So, you've worked for many days (and maybe nights), and now your first hybrid mobile app is ready. It is quite stable, most of the critical bugs have been fixed. There are only minor ones, but remembering that perfectionism is evil, you make a strong-willed decision to publish the application.
A prerequisite for this is the presence of a signed APK file. You will learn how to sign an apk file in this article.
Small digression
When my pet project got close to release, I started looking for information on how to quickly and painlessly publish an application. A lot of the instructions I found looked simple. I chose the instructions of the authors of the Ionis framework, on which the application was developed. Not everything worked out the first time, there are several peculiarities. The signing process is described in this article, the important points are highlighted.Initial data
I will assume that you have everything you need set up to develop hybrid mobile apps with Apache Cordova. Must be installed:- Apache Cordova
- Java Development Kit
- Android SDK Tools
Go
First you need to create a release build of your application. But before that, let's make sure all unnecessary plugins are removed. For example, we don't need a plugin that outputs debug information to the console. Let's remove it:$ cordova plugin rm cordova-plugin-console
To generate a release build for Android, use the command build with flag --release:
$ cordova build --release android
This command will create unsigned APK file in directory:
Platforms / android / build / outputs / apk
For example platforms / android / build / outputs / apk / android-release-unsigned.apk... Then we need to sign this file and run the utility zipalign to optimize and prepare the file for Google Play.
A certificate is required to sign the file. Let's create it using the utility keytool which is included in the JDK:
$ keytool -genkey -v -keystore lcf.keystore -alias lcf -keyalg RSA -keysize 2048 -validity 10000
Important
The value of the -alias parameter should be remembered, or better written. In the example above, it is equal to lcf (based on the first letters of the name of the Loyal Client Free application). I will not give details here, if it is interesting, write in the comments, I will tell you in more detail.Alias is used every time when signing * applications. To make it easier to remember, use the name of the keystore file as an alias, for example:
-keystore hello-world.keystore -alias hello-world -keystore weather-app.keystore -alias weather-app -keystore todo.keystore -alias todo
* You need to sign the application every time an update is released
Utility keytool asks a series of questions. There will be 8 of them in total. To have an idea of the questions and approximate answers in advance, they are all given below, under the spoiler.
Keytool questions and approximate answers to them
1. Enter keystore password:
Here you need to enter the password for the file (at least 6 characters). The entered password must be written down in a safe place, it is needed every time you sign the application.
2. Re-enter new password:
Re-entering the password.
3. What is your first and last name?
: Ivan Petrov
Your first and last name. The value in square brackets is the default.
4. What is the name of your organizational unit?
: IT
The name of the division of your company. You can leave it blank, I indicate IT.
5. What is the name of your organization?
: 2developers
The name of your organization. Indicate if any.
6. What is the name of your City or Locality?
: Moscow
City name
7. What is the name of your State or Province?
: MO
Region name
8. What is the two-letter country code for this unit?
: RU
Code of the country. I indicate RU.
: y
Confirm if everything is correct or press Enter to enter again.
At the end, a message about successful key generation will appear. You will be prompted to set a password for the private key (if you want to leave the same as for the certificate, press Enter):
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days for: CN = Ivan Petrov, OU = IT, O = 2developers, L = Moscow, ST = MO, C = RU Enter key password for
A file will be created in the current directory lcf.keystore.
Important
The created file must be saved in a safe place. If you are using a private repository, then the file can be committed along with the application source codes. In general, it is best to keep certificates separate. If you lose the certificate, you will not be able to issue application updates.
There are only two steps left and you will have a distribution-ready APK file. Let's go directly to signing.
To sign your apk file, use the utility jarsigner which is also included in the JDK.
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore lcf.keystore android-release-unsigned.apk lcf
The name of the certificate is specified after the parameter -keystore, alias - after the file name.
Finally, to optimize the apk file, we will use the utility zipalign:
$ zipalign -v 4 android-release-unsigned.apk LoyalClientFree.apk
The last parameter is the name of the file that you will upload to Google Play.
Important.
Utility zipalign it is part of the Android SDK Tools and can be found here:/ path / to / Android / sdk / build-tools / VERSION / zipalign
Conclusion
You now have a distribution-ready apk file that you can upload to Google Play. Fill out the description, determine the rating of your application and feel free to click “Publish”.The article contains screenshots when the application store was called "Android Market". A generation of cats has already grown up who have never heard of this name. But the general principle has not changed. Left for history. I can't register again to take new screenshots.
Since we are worried, we will practice on cats. Let's take, for example, an example from the article and try to put it on Google Play. If everything works out, then it will be easier.
Make sure you have your own application icons and program name ready before proceeding. It will be very strange to see a program in the app store with a standard icon and the name "HelloWorld". And also check all entries in the manifest file.
Step one. He is the most difficult
Any application uploaded to the store must have a signed certificate. The certificate allows you to be identified as the author of the program. And if someone tries to upload a program with the same name as yours, he will be refused due to a name conflict. The application name refers to the full name of the package.
When you ran your applications on an emulator or your phone, the development environment automatically signed the program with a debug certificate. A debug certificate is not suitable for store distribution, and you need to sign the application with your unique certificate. It's free, no registration or SMS.
Let's create a signed APK file, which is something like an executable file like notepad.exe on Windows. If you have the Android Studio development environment open, then select from the menu Build | Generate Signed APK ....
A wizard dialog box appears, which you need to fill in with data.
In the first field, specify the path to the key store. If you had to create programs before, including in Eclipse, you can specify an existing repository using the button Choose existing ...... If you are creating a repository for the first time, then select the button Create new ...... A new dialog box will appear.
In the first field, you need to select a folder using the button ... and enter a name for the file with the repository, which will be assigned the extension jks.
Now you create a key for the application. In field Alias(Alias) enter the name of the key that you and cats understand. It is not necessary to create an alias for each application, you can use one alias for your applications and separate aliases for custom applications.
You also need to create a password for the key and confirm it.
The key is designed for 25 years. Field Validity (years) we leave unchanged (unless you have good reason otherwise).
Finally, fill in the data about yourself.
After filling in the fields, you will return to the very first window of the wizard.
Click on the button Next and in the next window, enter another password to access the password database.
You may not have this step. It may appear if you have checked the "Remember password" option. I don’t remember the details, you’ll figure it out for yourself.
The last step is to press the button Finish.
This used to be the last step. Now there are new flags V1 (Jar Signature) and V2 (Full APK Signature)... Check at least the first option V1- this is the old way. The second method is considered more secure in terms of hacking and can be used for later APIs, at your discretion (see below).
As a result of complex manipulations with dialog boxes, you will receive the long-awaited APK - your charm that will open the door to the world of wealth and happiness.
By pressing the button Show in Explorer, you will launch Explorer on your computer with the folder containing the signed file.
Be careful with the generated key. It is he who guarantees that the new version of the program is written by you. Therefore, if you lose the created key, you will have to upload the program under a different name with a new key.
The studio provides a mode for automatically creating a signed application. Right click on the folder app and in the context menu select the item Open Module Settings... Choose a section app in the section Modules... Select a tab Signing... Click on the plus sign and fill in the fields.
Go to the tab Build Types and select the assembly release... In the dropdown list Signing Config select the configuration you just created. By default it has a name config.
Push OK to save the results.
You can also sign applications through the command line without the participation of the studio, if you are a pervert. You can read the documentation on this topic.
v2 Full APK
In 2017, Google changed the signing process a bit. There are now two schemes for obtaining an APK signature: v1 JAR and v2 Full APK.
Signature v1 (which has been around since the beginning) does not protect certain parts of the APK, such as ZIP metadata. An APK verifier must handle many untrusted data structures and then discard data that is not signed, which provides a lot of room for attack. In addition, the APK verifier has to unpack all compressed records, which wastes a lot of time and memory. To solve the problems, a new version v2 Full APK was developed, which you will meet when signing your application.
Scheme v2 works in Android 7.0 Nougat (API 25). The scheme provides faster installation of the application and good protection against unauthorized changes to the APK. The content of the APK is hashed and signed, then the resulting APK signing block is inserted into the APK.
The new format is backward compatible, so APKs signed with the new schema can be installed on earlier devices (which will simply ignore the new signature) if those APKs are also signed with the v1 schema.
In older applications, I leave the checkbox next to the first version. Perhaps later they will force you to switch to the second version by force. It is important to keep in mind that you need to sign with the v1 scheme before signing with the v2 scheme, since the APK will not pass the v2 verification if it is signed with additional certificates after signing with the v2 scheme.
Strictly speaking, you can put the apk file on your website, and all your visitors can download and install it on the phone. But this is somehow undignified in our age of nanotechnology. So let's move on to the next step.
Step two. You must Fedya, you must
The next step is very unpleasant. You need to gift 25 evergreens to a stranger. So that you would not be so offended, this operation was called a registration fee. You will need a credit card with the indicated amount. Please note that Visa Electron, and even more so the Perekrestok discount card will not suit you. If you already have the required card, then skip this paragraph. For the rest, I can advise you to start a QIWI wallet and create a virtual card there. This is exactly what I did, since I was reluctant to go to the bank and write any statements.
Automatic update
If you have created a new version of the program, fixing various bugs and adding new photos of the cat, then you need to increase the version number by one in the manifest (attribute versionCode) and replace versionName for yourself (will be shown on the Google Play page). In the latest versions of the studio, these properties are now not in the manifest, but in the file build.gradle module of your application. Upload the new version on Google Play and users will receive the update automatically.
We follow the reviews
Install the Google Play Developer Console app on your device in order not to miss a new review for your program. You can also view statistics.
Changing storage passwords and key alias
I didn't have to use it for several years, so I don't know if this information is relevant.
Let's say you sold your program with the sources to another company. In order for it to post program updates, the company must sign the application with the same key that you signed with. Otherwise, the program will be considered different and the package name will have to be changed. But then old users won't be able to get updates.
But if you sign all your programs with the same key and password, for example cat cat, then the company can sign your other applications with the same key, placing their programs with the same package name, and you will not prove anything to anyone.
Therefore, you need to take care of changing the key for transfer to the new owner.
Suppose our storage has a structure:
Store name (keystore): old.keystore Store password: cat1 Alias: my_alias Alias password: cat2
Make a copy of your repository and save it elsewhere. This should have been done during the first creation, because if you lose the storage, you will not be able to restore access to your programs during the update.
Make a copy of your repository again and rename it, for example new.keystore... We will work with him.
Run the utility keytool with the command:
Keytool -storepasswd -keystore new.keystore
You will be prompted to enter your current password and then enter a new password and repeat it. Something like this:
Enter keystore password: New keystore password: Re-enter new keystore password:
The first part of the task is completed, the password from the storage has been changed.
If you also want to change the password for the alias, then run the utility again with the command:
Keytool -keypasswd -keystore new.keystore -alias my_name
You will be asked to enter the current vault password (your new password), then the password for the alias. You can enter a new password and it will replace the old password.
Enter keystore password: Enter key password for
The alias password has been changed.
If changing the password is not enough for you and you want to change the name of the alias (maybe you used the name of your beloved cat, why should others know about it), then we continue to work.
Run the command:
Keytool -changealias -keystore new.keystore -alias my_alias -destalias my_new_alias
You will be asked to enter the password for the vault, then the password for the new alias (current password), then the new password and repeat it. The alias name will be changed.
So, it took us three steps to create a new repository and an alias to transfer to a stranger. The new owner should do the same to make sure you don't use the changed files for your own purposes. However, these are already his problems.
We sign the finished application
Such a case may turn up when you have lost the sources and only have the APK. This is most likely true for pirates who re-sign other applications (do not do this with other people's programs).
First change the extension from apk to zip. In the archive, delete the folder META-INF... Rebuild the extension. You have removed the old signature.
Now you need to sign the application with a new key. Enter the command.
Jarsigner -keystore keystore-file.jks -storepass keystore_password -keypass alias_password --signedjar signed-apk-file.apk apk-file.apk alias_name
If successful, you will receive a message that the application has been signed. Next, we execute one more command.
ANDROID_SDK_PATH / build-tools / LAST_BUILD_TOOLS_VERSION / zipalign -v 4 signed-apk-file.apk aligned-apk-file.apk
The result should be an APK file signed with a new key. I have never used it myself.
Keeping keys with Google
In 2017, Google added a new ability to store keys in the cloud. The main difference is that you sign the app with a custom upload key, which Google verifies and removes, replacing it with the original app signing key you provided.
It can be used to manage app signing keys for both new and published apps, which will be stored by Google in their own key store. To join this program, you must subscribe to it in your Google Play Console. It should be noted that it will no longer be possible to unsubscribe from her.
This method is very useful - if you lose your key store, Google Play App Signing will allow you to reset the key to install a new one. You don't have to republish your application with a new package name and key.
Additional reading
Android-keystore-password-recover by MaxCamillo - if you have lost your password, then try using this tool. I did not use it myself, so I will not tell you.
Since I myself have googled the question " how to sign an APK file? ", I know that it is not so easy to find a really working and understandable instruction in everything. That is why I decided to write a material myself on how to properly sign your program or game on Android.
As you know now, without a digital signature, your creation cannot be placed in the Market "e, and this is already serious. I noticed a lot of young developers on Android, so to speak, beginners completely forget to sign their application and try to do something with it and that's it. wondering why they are unable to perform this or that action with their APK file.
So, let's not pull rubber and start right away with how you can sign your apk file and what to actually use to achieve the desired result.
This method is the most correct of all those listed, so we will describe it in this material. We will make our own keys with our data and certificates and sign the application you create with them.
For work we need: OpenSSL and SignApk.
First, let's make a certificate and a signing key. Install OpenSSL. During installation, the installer as a choice will offer to copy the components to the Windows folder, select the Bin folder, which will be in the place where you will install all OpenSSL.
Now open a command prompt as a system administrator (this is very important!). Then go to the bin folder in the command line, which is located in the folder where you installed OpenSSL (For example, C: \ OpenSSL \ Bin \ or C: \ Program Files \ OpenSSL \ Bin \). If you don't know, moving to another folder is done with the command cd... That is, in order to go to the desired folder, you should run a command of the following plan:
cd C: \ OpenSSL \ Bin \
Once you are in the Bin folder, you can proceed directly to creating a certificate and key.
Step 1(We generate a key with a length of 1024 bits)
Run the command:
openssl genrsa -out key.pem 1024
Step 2(Based on the key, we create a certificate request)
Run the command:
openssl req -new -key key.pem -out request.pem
At this stage, you will need to enter your data, which will identify you in the certificate.
Step 3 (Generating a private key from a certificate)
Run the command:
openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem
Step 4(Generating a public key)
Run the command:
openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
At this stage, the creation of the files we need to sign your games and applications is finished. using the generated key and certificate, you can sign as many games and applications on Android as you want.
Now, actually, let's get down to signing the application. Unpack the archive with SingApk downloaded from the link above. Move from the Bin folder where we created the certificate and key 2 files: certificate.pem and key.pk8 to the folder where you unpacked SingApk. Windows should display a file replacement dialog - replace.
Now, in order to sign the apk file with a unique digital signature that you made yourself, just drag your apk file to sign_APK.bat... In order not to drag the file from one window to another (this is not convenient), move your apk file to the folder with SingApk. After execution, the file will appear in the folder with SingApk apk_signed.apk, which will be your signed application or game.
Sometimes some applications on Android do not suit the user in some way. An example is annoying ads. And it happens so - everyone is good at the program, but only the translation in it is either crooked, or is completely absent. Or, for example, the program is trial, but it is not possible to get the full version. How can the situation be changed?
Introduction
In this article we will talk about how to disassemble an APK package with an application, look at its internal structure, disassemble and decompile bytecode, and also try to make several changes to applications that can bring us one or another benefit.
To do all this on your own, you will need at least a basic knowledge of the Java language, in which Android applications are written, and the XML language, which is used everywhere in Android - from describing the application itself and its access rights to storing the strings that will be displayed on the screen. You will also need the ability to handle specialized console software.
So, what exactly is the APK package in which absolutely all the software for Android is distributed?
Decompiling applications
In this article, we worked only with disassembled application code, however, if you make more serious changes to large applications, it will be much more difficult to understand the smali code. Fortunately, we can dex the dex code into Java code, which, although not original and not compiled back, is much easier to read and understand the logic of the application. To do this, we need two tools:
- dex2jar - translator of Dalvik bytecode into JVM bytecode, on the basis of which we can get code in Java;
- jd-gui is the decompiler itself, which allows you to get readable Java code from the JVM bytecode. Alternatively, you can use Jad (www.varaneckas.com/jad); although it is quite old, in some cases it generates more readable code than Jd-gui.
They should be used like this. First, we run dex2jar, specifying the path to the apk package as an argument:
% dex2jar.sh mail.apk
As a result, the mail.jar Java package will appear in the current directory, which can already be opened in jd-gui to view the Java code.
APK package device and retrieval
An Android app package is essentially a regular ZIP file that doesn't require any special tools to view or decompress its contents. It is enough to have an archiver - 7zip for Windows or console unzip for Linux. But that's about the wrapper. What's inside? Inside, we generally have the following structure:
- META-INF /- contains a digital certificate of the application, certifying its creator, and checksums of the package files;
- res / - various resources that the application uses in its work, for example, images, a declarative description of the interface, and other data;
- AndroidManifest.xml- application description. This includes, for example, a list of required resolutions, required Android version and required screen resolution;
- classes.dex- compiled application bytecode for the Dalvik virtual machine;
- resources.arsc- also resources, but of a different kind - in particular, strings (yes, this file can be used for Russification!).
The listed files and directories are, if not in all, then, perhaps, in the vast majority of APKs. However, there are a few more not-so-common files / directories worth mentioning:
- assets- analogue of resources. The main difference is that to access an asset, you need to know its identifier, while the list of assets can be obtained dynamically using the AssetManager.list () method in the application code;
- lib- native Linux libraries written with the NDK (Native Development Kit).
This directory is used by game makers to host a game engine written in C / C ++, as well as high-performance application makers (such as Google Chrome). The device was sorted out. But how do you get the package file itself for the application of interest? Since it is not possible to pick up APK files from the device without root (they are in the / data / app directory), and root is not always advisable, there are at least three ways to get the application file to the computer:
- APK Downloader extension for Chrome;
- Real APK Leecher application;
- various file sharing and warezniki.
Which one to use is a matter of taste; we prefer to use separate applications, so we will describe the use of Real APK Leecher, especially since it is written in Java and, accordingly, will work even in Windows, even in nix.
After starting the program, you need to fill in three fields: Email, Password and Device ID - and select a language. The first two are the e-mail and password of your Google account, which you use on the device. The third is the device identifier, and you can get it by dialing the code on the dialer # #8255## and then finding the line Device ID. When filling in, you only need to enter the ID without the android- prefix.
After filling and saving, the message "Error while connecting to server" often pops up. It has nothing to do with Google Play, so feel free to ignore it and look for the packages you are interested in.
View and Modify
Let's say you found a package you are interested in, downloaded, unpacked ... and while trying to view some XML file, I was surprised to find that the file is not text. How to decompile it and how to work with packages in general? Is it really necessary to install the SDK? No, you don't have to install the SDK. In fact, all the steps for unpacking, modifying, and packaging APK packages require the following tools:
- ZIP archiver for unpacking and packing;
- smali- assembler / disassembler bytecode of the Dalvik virtual machine (code.google.com/p/smali);
- aapt- a tool for packing resources (by default, resources are stored in binary to optimize application performance). Included in the Android SDK, but can also be obtained separately;
- signer- a tool for digitally signing a modified package (bit.ly/Rmrv4M).
You can use all these tools separately, but this is inconvenient, so it is better to use the higher-level software built on their basis. If you work on Linux or Mac OS X, there is a tool called apktool. It allows you to unpack resources in their original form (including binary XML and arsc files), rebuild a package with changed resources, but it cannot sign packages, so you will have to run the signer utility manually. Despite the fact that the utility is written in Java, its installation is rather non-standard. First you should get the jar file itself:
$ cd / tmp $ wget http://bit.ly/WC3OCz $ tar -xjf apktool1.5.1.tar.bz2
$ wget http://bit.ly/WRjEc7 $ tar -xjf apktool-install-linux-r05-ibot.tar.bz2
$ mv apktool.jar ~ / bin $ mv apktool-install-linux-r05-ibot / * ~ / bin $ export PATH = ~ / bin: $ PATH
If you work in Windows, then there is an excellent tool for it called Virtual Ten Studio, which also accumulates all these tools (including apktool itself), but instead of the CLI interface provides the user with an intuitive graphical interface with which you can perform operations on unpacking, disassembling and decompilation in a few clicks. This tool is Donation-ware, that is, sometimes there are windows offering to obtain a license, but this, in the end, can be tolerated. It makes no sense to describe it, because you can understand the interface in a few minutes. But apktool, due to its console nature, should be discussed in more detail.
Let's take a look at the apktool options. In short, there are three main commands: d (decode), b (build), and if (install framework). If everything is clear with the first two commands, then what does the third, conditional operator do? It unpacks the specified UI framework, which is needed when you dissect any system package.
Let's consider the most interesting options of the first command:
- -s- do not disassemble dex files;
- -r- do not unpack resources;
- -b- do not insert debug information into the results of disassembling the dex file;
- --frame-path- use the specified UI framework instead of the one built into apktool. Now let's look at a couple of options for the b command:
- -f- forced assembly without checking changes;
- -a- we specify the path to aapt (a tool for building an APK archive), if for some reason you want to use it from another source.
Using apktool is very simple, for this you just need to specify one of the commands and the path to the APK, for example:
$ apktool d mail.apk
After that, all the extracted and disassembled package files will appear in the mail directory.
Dissection. Disable ads
Theory is, of course, good, but why is it needed if we do not know what to do with the unpacked package? Let's try to apply the theory to our advantage, namely, modify some software so that it does not show us ads. For example, let it be Virtual Torch - a virtual torch. For us, this software is perfect because it is stuffed to the eyeballs with annoying ads and, moreover, is simple enough not to get lost in the jungle of code.
So, using one of the above methods, download the application from the market. If you decided to use Virtuous Ten Studio, just open the APK file in the application and unpack it, for which create a project (File -> New project), then select Import File from the project context menu. If your choice fell on apktool, then it is enough to execute one command:
$ apktool d com.kauf.particle.virtualtorch.apk
After that, a file tree similar to the one described in the previous section will appear in the com.kauf.particle.virtualtorch directory, but with an additional smali directory instead of dex files and an apktool.yml file. The first contains the disassembled code of the executable dex file of the application, the second contains the service information needed by apktool to build the package back.
The first place we should look is, of course, AndroidManifest.xml. And here we immediately meet the following line:
As you might guess, she is responsible for granting the application permission to use the Internet connection. In fact, if we just want to get rid of ads, we will most likely need to disable the Internet for the application. Let's try to do this. We delete the specified line and try to build the software using apktool:
$ apktool b com.kauf.particle.virtualtorch
The resulting APK file will appear in the com.kauf.particle.virtualtorch / build / directory. However, you will not be able to install it, since it does not have a digital signature and file checksums (it simply does not have the META-INF / directory). We need to sign the package using the apk-signer utility. Launched. The interface consists of two tabs - on the first (Key Generator) we create keys, on the second (APK Signer) we sign. To create our private key, fill in the following fields:
- Target File- the output file of the keystore; it usually contains one key pair;
- Password and Confirm- password for the storage;
- Alias- the name of the key in the repository;
- Alias password and Confirm- secret key password;
- Validity- validity period (in years). The default is optimal.
The rest of the fields are generally optional - but at least one must be filled in.
WARNING
To sign an application using apk-signer, you must install the Android SDK and specify the full path to it in the application settings.
All information is provided for informational purposes only. Neither the editorial board nor the author is responsible for any possible harm caused by the materials of this article.
Now you can sign the APK with this key. On the APK Signer tab, select the newly generated file, enter the password, key alias and password to it, then find the APK file and boldly press the "Sign" button. If all goes well, the package will be signed.
INFO
Since we signed the package with our own key, it will conflict with the original application, which means that when we try to update the software through the market, we will receive an error.
A digital signature is required only for third-party software, so if you are modifying system applications that are installed by copying them to the / system / app / directory, then you do not need to sign them.
After that, we drop the package onto a smartphone, install and launch it. Voila, ads are gone! Instead, however, a message appeared that we do not have the Internet or do not have the appropriate permissions. In theory, this could be enough, but the message looks annoying, and, to be honest, we were just lucky with a dumb app. A normally written software will most likely clarify its powers or check for an Internet connection and otherwise simply refuse to start. How to be in this case? Of course, edit the code.
Typically, application authors create special classes for displaying advertisements and call methods of these classes during application launch or one of its "activities" (to put it simply, application screens). Let's try to find these classes. We go to the smali directory, then com (org contains only the open graphics library cocos2d), then kauf (exactly there, because this is the name of the developer and all his code is there) - and here it is, the marketing directory. Inside we find a bunch of files with the smali extension. These are classes, and the most notable of them is the Ad.smali class, by the name of which it is easy to guess what exactly it displays ads.
We could change the logic of its operation, but it would be much easier to remove calls to any of its methods from the application itself. Therefore, we leave the marketing directory and go to the adjacent particle directory, and then to virtualtorch. The MainActivity.smali file deserves special attention here. This is a standard Android class that is created by the Android SDK and set as the entry point to the application (analogous to the main function in C). Open the file for editing.
Inside is the smali (local assembler) code. It is quite confusing and difficult to read due to its low-level nature, so we will not study it, but simply find all references to the Ad class in the code and comment them out. We drive in the line "Ad" in the search and find ourselves on line 25:
Field private ad: Lcom / kauf / marketing / Ad;
This is where an ad field is created to hold an object of class Ad. Commenting by placing the ### sign in front of the line. We continue to search. Line 423:
New-instance v3, Lcom / kauf / marketing / Ad;
This is where the object is created. We comment. We continue the search and find in lines 433, 435, 466, 468, 738, 740, 800 and 802 calls to the methods of the Ad class. We comment. Look like that's it. We save. Now you need to put the package back together and check its performance and the presence of ads. For the purity of the experiment, we return the string deleted from AndroidManifest.xml, collect the package, sign and install.
Our guinea pig. Advertising visible 
Oops! Advertising disappeared only while the application was running, but remained in the main menu, which we see when we launch the software. So, wait, but the entry point is the MainActivity class, and the ads disappeared while the application was running, but remained in the main menu, so the entry point is different? To identify the true entry point, reopen the AndroidManifest.xml file. And yes, it has the following lines:
They tell us (and more importantly, the android) that an activity named Start should be launched in response to the generation of an intent (event) android.intent.action.MAIN from the android.intent.category.LAUNCHER category. This event is generated when tapping on the application icon in the launcher, so it defines the entry point, namely the Start class. Most likely, the programmer first wrote an application without a main menu, the entry point to which was the standard MainActivity class, and then added a new window (activity) containing the menu and described in the Start class, and manually made it the entry point.
Open the Start.smali file and again look for the line "Ad", find in lines 153 and 155 the mention of the FirstAd class. It is also in the source code and, judging by the name, is precisely responsible for displaying ads on the main screen. We look further, there is a creation of an instance of the FirstAd class and an intent, according to the context related to this instance, and then the cond_10 label, the conditional transition to which is carried out exactly before creating an instance of the class:
If-ne p1, v0,: cond_10 .line 74 new-instance v0, Landroid / content / Intent; ...: cond_10
Most likely, the program somehow randomly calculates whether to show ads on the main screen, and if not, jumps straight to cond_10. Ok, let's simplify her task and replace the conditional jump with an unconditional one:
# if-ne p1, v0,: cond_10 goto: cond_10
There are no more references to FirstAd in the code, so close the file and reassemble our virtual torch using apktool. Copy it to your smartphone, install it, launch it. Voila, all ads have disappeared, and congratulations to all of us.
Outcomes
This article is just a brief introduction to the techniques for cracking and modifying Android applications. Many issues remained behind the scenes, such as removing protection, parsing obfuscated code, translating and replacing application resources, as well as modifying applications written using the Android NDK. However, having basic knowledge, it is only a matter of time to understand all this.
