1. The document discusses decompiling an Android APK file into smali code using apktool and analyzing the smali code to understand the logic of the original Java code. 2. It shows how to decompile an APK, find the relevant smali files, and start translating smali instructions and structures back into equivalent Java code. 3. Useful resources mentioned for learning more about the Dalvik bytecode, smali syntax, and decompiling process include websites on Dalvik opcodes, the JUMPERZ blog, and the CodeGenerator source code.

1. DevQuiz
Android
2011/10/01 Open
at Xi for Developer

2. • YAMAZAKI Makoto(twitter: @zaki50)
4988/5000
• Android
•
• StickyShortcut
• ClaudiaVoice for Android
• Java ( )
• GDD 2011 Japan ADK OpenCall

3. DevQuiz
• Google Developer Day 2011 Japan

4. Android
• AIDL Android
AIDL
package com.google.android.apps.gddquiz;
interface IQuizService {
String getCode();
}

5. 1
1.
2.
3. AIDL

6. 1
1.
2.
3. AIDL

7. •
•
•

8. • apk
• smali (dalvik
assembler)
•
Java

9. Step 1 apk
• apk zip
smali
apktool http://goo.gl/5U8U
$ apktool d DevQuiz11Service_r1.apk
I: Baksmaling...
I: Loading resource table...
I: Loaded.
I: Loading resource table from file: /Users/zaki/apktool/framework/1.apk
I: Loaded.
I: Decoding file-resources...
I: Decoding values*/* XMLs...
I: Done.
I: Copying assets and libs...
$ ls DevQuiz11Service_r1
AndroidManifest.xml apktool.yml res smali

10. smali
• Dalvik
.class public Lcom/google/android/apps/gddquiz/gddquiz11service/DevQuiz11Service;
.super Landroid/app/Service;
.method static synthetic a(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
.locals 1
invoke-static {p0, p1}, Lcom/google/android/apps/gddquiz/gddquiz11service/
DevQuiz11Service;->b(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
return-object v0
.end method
• http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html

11. Step 2
• ProGuard
• Service
$ cd DevQuiz11Service_r1/smali
$ grep -rl ".super Landroid/app/Service" .
./com/google/android/apps/gddquiz/gddquiz11service/DevQuiz11Service.smali
$ cat DevQuiz11Service.smali
( )
.method private static b(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
.locals 6
( )
const-string v2, "SHA-1"
invoke-static {v2}, Ljava/security/MessageDigest;->getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;
( )

12. Step 2
• DevQuiz11Service#b private
DevQuiz11Service#a
• DevQuiz11Service#a
$ grep -rl DevQuiz11Service .
./gddquiz11service/a.smali
./gddquiz11service/DevQuiz11Service.smali
./gddquiz11service/DevQuiz11ServiceActivity.smali

13. Step 3 Java
•
.method private static b(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
.locals 6
private static String getCode(String googleAccount, String passcode) {
// googleAccount: p0, passcode: p1
// v0 v5
• static
invoke-virtual {p0}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v0
String v0 = googleAccount.trim();
•
const-string v2, "SHA-1"
invoke-static {v2}, Ljava/security/MessageDigest;->getInstance(Ljava/lang/String;)Ljava/security/
MessageDigest;
move-result-object v2
MessageDigest v2 = MessageDigest.getInstance(“SHA-1”);

14. Step 3 Java
•
new-instance v3, Ljava/lang/StringBuilder;
move-result-object v0
invoke-direct {v3, v0}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
StringBuilder v3 = new StringBuilder(v0);
•
if-lt v2, v3, :cond_0
if (v2 < v3) goto cond_0; // goto
if-ne v3, v4, :cond_1
if (v3 != v4) goto cond_1; // goto
• xor
xor-int/2addr v3, v4
v3 ^= v4;

15. Step 3 Java
• → http://goo.gl/78W6s
CodeGenerator.java

16. Step 4

17. • apktook
http://goo.gl/5U8U
• Dalvik opcodes
http://goo.gl/yUX3S
• JUMPERZ.NET Blog: Android
http://goo.gl/aVL3q
• CodeGenerator.java http://goo.gl/78W6s