Tuesday, November 12, 2013

Improving Android App Tear-downs

Every now and then, I've done app tear-downs a la Ron Amadeo (unpublished though).  My primary tools have been apktool and meld.  I noticed that sometimes there was a lot of noise in the smali folder from changing 0x7f...... literals.  I determined that this was happening because of changes in the resource ID mapping.  For instance R.string.xyz might map to 0x7f010001 in one version of an app, but map to 0x7f010003 in the next version.

So a few months ago, I wrote a small Java program that parsed the ID's in res/values/public.xml and inserted comments in the smali files where matches were found.  I could then add rules in meld to filter this noise out.  I wrote the program in Java with the thought of eventually merging it with apktool.  However, it has just set there.

A few days ago I decided to push it forward.  I contacted the apktool developers on IRC and decided that it should really be integrated with baksmali.  By putting it there, the comments could be generated as the smali files are generated, rather than inserted in a post-process.

Making the changes to baksmali was harder than I expected, but I finally got it working.  It is still a bit rough, but this morning I made a pull request via github.  If it makes it in, there will still be some work to do on apktool, but I believe the hardest part of the coding is past.  Hopefully app tear-down will soon be just a tiny bit easier for everyone.

No comments:

Post a Comment