Preceding text This paper introduces the process of decompiling APK with powerful APK-Multi-Tool on Windows platform, and then recompiling to APK after modifying smali source code. Recently, it has been entrusted to crack an apk. Fortunately, the three software used are cross-platform, and the MAC is also appropriate. Here is a record of the things and processes used on the mac.
A total of three softwares are needed. In order to find the latest version, the official website is also put behind.
- Apktool: http://ibotpeaches.github.io/Apktool/install/ Latest version 2.0.1
- dex2jar: https://github.com/pxb1988/dex2jar Latest version 2.0
- JD-GUI: http://jd.benow.ca/ Latest version 1.4.0
The installation of these three software Apktool is slightly troublesome, and the others are all OK, basically downloaded and decompressed can be used.
1, in Official website link Here we find the following:
Basically follow the six steps above. The first step is to download a shell script with the name "apktool" and No. sh suffix. You can copy it to sublimetext and save it.
2. Download the latest apktool-2 On bitbucket:
3. Rename the downloaded jar file "apktool.jar"
4. Put the shell scripts "apktool" and "apktool.jar" in the "/usr/local/bin" directory
5. Increase the executable permissions of these two files, chmod a+x file
6. Execute shell apktool.
After installation, you can run apktool-v to view version information:
Apktool v2.0.1 - a tool for reengineering Android apk files with smali v2.0.6 and baksmali v2.0.6 Copyright 2014 Ryszard Wiśniewski <firstname.lastname@example.org> Updated by Connor Tumbleson <email@example.com> usage: apktool -advance,--advanced prints advance information. -version,--version prints the version then exits usage: apktool if|install-framework [options] <framework.apk> -p,--frame-path <dir> Stores framework files into <dir>. -t,--tag <tag> Tag frameworks using <tag>. usage: apktool d[ecode] [options] <file_apk> -f,--force Force delete destination directory. -o,--output <dir> The name of folder that gets written. Default is apk.out -p,--frame-path <dir> Uses framework files located in <dir>. -r,--no-res Do not decode resources. -s,--no-src Do not decode sources. -t,--frame-tag <tag> Uses framework files tagged by <tag>. usage: apktool b[uild] [options] <app_path> -f,--force-all Skip changes detection and build all files. -o,--output <dir> The name of apk that gets written. Default is dist/name.apk -p,--frame-path <dir> Uses framework files located in <dir>. For additional info, see: http://ibotpeaches.github.io/Apktool/ For smali/baksmali info, see: http://code.google.com/p/smali/
These two are downloaded directly, then decompressed on ok:
That's all for software installation. Here's the cracking process. In order to check whether it can be cracked, we first decompile with Apktool to avoid our last empty scene. Only when Apktool can decompile/decompile, can our cracking be meaningful.
1. Create a new apk folder, put the APK to be decoded into it, and then run the command in this directory: apktool d hongbao.apk
yanzideMacBook-Pro:apk yanzi$ apktool d hongbao.apk I: Using Apktool 2.0.1 on hongbao.apk I: Loading resource table... I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /Users/yanzi/Library/apktool/framework/1.apk I: Regular manifest package... I: Decoding file-resources... I: Decoding values */* XMLs... I: Baksmaling classes.dex... I: Copying assets and libs... I: Copying unknown files... I: Copying original files...
The catalogue is as follows:
Then run the command to compile the apk:
apktool b hongbao (hongbao is a decompiled folder)
yanzideMacBook-Pro:apk yanzi$ apktool b hongbao I: Using Apktool 2.0.1 I: Checking whether sources has changed... I: Smaling smali folder into classes.dex... I: Checking whether resources has changed... I: Building resources... I: Building apk file...
The builds and dists above are generated in the process of compiling the apk. The compiled APK is in the dist directory. Opening the build/apk folder will find that the META-INF folder under the original folder is missing:
This means that the apk file in dist is not signed, which will be discussed later.
2. We need to use dex2jar to convert apk into jar file, essentially classes.dex in apk into jar. Add executable permissions to d2j_invoke.sh/d2j-dex2jar.sh in dex2jar. Then go into the dex2jar folder and run:
Get the hongbao-dex2jar.jar file.
3. Open the JD-GUI and drag hongbao-dex2jar.jar in to see the source code.
By looking at the java source code and comparing smali files, after modification, compile back to ok!
The decompiled apk is unsuccessful to install and is always prompted
The essence is no signature.
1. Generate signatures:
keytool -genkey -keystore hongbao.keystore -keyalg RSA -validity 10000 -alias hongbao
Note: The above - keystore is followed by the name of the signature file, and - alias is an alias, in general - keystore followed by - alias is the same, but in fact the two do not matter, which is why I deliberately made a difference.
2. Adding signatures to apk:
jarsigner -digestalg SHA1 -sigalg MD5withRSA -tsa -verbose -keystore hongbao.keystore -signedjar hongbao-signed.apk hongbao.apk hongbao
1. The last "hongbao" is the one behind - alias. It must be consistent.
2. Without the signature of - digestalg SHA1 -sigalg MD5withRSA, the installation of apk is also unsuccessful. It is said that the error of INSTALL_PARSE_FAILED_NO_CERTIFICATES will be reported without - tsa.
Attachments mentioned in the article are downloaded: