Android 把修改後的classes.dex 重新放入 apk中
阿新 • • 發佈:2019-02-06
1.解壓apk
- 把.apk字尾名修改成zip,解壓提取出classes.dex
2.修改classes.dex
- 通過 IDA PRO 或 C32ASM 等工具修改檔案中的值
3.利用工具等對修改後的classes.dex重新效驗
- dexfixer
- 或者自己編寫工具 java 程式碼如下
public class FixDexHeaderUtil {
public static void fix(String file) {
byte[] fBytes = readFile(file);
fix(fBytes);
saveFile(fBytes, file);
}
private static byte[] readFile(String file) {
FileInputStream fis = null;
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
fis = new FileInputStream(file);
if (fis != null && bos != null) {
int len = -1;
byte[] buf = new byte[512];
while ((len = fis.read(buf)) != -1) {
bos.write(buf, 0, len);
bos.flush();
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
byte[] fBytes = bos.toByteArray();
if (bos != null) {
try {
bos.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return fBytes;
}
private static void saveFile(byte[] fBytes, String file) {
FileOutputStream fos = null;
try {
fos = new FileOutputStream(file);
fos.write(fBytes);
fos.flush();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (fos != null) {
try {
fos.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
private static void fix(byte[] fBytes) {
fixSha1Signature(fBytes);
fixChecksum(fBytes);
}
private static void fixSha1Signature(byte[] fBytes) {
MessageDigest sha1 = null;
try {
sha1 = MessageDigest.getInstance("SHA1");
sha1.update(fBytes, 32, fBytes.length - 32);
byte[] hashBytes = sha1.digest();
for (int i = 0; i < hashBytes.length; i++) {
fBytes[12 + i] = hashBytes[i];
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
private static void fixChecksum(byte[] fBytes) {
Adler32 al = new Adler32();
al.update(fBytes, 12, fBytes.length - 12);
int sum = (int) al.getValue();
byte[] result = new byte[4];
result[0] = (byte) sum;
result[1] = (byte) (sum >> 8);
result[2] = (byte) (sum >> 16);
result[3] = (byte) (sum >> 24);
for (int i = 0; i < result.length; i++) {
fBytes[8 + i] = result[i];
}
}
}
4.把classes.dex重新放入apk中
- 使用aapt命令
- 1.刪除原apk包中的classes.dex
./aapt r source.apk classes.dex
- 2.新增修改後的classes.dex到apk中
./aapt a source.apk classes.dex
5.重新簽名apk
- 推薦使用Android Crack Tool 工具中的簽名方法,方便
- 或者手動使用keytool
/Library/Java/JavaVirtualMachines/jdk1.7.0_79.jdk/Contents/Home/bin/jarsigner -verbose -keystore 你的key.keystore -signedjar 簽名後的檔名.apk 原始檔案.apk '簽名檔案的別名(key alias)'
6.完成
- 使用adb install測試吧