search

ythy / blog

Give everything a shot
6 stars 0 forks source link

Apktool #96

Open ythy opened 6 years ago

ythy commented 6 years ago

reference

反编译三星健康

需要三星机器system/framework下的2个文件framework-res.apktwframework-res.apk;

准备framework

apktool if framework-res.apk -t samsung
apktool if twframework-res.apk -t samsung

会在C:\Users\imc.imc-PC\AppData\Local\Temp下生成2个文件1-samsung.apk2-samsung.apk

开始反编译

apktool d 1234.apk -t samsung

会自动加载1-samsung.apk2-samsung.apk 进行编译

E:\android_complie>apktool d 1234.apk -t samsung
I: Using Apktool 2.3.2 on 1234.apk
I: Loading resource table...
I: Decoding Shared Library (touchwiz), pkgId: 2
I: Decoding AndroidManifest.xml with resources...
S: WARNING: Could not write to (C:\Users\imc.imc-PC\AppData\Local\apktool\framew
ork), using C:\Users\IMC~1.IMC\AppData\Local\Temp\ instead...
S: Please be aware this is a volatile directory and frameworks could go missing,
 please utilize --frame-path if the default storage directory is unavailable
I: Loading resource table from file: C:\Users\IMC~1.IMC\AppData\Local\Temp\1-sam
sung.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Loading resource table from file: C:\Users\IMC~1.IMC\AppData\Local\Temp\2-sam
sung.apk
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
E:\android_complie>
ythy commented 6 years ago

针对上文的重要补充!!

设置framework目录

apktool if framework-res.apk -t samsung -p xxx
apktool if twframework-res.apk -t samsung  -p xxx

打包三星健康

应用apktool d 1234.apk -t samsung 生成的文件打包会报资源错误. 正确方式:

apktool d 1234.apk -t samsung -r -p xxx

这里 -r is to ignore the decompiling of resources. 然后:

apktool b 1234 -t samsung -p xxx

签名

  1. 用Android Studio 生成签名文件 xx.jks
  2. jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore xx.jks 1234.apk xx(alias) 签名, jarsigner是java自带命令
ythy commented 6 years ago

获取签名

jarsigner -verify -certs -verbose app.apk
ythy commented 6 years ago

修改三星健康StepData.smali文件 smali_classes4\com\samsung\android\app\shealth\tracker\pedometer\service\data\StepData.smali

.line71修改为

    .line 71
    invoke-virtual {p1}, Landroid/os/Parcel;->readInt()I

    move-result v0

    add-int/lit16 v0, v0, 0x5000

    iput v0, p0, Lcom/samsung/android/app/shealth/tracker/pedometer/service/data/StepData;->mStepCount:I

代码作用: 读步数数据StepCount时 增加0x5000的步数

结果:安装到手机, 三星健康默认步数显示为20000步以上,正确。 但是支付宝不能开启同步三星健康数据。报错消息为:

07-03 14:43:42.233 4380-4380/? I/chromium: [INFO:CONSOLE(9)] "
Uncaught ReferenceError: config is not defined", source: https://20000869.h5app.alipay.com/www/static/js/healthstep.js (9)

至此,失败。确认是因为自签名和三星不一致的问题。

ythy commented 5 years ago

查看 jks 文件信息

keytool -v -list -keystore mx.jks