Shulou(Shulou.com)06/01 Report--

This article introduces you how to achieve static analysis in Android, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Let's start with a simple apk package, a fake login page:

A prompt pops up when you click to log in:

The code uses the version of Android Studio3.5, and with the update of the version of Android Studio, the code is written differently:

After the main page is completed, it is packaged into an apk file. Here, I have tried three packaging methods, and the results are all the same:

Unsigned package:

Official package signed in V1:

Official package signed in V2:

When the package is complete, locate the apk package file

Decompile directly using apktool:

.\ apktool.bat d-f.\ app-release.apk-o test

Explanation:

D stands for decode, which means decompilation, which corresponds to b, building, compilation

-f indicates force, forcing the deletion of the target directory

-o indicates the output address

After decompilation, go to / smali/com/example/hellosmali under the test folder, and you can see the smali file with two MainActivity:

There are onclick operations that we want to modify in the MainActivity$onCreate$1.smali file:

Modify the const-string v1 value to: hello smali

Here, after the modification is completed, you need to recompile it to the apk package. The book says to use the Android reverse helper, but I have tried and failed to package it:

Apktool can also be recompiled:

An error is reported here, because higher versions of Android Studio and Gradle use aapt2 packaging apk, but apktool uses aapt1 packaging. According to the method of online teaching, add android.enableAapt2=false to the gradle.properties file:

Recompile the apk package and continue to report an error:

After clicking on the error message here, I located it to minSdkVersion. I thought it was the problem of the lowest version. After changing it to 20, I still reported an error.

After thinking about it, I upgraded apktool to the latest version, recompiled it, and still reported an error, but the error message is not the same as before:

After deleting the xml file that reported the error, continue to prompt other files to report the error.

Originally, I planned to repackage an apk for the next version of android studio below 3.0, but later I saw an answer on the Internet saying that you can delete C:\ Users\ XX\ AppData\ Local\ apktool\ framework\ 1.apk, delete the 1.apk with the mentality of trying, and then go back to compilation:

.\ apktool.bat b.\ test\

Look at the success, go to the dist directory to see that there is a new package:

Install the newly typed package on the Android machine and report another error:

NO_CERTIFICATES, no signature, cannot be installed, so sign the apk package first, using the keytool and jarsigner tools that come with jdk.

Use the keytool tool to sign the document:

.\ keytool.exe-genkey-alias "test"-keyalg "RSA"

Explanation:

-genkey creates a new key

-alias key alias

-keyalg algorithm for generating key pairs

-validity, followed by the number of days, represents the validity period of the certificate created, or by default

Then use the jarsigner tool to sign:

.\ jarsigner.exe-verbose-keystore C:\

Users\ xxx\ .Keystore-signedjar C:\ Users\ xxx\ app-debug-signed.apk C:\ Users\ xxx\ app-debug.apk "test"

Explanation:

-verbose signature / verification output details

-keystore KeyStore location

-signedjar the name of the signed jar file

Note that it is followed by an alias (alias). If you make a mistake, you will report an error:

Finally, a signature package is generated:

Install again:

Note that this package already exists. Delete the original app on the phone and reinstall it successfully:

When you click the login button again, you can see that the prompt has been modified:

On how to achieve static analysis in Android to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.