blog.frals.se

random stuff

random android dev/debug notes

filtering logcat with grep

handy aliases to filter out some of the logspam on sony/samsung devices: https://gist.github.com/frals/f9dc3a70628fbdbc6a82

function for aliasing adb -s

if you have more than one android device hooked up and get tired of typing adb -s/aliasing adb in every shell: https://gist.github.com/frals/111fda81ff8e08b3f8ed
usage: android_device 1 changes adb to adb -s DEVICEID, then use android_device 2 in your next shell etc

https inspection made simple

install charles on your machine (charlesproxy.com)

wget http://charlesproxy.com/charles.crt
adb push charles.crt /sdcard/

settings -> privacy -> install from storage -> internal storage -> pick charles.crt
then settings -> wifi -> long tap on the wifi to modify -> modify network -> scroll down -> check “show advanced options” -> change “proxy” to “manual” -> enter your ip and port (8888 is default port for charles)

Reverse engineering apps

new app install from play store:

set your proxy per instructions above
download the app, look for something android.clients.google.com -> drill down to the GET -> right click -> save response as -> save it as app.apk.gz (since its gzipped)

gunzip app.apk.gz

installed app:

install apk extractor (play store) -> transfer to your PC

mkdir tmp
cp app.apk tmp/
cd tmp/
unzip app.apk

dex2jar

  1. get dex2jar: dex2jar
  2. extract and add dex2jar to $PATH
  3. d2j-dex2jar.sh classes.dex
  4. use your favorite java decompiler (eg JD-GUI) and open the jar file. success!

save sources

in jd-gui, open file -> save all sources (useful for later)
unpack “sources” (decompiled, but still decent):

mkdir -p out/src
unzip classes_dex2jar.src.zip -d out/src

making app debuggable

install android-apktool

modified wrapper:

#!/bin/bash
jarfile=apktool.jar
javaOpts="-Xmx256M"
# Alternatively, this will extract any parameter "-Jxxx" from the command line
# and pass them to Java
while expr "x$1" : 'x-J' >/dev/null; do
    opt=`expr "$1" : '-J\(.*\)'`
    javaOpts="${javaOpts} -${opt}"
    shift
done
jarpath="./$jarfile"
exec java $javaOpts -jar "$jarpath" "$@"

decode apk in debug mode:

apktool d -d -o out app.apk

rebuild apk in debug mode:

edit out/AndroidManifest.xml -> s/debuggable=”false”/debuggable=”true”/ -> save
apktool b -d out
new apk is in: out/dist/app.apk

sign app

# replacing original!
mv out/dist/app.apk .
# first time only:
keytool -genkey -v -keystore my-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
# every time
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-key.keystore app.apk alias_name
# optional:
# jarsigner -verify -verbose -certs app.apk
# zipalign -v 4 app-unaligned.apk app.apk

install it

adb install -r app.apk

debugger time!

CAVEAT: only method breakpoints work, so its not superawesome…

intellij

  1. create new project, select “out” as project location, dont create any blank activities etc.. switch view to “project” instead of “android”
  2. launch android device monitor -> see the app in the list and look at the port in the last column
  3. create a new run configuration -> remote debugger -> insert port you got in the previous step
  4. start the session
  5. set a breakpoint in any of the files in out/src, magic!