Skip to content

Latest commit

 

History

History
333 lines (142 loc) · 11.9 KB

README.md

File metadata and controls

333 lines (142 loc) · 11.9 KB

Apk-Modding-challenge

30 small apks around 10-20Mb not >30

no time to do this shit

If your device architecture is old you might see this

20220406_122147

most annoying thing 32bit users knew it xd

in order to remove that warning either build it from source or replace that string with empty space of same character length

  1. extract apktool.jar using jar command
  2. use xxd/hexdump to find offset of that string
  3. use dd command for editing #note (exact offset needed otherwise consequences will be bad)
  4. rebuild

Screenshot_20220406-124018_Termux

Screenshot_20220406-124257_Termux

Screenshot_20220406-125318_Termux

Screenshot_20220406-131404_Termux

Screenshot_20220406-125547_Termux

Screenshot_20220406-130132_Termux

Screenshot_20220406-130341_Termux

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Goal - knowledge is must

  • Remove Ads
  • Bypass In-app purchase

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Requirements

  • Apktool

Inspired by Bin32, apkunpacker, euzada & many pro guys 🧠...

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Day 1

Resistor Color Code Calculator

Screenshot_20220318-101945_Google Play Store ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Solution

  • Decompile the apk
  • Use grep for searching stuffs
  • Any text editor in my case i used vim coz its cool.
  • using sed & awk is optional
  • Modify the code
  • Recompile

For this apk got some interesting stuffs from resource.arsc

20220319_105716

  • res/values/strings.xml: Premium User its corresponding hex Id 0x7f0e009b

  • grep -ir 0x7f0e009b tmp --color

20220319_152200

two methods

20220319_153423

  • Method 1

    • change boolean to TRUE by replacing move-result v3 to const/4 v3, 0x1
  • Method 2

    • goto com/jedemm/resistorcalculator/App$a

    20220319_155924

    • replace sget-boolean to sput-boolean and add const/4 v0, 0x1 below .locals 1*

    • Recompile it using apktool

Screenshot_20220319-160846_RCC Calculator Screenshot_20220319-160852_RCC Calculator

2nd

Screenshot_20220324-170306_Google Play Store

Solution

data.mp4

Unlocking Gold theme

20220324_224520

  • com/aefyr/sai/billing/DonationStatus.smali

20220324_225551

  • change if-ne to if-eq or if-ne p0 to if-eqz

    20220324_232334

Hide Support Sai

20220324_230812

  • com/aefyr/sai/ui/fragments/PreferencesFragment.smali

20220324_231658

  • change const/4 p2, 0x1 to const/4 p2, 0x0

    20220324_232356

3rd

Screenshot_20220324-234704_Google Play Store

nothing in resource.arsc instead found donated3 in smali*

20220325_000444

  • goto smali_classes2/com/silentlexx/ffmpeggui/config/Config.smali

    20220325_001630

    • search for string donated3 using vim regex
    • either change boolean false to true in getBool method or in getDonated method by changing move-result to const/4 and set it to true*
    • recompile it

For signing use Uber-apk-signer but Google play protect warns.
instead you may use my keystore to sign apk to stop Google play protect warnings 

20220325_005820

20220325_005803

Screenshot_20220325-010208_FFmpeg Media Encoder

4th

Screenshot_20220326-225540_Google Play Store

solution

20220326_233829

  • smali/com/smokyink/smokyinklibrary/pro/licence/DefaultFeatureManager.smali

20220326_234751

  • change nez to eqz. Samething can be achieved by removing condition
  • recompile

Before

20220327_001449

After

Screenshot_20220327-001547_Timeshift Screenshot_20220327-001554_Timeshift

5

Screenshot_20220327-173523_Google Play Store

Screenshot_20220327-201000_WhatsApp

solution

  • Decompile the apk

  • search for this toast msg

  • find its id

  • search and change it

    • grep -r 0x7f1200fc --color

    20220328_111427

default.mp4
default.mp4

if apk not installed remove unknown and META-INF folder before build

6

Screenshot_20220330-102459_Google Play Store

solution

  • before decompile, remove framework apk to avoid unnecessary problems

Screenshot_20220403-124446_Termux Screenshot_20220403-124500_Termux

mobizen_20220403_124952_001.mp4
mobizen_20220403_130159.mp4

AstroTalk

bypassed via response manipulation

8vUxI0l

For demo

 https://github.com/dedshit/AstroTalk-PoC.git

PrepLadder

Screenshot_20230317-115630_Google Play Store

## SecretKey: 6120e6224d4127aee7d0b1f6a2d77d6e
## Mode: CBC
## KeySize: 256
## IV: 750e579bbdec194f
_.mp4

Business Standard

Screenshot_20230331-221102_Chrome

OTP bypass - Unintended disclosure of OTP to client leads to account takeover

20230331_224559 20230331_224411

Api : https://bsnodeapinew.business-standard.com/auth/signup-login-with-otp

AI Mate

Screenshot_20240227_223104

AI-Mate.mp4