1
00:00:00,360 --> 00:00:01,290
‫Instructor: Hi.

2
00:00:01,290 --> 00:00:02,610
‫Within this lecture,

3
00:00:02,610 --> 00:00:06,618
‫we're gonna take a look at Dalvik bytecode,

4
00:00:06,618 --> 00:00:08,490
‫and we will try to understand how it works

5
00:00:08,490 --> 00:00:10,110
‫and how we can change it,

6
00:00:10,110 --> 00:00:15,110
‫and how we can build an APK manipulated APK after all.

7
00:00:15,630 --> 00:00:16,830
‫Okay?

8
00:00:16,830 --> 00:00:18,957
‫So, this is our Dalvik bytecode,

9
00:00:18,957 --> 00:00:23,010
‫and as you can see, it starts with the class name.

10
00:00:23,010 --> 00:00:25,350
‫Actually it is our package name,

11
00:00:25,350 --> 00:00:29,247
‫so com.atilsam.myreverseapp,

12
00:00:29,247 --> 00:00:31,770
‫and after that we see the source name

13
00:00:31,770 --> 00:00:35,460
‫which is MainActivity.java, in our case.

14
00:00:35,460 --> 00:00:39,600
‫So if you see MainActivity.KT for example,

15
00:00:39,600 --> 00:00:41,853
‫it will be a Kotlin file as well.

16
00:00:43,076 --> 00:00:45,780
‫But it wouldn't matter very much in this case,

17
00:00:45,780 --> 00:00:49,830
‫since we are actually seeing Dalvik bytecode.

18
00:00:49,830 --> 00:00:53,850
‫So we are going to see some methods after all,

19
00:00:53,850 --> 00:00:57,000
‫like direct methods and virtual methods.

20
00:00:57,000 --> 00:01:01,560
‫So over here, we will see some similar things

21
00:01:01,560 --> 00:01:04,920
‫that we have seen in Java as well.

22
00:01:04,920 --> 00:01:06,420
‫What do I mean?

23
00:01:06,420 --> 00:01:10,380
‫I mean the method names, for example.

24
00:01:10,380 --> 00:01:13,860
‫You will see onCreate method over here, like this.

25
00:01:13,860 --> 00:01:16,230
‫So this is the same onCreate method

26
00:01:16,230 --> 00:01:18,540
‫that we used to see in Java.

27
00:01:18,540 --> 00:01:20,040
‫Remember what onCreate does?

28
00:01:20,040 --> 00:01:23,040
‫It's first method to be called

29
00:01:23,040 --> 00:01:25,140
‫when an activity is created.

30
00:01:25,140 --> 00:01:28,800
‫So whatever is writing over here happens

31
00:01:28,800 --> 00:01:31,323
‫actually even before user sees it.

32
00:01:33,474 --> 00:01:36,090
‫So we can understand what's happening over here

33
00:01:36,090 --> 00:01:39,120
‫by looking at these hints, like this.

34
00:01:39,120 --> 00:01:42,270
‫For example, locals three means

35
00:01:42,270 --> 00:01:45,600
‫that we have three local variables,

36
00:01:45,600 --> 00:01:49,380
‫we have three variables under our onCreate.

37
00:01:49,380 --> 00:01:51,330
‫So you don't have to do this,

38
00:01:51,330 --> 00:01:54,960
‫but I'm going to open my Dalvik bytecode

39
00:01:54,960 --> 00:01:58,383
‫and I'm going to open my Android Studio as well.

40
00:01:59,281 --> 00:02:00,630
‫And side by side, we will have the chance

41
00:02:00,630 --> 00:02:03,780
‫to compare the codes to follow

42
00:02:03,780 --> 00:02:05,760
‫and see what's going on.

43
00:02:05,760 --> 00:02:08,880
‫For example, over here we'll see onCreate,

44
00:02:08,880 --> 00:02:11,130
‫and we see the bundle,

45
00:02:11,130 --> 00:02:13,740
‫and it's called savedInstanceState.

46
00:02:13,740 --> 00:02:15,930
‫There is a variable over here,

47
00:02:15,930 --> 00:02:17,970
‫it is savedInstanceState.

48
00:02:17,970 --> 00:02:21,690
‫And we can actually see that savedInstanceState

49
00:02:21,690 --> 00:02:24,240
‫in Dalvik bytecode as well.

50
00:02:24,240 --> 00:02:27,750
‫In fact, we see everything that is going on over here

51
00:02:27,750 --> 00:02:30,750
‫converted into Dalvik bytecode.

52
00:02:30,750 --> 00:02:35,010
‫So I'm going to open this side by side, like this.

53
00:02:35,010 --> 00:02:35,843
‫Okay?

54
00:02:35,843 --> 00:02:38,280
‫So let me make this a little bit smaller.

55
00:02:38,280 --> 00:02:43,143
‫So over here, you can actually see the line numbers as well.

56
00:02:45,750 --> 00:02:46,830
‫So here it says that, yeah,

57
00:02:46,830 --> 00:02:49,590
‫savedInstanceState is a parameter,

58
00:02:49,590 --> 00:02:53,010
‫and then after all you can see

59
00:02:53,010 --> 00:02:57,870
‫line 12, line 13, line 16, line 17.

60
00:02:57,870 --> 00:02:58,860
‫Okay?

61
00:02:58,860 --> 00:03:02,220
‫So over here, you can understand

62
00:03:02,220 --> 00:03:04,140
‫by looking at this that

63
00:03:04,140 --> 00:03:06,720
‫yeah, this is a variable and this is a parameter

64
00:03:06,720 --> 00:03:11,133
‫that has been passed into some kind of functional method.

65
00:03:12,150 --> 00:03:15,270
‫Maybe you cannot understand everything

66
00:03:15,270 --> 00:03:18,210
‫when you are reading Dalvik bytecode,

67
00:03:18,210 --> 00:03:21,510
‫but surely you will get some idea.

68
00:03:21,510 --> 00:03:22,560
‫For example,

69
00:03:22,560 --> 00:03:25,860
‫let's go over here where you can see

70
00:03:25,860 --> 00:03:28,770
‫there's something called cast.

71
00:03:28,770 --> 00:03:33,770
‫Like in this case, in line 16 and 17,

72
00:03:34,050 --> 00:03:38,520
‫you see the local v0, which is TextView.

73
00:03:38,520 --> 00:03:39,353
‫Okay?

74
00:03:39,353 --> 00:03:42,348
‫Then you can understand that there

75
00:03:42,348 --> 00:03:45,693
‫is a TextView definition going on in this case.

76
00:03:46,680 --> 00:03:51,660
‫And it's the same thing for line 16 and line 17.

77
00:03:51,660 --> 00:03:52,890
‫As you can see,

78
00:03:52,890 --> 00:03:54,333
‫we used findViewByID,

79
00:03:55,560 --> 00:03:58,860
‫and we are calling view class

80
00:03:58,860 --> 00:04:01,980
‫and we are defining them as variables.

81
00:04:01,980 --> 00:04:02,880
‫Okay?

82
00:04:02,880 --> 00:04:06,060
‫And this is clearly a TextView.

83
00:04:06,060 --> 00:04:09,130
‫So in line 16 we are defining a TextView,

84
00:04:09,130 --> 00:04:13,053
‫in line 17, we are defining a TextView as well.

85
00:04:14,250 --> 00:04:18,240
‫And after that, obviously we are going

86
00:04:18,240 --> 00:04:21,453
‫to change the TextView texts.

87
00:04:22,440 --> 00:04:26,520
‫So you can actually follow along with the lines,

88
00:04:26,520 --> 00:04:29,580
‫like line 19, line 20, over here

89
00:04:29,580 --> 00:04:32,430
‫to see your version as well.

90
00:04:32,430 --> 00:04:36,000
‫Maybe you have used some different text,

91
00:04:36,000 --> 00:04:37,860
‫other than Hello World.

92
00:04:37,860 --> 00:04:40,405
‫But as you can see, we can see the Hello World

93
00:04:40,405 --> 00:04:43,860
‫and Hello World2, in this case, over here.

94
00:04:43,860 --> 00:04:48,330
‫And they are defined as some constant strings.

95
00:04:48,330 --> 00:04:50,520
‫So when you see a cast,

96
00:04:50,520 --> 00:04:54,210
‫it means that there is some kind of variable going on

97
00:04:54,210 --> 00:04:56,433
‫inside of Dalvik bytecode.

98
00:04:57,270 --> 00:04:59,910
‫So maybe we can manipulate this variable,

99
00:04:59,910 --> 00:05:01,830
‫maybe we can change it

100
00:05:01,830 --> 00:05:06,240
‫so that we can actually change the app itself.

101
00:05:06,240 --> 00:05:09,090
‫And I get your point at this moment,

102
00:05:09,090 --> 00:05:10,920
‫most probably you're thinking that,

103
00:05:10,920 --> 00:05:13,260
‫yeah, maybe we can make some sense

104
00:05:13,260 --> 00:05:15,120
‫out of this Dalvik bytecode,

105
00:05:15,120 --> 00:05:16,950
‫but it's very hard to understand,

106
00:05:16,950 --> 00:05:19,950
‫and it's very hard to write.

107
00:05:19,950 --> 00:05:20,970
‫Right?

108
00:05:20,970 --> 00:05:24,120
‫So yeah, it's very hard to write,

109
00:05:24,120 --> 00:05:27,480
‫and it is not for writing over here,

110
00:05:27,480 --> 00:05:29,130
‫it's just for converting

111
00:05:29,130 --> 00:05:31,260
‫Java source code into Dalvik bytecode

112
00:05:31,260 --> 00:05:35,520
‫so we can actually run it in the Dalvik virtual machine

113
00:05:35,520 --> 00:05:39,032
‫in an Android operating system.

114
00:05:39,032 --> 00:05:43,050
‫However, you have to learn the basics,

115
00:05:43,050 --> 00:05:46,800
‫or you have to have a cheat sheet like this, for example,

116
00:05:46,800 --> 00:05:49,440
‫in order to understand it better.

117
00:05:49,440 --> 00:05:52,680
‫Most of the time, you will change at most,

118
00:05:52,680 --> 00:05:55,020
‫one or two lines in Dalvik bytecode

119
00:05:55,020 --> 00:05:56,433
‫in order to manipulate it.

120
00:05:57,330 --> 00:05:59,610
‫But you have to know the basics,

121
00:05:59,610 --> 00:06:04,290
‫and I found a very good cheat sheet online,

122
00:06:04,290 --> 00:06:07,230
‫and I will share this link with you

123
00:06:07,230 --> 00:06:09,630
‫on the resources of this lecture

124
00:06:09,630 --> 00:06:14,430
‫so that you can refer to this list whenever you are in need.

125
00:06:14,430 --> 00:06:17,370
‫That's exactly what I'm doing in my daily life

126
00:06:17,370 --> 00:06:20,850
‫when I try to decompile an APK.

127
00:06:20,850 --> 00:06:24,390
‫I open this Dalvik bytecode cheat sheet

128
00:06:24,390 --> 00:06:29,160
‫and I actually refer to these operation code names

129
00:06:29,160 --> 00:06:31,470
‫and operation explanations.

130
00:06:31,470 --> 00:06:34,920
‫For example, move vx vy means

131
00:06:34,920 --> 00:06:39,613
‫that moves the content of vy into vx.

132
00:06:40,800 --> 00:06:43,740
‫So if you can scroll down a little bit,

133
00:06:43,740 --> 00:06:46,290
‫you can see that constants' over here as well,

134
00:06:46,290 --> 00:06:49,290
‫like what I have been talking about, like this.

135
00:06:49,290 --> 00:06:52,020
‫So this is constant 16,

136
00:06:52,020 --> 00:06:56,550
‫and it's kind of putting the 16 bit constant

137
00:06:56,550 --> 00:07:00,360
‫into some register called vx.

138
00:07:00,360 --> 00:07:05,280
‫And you can see this constant strings, constant integers,

139
00:07:05,280 --> 00:07:08,643
‫and other variables, other data types as well.

140
00:07:09,780 --> 00:07:11,940
‫And let me scroll down a little bit.

141
00:07:11,940 --> 00:07:14,550
‫For example, we see the constant string,

142
00:07:14,550 --> 00:07:16,230
‫we see new array.

143
00:07:16,230 --> 00:07:17,190
‫Okay?

144
00:07:17,190 --> 00:07:18,390
‫So these are things

145
00:07:18,390 --> 00:07:20,880
‫that we were seeing over here, right?

146
00:07:20,880 --> 00:07:25,560
‫Like constant string, cast v1,

147
00:07:25,560 --> 00:07:27,690
‫like invoke-virtual.

148
00:07:27,690 --> 00:07:30,510
‫So you can find what all of these things

149
00:07:30,510 --> 00:07:35,130
‫do in Dalvik bytecode by looking at over here.

150
00:07:35,130 --> 00:07:37,410
‫And you clearly understand

151
00:07:37,410 --> 00:07:40,170
‫that this is creating a constant string,

152
00:07:40,170 --> 00:07:42,540
‫this is creating a string variable

153
00:07:42,540 --> 00:07:44,400
‫over here, in this line,

154
00:07:44,400 --> 00:07:48,330
‫and we can actually change it in a way that we want.

155
00:07:48,330 --> 00:07:49,860
‫So this is very basic.

156
00:07:49,860 --> 00:07:51,960
‫We are finding a variable

157
00:07:51,960 --> 00:07:56,160
‫that we have to, or we want to manipulate,

158
00:07:56,160 --> 00:07:59,340
‫and we are trying to make some operations

159
00:07:59,340 --> 00:08:01,440
‫regarding to that variable.

160
00:08:01,440 --> 00:08:03,630
‫And we can do that for methods,

161
00:08:03,630 --> 00:08:07,260
‫and we can do that for more advanced things as well.

162
00:08:07,260 --> 00:08:10,500
‫And we will do that within this section, don't worry.

163
00:08:10,500 --> 00:08:12,120
‫But right now, I'm just trying

164
00:08:12,120 --> 00:08:15,780
‫to get you understand how Dalvik works

165
00:08:15,780 --> 00:08:20,550
‫and how you can actually refer to Dalvik codes

166
00:08:20,550 --> 00:08:21,903
‫when you are in need.

167
00:08:23,190 --> 00:08:28,140
‫So as a practice now, consider suppose that

168
00:08:28,140 --> 00:08:30,900
‫you actually have this APK,

169
00:08:30,900 --> 00:08:33,030
‫you opened it, you found

170
00:08:33,030 --> 00:08:35,440
‫that it shows Hello World and Hello World2

171
00:08:36,360 --> 00:08:37,890
‫in the TextViews.

172
00:08:37,890 --> 00:08:38,760
‫Okay?

173
00:08:38,760 --> 00:08:40,650
‫You don't even need Android Studio,

174
00:08:40,650 --> 00:08:44,700
‫right now, you only have APK, for example.

175
00:08:44,700 --> 00:08:45,630
‫Okay?

176
00:08:45,630 --> 00:08:49,290
‫And you want to change the TextViews,

177
00:08:49,290 --> 00:08:53,430
‫you want to change the text inside of TextViews.

178
00:08:53,430 --> 00:08:55,080
‫Of course, you can do that.

179
00:08:55,080 --> 00:08:56,970
‫You can come over here and delete it,

180
00:08:56,970 --> 00:08:58,710
‫and say Hello Dalvik,

181
00:08:58,710 --> 00:09:01,830
‫instead of Hello World, for example.

182
00:09:01,830 --> 00:09:04,020
‫And then you have to save it,

183
00:09:04,020 --> 00:09:06,180
‫and then you have to close this down.

184
00:09:06,180 --> 00:09:08,760
‫And make sure you don't change anything else,

185
00:09:08,760 --> 00:09:12,690
‫just the text inside of the double quotation marks,

186
00:09:12,690 --> 00:09:17,690
‫so that you don't break the code inside of Dalvik.

187
00:09:18,270 --> 00:09:21,510
‫And then the moment of truth

188
00:09:21,510 --> 00:09:24,840
‫is that we're going to recompile

189
00:09:24,840 --> 00:09:27,360
‫as we're going to compile, build this,

190
00:09:27,360 --> 00:09:29,430
‫rebuild these codes,

191
00:09:29,430 --> 00:09:34,430
‫so that we can create an APK out of the manipulated code.

192
00:09:34,620 --> 00:09:38,700
‫This is the basis for Android APK tool

193
00:09:38,700 --> 00:09:40,743
‫reverse engineering corporations,

194
00:09:41,604 --> 00:09:43,200
‫because we can decompile it,

195
00:09:43,200 --> 00:09:46,140
‫and the big thing is we can actually rebuild it

196
00:09:46,140 --> 00:09:48,000
‫whenever we want.

197
00:09:48,000 --> 00:09:49,320
‫That's what we're going to do

198
00:09:49,320 --> 00:09:51,333
‫within the next lecture.