Inside DVMTools

Real life hackingObfuscation

Nick Bova@mykola_bova

Nov 14 2013

Basic flow

<Picture on flipchart – possible ways>

How to get *.apk files for installed applications?

One of options - MyAppSharer

Tool for sharing Android screen

Tool for sharing Android screen

Tool for sharing Android screenhttp://droid-at-screen.ribomation.com/java -jar F:\adb\nb\droidAtScreen-1.0.2.jar

What is adb?

How to get *.apk files from smart phone?

<Example 1>One of options –adb shellls /sdcard/MyAppShareradb pull /sdcard/MyAppSharer .

How to convert *.apk *.jar file?

<Example 2>dex2jar.bat com.adobe.reader.apk

https://code.google.com/p/dex2jar/

How to convert *.jar file *.java files?

<Example 3>jd-guihttp://jd.benow.ca/If not enough – use JAD

How to unzip *.apk files?

<Example 4>One of options – WinRAR

Hello, cap

How to disassemble classes.dex file?

< Example 5 > One of options – dexdump.exeF:\android\sdk\build-tools\17.0.0\dexdump.exe

-d -f -h classes.dex > classes.dex.out.1

Real Life example (1)

LjbeetleOpen source LiveJournal client for Androidhttps://

bitbucket.org/dotCypress/lj-beetle/wiki/Homehttps://

play.google.com/store/apps/details?id=com.dotcypress.ljbeetle&hl=ru

Real Life example (1)

Автор – Виталий Домников @dotcypressHates java and Android

Real Life example (2)

1) analyticscom.flurry.androidhttp://

support.flurry.com/index.php?title=Analytics

Real Life example (3)

2) using http for uploading imagespackage com.dotcypress.ljbeetle.upload;public String upload(String paramString)http://pics.livejournal.com/interface/simple

Additional tools

What is your suggestion(s)? <flipchart>

smali

https://code.google.com/p/smali/https://

code.google.com/p/smali/source/browse/examples/HelloWorld/HelloWorld.smali

<Example 200 Additional>

smali tests

https://android.googlesource.com/platform/external/smali/+/

0856f098c0c7296fba137e8f5d039482060cb5cd/smali-integration-tests/src/test/smali/junit-tests

<Example 200 Additional>

smali examples

https://code.google.com/p/smali/source/browse/#

git%2Fexamples%2FMethodOverloading

Beginner’s guide to smali coding

http://forum.xda-developers.com/showthread.php?t=2193735

http://forum.xda-developers.com/showpost.php?p=39218738&postcount=2

http://forum.xda-developers.com/showpost.php?p=39218750&postcount=3

http://forum.xda-developers.com/showpost.php?p=39218761&postcount=4

http://forum.xda-developers.com/showpost.php?p=39228373&postcount=6

Smalli Hello World

java -jar F:\adb\tools\smali-2.0.2.jar -o classes.dex HelloWorld.smali

F:\adb\adb.exe push HelloWorld.zip /sdcard/F:\adb\adb.exe shell mkdir /sdcard/dalvik-cacheF:\adb\adb.exe shell ANDROID_DATA=/sdcard

dalvikvm -cp /sdcard/HelloWorld.zip HelloWorld

dedexer

http://dedexer.sourceforge.netCreate folder dedexer.outjava -jar F:\adb\ddx1.26.jar -o -D -r -d

./dedexer.out classes.dex <Example 201 Additional>

dexter

Dexterhttp://dexter.dexlabs.org/Web tool<Example 202 Additional>

Android apps

- DexDump- Dexplorer

Hello World java

javac HelloWorld.javaF:\android\sdk\build-tools\17.0.0\dx.bat --dex --

output="F:\adb\Example 200 Additional Smali\classes.dex" HelloWorld.class

zip HelloWorld.zip classes.dexF:\adb\adb.exe push HelloWorld.zip /sdcard/F:\adb\adb.exe shell mkdir /sdcard/dalvik-cacheF:\adb\adb.exe shell ANDROID_DATA=/sdcard

dalvikvm -cp /sdcard/HelloWorld.zip HelloWorld