Hello Folks! I am back with another blog where I have reversed one of the real-world applications, in which I have successfully managed to add the money to the application’s wallet, and also I have shown how to deal with split apks. The main purpose of this blog is not to show how to do reverse engineering, but rather how to deal with split apks while reversing. Also, I will be not responsible for the usage of this information/data, this is just for educational purposes. So, let’s begin.
First, I pulled the apk from my mobile phone using ADB. For pulling the app, we have to first locate its package name, after locating the package name, we can find the path where the apk is residing as shown below in the picture.
When I install the apk in the emulator (the emulator and my phone have different architectures, reference for later use) I start getting this error, as shown below.
This is where the concept of split apk comes into the picture. Before I start explaining how I dealt with this situation, we should know what is the concept of split apks.
Now suppose anyone builds an application, covering all the major android devices, then the apk file size automatically increases. This will be a problem for the users who don’t want the resources which are not compatible with their devices.So, split apk is achieved by splitting a single apk into multiple apk , that can be screen density specific, abi device specific , or both. The goal of the split apk is to reduce the apk size but not by compressing it.
Here, are the types of split apk, you can read about them from here too.
- Base APK : This APK contains code and resources that all other split APKs can access and provides the basic functionality for your app. When the user downloads the app, they always get this APK.
- Configuration APKs : Each of these APKs includes only native libraries and resources for a given device configuration — screen density, language, or CPU architecture. When a device downloads a base or dynamic feature APK, it downloads only the libraries and resources it needs.
- Dynamic Feature APKs : Each of these APKs contain code and resources that are not required when your app is first installed, but may be downloaded and installed later.
Now, coming to the reversing part, I was only trying to install base apk from the bundle , as you can see above there are two apks. I went ahead with installing both the apk, using the command “adb install-multiple apk1 apk2”, in the emulator, but this doesn’t work either, it gives the same error as above.
The reason why the app is still not running is that split apks vary according to android architecture, my phone and emulator don’t have the same architecture. So what I did, I installed the apk from the play store itself, and it worked successfully.
Let’s go ahead with the hacking part. Before going ahead, below is a screen shot of my wallet info.
I disassemble the apk with apktool and also opened it with the jadx tool. so I can get both the java source code and the small code. Now, As usual, I keep on searching the terms like money, addmoney, etc. (cause I want to add money to the wallet), and found this piece of code.
As you can see, in this function it is adding something(this.expiring + this.nonExpiring), and returning it. So , in these cases, it is better to add something to it. I add “599” as double to this line of code, as shown below. Basically, add-double in the third line is adding values of registers v0 and v2 and storing the result in the v0 register, and after this line, I am storing the “599” as double in the v2 register. In the second last line, I am adding registers v2 and v0.
If you don’t know how to write smali codes, then you can write java code and convert it into smali. If you don’t know about this, then check out my previous blog, where I have shown how to do it. After, this I was able to successfully added the money into my wallet, as shown below. In the same way, we can increase the percentage of wallet money usage, although I haven’t tried it yet, I think it should be possible. Last but not the least, I haven’t misused the app in any way, this is just for educational purposes.
That’s all about it. I will keep sharing these types of blogs, till then keep hacking.
