Android Reverse Engineering - Beginners Guide To Smali Coding

Presenting to you a beginners guide to reverse engineer an Android applications. Please use this for learning purposes only. Do not break intellectual properties.

Disclaimer: This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. When I say beginners, I expect you to have knowledge of some programming language (Java, Kotlin, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions.


What is Reverse Engineering?

Reverse engineering is a process is breaking something down to understand it, build a copy or improve it. This process can be applied to hardware, software, databases or even human DNA.

Reverse engineering can be used for many purposes such as a learning tool or to expose security flaws and bad practices.

Reverse engineering of a software, hardware or database are legal unless the EULA prohibits it, then it is prohibited no matter what. Also beware of Digital Millennium Copyright Act (DMCA) and Google Play Console Developer Program Policy.


What Is Smali?

Android programmers write programs using one or combination of these programming / scripting languages:
  • Java
  • Kotlin
  • C/C++
  • C#
  • JavaScript
  • Lua
The IDE like Android Studio, IntelliJ are then used to build apks from these codes by converting the source code into ART executables (.dex files). The ART in Android can then run these executables. The dex files are totally unreadable. We need tools to convert this dex files to a more readable form so we can edit it. This is where smali comes in.

.dex <----> .smali <---- Java, Kotlin source code

The .dex files can be disassembled to .smali files and smali files can be assembled to .dex files again. So to modify Android apps without source codes, you gonna need to edit this .smali files.

Smali is not an easy programming language to master. You can get info about almost all smali commands here.


Modifying Android Apps Without Source Code

The best way to learn Android reverse engineering is via hands-on assignments.

Requirements:
Now let's get into action. I created an Android applications here https://bitbucket.org/ron_ang/hack-one/src/master/ and I want you to break it. That's your assignment.

Comments

Post a Comment

Popular posts from this blog

CTF Practice - Reverse Engineering Android Apps 101

Image
Introduction On this blog we will crack some real world unsecured Android applications. For educational purpose only! Disclaimer:  This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. I expect you to have knowledge of some programming language (Java, Kotlin, C/C++, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions. Environment : OpenJDK 8 Android Studio SDK Visual Studio Code IDE with APKLab Reverse Engineering Android Apps - DEX Bytecode The goal of this exercise is to crack a real world Android apps to bypass the verification code to become a premium user. Step 0x1 Download the Apk . Step 0x2 Decompile the APK with Visual Studio Code. Step 0x3 Examine the manifest. We see that it only have one activity. Step 0x4 Look for if-else co...
Read more

Real-world Applications of Computer Programming

Image
Computer programming is the process of creating instructions for a computer to follow. It is a skill that is in high demand, and it can be used to create a wide variety of applications, from simple websites to complex artificial intelligence systems. Here are some specific examples of the real-world applications of computer programming: Healthcare: Computer programming is used to develop medical devices, electronic health records systems, and other healthcare-related software. For example, programmers have developed pacemakers that can regulate a person's heartbeat, insulin pumps that can automatically deliver insulin to diabetics, and imaging systems that can help doctors diagnose diseases. Finance: Computer programming is used to develop trading software, risk management systems, and other financial software. For example, programmers develop software that can help banks and other financial institutions assess risk and make investment decisions. Manufacturing: Computer programming...
Read more

Strengths and Weaknesses of iOS & Android

In the ever-evolving landscape of mobile technology, two giants stand at the forefront: iOS and Android. Each operating system boasts its own set of strengths and weaknesses, catering to different preferences and priorities of users worldwide. Let’s delve into the intricacies of both platforms to understand their distinct qualities. iOS: Unmatched Integration and Security iOS, the proprietary operating system developed by Apple, is renowned for its seamless integration of hardware and software. This cohesion ensures a consistently smooth user experience across various Apple devices such as the iPhone, iPad, and iPod Touch. The meticulous optimization of iOS for Apple’s hardware enhances performance and reliability, setting a high standard for user satisfaction. One of iOS’s standout features is the unparalleled quality of its applications. The rigorous review process enforced by Apple before apps are accepted into the App Store ensures a level of quality and security that users can tru...
Read more