Apktool
Android RE.
apk
- AndroidManifest.xml
- classes.dex
- res/
- lib/
- META-INF
arsc: Android package Resource file.
hacking approach
- unzip apk & disassemble classes.dex
- perform static analysis on the app
- inject byte-code into the app
- reassemble classes.dex & zip/sign apk
dex: dalvik executable
apktool
apktool d RecentContest_beta.apk
apktool b RecentContest_beta
RecentContest
To remove Private access contests from the json result, just insert the following lines after :cond_1 of file JsonStringAnalysis.smali
const-string v8, "Private"
invoke-virtual {v0, v8}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v8
if-nez v8, :try_end_0
testsign
java -jar testsign.jar RecentContest_beta.apk RecentContest_beta-signed.apk
smali
Types
- V: void
- Z: boolean
- B: byte
- S: short
- C: char
- F: float
- I: int
- J: long
- D: double
- [: array
Classes
- full name space slash separated
- prefixed with L
- suffixed with ;
Lcom/example/myapp/MyClass;
Methods
.method keyword method-name parameters/return
.method private delayedAnimationFrame(J)Z
Registers
- .locals
- .parameters
Opcodes
- invoke-super vx, vy, …
- new-instance vx
- invoke-direct vx, vy, …
- const-string vx
- invoke-virtual vx, vy, …
- return-void