My proclamation about this presentation
❖ The application binary and
decompiled code I use in this
presentation are only for
teaching and learning!
❖ After the presentation, I would
not provide or use them in
ANY circumstances and I will
immediately delete them
You must be really bad!
❖ Stealing accounts and data!
❖ Mess up the device!
❖ BitCoin mining using others’ device
❖ UI Localization!
❖ Ad. removal!
❖ Resource extraction!
❖ Wow, that’s cool!
How did you do that?!
❖ Fix the bug yourself!
❖ Get to know your enemy and
how to better protect your
❖ Add some features to it
Are you kidding?
❖ Command line tool for disassembling/assembling APK!
❖ Decompile APK
apktool d file_name.apk!
❖ Rebuild APK
apktool b folder_name
❖ You don’t even need to know how to
write android app or JAVA!
❖ Android multi-language support
 http://developer.android.com/training/basics/supporting-devices/languages.html! !
❖ Get the original APK!
❖ AndroidAssistant (backup)!
❖ /data/app/ (root access)!
❖ Copy values folder to
❖ Localize the content of
❖ Build and sign the APK
❖ Assembler/disassembler for the dex format used by Dalvik!
❖ The syntax is loosely based on Jasmin’s dedexer's syntax!
❖ Supports the full functionality of the dex format!
❖ Annotations (@Override, @SuppressWarnings …)!
❖ Debug Information!
❖ Line Information!
❖ Write a simple application and decompile it and see how it is
turned into Dalvik operations!
Types in smali
Smali JAVA Primitive Type
V void - can only be used for return types
J long (64 bits)
Class Object Lcom/lansion/myapp/xxxparser;
❖ Some code and resources that are built into the Android
system on your device!
❖ Installing framework resource for apktool
apktool if framework-res.apk
Virtuous Ten Studio (VTS)
❖ Integrated Reverse Engineering Environment for APK!
❖ Built-in ApkTool, ADB, Zipalign, Sign, dex2jar…!
❖ Support for APKs and framework JARs!
❖ Text editing of smali, xml files with syntax highlighting, live
checking and code folding!
❖ M10 file editing (HTC Sense)!
❖ Unpack/ repack boot images!
❖ Generate JAVA sources using multiple libraries!
Demo: Remove the ad. from xxxxx!free
❖ What you need!
❖ Know the API of libraries!
❖ Know the API of Android!
❖ Tip1 : When you don’t know how to do something in
smali, just write it in JAVA and decompile it
❖ Make it really difficult for
human to understand and time
consuming to hack!
❖ Make the names of variables,
methods, classes and
❖ Remove debug information!
❖ Complicated call flow!
❖ Redundant source code!
❖ Penalty of obfuscation
This is you!!
Build your own crack tool
❖ Provide static functions!
❖ Add logcat logs with variable states!
❖ Add stack trace dump!
❖ Do the complicated tricks out side of the original
program (much easier in JAVA)
A more difficult task - ???????
❖ UI is always the key to find the
❖ Resource ID (name) turns into
constant value map!
❖ Insert the snippets decompiled
from your crack tool!
❖ Most of the local license checking
is not too complicated!
❖ Altering one of the boolean-returning
function does the trick
in a majority of cases
Still a piece of cake
❖ Knowing the system API is
❖ More complicated check
might involve getting IMEI,
MAC… from your device!
❖ You still can trick the
application by replacing the
system API call to your own
What I did to Age of Empires on Android
❖ Modify the menu bar to provide control interface!
❖ TCP server to communication with another Android
device with the same hacked APK!
❖ Add a robot state machine to get money, resource…
from the other account without effort.
Protect your work
❖ Design with NDK!
❖ Using framework like cocos2d (generates native library)!
❖ Don’t just use one method for checking!
❖ Strong obfuscation!
❖ Provide the content using web!
❖ Find a way to mess up the decompiler
What you might be interested in
❖ You can use the decompiled code from other apps in
❖ Embed a broadcast receiver to interact with external