1. Decompile
dex2jar
Generate the jar file and thenjd-gui
view the class fileapktool
Unzip the apk
2. Find related keywords
apktool
Search for suchstring.xml
file, and can be traced backpublic.xml
to its corresponding id.id
Search again to find the relevant files, and then go backjd-gui
to view the relevant logic (some of the methods are not converted into java code but byte code, maybe there are related preventive measures?)- Modify the
apktool
decompressedsmali
code (similar to assembly) to change the logic, and thenapktool
package the generatedapk
file and sign it (after installation, it was found that not all cracked, part of the copy is still incomplete)
3. Database decryption
- It is found that the data is found from the
sqlite
database carried in the apk, and theres/raw
relevant db file is found in the project folder - Then the database file is
sqlcipher
encrypted, search forxxx.db
keywords in the return code , and find the method to get the database password string
protected String a() {
char[] arrayOfChar = (new String(Base64.decode("w6PDl8OKw4fCtMK2w5rCssO0w6rDj8KzwrjCtMOk", 1))).toCharArray();
for (byte b1 = 0; b1 < arrayOfChar.length; b1++)
arrayOfChar[b1] = (char)(arrayOfChar[b1] ^ 0x80);
return (new StringBuilder(String.valueOf(arrayOfChar))).reverse().toString();
}
After decrypting the database, check the content in the database and find that the complete content is not stored in the database. It should be necessary to download updates from the server
4. Get content from the server
to be continued...