Record an android reverse engineering experience

Record an android reverse engineering experience

1. Decompile

  • dex2jarGenerate the jar file and then jd-guiview the class file
  • apktoolUnzip the apk

2. Find related keywords

  • apktoolSearch for such keywords in the decompressed project, find that its definition is in the string.xmlfile, and can be traced back public.xmlto its corresponding id.
  • idSearch again to find the relevant files, and then go back jd-guito view the relevant logic (some of the methods are not converted into java code but byte code, maybe there are related preventive measures?)
  • Modify the apktooldecompressed smalicode (similar to assembly) to change the logic, and then apktoolpackage the generated apkfile and sign it (after installation, it was found that not all cracked, part of the copy is still incomplete)

3. Database decryption

  • It is found that the data is found from the sqlitedatabase carried in the apk, and the res/rawrelevant db file is found in the project folder
  • Then the database file is sqlcipherencrypted, search for xxx.dbkeywords in the return code , and find the method to get the database password string
  protected String a() {
    char[] arrayOfChar = (new String(Base64.decode("w6PDl8OKw4fCtMK2w5rCssO0w6rDj8KzwrjCtMOk", 1))).toCharArray();
    for (byte b1 = 0; b1 < arrayOfChar.length; b1++)
      arrayOfChar[b1] = (char)(arrayOfChar[b1] ^ 0x80); 
    return (new StringBuilder(String.valueOf(arrayOfChar))).reverse().toString();
  }
 

After decrypting the database, check the content in the database and find that the complete content is not stored in the database. It should be necessary to download updates from the server

4. Get content from the server

to be continued...