Lcom/ophone/reader/ui01
Change folder name
Change the UI folder name of all com/ophone/reader/ui to ui01
ps: In fact, the above three steps can be written into a program, the general idea is about the reading and writing of documents, as well as renaming and so on.
Start packing
Having changed the package name of app, we are ready to pack it.
apktool b com.ophone.reader.ui_7.1.1_129Packed bags. My path is
In com.ophone.reader.ui_7.1.1_129/dist,
See the apk that we've reversed our hands and feet.
Then sign and execute the following command
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore "MartinHanKey.jks" -signedjar _signed.apk ".\com.ophone.reader.ui01_7.1.1_129.apk" "MartinHan"I will not explain the above order, you can specific inquiries.
Function
Start running and find the following problems, as shown in the figure
Obviously, developers add signature checks, or package name checks.
thinking
Later I searched for the following string: "You install version xxx" and found the following string
<string name="check_sign_notice"> The version you installed is not the official version. It is recommended that you visit the wap.cmread.com official website to download and install (note: installing the new version requires uninstalling the current version)</string>.
Follow this name=check_sign_notice and see this in public.xml
<public type="string" name="check_sign_notice" id="0x7f0701bf" />Thus, in fact, his id is 7f0701bf.
Continuing to search for this id globally, I found the following code in WelcomePageActivity. This code is more critical, and we need to read it carefully.
#Here the setContentView method is called
invoke-virtual {p0, v0}, Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;->setContentView(Landroid/view/View;)V
#This calls the method a of the com.cmread.bplusc.layout.as class and passes the result to v0, which is based on this
#v0 to determine the following conditions
.line 171
invoke-static {p0}, Lcom/cmread/bplusc/layout/as;->a(Landroid/content/Context;)Z
move-result v0
#Jump according to the result just now
if-nez v0, :cond_3
#Setting the E variable of WelcomePageActivity
.line 172
iput-boolean v4, p0, Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;->E:Z
#The following explanation is not specific. It's actually the creation of the dialog box.
.line 173
iget-object v0, p0, Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;->g:Landroid/content/Context;
.line 175
invoke-virtual {p0}, Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;->getResources()Landroid/content/res/Resources;
move-result-object v2
#That's the message for the unofficial edition.
const v3, 0x7f0701bf
invoke-virtual {v2, v3}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;
move-result-object v2
.line 176
invoke-virtual {p0}, Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;->getResources()Landroid/content/res/Resources;
move-result-object v3
const v4, 0x7f070278
invoke-virtual {v3, v4}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;
move-result-object v3
.line 177
invoke-virtual {p0}, Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;->getResources()Landroid/content/res/Resources;
move-result-object v4
const v5, 0x7f070156
invoke-virtual {v4, v5}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;
move-result-object v4
new-instance v5, Lcom/cmread/bplusc/bookshelf/hu;
invoke-direct {v5, p0}, Lcom/cmread/bplusc/bookshelf/hu;-><init>(Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;)V
new-instance v6, Lcom/cmread/bplusc/bookshelf/hw;
invoke-direct {v6, p0}, Lcom/cmread/bplusc/bookshelf/hw;-><init>(Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;)V
new-instance v7, Lcom/cmread/bplusc/bookshelf/hx;
invoke-direct {v7, p0}, Lcom/cmread/bplusc/bookshelf/hx;-><init>(Lcom/cmread/bplusc/bookshelf/WelcomePageActivity;)V
.line 173
invoke-static/range {v0 .. v8}, Lcom/cmread/uilib/dialog/h;->a(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Lcom/cmread/uilib/dialog/CommonReaderDialog$a;Lcom/cmread/uilib/dialog/CommonReaderDialog$a;Lcom/cmread/uilib/dialog/CommonReaderDialog$b;Z)Lcom/cmread/uilib/dialog/CommonReaderDialog;
goto/16 :goto_0
......
......
......
......
......
# The specific location code for goto_0 is as follows. In fact, it calls the method onKeyDown of the parent class, and then return s.
.line 1071
:cond_0
:goto_0
invoke-super {p0, p1, p2}, Lcom/cmread/uilib/activity/CMActivity;->onKeyDown(ILandroid/view/KeyEvent;)Z
move-result v0
:goto_1
return v0
So far, we have understood the above methods, we know that the key point is if-nez v0,: cond_3,
Now change if-nez to if-eqz, and then pack and run again
As shown in the picture: 
Write at the end
Everything has been completely completed, hit the effect of the beginning of this article, Migu read double open, changed his package name, but also passed the check.
About me
Personal blog: Martin Han's station
Know: MartinHan01