inside dvm tools
TRANSCRIPT
Inside DVMTools
Real life hackingObfuscation
Nick Bova@mykola_bova
Nov 14 2013
Basic flow
<Picture on flipchart – possible ways>
How to get *.apk files for installed applications?
One of options - MyAppSharer
Tool for sharing Android screen
Tool for sharing Android screen
Tool for sharing Android screenhttp://droid-at-screen.ribomation.com/java -jar F:\adb\nb\droidAtScreen-1.0.2.jar
What is adb?
How to get *.apk files from smart phone?
<Example 1>One of options –adb shellls /sdcard/MyAppShareradb pull /sdcard/MyAppSharer .
How to convert *.apk *.jar file?
<Example 2>dex2jar.bat com.adobe.reader.apk
https://code.google.com/p/dex2jar/
How to convert *.jar file *.java files?
<Example 3>jd-guihttp://jd.benow.ca/If not enough – use JAD
How to unzip *.apk files?
<Example 4>One of options – WinRAR
Hello, cap
How to disassemble classes.dex file?
< Example 5 > One of options – dexdump.exeF:\android\sdk\build-tools\17.0.0\dexdump.exe
-d -f -h classes.dex > classes.dex.out.1
Real Life example (1)
LjbeetleOpen source LiveJournal client for Androidhttps://
bitbucket.org/dotCypress/lj-beetle/wiki/Homehttps://
play.google.com/store/apps/details?id=com.dotcypress.ljbeetle&hl=ru
Real Life example (1)
Автор – Виталий Домников @dotcypressHates java and Android
Real Life example (2)
1) analyticscom.flurry.androidhttp://
support.flurry.com/index.php?title=Analytics
Real Life example (3)
2) using http for uploading imagespackage com.dotcypress.ljbeetle.upload;public String upload(String paramString)http://pics.livejournal.com/interface/simple
Additional tools
What is your suggestion(s)? <flipchart>
smali
https://code.google.com/p/smali/https://
code.google.com/p/smali/source/browse/examples/HelloWorld/HelloWorld.smali
<Example 200 Additional>
smali tests
https://android.googlesource.com/platform/external/smali/+/
0856f098c0c7296fba137e8f5d039482060cb5cd/smali-integration-tests/src/test/smali/junit-tests
<Example 200 Additional>
smali examples
https://code.google.com/p/smali/source/browse/#
git%2Fexamples%2FMethodOverloading
Beginner’s guide to smali coding
http://forum.xda-developers.com/showthread.php?t=2193735
http://forum.xda-developers.com/showpost.php?p=39218738&postcount=2
http://forum.xda-developers.com/showpost.php?p=39218750&postcount=3
http://forum.xda-developers.com/showpost.php?p=39218761&postcount=4
http://forum.xda-developers.com/showpost.php?p=39228373&postcount=6
Smalli Hello World
java -jar F:\adb\tools\smali-2.0.2.jar -o classes.dex HelloWorld.smali
F:\adb\adb.exe push HelloWorld.zip /sdcard/F:\adb\adb.exe shell mkdir /sdcard/dalvik-cacheF:\adb\adb.exe shell ANDROID_DATA=/sdcard
dalvikvm -cp /sdcard/HelloWorld.zip HelloWorld
dedexer
http://dedexer.sourceforge.netCreate folder dedexer.outjava -jar F:\adb\ddx1.26.jar -o -D -r -d
./dedexer.out classes.dex <Example 201 Additional>
dexter
Dexterhttp://dexter.dexlabs.org/Web tool<Example 202 Additional>
Android apps
- DexDump- Dexplorer
Hello World java
javac HelloWorld.javaF:\android\sdk\build-tools\17.0.0\dx.bat --dex --
output="F:\adb\Example 200 Additional Smali\classes.dex" HelloWorld.class
zip HelloWorld.zip classes.dexF:\adb\adb.exe push HelloWorld.zip /sdcard/F:\adb\adb.exe shell mkdir /sdcard/dalvik-cacheF:\adb\adb.exe shell ANDROID_DATA=/sdcard
dalvikvm -cp /sdcard/HelloWorld.zip HelloWorld