How to hack (reverse engineer) an Android App

What do we mean when we talk about hacking or crackingAndroid apps to get their paid versions for free or to remove ads or enable paid features?
How do so many websites give away premium apks and apps for free? How do they crack them?

The answer to all of these questions is just 2 words - Reverse Engineering. 

Reverse engineering refers to the art of opening up an application or a piece of software from the bottom up; that is, peeling it layer by layer until we reach the very core mechanisms of the app. At this point, we can figure out ways in which various app components work together and look at exploits to take advantage of these interdependencies.

Now, let's look at how we can reverse engineer an Android app.

Getting the APK file

The first step to reverse-engineering an app, is to get the apk file. Android apps (or APKs) are really just ZIP files with a new extension. Inside is everything the app needs to run—from the code to any media it might need.

There are a number of ways to get an APK. If you have an app you'd like to reverse-engineer on your Android, you can use a file manager like ASTRO to save a backup to an SD card. It's also possible to connect your Android to a computer and then use the Android Debugging Bridge to transfer the app to your PC. You can also use online tools to suck APKs out of Google Play.
If none of these, then you can simply download the apk from over the internet from a trusted website.

Pulling It Apart

Once you have an APK to work with, you'll need to convert it into something more usable. For this, we have two options.  
  • Disassemble your target with a tool like Apktool, which will convert the APK's compiled application code file (Dalvik Executable, or DEX) into an assembly language like Smali. 
  • Or decompile the apk, which converts the DEX into a Java Archive (JAR), and then to Java.

Fora noted that because some data can be lost in the decompiling process, it's better to use a decompiler that was made with Android in mind. This skips the JAR step, converting DEX directly to Java.

For people uninterested in tracking down all those tools on their own, I suggest you use Santoku. This is a special distribution of Linux from viaForensics that comes preloaded with all the tools you need to pull apart, modify, and repackage an Android application. It's a powerful digital forensics tool. Use the Androguard tool to reverse engineer your Android app. Reverse engineering the app is almost done now. you have the code right in front of you. Play with it as you want.

Rapid Reverse

If you fell asleep during the last few paragraphs, this is where you wake up. Using Santoku, take up an Android app of your choice and take it apart. 
Now you will be able to browse the code for the app, tweak whatever you want, make changes and then recompile, sign the app and install it on a device. All of this and no one will ever detect the app has been tampered with!

Comments

Post a Comment

Popular posts from this blog

Creatine: Should you take it? Dosage, advantages and myths debunked

Image
Until a while ago, even mentioning the word creatine to an average gym goes would mean blasphemy. People wh=oul think you are taking steroids. They'd all start warning you about how you are setting up for disaster, and how your kidneys are going to ditch you any day soon. However, with recent research, it has been proven that creatine has ABSOLUTELY NO SIDE effects in healthy individuals and, in fact, helps boost performance. Benefits: Helps Muscle Cells Produce More Energy. Supports Many Other Functions in Muscles. Improves High-Intensity Exercise Performance. Speeds Up Muscle Growth. May Help With Parkinson's Disease. May Fight Other Neurological Diseases. May Lower Blood Sugar Levels And Fight Diabetes. How does creatine work? This diagram from muscleandstrength.com explains very beautifully the working of the creatine. It's fairly simple and requires really no elaboration on my part. Dosage Instructions Creatine is generally 'loaded
Read more

My IIM CAP 2020 Interview Experience

Image
Hello everyone. Today, I'm sharing my IIM Common Admission process interview experience from CAP 2020. I got a WAT-PI call from the following IIMs: IM Bodh Gaya IIM Jammu IIM Ranchi IIM Raipur IIM Sambalpur IIM Sirmaur IIM Tiruchirappalli IIM Kashipur IIM Udaipur Venue: Chennai. IIM Trichy Center in Chennai. Date: 11th February 2020. Profile: CAT Percentile: 96.35 Work experience: None. Fresher. Computer science engineering. General, Engineering, Male Number of panellists: 2 WAT topic: B-schools should focus on developing employability more than teaching entrepreneurship. The interview panel had two members. The interview began without any formal introductions or any usual questions like tell us about yourself etc. M1 started by asking me where I am from and my stream. Answered to the point. Did not get much chance to elaborate. M2 started picking up courses from my transcript and asking questions as to what I learnt in those courses. Th
Read more

Review: Sinew Nutrition Raw Whey Protein Concentrate 79% Unflavoured

Image
Intense physical activity is one of the best things you can do for yourself. Hitting the gym, running sprints, playing a sport that requires you to actively run (golf and table tennis don't count), swimming, uphill biking - all of these are intense physical activities that do tons for your body. They help keep your hormones in balance, don't let your body accumulate fat, and, provide the heart with a good daily exercise. Read more here. Now, what do you do after you have burnt all those calories and exercised sufficiently? The same thing that you do after you empty your Ferrari's tank - Refuel. Proper nutrition is VERY IMPORTANT if you wish to be able to recover and grow from the physical stress you put on your body. I have highlighted the importance of good nutrition and protein in my posts here. Check it out if you haven't. In this review of  Sinew Nutrition Raw Whey Protein Concentrate 79%, 3 Kg (Unflavoured) I will talk about my experience of using this
Read more