modifying .smali files

android apk logcat smali
27,196

Solution 1

The actual code to call Log.e() is fairly simple. It would involve something like:

const-string v0, "MyTag"
const-string v1, "Something to print"
# assuming you have an exception in v2...
invoke-static {v0, v1, v2}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I

However, You have to be careful with what registers you use. You don't want to clobber a register that has a value that will be used later.

So you have 2 options:

  1. Find "safe" unused registers, and use those (can be tricky)
  2. Increase the register count of the method, and use the newly created registers

For number 2, the only gotcha is that the new registers aren't at the end of the register range - they're actually just before the parameter registers.

For example, let's take a method that has 5 registers total (.registers 5), 3 of which are parameter registers. So you have v0 and v1 which are non-param registers, and p0-p2 which are the 3 parameter registers, and are aliases for v2-v4.

If you need to add an additional 2 registers, you would bump it up to .registers 7. The parameter registers stay at the end of the register range, so p0-p2 are now aliased to v4-v6, and v2 and v3 are the new registers that are safe to use.

Solution 2

A comment on registers that was too large for a comment to JesusFreke's answer. It is worth mentioning that if you have .local directives instead of .register directives, the number scheme will be different. Roughly speaking, the directives relate in the following manner:

.registers = .locals + NUMBER_OF_PARAMETERS

So if you have a function that has 4 parameters and uses 3 more registers the directives that could show up are .registers 7 or .locals 3.

And you will get the registers setup as follows:

v0
v1
v2
v3 <==> p0
v4 <==> p1
v5 <==> p2
v6 <==> p3

Source: https://github.com/JesusFreke/smali/wiki/Registers

Solution 3

One of the simpler ways to add smali code, is to write the java code in a test android app. Disassemble using apktool. Look at the smali files to identify the smali code and use it for injecting into other apps that you have disassembled.

Download apktool here : http://ibotpeaches.github.io/Apktool/

Solution 4

Another option which I am using all the time and I've created a FileWritter.java class for such purpose is to have your favorite IDEA open (Intellij/Android Studio), download the Java2Smali plugin for the correct IDEA and run the plugin.

In short :

  • Open your AndroidStudio/Intellij
  • Go to File/Settings
  • Tap on the search bar and search for "Plugins"
  • After you land on the plugins UI be sure to be on the "MarketPlace" tab there
  • Search for java2smali, install it and relaunch the IDEA

Here is the link to java2smali plugin

How to use?

  • Write you code in Java (Be advised to write in Java not in Kotlin as if you try to decompile it to smali you will get extra code from Kotlin->Java which the app you have decompiled might not support, for instance the app might be written in Java or might not include any Kotlin libraries)
  • After you have written the code you want to convert to smali click on Build/Compile To Smai
  • You will BE automatically redirected to compiled Smali code (That Smali code will be generated in your project next to the original Java code)
  • From this point do whatever you want, you can either look inside the compiled Smali file and find the line where your desired code is invoked or implement the whole Smali file as you wish.

======================================================================== Cheers!

Share:
27,196

Related videos on Youtube

P basak
Author by

P basak

Updated on July 09, 2022

Comments

  • P basak
    P basak almost 2 years

    I reverse engineered some android apks to add some instrumentation for functional testing. I want to know given an smali as following how can I add something like 

    Log.e(TAG, "some descritpion", e);

    to each method in the .smali files.

    .class public Ld;
.super Landroid/view/View;
.source "SourceFile"


# instance fields
.field a:Z

.field b:Lcom/rovio/ka3d/App;


# direct methods
.method public constructor <init>(Lcom/rovio/ka3d/App;)V
    .locals 2
    .parameter

    .prologue
    const/4 v1, 0x1

    .line 317
    invoke-direct {p0, p1}, Landroid/view/View;-><init>(Landroid/content/Context;)V

    .line 313
    const/4 v0, 0x0

    iput-boolean v0, p0, Ld;->a:Z

    .line 314
    const/4 v0, 0x0

    iput-object v0, p0, Ld;->b:Lcom/rovio/ka3d/App;

    .line 318
    iput-object p1, p0, Ld;->b:Lcom/rovio/ka3d/App;

    .line 319
    invoke-virtual {p0, v1}, Ld;->setFocusable(Z)V

    .line 320
    invoke-virtual {p0, v1}, Ld;->setFocusableInTouchMode(Z)V

    .line 321
    return-void
.end method


# virtual methods
.method public a(Z)V
    .locals 4
    .parameter

    .prologue
    const/4 v3, 0x0

    .line 325
    invoke-virtual {p0}, Ld;->getContext()Landroid/content/Context;

    move-result-object v0

    const-string v1, "input_method"

    invoke-virtual {v0, v1}, Landroid/content/Context;->getSystemService(Ljava/lang/String;)Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Landroid/view/inputmethod/InputMethodManager;

    .line 326
    invoke-virtual {p0}, Ld;->getWindowToken()Landroid/os/IBinder;

    move-result-object v1

    invoke-virtual {v0, v1, v3}, Landroid/view/inputmethod/InputMethodManager;->hideSoftInputFromWindow(Landroid/os/IBinder;I)Z

    .line 327
    if-eqz p1, :cond_0

    .line 329
    invoke-virtual {p0}, Ld;->getWindowToken()Landroid/os/IBinder;

    move-result-object v1

    const/4 v2, 0x2

    invoke-virtual {v0, v1, v2, v3}, Landroid/view/inputmethod/InputMethodManager;->toggleSoftInputFromWindow(Landroid/os/IBinder;II)V

    .line 330
    invoke-virtual {p0}, Ld;->requestFocus()Z

    .line 333
    :cond_0
    iput-boolean p1, p0, Ld;->a:Z

    .line 334
    return-void
.end method

.method public onCreateInputConnection(Landroid/view/inputmethod/EditorInfo;)Landroid/view/inputmethod/InputConnection;
    .locals 3
    .parameter

    .prologue
    .line 343
    new-instance v0, La;

    iget-object v1, p0, Ld;->b:Lcom/rovio/ka3d/App;

    const/4 v2, 0x0

    invoke-direct {v0, v1, p0, v2}, La;-><init>(Lcom/rovio/ka3d/App;Landroid/view/View;Z)V

    .line 345
    const/4 v1, 0x0

    iput-object v1, p1, Landroid/view/inputmethod/EditorInfo;->actionLabel:Ljava/lang/CharSequence;

    .line 350
    const v1, 0x80090

    iput v1, p1, Landroid/view/inputmethod/EditorInfo;->inputType:I

    .line 351
    const/high16 v1, 0x1000

    iput v1, p1, Landroid/view/inputmethod/EditorInfo;->imeOptions:I

    .line 352
    return-object v0
.end method
  • JstnPwll
    JstnPwll almost 9 years
    This explains why my efforts would sometimes inexplicably cause a crash. Thanks!
  • GeekyDeaks
    GeekyDeaks over 8 years
    This is a great concise answer, but I think there is a small typo at the end of the invoke-static and it needs a ; after Ljava/lang/Throwable

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Decompile .smali files on an APK
how to reduce apk filesize for flutter build apk?
version code shows different from local.properties file when l install the app on the real device
Why am I seeing EGL_emulation app_time_stats in the log when running on an Android 12 emulator?
Error while installing release version of Flutter app on Android 12 : "Parse Error : There was a problem parsing the package"
Mac OS Flutter build appbundle failed: Invalid keystore format
Flutter build apk error: Execution failed for task ':app:compileFlutterBuildRelease'
Location permission declaration needs to be updated even after removed permission - App Content - Reject Google Play Console
flutter apk test on my friends' android devices
How to automatically update a Flutter Mobile app to newer version when the application is not on play store or app store?