[mobile security technology]_ Android reverse 2

Posted by Cheers on Sun, 20 Feb 2022 05:15:46 +0100

User name and password verification task requirements

  1. Write a verification app to the next student. The app functions are as follows: if the user name and password are entered correctly, it will display "congratulations on your passing the authentication!", Otherwise, "verification failed!"

   2. After obtaining the app written by the last classmate, strive to break through the authentication of user and password, and let the app display "congratulations on passing the authentication!"

   scoring criteria: the next student did not break the app you wrote (plus 10 points), and broke the app written by the previous student (plus 5 points)

  the basic score is 80 points, including the description of APP programming and the analysis of the previous classmate's app.

app programming

   the function of app is login and verification. Consider using the login interface code written by the fourth task. Simply modify the code and add the verification function to the entered user name / password. Pack it and send it to your classmates.

  the effect diagram of successful login verification and failed verification is as follows.


  the experimental code is as follows:

	1.String file strings.xml: 
<resources>
    <string name="app_name">Four_Ui</string>
    <string name="xitong">Network access authentication system</string>
    <string name="username">Xiao Shen</string>
    <string name="passwd">come on.</string>
    <string name="in">Sign in</string>
    <string name="out">cancellation</string>
    <string name="input1">user name</string>
    <string name="input2">password</string>
</resources>


	2.Layout file activity_main.xml: 
	<LinearLayout
        android:layout_width="match_parent"
        android:layout_height="match_parent"
        android:orientation="horizontal">

        <TextView
            android:id="@+id/textView4"


            android:text="@string/input1"
            android:layout_width="70dp"
            android:layout_height="52dp"
            android:textSize="20dp"

            android:layout_marginTop="285dp"
            android:layout_marginLeft="20dp"


            tools:text="@string/input1" />

        <EditText
            android:id="@+id/input_username"


            android:layout_width="300dp"
            android:layout_height="52dp"


            android:hint="@string/username"
            android:layout_marginTop="280dp"
            android:inputType="text" />


    </LinearLayout>

    <LinearLayout
        android:orientation="vertical"
        android:layout_width="match_parent"
        android:layout_height="match_parent">


        <TextView
            android:id="@+id/title"
            android:layout_width="260dp"
            android:layout_height="50dp"

            android:text="@string/xitong"
            android:layout_marginTop="200dp"

            android:layout_gravity="center"
            android:textSize="30sp"
            android:textColor="#000000"/>

    </LinearLayout>

    <LinearLayout
        android:layout_width="match_parent"
        android:layout_height="match_parent"
        android:orientation="horizontal">

        <TextView
            android:id="@+id/in_pass"


            android:text="@string/input2"
            android:layout_width="70dp"
            android:layout_height="52dp"
            android:textSize="20dp"

            android:layout_marginTop="402dp"
            android:layout_marginLeft="20dp"


            tools:text="@string/input2" />



        <EditText
            android:id="@+id/password"
            android:layout_width="280dp"
            android:layout_height="52dp"


            android:ems="10"
            android:hint="@string/passwd"
            android:gravity="center_vertical"
            android:layout_marginTop="400dp"
            android:textSize="17sp"
            android:inputType="textPassword" />

    </LinearLayout>

    <LinearLayout
        android:layout_width="match_parent"
        android:layout_height="match_parent"
        android:orientation="horizontal"
        tools:layout_editor_absoluteX="411dp">

        <Button
            android:id="@+id/login_in"
            android:layout_width="100dp"
            android:layout_height="50dp"
            android:layout_marginTop="480dp"
            android:layout_marginLeft="80dp"
            android:background="@color/blue"
            android:text="@string/in" />

        <Button
            android:id="@+id/login_out"
            android:layout_width="100dp"
            android:layout_height="50dp"
            android:layout_marginLeft="50dp"
            android:layout_marginTop="480dp"
            android:background="@color/red"
            android:text="@string/out" />
    </LinearLayout>

	3.Main activity code MainActivity.java: 
	import androidx.appcompat.app.AppCompatActivity;

import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;

public class MainActivity extends AppCompatActivity {

    final String  username = "xiaoshen";
    final String  passwd = "nihaoya";
    final String right = "Congratulations to Xiao Shen for passing the verification!";
    final String wrong = "Verification failed, come on!";
    String input_username = "";
    String input_passwd = "";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        final EditText et1 = (EditText) findViewById(R.id.input_user);
        final EditText et2 = (EditText) findViewById(R.id.input_pass);


        Button mybutton_1 = (Button) findViewById(R.id.login_in);

        mybutton_1.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {
                // Click the button to pop up the text
                input_username = et1.getText().toString();
                input_passwd = et2.getText().toString();

                //Toast.makeText(MainActivity.this, "click successfully", toast. Length_short) show();

                Verify();

            }
        }
        );

        Button mybutton_2 = (Button) findViewById(R.id.login_out);

        mybutton_2.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {
                // Click the button to pop up the text
                //input_passwd = et2.getText().toString();
                Toast.makeText(MainActivity.this, "Please login and verify", Toast.LENGTH_SHORT).show();
            }
        }
        );


    }
    public void Verify() {
        if ((input_username.equals(username)) && input_passwd.equals(passwd)) {
            Toast.makeText(MainActivity.this, right, Toast.LENGTH_SHORT).show();
        } else {
            Toast.makeText(MainActivity.this, wrong, Toast.LENGTH_SHORT).show();
        }
    }
}
	4.color.xml Document content:
<?xml version="1.0" encoding="utf-8"?>
<resources>
    <color name="colorPrimary">#008577</color>
    <color name="colorPrimaryDark">#00574B</color>
    <color name="colorAccent">#D81B60</color>
    <color name="blue">#ff00ff</color>
    <color name="red">#ff0000</color>

</resources>

Reverse cracking of login function

  install and run the program written by the last student, check the operation effect, and output "verification failed".

		Execute decompile command: apktool d app-debug.apk
		The main code of the program is located in smail/come/example/four catalogue

   open the compiled app debug using Android Studio and check the mainactivity $1 in the four directory Smail, find a Unicode character and decrypt it. It can be seen that it is the prompt information for verification.


  two ways to crack: 1 Find the embedded user name / password through code audit.
2. By modifying key statements, change the program execution process or execution content, so as to bypass verification.

   mode 1, the key code is as follows. It can be verified that the user name / password is Zhang/xl.

.local v1, "text2":Landroid/widget/TextView;
    invoke-virtual {v0}, Landroid/widget/TextView;->getText()Ljava/lang/CharSequence;

.local v2, "str1":Ljava/lang/String;
    invoke-virtual {v1}, Landroid/widget/TextView;->getText()Ljava/lang/CharSequence;

.local v3, "str2":Ljava/lang/String;
    const-string v4, "Zhang"

invoke-virtual {v2, v4}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

const-string v6, "xl"

    invoke-virtual {v4, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   method 2: modify the judgment statement at the key points, use the following code executed after judging that the user name / password is correct, replace the code with the wrong user name / password, and execute the code when the input is correct regardless of right or wrong:

iget-object v4, p0, Lcom/example/four/MainActivity$1;->this$0:Lcom/example/four/MainActivity;

    const-string v6, "\u606d\u559c\u4f60\u901a\u8fc7\u9a8c\u8bc1\uff01"

    invoke-static {v4, v6, v5}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

   save after modification, compile the folder, and find the compiled apk file in the dist directory after compilation. Sign the apk file, download and install. At this time, entering any password will have the effect of successful verification.
(Note: the program sent by students will output "verification failure" in case of error, and the program will flash back in case of successful verification)

	Recompile command: apktool b apk-debug
	
	Generate key file:
keytool -genkey -alias my.keystore -keyalg RSA -validity 20000 -keystore my.keystore

	Use key file pair apk Sign the document:
jarsigner -verbose -keystore my.keystore -signedjar app-debug-signed.apk app-debug.apk my.keystore

reference resources

   Android from development to reverse (I) login demo reverse cracking, 2019-09
https://www.imooc.com/article/292504