Apk-Modding-challenge

30 small apks around 10-20Mb not >30

no time to do this shit

If your device architecture is old you might see this

most annoying thing 32bit users knew it xd

in order to remove that warning either build it from source or replace that string with empty space of same character length

1. extract apktool.jar using jar command
2. use xxd/hexdump to find offset of that string
3. use dd command for editing #note (exact offset needed otherwise consequences will be bad)
4. rebuild

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Goal - knowledge is must

• [x] Remove Ads
• [x] Bypass In-app purchase

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Requirements

• [x] Apktool

Inspired by Bin32, apkunpacker, euzada & many pro guys 🧠...

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Day 1

Resistor Color Code Calculator

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Solution

• Decompile the apk
• Use grep for searching stuffs
• Any text editor in my case i used vim coz its cool.
• using sed & awk is optional
• Modify the code
• Recompile

For this apk got some interesting stuffs from resource.arsc

• res/values/strings.xml: Premium User its corresponding hex Id 0x7f0e009b

• grep -ir 0x7f0e009b tmp --color

two methods

• Method 1

  • change boolean to TRUE by replacing move-result v3 to const/4 v3, 0x1

• Method 2

  • goto com/jedemm/resistorcalculator/App$a

  

  • replace sget-boolean to sput-boolean and add const/4 v0, 0x1 below .locals 1*

  • Recompile it using apktool

2nd

Solution

Unlocking Gold theme

• com/aefyr/sai/billing/DonationStatus.smali

• change if-ne to if-eq or if-ne p0 to if-eqz

  

Hide Support Sai

• com/aefyr/sai/ui/fragments/PreferencesFragment.smali

• change const/4 p2, 0x1 to const/4 p2, 0x0

  

3rd

nothing in resource.arsc instead found donated3 in smali*

• goto smali_classes2/com/silentlexx/ffmpeggui/config/Config.smali

  

  • search for string donated3 using vim regex
  • either change boolean false to true in getBool method or in getDonated method by changing move-result to const/4 and set it to true*
  • recompile it

For signing use Uber-apk-signer but Google play protect warns.

instead you may use my keystore to sign apk to stop Google play protect warnings 

4th

solution

• smali/com/smokyink/smokyinklibrary/pro/licence/DefaultFeatureManager.smali

• change nez to eqz. Samething can be achieved by removing condition
• recompile

Before

After

5

solution

• Decompile the apk

• search for this toast msg

• find its id

• search and change it

  

  

  • grep -r 0x7f1200fc --color

  

  

https://user-images.githubusercontent.com/62318734/160352852-c7507200-1cc0-4022-b347-927c5863ce6d.mp4

https://user-images.githubusercontent.com/62318734/160353280-dff1427f-0c2b-413f-ade6-9f6553f76078.mp4

if apk not installed remove unknown and META-INF folder before build

6

solution

• before decompile, remove framework apk to avoid unnecessary problems

https://user-images.githubusercontent.com/62318734/161417057-71ce779c-5c98-434a-81eb-30eaed67e33e.mp4

https://user-images.githubusercontent.com/62318734/161417127-ad03b382-0c3e-41e2-a7d4-0e7b4c588020.mp4

AstroTalk

bypassed via response manipulation

For demo

 https://github.com/dedshit/AstroTalk-PoC.git

PrepLadder

## SecretKey: 6120e6224d4127aee7d0b1f6a2d77d6e
## Mode: CBC
## KeySize: 256
## IV: 750e579bbdec194f

https://user-images.githubusercontent.com/62318734/225829000-2e060b1c-1cb7-48db-bd97-8fc3e17cd4e5.mp4

Business Standard

OTP bypass - Unintended disclosure of OTP to client leads to account takeover

Api : https://bsnodeapinew.business-standard.com/auth/signup-login-with-otp

AI Mate

https://github.com/dedshit/Apk-Modding-challenge/assets/62318734/f8444510-59e6-47d7-ae3a-812bf359eb27