KEMBAR78
Modifying Android Apps Without Source Codes | PPTX
RA
Uploaded byRonillo Ang
PPTX, PDF483 views

Modifying Android Apps Without Source Codes

This document provides instructions for modifying Android apps without source code through reverse engineering the APK file. It details the steps to: 1. Decompile the APK file using Apktool to convert it to a readable format. 2. Modify the decompiled source code written in Smali, the dex format used by Android. 3. Rebuild the modified APK file using Apktool. 4. Sign the rebuilt APK with a generated certificate to allow it to run on devices. Common injected code examples like adding a popup message or method profiling calls are also provided.

Downloaded 20 times
Modifying Android apps without source code By: Ronillo Ang Android Developer
Requirements • Java SDK [http://www.oracle.com/technetwork/java/javase/downloads/index .html] • Android SDK [http://developer.android.com/sdk/index.html] • Apktool [https://bitbucket.org/iBotPeaches/apktool/downloads] • SignApk [http://forum.xda- developers.com/attachment.php?s=ed93891ef99dc601482f8c9b 196c8c4f&attachmentid=1846095&d=1364661948] • Android Studio (Optional) • OpenSSL
A Real World Example • We’ll reverse engineer yours truly apps on Google Play • Download UIE Tracker https://play.google.com/store/apps/details?id=ron.an g.uietracker
Get APK • First thing to do is to have the APK and saved to your computer’s hard disk • Plug in your device • We need to get the path where the APK is stored on the device: adb shell pm path <package name> • Pull out the APK from the device: adb pull <path>
Decompiling • Now that we have the APK on our computer, the second thing to do is to decompile it using apktool • Issue the ff. command on a terminal: java -jar ~/Desktop/apktool1.5.2/apktool_2.0.1.jar d -f <apk>
Modding • You need to learn coding in smali • Smali is a dex format used by Dalvik Virtual Machine • Find out the list of Dalvik operations http://pallergabor.uw.hu/androidblog/dalvik_opcodes .html
Rebuilding • Once finished with modding, use apktool to rebuild the modded application. java -jar ~/Desktop/apktool1.5.2/apktool_2.0.1.jar b <modded src>
Signing the modded APK • The last thing we need to do in order for our modded apk to work is to digitally sign it with a certificate. • Generate certificate via openssl • Sign the APK with the generated certificated with SignApk tool • In order to upload it on Google Play and Android devices
Signing the modded APK • Let’s generate the certificate for signing: openssl genrsa -out key.pem 1024 openssl req -new -key key.pem -out request.pem openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
Signing the modded APK • Finally… java -jar signapk.jar certificate.pem key.pk8 <modded apk> <output apk>
Common Injected Code • The pop-up message box • Method profiling call
The Pop-up Message Box new-instance v1,Landroid/app/AlertDialog$Builder; invoke-direct {v1,p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V const-string v2,"u666eu901au5bf9u8bddu6846" invoke-virtual {v1,v2}, Landroid/app/AlertDialog$Builder;- >setTitle(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder; const-string v2,"u4f60u597duff0cAndroid!" invoke-virtual {v1,v2},Landroid/app/AlertDialog$Builder;- >setMessage(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder; invoke-virtual {v1},Landroid/app/AlertDialog$Builder;->create()Landroid/app/AlertDialog; move-result-object v2 invoke-virtual {v2},Landroid/app/AlertDialog;->show()V
Method Profiling Call const-string v0, "123" invoke-static {v0}, Landroid/os/Debug;- >startMethodTracing(Ljava/lang/String;) V invoke-static {}, Landroid/os/Debug;->stopMethodTracing() V A file named 123.trace will be saved on the sdcard, which can be analyse using traceview tool.
Thank You!!!

More Related Content

PDF
Modifying Android Apps Without Source Code with Microsoft Visual Studio Code
byRonillo Ang
 
PPTX
Fastlane
byWarren Lin
 
PPTX
GitHub Actions for 5 minutes
bySvetlin Nakov
 
PDF
Continuous Integration for your Android projects
bySergii Zhuk
 
PDF
NLUUG Spring 2012 - OpenShift Primer
byEric D. Schabell
 
PDF
Microservices with the PlayFramework
byDominik Dorn
 
ODP
Ci for-android-apps
byAnthony Dahanne
 
PPTX
Introduction to Gitea with Drone
byBo-Yi Wu
 
Modifying Android Apps Without Source Code with Microsoft Visual Studio Code
byRonillo Ang
 
Fastlane
byWarren Lin
 
GitHub Actions for 5 minutes
bySvetlin Nakov
 
Continuous Integration for your Android projects
bySergii Zhuk
 
NLUUG Spring 2012 - OpenShift Primer
byEric D. Schabell
 
Microservices with the PlayFramework
byDominik Dorn
 
Ci for-android-apps
byAnthony Dahanne
 
Introduction to Gitea with Drone
byBo-Yi Wu
 

What's hot

PDF
Tools of the Trade 2016
byDominik Dorn
 
PDF
Introduction to GitHub Actions
byKnoldus Inc.
 
PPTX
Gdg ionic 2
byShang Yi Lim
 
PDF
Behind the scenes of Scaleway Functions : when Kubernetes meets our products
byScaleway
 
PPTX
Continuous Integration of Mobile Apps with Docker and Appium
byEmergya
 
PDF
Moderne Android Builds mit Gradle
byinovex GmbH
 
PDF
Appium Dockerization: from Scratch to Advanced Implementation - HUSTEF 2019
bySargis Sargsyan
 
PDF
Building a Slack Bot Workshop @ Nearsoft OctoberTalks 2017
byRafael Antonio Gutiérrez Turullols
 
PPTX
A painless self-hosted Git service: Gitea
byBo-Yi Wu
 
PDF
OpenShift: Java EE in the clouds
byMax Andersen
 
PDF
ApacheCon Europe 2016 : CONTAINERS IN ACTION - Transform Application Delivery...
byDaniel Oh
 
PPTX
Continuous integration jenkins-installation in ec2 instace linux
byMaheshnagakumar Tokala
 
PDF
Create React Native App vs Expo vs Manually
byEugene Zharkov
 
PPTX
Write microservice in golang
byBo-Yi Wu
 
PDF
Intro to Github Actions @likecoin
byWilliam Chong
 
PDF
Android Essential Tools
byJussi Pohjolainen
 
PDF
Jenkins Docker
byAlex Soto
 
PPTX
Continuous integration in games development
byNebojsa Brindic
 
PDF
Debug production server by counter
byRoy Chung-Cheng Lou
 
Tools of the Trade 2016
byDominik Dorn
 
Introduction to GitHub Actions
byKnoldus Inc.
 
Gdg ionic 2
byShang Yi Lim
 
Behind the scenes of Scaleway Functions : when Kubernetes meets our products
byScaleway
 
Continuous Integration of Mobile Apps with Docker and Appium
byEmergya
 
Moderne Android Builds mit Gradle
byinovex GmbH
 
Appium Dockerization: from Scratch to Advanced Implementation - HUSTEF 2019
bySargis Sargsyan
 
Building a Slack Bot Workshop @ Nearsoft OctoberTalks 2017
byRafael Antonio Gutiérrez Turullols
 
A painless self-hosted Git service: Gitea
byBo-Yi Wu
 
OpenShift: Java EE in the clouds
byMax Andersen
 
ApacheCon Europe 2016 : CONTAINERS IN ACTION - Transform Application Delivery...
byDaniel Oh
 
Continuous integration jenkins-installation in ec2 instace linux
byMaheshnagakumar Tokala
 
Create React Native App vs Expo vs Manually
byEugene Zharkov
 
Write microservice in golang
byBo-Yi Wu
 
Intro to Github Actions @likecoin
byWilliam Chong
 
Android Essential Tools
byJussi Pohjolainen
 
Jenkins Docker
byAlex Soto
 
Continuous integration in games development
byNebojsa Brindic
 
Debug production server by counter
byRoy Chung-Cheng Lou
 

Similar to Modifying Android Apps Without Source Codes

PDF
Pwning mobile apps without root or jailbreak
byAbraham Aranguren
 
PPTX
Android Package tool
byyarden hanan
 
PDF
Embedded Android in Real Life - Live Embedded Event 2021
byGary Bisson
 
PDF
Learning by hacking - android application hacking tutorial
byLandice Fu
 
PPTX
Basic reverse engineering steps about .apk file
byCarl Lu
 
PDF
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
byRomansh Yadav
 
PDF
LinkedIn - Disassembling Dalvik Bytecode
byAlain Leon
 
PPTX
Dynamic Security Analysis & Static Security Analysis for Android Apps.
byVodqaBLR
 
PDF
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
byidsecconf
 
PDF
Improving DroidBox
byKelwin Yang
 
PPT
Reverse Engineering Android Application
byn|u - The Open Security Community
 
PPTX
Android Auto instrumentation
byPrzemek Jakubczyk
 
PPTX
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018
byCodemotion
 
PDF
[UniteKorea2013] Protecting your Android content
byWilliam Hugo Yang
 
ODP
Enhancing and modifying_the_core_android_os
byArnav Gupta
 
PDF
How to reverse engineer Android applications
byhubx
 
PDF
How to reverse engineer Android applications—using a popular word game as an ...
byChristoph Matthies
 
PDF
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
byStephan Chenette
 
PPTX
Rapid Android Application Security Testing
byNutan Kumar Panda
 
PDF
Introduction to mobile reversing
byjduart
 
Pwning mobile apps without root or jailbreak
byAbraham Aranguren
 
Android Package tool
byyarden hanan
 
Embedded Android in Real Life - Live Embedded Event 2021
byGary Bisson
 
Learning by hacking - android application hacking tutorial
byLandice Fu
 
Basic reverse engineering steps about .apk file
byCarl Lu
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
byRomansh Yadav
 
LinkedIn - Disassembling Dalvik Bytecode
byAlain Leon
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
byVodqaBLR
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
byidsecconf
 
Improving DroidBox
byKelwin Yang
 
Reverse Engineering Android Application
byn|u - The Open Security Community
 
Android Auto instrumentation
byPrzemek Jakubczyk
 
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018
byCodemotion
 
[UniteKorea2013] Protecting your Android content
byWilliam Hugo Yang
 
Enhancing and modifying_the_core_android_os
byArnav Gupta
 
How to reverse engineer Android applications
byhubx
 
How to reverse engineer Android applications—using a popular word game as an ...
byChristoph Matthies
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
byStephan Chenette
 
Rapid Android Application Security Testing
byNutan Kumar Panda
 
Introduction to mobile reversing
byjduart
 

Recently uploaded

PPTX
Introduction to engineering dynamics for structural engineering student
bytekalign24
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
PDF
Performance analysis of recycled PET composites reinforced with waste slate d...
byADITYA CHAUHAN
 
PDF
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
byRandyClara
 
PDF
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
PPTX
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 
PPT
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
PDF
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
PPTX
DECARBONAZING REFINING INDUSTRY rev2.pptx
bygonzalezolabarriaped
 
PDF
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PPTX
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
PDF
mariadbwebinardr07301000156458558219.pdf
byEduardo154255
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PPTX
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
PDF
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
PDF
Vertical Roller Mill more detail inside function
byagungcemindo
 
PPTX
Blockchain for Digital identity security
bysamirsarar2
 
PDF
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
PDF
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 
Introduction to engineering dynamics for structural engineering student
bytekalign24
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
Performance analysis of recycled PET composites reinforced with waste slate d...
byADITYA CHAUHAN
 
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
byRandyClara
 
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
DECARBONAZING REFINING INDUSTRY rev2.pptx
bygonzalezolabarriaped
 
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
mariadbwebinardr07301000156458558219.pdf
byEduardo154255
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
Vertical Roller Mill more detail inside function
byagungcemindo
 
Blockchain for Digital identity security
bysamirsarar2
 
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 

Modifying Android Apps Without Source Codes

  • 1.
    Modifying Android apps withoutsource code By: Ronillo Ang Android Developer
  • 2.
    Requirements • Java SDK [http://www.oracle.com/technetwork/java/javase/downloads/index .html] •Android SDK [http://developer.android.com/sdk/index.html] • Apktool [https://bitbucket.org/iBotPeaches/apktool/downloads] • SignApk [http://forum.xda- developers.com/attachment.php?s=ed93891ef99dc601482f8c9b 196c8c4f&attachmentid=1846095&d=1364661948] • Android Studio (Optional) • OpenSSL
  • 3.
    A Real WorldExample • We’ll reverse engineer yours truly apps on Google Play • Download UIE Tracker https://play.google.com/store/apps/details?id=ron.an g.uietracker
  • 4.
    Get APK • Firstthing to do is to have the APK and saved to your computer’s hard disk • Plug in your device • We need to get the path where the APK is stored on the device: adb shell pm path <package name> • Pull out the APK from the device: adb pull <path>
  • 5.
    Decompiling • Now thatwe have the APK on our computer, the second thing to do is to decompile it using apktool • Issue the ff. command on a terminal: java -jar ~/Desktop/apktool1.5.2/apktool_2.0.1.jar d -f <apk>
  • 6.
    Modding • You needto learn coding in smali • Smali is a dex format used by Dalvik Virtual Machine • Find out the list of Dalvik operations http://pallergabor.uw.hu/androidblog/dalvik_opcodes .html
  • 7.
    Rebuilding • Once finishedwith modding, use apktool to rebuild the modded application. java -jar ~/Desktop/apktool1.5.2/apktool_2.0.1.jar b <modded src>
  • 8.
    Signing the moddedAPK • The last thing we need to do in order for our modded apk to work is to digitally sign it with a certificate. • Generate certificate via openssl • Sign the APK with the generated certificated with SignApk tool • In order to upload it on Google Play and Android devices
  • 9.
    Signing the moddedAPK • Let’s generate the certificate for signing: openssl genrsa -out key.pem 1024 openssl req -new -key key.pem -out request.pem openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
  • 10.
    Signing the moddedAPK • Finally… java -jar signapk.jar certificate.pem key.pk8 <modded apk> <output apk>
  • 11.
    Common Injected Code •The pop-up message box • Method profiling call
  • 12.
    The Pop-up MessageBox new-instance v1,Landroid/app/AlertDialog$Builder; invoke-direct {v1,p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V const-string v2,"u666eu901au5bf9u8bddu6846" invoke-virtual {v1,v2}, Landroid/app/AlertDialog$Builder;- >setTitle(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder; const-string v2,"u4f60u597duff0cAndroid!" invoke-virtual {v1,v2},Landroid/app/AlertDialog$Builder;- >setMessage(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder; invoke-virtual {v1},Landroid/app/AlertDialog$Builder;->create()Landroid/app/AlertDialog; move-result-object v2 invoke-virtual {v2},Landroid/app/AlertDialog;->show()V
  • 13.
    Method Profiling Call const-stringv0, "123" invoke-static {v0}, Landroid/os/Debug;- >startMethodTracing(Ljava/lang/String;) V invoke-static {}, Landroid/os/Debug;->stopMethodTracing() V A file named 123.trace will be saved on the sdcard, which can be analyse using traceview tool.
  • 14.