Modify any “External Android library/Aar/Jar” Using Jadx (Java Decompiler) and Recaf (ByteCode Editor)
Hi everyone this is a tutorial how to create modified external android library, before going to give the step by step guide to do this. let us first briefly understand what is Android External Library,Jadx and Recaf.
Android External Library:
An external library in Android Studio is a very common thing. there are many ways we could add external library in our app according to achieve some kind of functionality. It could be Adding Gradle Dependency or Adding .jar/.aar Dependency or Adding dependency as a module. In this blog I will use adding aar/jar file Method.
Jadx (Java decompiler):
Command line and GUI tools for producing Java source code from Android Dex and Apk/jar/aar files.
Main features:
- decompile Dalvik bytecode to java classes from APK, dex, aar and zip files
- decode
AndroidManifest.xmland other resources fromresources.arsc - deobfuscator included
We will use it for static analysis of library.
Recaf (Modern Bytecode editor):
Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications. To make things easier Recaf abstracts away much of the internal class file format. Difficult tasks such as updating stack-frames are done automatically. Along with additional features to assist in the process of editing classes, Recaf is the most feature-rich free bytecode editor available.
We will use it for changing editing bytecodes.
Step 0 — set up the environment
System Tools
- Jadx-GUI
- Recaf
android phone
- android device (in my case Motorolla with android 7.1) or android emulator with android 4.4.4 to 8.1
- Run and test application.
Step 1 — Unzip aar file
You can find my hello-jni.aar here:https://github.com/AKASHCHAURASIA/Hello-jni_aar
#Here I had used hello-jni.aar which gives string from JNI (Java Native Interface)
#unzip the library# unzip hello-jni.aar -d hello
# cd hello
#output: you can see classes.jar file in hello folder
Step 2 — Static analysis of classes.jar file using jadx-gui
# Here we will try to figure out the way we could modified the string output coming from JNI.We found we can change setText input parameter which is calling by OnCreate function.
Lets change it :)
Step 3— Open Recaf and load classes.jar from hello folder
Go to Hellojni class and open OnCreate function.lets see how it can be changed so for that you have to understand bytecode instructions.
Anyone can learn it from here https://www.coley.software/Recaf/doc-instructions.html
Step 4: Change input parameter of setText function and create mod-classes.jar file
I did this change using basic understanding of the function. so I know setText function will char-sequence/string as input parameter. I did this using LDC instruction:push a constant value (String, int, float, Class, or Handle) onto the stack.
So Recaf has Cool export modified jar file feature. we will use it and create mod-classes.jar file and Check it in Jadx-gui.
Step 5: Zip the unzip hello folder and create modified aar file.
# cp mod-classes.jar hello/classes.jarRepacking it to use in any android app#jar cvf mod-Hello-jni.aar -C hello/ .
#output: mod-Hello-jni.aar # build sample application using that library and test it
You can extend this approach to change any functionality of android application:D
Thanks ! Happy Reversing and Hacking
