Reverse and inject code to Android Application

Introduction

This article tell you how to reverse and inject your own code to Android Application. Therefore you can get sensitive information, Series Number or other information.

Tools

They are the tools that we need. These tools can help us to de-complier, reverse, and re-complier Android Application.

  1. Apktools
  2. dex2jar
  3. jd-gui
  4. apkdb

De-Complier Android Application

Firstly, Download the Android Application to your computer.

How to reverse and inject code to Android Application - Copy the app to your computer

Secondly, using WinRAR open the APK package. Basically, the APK package is a kind of  compress file. After open it, you will see the package file, then unzip “classes.dex” file.

How to reverse and inject code to Android Application - unzip classes.dex file

Then, you can use a fantastic software to reverse the DEX file. This software is dex2jar.

How to reverse and inject code to Android Application - use d2j to decompiler the file

After de-compiler, you will have a new file “classes-dex2jar.jar”. We use “jd-gui” to open this file. You will see the class files and some of the source code.

How to reverse and inject code to Android Application - check the source file

These class files can help you to understand the software’s process, and programmer’s idea. Usually, you cannot get any sensitive information form these files.

Reverse Application

We use Apktools to reverse the application. After you running the command, you will get a folder, and in the folder you will get some files.

apktool d xxx.apk

The smali files are important. Smali is an assembler for the dex format used by dalvik, Android’s Java VM implementation. Smali file is not very readable, this file is design for computer. This means that computer can read this kind of file, but human can only under stand the process. However, we just need to understand the process, and we can inject the code.

Due to the legal reason, I cannot show you the whole code and the whole process. But I can give you an idea. Read the dex file and smali file to understand the process, and then, you can inject code to the smali file.

For example, I inject these code to a specific position. Then, when I running the application, I can get the sensitive information.

const-string v5, "SN"
invoke-static {v5, v1}, Landroid/util/Log;->v(Ljava/lang/String;Ljava/lang/String;)I
invoke-virtual {p1, p2, v1}, Landroid/content/Context;->getSharedPreferences(Ljava/lang/String;I)Landroid/content/SharedPreferences;

Reverse and inject code to Android Application - get the sensitive information

The most difficult part for reverse is not de-complier and re-complier. It is read the code and understand the code, then inject the code to get the information which you want.

If you have any question, feel free to ask me.

Leave a Reply

Your email address will not be published. Required fields are marked *