Skip to content
sonyericssondev edited this page Apr 13, 2012 · 1 revision

Background

I want to get all the values and call stacks when a field is being written, In this case, we use FingerPaint in ApiDemo app from Android SDK sample to show how we get the values when someone modifying "private float mX, mY;" in MyView class. (it's more useful to get this kind of info on public fields. Anyways, it's just an example)

Step 1: get the application

  • create an eclipse project for ApiDemo (sdk\samples\android-7\ApiDemos)
  • build it and get the apk file in bin folder, e.g. sdk\samples\android-7\ApiDemos\bin\ApiDemos.apk

Step 2: get system libraries

  • because we are using the sample app from the SDK, we just use the corresponding android.jar to solve the class path, e.g. sdk\platforms\android-7\android.jar

Step 3 analyse and modify the app

  • launch the ApkAnalyser

  • File->Settings

    Configure ADB executable path in ApkAnalyser, e.g. C:\android-sdk-windows\tools\adb.exe

  • File->Set path

    Add android.jar, the file you get from Step 2

    Add ApiDemos.apk, the file you get from Step 1

1

  • File->Analyse...

Now, you may do any Dalvik Bytecode Injections as you want.

In this case, we just need the injections for all the field accesses on "private float mX, mY;" in MyView inner class in FingerPaint class, so...

The injections should be '''Print writing this field'''

  • Right click "FingerPaint$MyView" class -> Examine class

1

1

  • '''Note: this step is not nessary to do the modification'''

You may lookup the accesses of that field now, by Right click "private float mX;" -> Find Field accesses

1

Double click each entry of accesses will directly link to the bytecode accessing the field

1

  • Right click "private float mX;" -> Print writing this field

1

  • Right click "private float mY;" -> Print writing this field

  • Click "Close" to close the "Examine class" window

  • Modification->Perform bytecode modification

Now there should be a summary of all the class modified and the new APK file

1

Step 4 view the printouts

  • Prepare the phone. Start emulator or connect your device via usb cable.

Make sure your phone is the only one which connect to the ADB (you may check it with "adb devices"), because there is a limitation that ApkAnalyser only support one device, see Trouble Shooting

  • Click "Install and run", the modified app will be installed and launched automatically.

  • In this case, just launch "API Demos" -> "Graphics" -> "FingerPaint"

  • Click "S" button in the Console to remove all the outputs except our logs (in TAG "APKANALYSER")

  • You may touch the screen to see the logs, here is a snapshot

1

Clone this wiki locally