Thursday, November 14, 2013

Android Application Hacking

As most of you know android is based JAVA, and it runs a Linux kernel. It uses a Dalvik Virtual Machine, and which is bit different from the Java Virtual Machine (JVM). Dalvik code since it is based on Java, we can have all the fun of java. I.e. We can decompile an Apk and generate the source code and them modify whatever we want to and then recompile to generate an custom application. This is all because of the DVM byte codes. If it were to be C language, it would not have been possible. 

I would like to write in detail as to how we can hack an application and different tips and tricks to be used, which I come across while doing such stuff. I am warning you, hacking is only for educational purpose, and I do not support unethical hacking. 

There are some good tools around which would actually simplify our process of decompiling, compiling, and signing of an app. And my preferred application is AndroidMultitool 

Here is the link to download the same, and usage details can be found in the same place, and I do not talk much about it, other than the link. But all I can say is that this is an wonderful tool, which makes the process super quick. 

First of all, you must know that your phone must be rooted to get access to these APKs and once rooted, this can be found at /data/app folder. Do a grep and find out where is the APK to be hacked. 

Some of the hacking tips now. 

Removing ads from the application. 

You must understand that the ads generate revenues for the developer and so we must support them, having said that, we can always get rid of it for many reasons, as it consumes lot of your 3G data. So it is your final decision what you want to do with it. We have different ways to go with it.

  • You can install some ad blocking apps which would actually modify your host file in Linux to block all the ad sites, which would not allow the app to fetch ad and show. 
    • But some ads would show local ad banners when network connections are not available.
    • Some apps would need internet connection for their working, so we can't disable internet connection in first place. 
    • Some would leave a blank space in the screen which is reserved for the ads, which eat up lot of screen real estate. 
  • Having said all this blocking the network connection for this app may not be so convenient, but it would be easy to do this for most of the apps, and most apps don’t leave space when network connection is not available, and hence this should be considered as the first preferred option. :)
  • You can find some very good apps for firewall, which can do this for you. I personally use Droid Wall to do handle the firewall. 
  • You can remove the ad content from the XML layout and recompile the app.
    • You need to search for the string @id/ad in all the xml files in resource folder, then use some common sense to change the height and width to zero. (0.0dip). Sometimes, you can remove this lines completely. 
    • If the app crashes after removing these lines, then it could be that these resources are accessed with in the code, by index and not by name, in that case, we may not be able to remove them, we can hide them by setting and android: visibility="invisible" or "gone". Gone would completely remove it, and invisible would make it transparent, but the screen real estate will not be recovered for other elements. 
Hacking the Android Apps (Getting Pro Features on Free Apps)

It may not be always possible to get the pro features on Free apps, but most of the times, we see that the Free app would have all the features in the application, but it would be blocked. In such cases we can search for some strings in the application project which we have decompiled, and try to figure out functions where they are blocked then unblock them.

Most of the cases I have seen till now, are very simple (I mean most complex blocks are easy to crack)
We  need to replace a line as below.

#if-eqz goto :cond_0
goto : cond_0

This is very trivial change, and it can change the flow of code, and then you would be able to use the Pro features. Or sometimes, some functions would be called to get some license checks which would return a zero on nonzero, and later that would be compared in many places, you make the function always return what is expected, your job is done. 

It is more of common sense to go through the smali files generated, and find out. You can check the smali syntax in Google, and that would give some good insight into what exactly the code is doing. 

No comments:

Post a Comment