Basics
As I mentioned I’ll be adding the pictures of any queries users ask me to the next day wiki, so here it is,
Let’s take an app : I’ve taken Benime Whiteboard Video Maker Video and methods credits: Mr. Craazy
When you’ll download the app from apkpure or any website you’ll see it’s in an extension .apks or .zip or .xapk formats simply these are as a archive or bundle format to make size of output less. To convert them we need to convert it into .apk format for which we use Antisplit-G2 or SAI
Here used AntiSplit:
After converting to apk now we are about start our work 😜:
- GO to the location with MT Manager where the converted apk format is
- Open the apk and click on any classes.dex then select dex editor plus, Then select all the dex
Now from the search option search for DoodleMainActivity
Now you’ll be thinking similar to those tutorials i’m going to skip it and will let it up to you to know how I came to this conclusion to search only DoodleMainActivity 😂
Well don’t worry I’m not going to do that:
Reasons why DoodleMainActivity is being searched:
- As I mentioned it’s good if you have a little Java knowledge even only creating the hello world! App in Java is enough for beginning the reverse engineering… Now if you recall your memory a bit you’ll remember that the first file during making of that
hello world!project we make a java file named asMainActivityand in that file we write everything, and after we build the application that file is being run and show us hello world! Text on main screen - Similarly every app has it’s MainActivity which it opens first on launch of the application and in this app i.e. Benime that activity is
DoodleMainActivity - It’s always good to first check the opening activity of any app during reverse engineering of it for many reasons such as checking what it is doing on run and sometimes devs leave their important stuffs here also like in-app purchases details which we people need 😁
- So I hope this much is enough reasons for you to understand why DoodleMainActivity is being searched.
- As I mentioned it’s good if you have a little Java knowledge even only creating the hello world! App in Java is enough for beginning the reverse engineering… Now if you recall your memory a bit you’ll remember that the first file during making of that
Open the first result which you get and just like in the below image click on
gotoit’ll lead you guy’s to the DoodleMainActivity
First let’s know about static field in Java:
- I searched on Google for its quicker and short understanding, and you can see:
- From these results one thing is clear that it’s being used to store some values
- Now let’s see what we get in the DoodleMainActivity class:
aha! 😜 So there is a static field in this class, that means R:Z is being used to store some value and what does ’Z’ represents in smali?(of course boolean) so it only can store two values i.e., either true or false
[!NOTE] It’s to be noted that every time you see static fields in classes of app doesn’t mean that it’s right, and you start editing with that and began complaining about not working, but you still followed my method in another app LoL 🤣. We have to analyze that class to see if the in-app purchases are related to that field or not, only then start editing them.
- Now after analyzing the code we came to conclusion that this field is the value where data is stored, you can also see as
ca-pub-xxxetc. codes are used for ads and in-app purchases:
- Now then search for the places inside the class where that static field is called, and we reach here:
- For more understanding of below lines refer to DAY 03
Now let’s understand through line one of
G(Ljava/lang/Boolean;)Vwe can understand that first it’s creating boolean to register p1 to store bool value in it then throughif-eqzchecking if value of p1 results 0 (false) or 1 (true) and if the value results in 0 then it’ll go to:cond_13i.e., line 237 where you can see then it’ll make p1 value 0 and use the field boolR:Zwhich we see earlier here… from above image we can also see if it’s false it’ll skip the result and will not execute the below codes of if-eqz, to run then we’ll move these codes inside the condition as:
then we’ll return the value as return-void because register v0 value is being stored to p1:
- Now let’s move on, it’s similar (as there is also same codes just we need to remove the if-eqz code which I discussed earlier about) to above process, so I’ll be skipping explanation still if anyone of you doesn’t understand below processes then as always I say you’re free to ask me at @Qbtaumai 😉:
