How to reverse engineer android apps (Tutorial)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello guys in this video I'm going to teach you how to act and Android apps or in other words how to reverse engineer and enter app now this video is just for educational purpose and I don't encourage piracy in any me so hacking Android app is not that very hard or not that very simple it just depends on how experienced you are first I'm going to show you the app that we are about to hack this app is made by me and I'm not using anyone's app and just cracking my own app ok here is the app called my application this app is really simple the only thing is you only have to input the username and press the authenticate button and if username massive then we'll just get a VIP mrs. else we'll get other mrs. maintaining that you are not on VIP for example let's type John and its authenticate so we get sorry you're not a VIP user you need to pay up right so you if I write my name then authenticate now I get the message you are a VIP user so our goal is to crack the app so that whatever name we type the message will be you are a VIP user so even if you type trick we need to so you are a VIP user so this is the basic I program that I have written for my Android application we have dismisses the 80 ticks and login button so whenever we click the login button the is authenticated function is called and if it's math is my name then it returns true and the you are VIP user is sick and if it's false then sorry you are not going to use it its own so what you do first is create a new folder and write hacking open it and let's copy my apk files to this hacking pollard now first of all I have the source code right but you may not have the source code but first what we need to do is view the source code of this it cake so for this you need to go to github and search for ext done I'll put the link in the description below and just click on this link and and download this Dixie's are by clicking over here I already download it so we'll lip just copy I have this over here copy to my hacking folder and paste it now extract it you can use any sort to extract I have used 70 so let's just copy cut it and paste it in the out folder so that it's easier to access it's not completely necessary now now we don't need this folder so let's delete it and what you need to do is to open the command make sure you are inside the hacking folder now let's go inside Dixit job and make sure you have copy pasted come on and paste it now if you are using Mac or Linux then you will use the dot s H file but right now I'm using Windows so we need to use dot back and apart to my apk is one step back and my abs don't educate now it will off with the jar file keep the name my app that disk is on now let's see inside this folder we have this file now to do the social we need another softer and softer name is JD - GUI as I call it download I'll just copy from Katy key tool and I have this Gigi's UI please go inside aking folder and the piston now just go inside the folder open the big GUI and go back if you take to that I'll just drag and drop over here open this package you can see main activity door class if you compare this code with this original code is kind of thin but not exactly you can see the variable names all our genes now to crack this what we have to do is make sure that when we click the buttons over here is o then if you call the unclick function we need to make sure that when able to click the button this function always returns true so that any users can use the app not only me this is a simple application so the code is quite simple but if you are viewing the source code of any other app of complex and it might be a little harder or a lot harder and we have used the source code the only thing left to do is to change this line so that it always done through for this we need on the software call each K - you can just download the latest version uh again the link will be posted in the description below I have a few key tool already on my laptop so what I do is copy this down file and this is in the hacking folder now we need to decompile this app what we do it let's go to the come on line and let's go on back and type apk to decompile my app 80k as you can see we can see a new folder appeared in our hacking folder now let's go inside if you take a while let's go inside now we'll if you want to change just the resources you can undo it quite easily you get here every images with your own but our intention is change the code so let's go do this Molly calm example my application and to edit this you can use any editor are you posting you stop line six let's again drag it over here this looks quite different from the original code as well as the one from the dark file it's because it's non Sala it's more like an assembly code if you are if you have a down your back in a degree in computer science then you might have to learn assembly code in microprocessor or something like that but thing is we can just do heat and trial and figure it out so what we need to do was make this eye function return true always so let's look at the iPhone sense okay Katie I function the value of the edit X is stored in v-0 and v1 is the content this and v-0 and v1 is compared ignoring cases and the result is saved in v-0 now if V 0 is equal to true then this is executed if V 0 is false then condition zero is executed continue it over here so this is executed if visa is true then this V 0 is equal to 0 X 1 which means it is equal to 1 and if V 0 is false then V 0 is equal to 0 which is equal to 0 right so in assembly 1 min true 0 means for if V 0 is equal to true then V 0 is assigned a value of 1 and V 0 is suit on so true is return visitor is false then constant 0 is executed constant 0 is over here so V 0 is assigned 0 this line says that go to 0 so this is over here and again it is on V 0 so from here it from true if it goes over here that it returns false now there are number of ways from this we can make this happen if we just want a particular name to work and let's say if we want to make dawn of V at the user then we can just add John but we want to make sure that everyone has a VIP status so we could assign 1 over here so even if it's true or false one is to don't in both cases or we could just copy this route on G 0 over here and assign V 0 or 1 so what actually happens is this line never gets executed whenever is compared the result is authentic V 0 even if V 0 is true or false we assign V 0 as 1 which means true and return video so we are done over here save it and so this the next step is to recompile this folder back to 88 put this what we have what you do is type a Pikachu build a name of the folder my ass it may take some time now we just go into my app then we have the distribution folder if you don't have it this works for a while it may take some time depending on the size of the apt to appear now we are good to go but before we install we need to make sure that this is signed we need to design by a certificate so what we do is go to come on go to go inside this folder type CD my app this so first we need to generate a key so that we can find this apk to generate the key what you do is use the command called T tool to use this command as it's not recognized you need to make sure that you have Java installed let's go inside the Java directory let's see unless the Korean files and Java that JDK slash bin that T two then type that Chile that key stored and name of the priest or we could try anything you could just write your name in that key store then that's validity right you can write anything you want just this thing this certificate will be valid for thousand years and a liar right media may be just like it only take log for Paco's like any password like the same password or first name and last name [Music] you don't need to write this pretty blank yes and just again write the own path like the bottles again again in it if you look we have this salty store right now we need to design this app using our t-shirt using our key not to sign press up in the same folder we have another file called dot finer sight saw signer and key store name of the key store it the one we just created verbose and write the name of the apt apk and your Elias name the one you added earlier over here Alya enter password we are good to go yes now we have cited the only thing you need to do is copy this file to your mobile and just install it I picked you like this let's do some what's like the cd/dvd devices can I have install over here if you have to use adb unity installs the easiest way is to either just install ADB separately or using Android studio its first what is the package a lick uninstall this is called the my app apk ok suck says now if you look over here you have this application now if you type anything other than my name for example Lucifer now if everything goes well if our hacking is successful then looking for any other name to be recognized as a VIP user you are a VIP user so let's try again let's say doggie authenticate if you are a VIP user if you liked the video give a thumbs up subscribe to my channel and leave a comment below thank you and have a nice day

Info

Channel: Sabin

Views: 154,196

Rating: 4.6898346 out of 5

Keywords: hacking, android, app, apk, mobile, jdgui, apktool, awesome, dex2jar, reverse engineer, coding, assembly, language, java, educational, cool, crack, cracked, decompile, recombile, sign, signed, crack the apk, hack the apk

Id: rgV98YMioCA

Channel Id: undefined

Length: 16min 28sec (988 seconds)

Published: Mon Feb 06 2017