[置顶] 第2章 Android Dalvik 实战apktool反编译
第2章 Android Dalvik 实战apktool反编译
环境配置
一、系统使用Ubuntu 15.10版本
二、apktool工具使用2.0.2
1、到官网(http://apktool.shoujifans.com/)下载以下文件:apktool2.0.2.tar.bz2和apktool-install-linux-r05-ibot.tar.bz2。
2、解压后得到aapt、apktool、apktool.jar三个文件,将它们全部拷贝至/usr/bin目录下。
3、检测apktool是否安装成功
root@strom-virtual-machine:~# apktool -version
2.0.2
4、需要跟改apktool版本只要更换apktool.jar就行了
5、查看已经通过AndroidStudio工具生成好的APK
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app# ls
app.iml app-release.apk build build.gradle src
6、使用apktool 命令反编译
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app# apktool d -f app-release.apk
I: Using Apktool 2.0.2 on app-release.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /root/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
7、Android程序中的硬编码到源码中,也可能引用自“res\values”目录下的strings.xml
Apk在打包时strings.xml中的字符串被加密存储为resources.arsc文件保存到APK程序中
Apk被成功反编译后这个文件也成功解密出来
![[置顶] 第2章 Android Dalvik 实战apktool反编译_第1张图片](http://img.e-com-net.com/image/info5/e240d153aa2a407cbb7d81d5ee415432.jpg)
8、查看strings.xml文件内容
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="app_name">Crackme0201</string>
<string name="hint_sn">请输入16位的注册码</string>
<string name="hint_username">请输入用户名</string>
<string name="info">Android程序破解演示实例</string>
<string name="menu_settings">Settings</string>
<string name="register">注 册</string>
<string name="registered">程序已注册</string>
<string name="sn">注册码:</string>
<string name="successed">恭喜您!注册成功</string>
<string name="title_activity_main">Crackme0201</string>
<string name="unregister">程序未注册</string>
<string name="unsuccessed">无效用户名或注册码</string>
<string name="username">用户名:</string>
</resources>
9、使用apktool反编译apk文件后,所有的索引值都保存在strings.xml文件同目录下的public.xml文件中。
10、从strings.xml 中对应的“unsuccessed”的这个值与public.xml对应的内容如下:
注意:红色部分
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app/app-release/res/values# cat public.xml
<?xml version="1.0" encoding="utf-8"?>
<resources>
<public type="drawable" name="ic_launcher" id="0x7f020001" />
<public type="drawable" name="ic_action_search" id="0x7f020000" />
<public type="layout" name="activity_main" id="0x7f030000" />
<public type="dimen" name="padding_large" id="0x7f040000" />
<public type="dimen" name="padding_medium" id="0x7f040001" />
<public type="dimen" name="padding_small" id="0x7f040002" />
<public type="string" name="app_name" id="0x7f050000" />
<public type="string" name="hint_sn" id="0x7f050001" />
<public type="string" name="hint_username" id="0x7f050002" />
<public type="string" name="info" id="0x7f050003" />
<public type="string" name="menu_settings" id="0x7f050004" />
<public type="string" name="register" id="0x7f050005" />
<public type="string" name="registered" id="0x7f050006" />
<public type="string" name="sn" id="0x7f050007" />
<public type="string" name="successed" id="0x7f050008" />
<public type="string" name="title_activity_main" id="0x7f050009" />
<public type="string" name="unregister" id="0x7f05000a" />
<public type="string" name="unsuccessed" id="0x7f05000b" />
<public type="string" name="username" id="0x7f05000c" />
<public type="style" name="AppTheme" id="0x7f060000" />
<public type="menu" name="activity_main" id="0x7f070000" />
<public type="id" name="textView1" id="0x7f080000" />
<public type="id" name="edit_username" id="0x7f080001" />
<public type="id" name="edit_sn" id="0x7f080002" />
<public type="id" name="button_register" id="0x7f080003" />
<public type="id" name="menu_settings" id="0x7f080004" />
</resources>
11、在public中的unsuccessed 的id值是0x7f05000b,后在smail目录中搜索内容含有0x7f05000b文件最后发现只有MainActivity$1.smali 文件有调用到。
![[置顶] 第2章 Android Dalvik 实战apktool反编译_第2张图片](http://img.e-com-net.com/image/info5/58bb1fad93c64519863a26938b209509.jpg)
12、0x7f05000b对应的MainActivity$1.smali内容如下:
13、修改smali文件将”.line32”中的“if-nez v0, :cond_0” 更改为“if-eqz v0, :cond_0”,进行保存
14、使用apktool工具重新编译并签名
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app# apktool b app-release
I: Using Apktool 2.0.2
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Building resources...
I: Building apk file...
15、生成文件路径
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app/app-release/dist# ls
app-release.apk
16、对app软件进行签名
1) 创建一个目录将下载好的sugnapk.jar、signapk 、testkey.pk8、testkey.x509.pem 放入
2) 配置signapk环境变量
3) 使用命令signapk 进行签名
signapk app-release.apk
4) 生成带签名的apk包
17、在模拟器运行效果
1) 先启动AVD模拟器
2) 敲入命令adb install app-release.apk
环境配置
一、系统使用Ubuntu 15.10版本
二、apktool工具使用2.0.2
1、到官网(http://apktool.shoujifans.com/)下载以下文件:apktool2.0.2.tar.bz2和apktool-install-linux-r05-ibot.tar.bz2。
2、解压后得到aapt、apktool、apktool.jar三个文件,将它们全部拷贝至/usr/bin目录下。
3、检测apktool是否安装成功
root@strom-virtual-machine:~# apktool -version
2.0.2
4、需要跟改apktool版本只要更换apktool.jar就行了
5、查看已经通过AndroidStudio工具生成好的APK
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app# ls
app.iml app-release.apk build build.gradle src
6、使用apktool 命令反编译
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app# apktool d -f app-release.apk
I: Using Apktool 2.0.2 on app-release.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /root/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
7、Android程序中的硬编码到源码中,也可能引用自“res\values”目录下的strings.xml
Apk在打包时strings.xml中的字符串被加密存储为resources.arsc文件保存到APK程序中
Apk被成功反编译后这个文件也成功解密出来
8、查看strings.xml文件内容
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="app_name">Crackme0201</string>
<string name="hint_sn">请输入16位的注册码</string>
<string name="hint_username">请输入用户名</string>
<string name="info">Android程序破解演示实例</string>
<string name="menu_settings">Settings</string>
<string name="register">注 册</string>
<string name="registered">程序已注册</string>
<string name="sn">注册码:</string>
<string name="successed">恭喜您!注册成功</string>
<string name="title_activity_main">Crackme0201</string>
<string name="unregister">程序未注册</string>
<string name="unsuccessed">无效用户名或注册码</string>
<string name="username">用户名:</string>
</resources>
9、使用apktool反编译apk文件后,所有的索引值都保存在strings.xml文件同目录下的public.xml文件中。
10、从strings.xml 中对应的“unsuccessed”的这个值与public.xml对应的内容如下:
注意:红色部分
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app/app-release/res/values# cat public.xml
<?xml version="1.0" encoding="utf-8"?>
<resources>
<public type="drawable" name="ic_launcher" id="0x7f020001" />
<public type="drawable" name="ic_action_search" id="0x7f020000" />
<public type="layout" name="activity_main" id="0x7f030000" />
<public type="dimen" name="padding_large" id="0x7f040000" />
<public type="dimen" name="padding_medium" id="0x7f040001" />
<public type="dimen" name="padding_small" id="0x7f040002" />
<public type="string" name="app_name" id="0x7f050000" />
<public type="string" name="hint_sn" id="0x7f050001" />
<public type="string" name="hint_username" id="0x7f050002" />
<public type="string" name="info" id="0x7f050003" />
<public type="string" name="menu_settings" id="0x7f050004" />
<public type="string" name="register" id="0x7f050005" />
<public type="string" name="registered" id="0x7f050006" />
<public type="string" name="sn" id="0x7f050007" />
<public type="string" name="successed" id="0x7f050008" />
<public type="string" name="title_activity_main" id="0x7f050009" />
<public type="string" name="unregister" id="0x7f05000a" />
<public type="string" name="unsuccessed" id="0x7f05000b" />
<public type="string" name="username" id="0x7f05000c" />
<public type="style" name="AppTheme" id="0x7f060000" />
<public type="menu" name="activity_main" id="0x7f070000" />
<public type="id" name="textView1" id="0x7f080000" />
<public type="id" name="edit_username" id="0x7f080001" />
<public type="id" name="edit_sn" id="0x7f080002" />
<public type="id" name="button_register" id="0x7f080003" />
<public type="id" name="menu_settings" id="0x7f080004" />
</resources>
11、在public中的unsuccessed 的id值是0x7f05000b,后在smail目录中搜索内容含有0x7f05000b文件最后发现只有MainActivity$1.smali 文件有调用到。
12、0x7f05000b对应的MainActivity$1.smali内容如下:
13、修改smali文件将”.line32”中的“if-nez v0, :cond_0” 更改为“if-eqz v0, :cond_0”,进行保存
14、使用apktool工具重新编译并签名
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app# apktool b app-release
I: Using Apktool 2.0.2
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Building resources...
I: Building apk file...
15、生成文件路径
root@strom-virtual-machine:~/AndroidStudioProjects/crackme02/app/app-release/dist# ls
app-release.apk
16、对app软件进行签名
1) 创建一个目录将下载好的sugnapk.jar、signapk 、testkey.pk8、testkey.x509.pem 放入
2) 配置signapk环境变量
3) 使用命令signapk 进行签名
signapk app-release.apk
4) 生成带签名的apk包
17、在模拟器运行效果
1) 先启动AVD模拟器
2) 敲入命令adb install app-release.apk
3) 执行apk包
![[置顶] 第2章 Android Dalvik 实战apktool反编译_第3张图片](http://img.e-com-net.com/image/info5/3e148969582941e2beb730b2d135f751.jpg)