View RSS Feed

MaleBuffy

Greek WPA Finder 3.4

Rate this Entry
Share/Bookmark
Quote Originally Posted by MaleBuffy View Post
How I ‘fixed” the Android App “Greek WPA Finder 3.4”

In the next few lines, I will try to show you how I managed to “fix” the application, that stopped working on the 31/5/2013 15:10. I am not going to teach you how to code or reverse engineer, since I am no expert on this. I am just going to show you what I did to make the app work again.
So first of all you will need some tools, in order to be able to decompile the application into Smali OpCodes, an almost human-readable code, just like let’s say an assembly equivalent. Just more readable.

Installing tools needed.

I used APK Multi-Tool from http://apkmultitool.com
1. Go to the Download section of the site and Download APK Multi-Tool Windows Version 1.0.11,
or the latest version at the time you visit the site. You don’t need to download any frameworks yet, since we are going to pull that from our handset.
2. Unpack the zip/rar you downloaded to the Desktop or any other folder you want.
3. Inside the Apk_Multi-Tollsv1.0.11 folder, you have to right-click on Setup.bat and run the batch file as an administrator.
4. Select 3. Setup Directories (you must run it only one time… ever)
5. Select 2. Installing Framework-Res
6. Make sure you have your device connected with USB and recognized (I Have a Galaxy S3) and press 5. Pull Dependencies from Phone.
This will pull the needed files like framework-res.apk and for my device the twframework-res.apk.
7. After it finishes, it returns to the dependencies menu. Press 1. Install framework-res.apk
8. If you have a Samsung phone the press 2. Install twframework-res.apk . For a HTC device press 3. Install com.htc.resources.apk
9. Now press 6. Return to Main Menu to you got it, return to the main menu.
10. Press 00 to quit. You should not need to run Setup.bat again.


Decompiling Greek WPA Finder



1. Go to the Apk_Multi-Tollsv1.0.11 folder and you will see a folder named Place-apk-here-for-modding. Pretty self-explanatory
2. Copy the file you want to modify, in my case com.Fisherman.Greekwpa.30.apk from http://www.fileswap.com/dl/HKQhcsJNjf/
3. Now that you have your file in the folder, right-click on the Script.bat in the Apk-Multi-Toolv1.0.11 folder and run as administrator.
Press any key to go to the main menu and input the number 24 and press enter.
Select the Project by pressing 1 and enter. Now you told the Script that you want to work with this apk. (Handy when you have several apks you want to mod)
4. Press 9 and enter to Decompile the Application
At this point you have to remember that the handset must be connected all the time during the process. It’s actually better, never to disconnect it. However that is not so cool when you have to leave home and go to work!
5. So after decompiling, we have to go to the folder “projects” when we have a folder called com.Fisherman.Greekwpa.30.apk. There are the decompiled files and folders that you need.

lib
res
smali
AndoirdManifes.xml
Apktool.yml

The important part of the apk, is the Smali folder. There is the “source code” of the application. However, it’s not the only folder you need.
The Res folder is also important. It has all the ids and strings that you are going to need to identify which part of the program calls the Splash screen that says: “Trial Period is OVER!”

Getting our hands dirty


Now we have to dig in to the apk to see where the point is that we want to modify. This is usually the point where we get our stupid “Trial Period is OVER!”” message and the application exits.
In the following path: com.Fisherman.Greekwpa.30.apk\res\values there are a couple of .xml files. We immediately see strings.xml.
It’s a good point to start looking for the annoying message. Open the file with any text/xml viewer you like. I use Notepad++
We are looking for the text: “Trial Period is OVER!” We find it in the line that looks like this:

Trial Period is OVER!

So we make a not of name=”trialIsOver” and we know that we should look further for this trialIsOver value in another file. Let’s check the file public.xml.
We find a line that looks like this:


Notice the name”trialIsOver” showing up again and an id of ="0x7f05001d".
That basically tells me that if the Smali code calls the id 0x7f05001d,this is the point where I get this text.
And I don’t want this to happen.
So instead of opening every file in the Smali folder, I used a program called WinGrep, which basically searches for specific text in every file in specific folders you define.

http://www.wingrep.com/download.htm

After you install it, it’s pretty straightforward. Input the text you want to find and select the folder where you want to search. For our tutorial we are going to look for the text:

0x7f05001d

WinGrep finds it in the file SplashActivity.smali in the com.Fisherman.Greekwpa.30.apk\smali\com\Fisherman\Greekwpa . The name of the file gives us a hint already.
So we open that file with Notepad++
At this point, when you look for info on the internet, you will learn that you probably have to look for code like:

If-nez, If-eqz etc. that check if a condition is true or false. These Ifs are usually following some invoke-virtual or invoke-object code.

So the code where the id was found is this:

:cond_1
if-nez p1, :cond_2
invoke-virtual {p0}, Lcom/Fisherman/Greekwpa/SplashActivity;->getResources()Landroid/content/res/Resources;
move-result-object v0
const v1, 0x7f05001d
invoke-virtual {v0, v1}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;
move-result-object v0
invoke-virtual {p0, v0, v3}, Lcom/Fisherman/Greekwpa/SplashActivity;->a(Ljava/lang/String;I)V
goto :goto_0


What we see here is that this is the code part named cond_1 where it displays the message and the application quits.
So we want to look for the part of code that calls cond_1. Further up we see this code:

:cond_0
invoke-direct {p0}, Lcom/Fisherman/Greekwpa/SplashActivity;->c()Z
move-result v0
if-eqz v0, :cond_1
invoke-virtual {p0}, Lcom/Fisherman/Greekwpa/SplashActivity;->getResources()Landroid/content/res/Resources;
move-result-object v0
const v1, 0x7f05001c
invoke-virtual {v0, v1}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;
move-result-object v0
invoke-virtual {p0, v0, v3}, Lcom/Fisherman/Greekwpa/SplashActivity;->a(Ljava/lang/String;I)V
goto :goto_0


What we see here is that cond_0 checks something and puts the result in v0.
The v0 is checked if the is eqz (equal with zero) and calls cond_1 which we don’t want.
So why skip calling cond_0 at the first place just to be sure?

We made progress, but still not the progress we want. Even further up we see this code:


if-nez v0, :cond_0
invoke-direct {p0}, Lcom/Fisherman/Greekwpa/SplashActivity;->c()Z
move-result v0
if-nez v0, :cond_0
if-eqz p1, :cond_0
invoke-virtual {p0}, Lcom/Fisherman/Greekwpa/SplashActivity;->b()V
:goto_0
return-void


We change it to:


if-eqz v0, :cond_0
invoke-direct {p0}, Lcom/Fisherman/Greekwpa/SplashActivity;->c()Z
move-result v0
if-nez v0, :cond_0
if-nez p1, :cond_0
invoke-virtual {p0}, Lcom/Fisherman/Greekwpa/SplashActivity;->b()V
:goto_0
return-void


I made the changes with bold characters so that it’s recognizable. So it basically checks if v0 is nez (not equal to zero) and if that is true, it sends the code to cond_0 (which we said we don’t want).
We reversed the if-nez to if-eqz (equal to zero).
We also change the if-eqz p1 statement to if-nez p1 , which checks if p1 is equal to zero (eqz) and sends us to cond_0.

Notice that we leave the second if-nez v0, :cond_0 as it is, because after a lot of trial and error I found that it is already not zero, which means it doesn’t go to cond_0 anyways.
If we change it to eqz it will go to cond_0 and the application would say: Trial Period is OVER!

Putting everything back together

Finally we have edited the code to jump the part of the code by telling it to do the opposite of what it should normally do.
So let’s save everything and get back to the APK-Multi tool. Press 15 and enter to compile, sign and install the application.
Note that your phone should be connected with your computer.

After installation, the icon will show up on your device. Run it, and if you did everything correctly, the application should now be fixed.

Epilogue

Like I said in the beginning, don’t expect to learn advanced reverse engineering with this simple how to. However, this is a good example of how easy it is to overcome some obstacles some developers can implement for some very odd reason.

I hope you had a good time reverse engineering an android application. See you at the forums!

Updated 26th June 2013 at 23:06 by MaleBuffy

Tags: None Add / Edit Tags
Categories
Android

Comments

  1. katsanx's Avatar
    can you upload it?
  2. MaleBuffy's Avatar
    It is already uploaded in the forum
  3. asteriboss's Avatar
    where exactly is it uploaded? Cause i can't find it...
  4. E-mil's Avatar
    You didn't exactly need to do all this stuff
    there are plenty of more easy ways
    i found 2 ways to do it along with other things also..
    i nulled everything including the Ads, Checks and stuff..

    Just change the default Launcher activity to the Main activity
    Because all his checks Are in the Splash Activity..
    Also if you want to have simultaneously the old versions and the new just search for the string pirrelli at the splashActivity smali
    and change that..

    anyway i have made my apk so everything works fine
    if someone wants it just pm me..
    Updated 29th September 2013 at 01:27 by E-mil (corrections)
  5. MaleBuffy's Avatar
    I never said its the only way and I didn't do much. Changed 2 IFs.

    I describe the whole process in detail, thats called a tutorial.

    I kept ads on purpose. It was all about making the app work again, not crack it.