How to modd an android app?

This article shows how to modify an android app using apktool on computer. There are apps like APK Editor Pro to edit APK builds on mobile phone itself. The app could be used for changing Strings, Colors, Images and Numeric Values directly in the build. However, there are many scenarios where we need to alter the smali programs in many files so that we can reach the desired result. I don’t think mobile app is enough to achieve that. It’s simply smali programming and we definitely need a computer. Basic knowledge of Android programming is mandatory.

Download the APK file

Let’s pretend you want to modify an app that is already available in Google Play. Note every app available in Google Play is a downloadable file. You can use any one of the following website to download the APK file  however there are many websites available.

Install the Apktool

Apktool is a tool for reverse engineering Android apps. We use it to decompile the above downloaded apk and we use the same to rebuild from the decompiled resources after applying the modification we wanted to apply. Please make sure you have Java 1.8 or above version installed.

Download:
https://ibotpeaches.github.io/Apktool/

Installation instructions:
https://ibotpeaches.github.io/Apktool/install/

Documentation:
https://ibotpeaches.github.io/Apktool/documentation/

Decompile the APK

Let’s decompile the apk build that you downloaded. For example, if QuickChat.apk is your downloaded file, then following is the command to decompile the build.

apktool d QuickChat.apk
I: Using Apktool 2.4.0 on QuickChat.apk
I: Loading resource table…
I: Decoding AndroidManifest.xml with resources…
I: Loading resource table from file: C:\Users\sivaraman\AppData\Local\apktool\framework\1.apk
I: Regular manifest package…
I: Decoding file-resources…
I: Decoding values / XMLs…
I: Baksmaling classes.dex…
I: Copying assets and libs…
I: Copying unknown files…
I: Copying original files…

The decompiled resources will look like this.

Modify the files

res - folder

The res folder has everything that you would want to change about app’s appearance, colors, images and texts. As long as you are doing simple replacement works like changing the color from red to green or changing the image, you are good to rebuild the app with modified results. But if you are trying to drop existing one or add anything new, you have to do the corresponding change in smali files too. Otherwise it won’t rebuild or cause error during runtime.

smali - folder

All the classes that are created or included as a dependency in Android Project are converted as smali files which you can find in this folder. Most of the android projects are being developed with proguard enabled which obfuscates variable, method, class and package names found in the entire project. You may get confused if you are looking at obfuscated smali files first time. You are lucky if you got an apk build without proguard. You can easily play around with it. But it is rare. You can’t even find any logs which otherwise will get you some clue about the purpose of the classes or methods. This makes the app modder’s job real interesting. You can find the bytecode instruction in the below link.

https://source.android.com/devices/tech/dalvik/dalvik-bytecode

Modifying smali files

Open the decompiled app folder (E:\AppModder\QuickChat) in a text editor. I use Visual Studio Code. I feel very convenient with it’s features. The editor also supports smali files if you installed the right plugin. Use search option effectively to find the method where you want to modify the code. When you edit the bytecode, you have to be careful as you are dealing with registers. Always check with the number of declared registers in the beginning of the method before using any. Increase the count only if needed otherwise use the existing ones in such a way that those registers gets its original value or makes no harm after executing your modified code segment. It’s not Java or Kotlin where editor will warn you in case of syntax error or invalid usage. Also aware, Everytime when you want to see your changes working, you have to rebuild it, sign in with keystore file and deploy it on mobile. This is time consuming process which requires lot of patience.

Build app from decompiled files

It’s time to build the app from the decompiled resources. The following command builds the app again. Make sure you clear the build and dist folders before executing this command. The modified smali files shall not take effect if it’s cached version still exists in build folder.

E:\AppModder>apktool b QuickChat
I: Using Apktool 2.4.0
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Building resources...
W: fakeLogOpen(/dev/log_crash) failed
W: fakeLogOpen(/dev/log_stats) failed
W: fakeLogOpen(/dev/log_crash) failed
W: fakeLogOpen(/dev/log_stats) failed
I: Copying libs... (/lib)
I: Copying libs... (/kotlin)
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk...
E:\AppModder>

You can find your modded apk file in dist folder once the above command is done.

Sign your APK

You always need to sign the modded app using keystore file before testing it on mobile. Use the following command to sign your app. The appmodder.keystore file is one that I created for testing purpose with alias name appchanger. Create your own keystore file for signing the apk file.

E:\AppModder>jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore appmodder.keystore QuickChat/dist/QuickChat.apk appchanger
Enter Passphrase for keystore:
updating: META-INF/PP.SF
updating: META-INF/PP.RSA
signing: AndroidManifest.xml
signing: classes.dex
signing: kotlin/annotation/annotation.kotlin_builtins
signing: kotlin/ArithmeticException.kotlin_metadata
....
....
signing: org/threeten/bp/format/ChronologyText.properties
jar signed.
Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2045-12-20) or after any future revocation date.
E:\AppModder>

Install & test the APK

Testing android app on mobile device is faster than testing it on emulator. Prefer emulator only if you want to test the app on particular device which you don’t have. Make sure you put your mobile on developer mode and also allowed installing app from unknown sources. You can use the following command to install the apk on your device or emulator. After the installation, open the app and check if your changes are reflecting. If there is any error in your modified smali code, the app will crash at the modded screen showing error message of what went wrong.

E:\AppModder>adb install QuickChat\dist\QuickChat.apk
* daemon not running; starting now at tcp:5037
* daemon started successfully
QuickChat\dist\QuickChat.apk: 1 file pushed. 4.3 MB/s (7261910 bytes in 1.609s)
pkg: /data/local/tmp/QuickChat.apk
Success
E:\AppModder>

Conclusion

Reverse engineering is an interesting job. If you are doing it first time than understanding smali files will be nightmare for you. But once you used to it, you will find smali is just another programming language like Java or C++. Happy coding!

Leave a Reply

Your email address will not be published. Required fields are marked *