Android 把修改后的classes.dex 重新放入 apk中

1.解压apk

  • 把.apk后缀名修改成zip,解压提取出classes.dex

2.修改classes.dex

  • 通过 IDA PRO 或 C32ASM 等工具修改文件中的值

3.利用工具等对修改后的classes.dex重新效验

  • dexfixer
  • 或者自己编写工具 java 代码如下
public class FixDexHeaderUtil {

        public static void fix(String file) {  
            byte[] fBytes = readFile(file);  
            fix(fBytes);  
            saveFile(fBytes, file);  
        }  

        private static byte[] readFile(String file) {  
            FileInputStream fis = null;
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            try {  
                fis = new FileInputStream(file);  
                if (fis != null && bos != null) {  
                    int len = -1;  
                    byte[] buf = new byte[512];  
                    while ((len = fis.read(buf)) != -1) {  
                        bos.write(buf, 0, len);  
                        bos.flush();  
                    }  
                }  

            } catch (Exception e) {  
                e.printStackTrace();  
            } finally {  
                if (fis != null) {  
                    try {  
                        fis.close();  
                    } catch (IOException e) {
                        e.printStackTrace();  
                    }  
                }  
            }  
            byte[] fBytes = bos.toByteArray();  
            if (bos != null) {  
                try {  
                    bos.close();  
                } catch (IOException e) {  
                    e.printStackTrace();  
                }  
            }  
            return fBytes;  
        }  

        private static void saveFile(byte[] fBytes, String file) {  
            FileOutputStream fos = null;
            try {  
                fos = new FileOutputStream(file);  
                fos.write(fBytes);  
                fos.flush();  
            } catch (Exception e) {  
                e.printStackTrace();  
            } finally {  
                if (fos != null) {  
                    try {  
                        fos.close();  
                    } catch (IOException e) {  
                        e.printStackTrace();  
                    }  
                }  
            }  
        }  

        private static void fix(byte[] fBytes) {  
            fixSha1Signature(fBytes);  
            fixChecksum(fBytes);  
        }  

        private static void fixSha1Signature(byte[] fBytes) {  
            MessageDigest sha1 = null;
            try {  
                sha1 = MessageDigest.getInstance("SHA1");  
                sha1.update(fBytes, 32, fBytes.length - 32);  
                byte[] hashBytes = sha1.digest();  
                for (int i = 0; i < hashBytes.length; i++) {  
                    fBytes[12 + i] = hashBytes[i];  
                }  
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();  
            }  
        }  

        private static void fixChecksum(byte[] fBytes) {  
            Adler32 al = new Adler32();
            al.update(fBytes, 12, fBytes.length - 12);  
            int sum = (int) al.getValue();  
            byte[] result = new byte[4];  
            result[0] = (byte) sum;  
            result[1] = (byte) (sum >> 8);  
            result[2] = (byte) (sum >> 16);  
            result[3] = (byte) (sum >> 24);  
            for (int i = 0; i < result.length; i++) {  
                fBytes[8 + i] = result[i];  
            }  
        }  
    }  

4.把classes.dex重新放入apk中

  • 使用aapt命令
  • 1.删除原apk包中的classes.dex
./aapt r source.apk classes.dex
  • 2.添加修改后的classes.dex到apk中
./aapt a source.apk classes.dex

5.重新签名apk

  • 推荐使用Android Crack Tool 工具中的签名方法,方便
  • 或者手动使用keytool
/Library/Java/JavaVirtualMachines/jdk1.7.0_79.jdk/Contents/Home/bin/jarsigner -verbose -keystore 你的key.keystore -signedjar 签名后的文件名.apk 原始文件.apk '签名文件的别名(key alias)'

6.完成

  • 使用adb install测试吧

你可能感兴趣的:(随手记)