Shulou(Shulou.com)05/31 Report--

This article mainly introduces "Android basic reverse has not been realized". In daily operation, I believe many people have doubts about how Android basic reverse has not been realized. Xiaobian consulted all kinds of materials and sorted out simple and easy operation methods. I hope to help you answer the doubts of "Android basic reverse has not been realized"! Next, please follow the small series to learn together!

0x01 Activity Jump

Demo is still the previous demo, this time we change the Button logic to jump.

Creating a new Activity

Jump Activity

Go to our new Activity.

Use Intent to jump, Intent is equivalent to a carrier.

The specific codes are as follows:

Intent i=new Intent(MainActivity.this,Main2Activity.class); startActivity(i);

set identity

Generate apk test

0x02 Androidmanifest.xml Description

First let's look at the contents of Androidmanifest.xml

Here we can see that there are two activities.

How do I start first?

There are two activities, so how does the app recognize which activity is launched first?

Here we compare the difference between the two activities.

This is the first Activity.

This is our second Activity.

Is the difference obvious, one has a lot of content, one has only one sentence.

So our focus is:

It's easy to see why that's why it started first.

Let's do a simple test.

Let's move this around.

Now Androidmanifest,xml looks like this.

test

Now we generate APK.

We found that after clicking on it, we found that it was not the previous Activity, but the Activity we added later.

Based on this idea, we can think about whether we can avoid some validation problems by changing the Activity launched if there is a third-party Activity injection.

En, after that, we will conduct a test through actual combat.

0x03 Decompilation

It's time to learn smali. It may be boring, but the writer is interested.

Let's cut to the chase and get started.

1. Drop the Android Killer. 2. Find the key code

Yeah. In $2.

.method public onClick(Landroid/view/View;)V .locals 3 .param p1, "v" # Landroid/view/View; .prologue .line 33 new-instance v0, Landroid/content/Intent; iget-object v1, p0, Lcom/example/hanlei/first_demo/MainActivity$2;->this$0:Lcom/example/hanlei/first_demo/MainActivity; const-class v2, Lcom/example/hanlei/first_demo/Main2Activity; invoke-direct {v0, v1, v2}, Landroid/content/Intent;->(Landroid/content/Context;Ljava/lang/Class;)V .line 34 .local v0, "i":Landroid/content/Intent; iget-object v1, p0, Lcom/example/hanlei/first_demo/MainActivity$2;->this$0:Lcom/example/hanlei/first_demo/MainActivity; invoke-virtual {v1, v0}, Lcom/example/hanlei/first_demo/MainActivity;->startActivity(Landroid/content/Intent;)V .line 35 return-void.end method

Here we do not translate a sentence, want to see the content before turning back, a lot.

Let's look at the main code here:

Create a new Intent object

new-instance v0, Landroid/content/Intent;

Get MainActivity pairs you want to store in v1

iget-object v1, p0, Lcom/example/hanlei/first_demo/MainActivity$2;->this$0:Lcom/example/hanlei/first_demo/MainActivity;

Put Main 2 Activity into v2

const-class v2, Lcom/example/hanlei/first_demo/Main2Activity;

Then put v1 and v2 into v0.

invoke-direct {v0, v1, v2}, Landroid/content/Intent;->(Landroid/content/Context;Ljava/lang/Class;)V

StartActivity is called. It's very simple and easy to understand.

.line 34 .local v0, "i":Landroid/content/Intent; iget-object v1, p0, Lcom/example/hanlei/first_demo/MainActivity$2;->this$0:Lcom/example/hanlei/first_demo/MainActivity; invoke-virtual {v1, v0}, Lcom/example/hanlei/first_demo/MainActivity;->startActivity(Landroid/content/Intent;)V

How to say it, smali met, although do not know what it means, but very familiar, understand at once. En, it's better to take a look at the language more and analyze it more. It's beneficial. when i first learned c language, i typed a lot of lines, and after doing a few projects, i became very proficient.

0x04 Actual combat analysis sample

For convenience, I uploaded the sample to Baidu Cloud.

Original APK: Link: pan.baidu.com/s/1pMwcuef Password: a673

demo

I don't know why my late night simulator won't open. Try another simulator.

Once I open the game, I pop up this interface. I don't like it very much. I want to pop up my game interface directly.

All right, let's use the skills we started with.

1.apk decompilation

2. View the Androidmanifest.xml file 3. Try to jump

Let's first look at our jump.

The name of the Activity to jump to is: cn.cmgame.billing.api.GameOpenActivity, Gameopen. Yeah, what is this? Oh, it's weird. But, uh, it must be the interface we opened. Yeah. I think it's a little important, and it might come up later. So find a little notebook and write it down. I should create a little book.

Let's take a look at our Activity.

There are two activities:

First Activity name: android:name="MainActivity"

The name of the second Activity: android:name="LogActivity"

As a developer, MainActivity is a start. We'll just start changing it.

This is the modified Activity.

Actually, I'm just saying

These two sentences are understood. But there are three sentences, let's take a look. As for the test, let's do the test after we finish studying.

first choice is

These two moved over and failed directly. So, let's analyze it.

just said

This sentence is necessary.

Two more sentences.

At this point, the study of "Android basic reverse has not been realized" is over, hoping to solve everyone's doubts. Theory and practice can better match to help everyone learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.