1
00:00:00,540 --> 00:00:02,430
‫Instructor: Hi, within this lecture,

2
00:00:02,430 --> 00:00:04,800
‫we are going to see how we can build

3
00:00:04,800 --> 00:00:08,700
‫this newly manipulated app that we have created

4
00:00:08,700 --> 00:00:10,980
‫and then we are going to see how we can set it up

5
00:00:10,980 --> 00:00:13,530
‫so that it can be run on any device,

6
00:00:13,530 --> 00:00:16,050
‫any Android device, okay?

7
00:00:16,050 --> 00:00:20,010
‫So the big thing about APK tool is that we can rebuild it,

8
00:00:20,010 --> 00:00:21,570
‫as I said before.

9
00:00:21,570 --> 00:00:24,450
‫So we have changed the Dalvik bytecodes.

10
00:00:24,450 --> 00:00:26,400
‫We only changed the tax right now

11
00:00:26,400 --> 00:00:29,490
‫but we could have changed the whole method as well.

12
00:00:29,490 --> 00:00:32,130
‫And we are going to do that within following lectures.

13
00:00:32,130 --> 00:00:35,640
‫We are going to hack into a game, for example,

14
00:00:35,640 --> 00:00:37,260
‫and we are going to manipulate the game

15
00:00:37,260 --> 00:00:38,850
‫in a way that we want.

16
00:00:38,850 --> 00:00:42,150
‫But right now we just change a text.

17
00:00:42,150 --> 00:00:44,700
‫Now, in order to build this,

18
00:00:44,700 --> 00:00:49,140
‫we are going to use the app debug folder over here

19
00:00:49,140 --> 00:00:51,840
‫and we are going to use APK tool.

20
00:00:51,840 --> 00:00:53,400
‫Make sure you are on desktop

21
00:00:53,400 --> 00:00:58,020
‫or your downloads wherever your app debug folder is.

22
00:00:58,020 --> 00:01:02,970
‫We are going to say APK tool and this time help.

23
00:01:02,970 --> 00:01:07,590
‫Why? Because maybe you don't know how to use APK tool.

24
00:01:07,590 --> 00:01:10,320
‫You can read the documentation if you want.

25
00:01:10,320 --> 00:01:12,750
‫You can actually go into the GitHub page

26
00:01:12,750 --> 00:01:17,070
‫of APK tool as well to find about more information.

27
00:01:17,070 --> 00:01:19,380
‫But I'm gonna show you

28
00:01:19,380 --> 00:01:20,213
‫the

29
00:01:20,213 --> 00:01:21,046
‫comment

30
00:01:21,046 --> 00:01:23,640
‫in a very direct way because it's very easy.

31
00:01:23,640 --> 00:01:27,390
‫All you have to do is just hit B rather than D

32
00:01:27,390 --> 00:01:30,300
‫D for decompile and B for build

33
00:01:30,300 --> 00:01:34,110
‫and write app debug or your folder name.

34
00:01:34,110 --> 00:01:37,140
‫So rather than apk, I'm just writing app debug.

35
00:01:37,140 --> 00:01:39,060
‫Even, I'm going to delete it so

36
00:01:39,060 --> 00:01:42,540
‫it won't get very confusing for you.

37
00:01:42,540 --> 00:01:45,750
‫We just have this app debug folder, okay,

38
00:01:45,750 --> 00:01:47,610
‫we're working with that.

39
00:01:47,610 --> 00:01:48,516
‫We can add

40
00:01:48,516 --> 00:01:49,516
‫-: o

41
00:01:49,516 --> 00:01:50,520
‫to

42
00:01:50,520 --> 00:01:51,353
‫specify

43
00:01:51,353 --> 00:01:52,350
‫an output name

44
00:01:52,350 --> 00:01:56,190
‫for our newly created apk file like this.

45
00:01:56,190 --> 00:01:58,800
‫But don't forget to add

46
00:01:58,800 --> 00:02:00,300
‫apk extension

47
00:02:00,300 --> 00:02:01,860
‫at the end of your name

48
00:02:01,860 --> 00:02:02,693
‫like this,

49
00:02:02,693 --> 00:02:04,090
‫newapk.apk

50
00:02:05,490 --> 00:02:07,020
‫and it will build

51
00:02:07,020 --> 00:02:08,280
‫the small codes.

52
00:02:08,280 --> 00:02:10,830
‫It will build the Dalvik bytecode.

53
00:02:10,830 --> 00:02:14,130
‫It will build all the durables and everything inside

54
00:02:14,130 --> 00:02:14,980
‫of resources

55
00:02:14,980 --> 00:02:16,620
‫manifest

56
00:02:16,620 --> 00:02:18,060
‫and it will create our

57
00:02:18,060 --> 00:02:18,893
‫newly

58
00:02:18,893 --> 00:02:20,040
‫signed

59
00:02:20,040 --> 00:02:21,360
‫newly created

60
00:02:21,360 --> 00:02:22,193
‫apk

61
00:02:22,193 --> 00:02:23,790
‫manipulated apk.

62
00:02:23,790 --> 00:02:24,930
‫Okay?

63
00:02:24,930 --> 00:02:28,080
‫But again, we need to sign this.

64
00:02:28,080 --> 00:02:29,880
‫So if you're on Kernel Linux,

65
00:02:29,880 --> 00:02:32,940
‫make sure you upload this to files.fm

66
00:02:32,940 --> 00:02:35,520
‫or any other service and send it

67
00:02:35,520 --> 00:02:38,970
‫to your host machine because you will need to sign it.

68
00:02:38,970 --> 00:02:41,940
‫You will need JDK, Java Development Kit

69
00:02:41,940 --> 00:02:44,670
‫in order to sign this APK

70
00:02:44,670 --> 00:02:45,750
‫so that

71
00:02:45,750 --> 00:02:46,680
‫it can be run

72
00:02:46,680 --> 00:02:48,090
‫on any

73
00:02:48,090 --> 00:02:50,280
‫version of other devices.

74
00:02:50,280 --> 00:02:51,113
‫Okay?

75
00:02:51,113 --> 00:02:54,810
‫And by version, I mean you can actually,

76
00:02:54,810 --> 00:02:57,480
‫maybe you can try this with your emulator,

77
00:02:57,480 --> 00:03:01,410
‫but most of the time it won't work on real devices,

78
00:03:01,410 --> 00:03:05,943
‫like phones or tablets because you need to sign it first.

79
00:03:06,960 --> 00:03:10,500
‫And I've opened my underage studio

80
00:03:10,500 --> 00:03:12,060
‫and the only reason

81
00:03:12,060 --> 00:03:15,270
‫that I've opened this is to run the emulator rather

82
00:03:15,270 --> 00:03:17,280
‫than the application itself.

83
00:03:17,280 --> 00:03:18,300
‫Okay?

84
00:03:18,300 --> 00:03:19,500
‫I don't--

85
00:03:19,500 --> 00:03:24,500
‫I won't have the source codes when I am trying to hack

86
00:03:24,510 --> 00:03:28,950
‫or when I'm trying to reverse engineer and under it apk.

87
00:03:28,950 --> 00:03:33,720
‫So it doesn't matter that I have opened under IT studio.

88
00:03:33,720 --> 00:03:37,290
‫All it matters is that I have a running emulator

89
00:03:37,290 --> 00:03:38,910
‫in my machine

90
00:03:38,910 --> 00:03:42,270
‫so that I can run this newly created APK

91
00:03:42,270 --> 00:03:45,840
‫and try to see if that works or not.

92
00:03:45,840 --> 00:03:47,700
‫So I'm going to

93
00:03:47,700 --> 00:03:48,533
‫delete

94
00:03:48,533 --> 00:03:49,800
‫the

95
00:03:49,800 --> 00:03:51,720
‫existing My Reverse app

96
00:03:51,720 --> 00:03:53,940
‫on my phone, okay?

97
00:03:53,940 --> 00:03:56,430
‫Because we already have this version

98
00:03:56,430 --> 00:03:58,650
‫and we don't want this version.

99
00:03:58,650 --> 00:04:01,290
‫So I'm going to close this down

100
00:04:01,290 --> 00:04:04,960
‫and let me close everything in my emulator

101
00:04:05,820 --> 00:04:10,820
‫and then later on, I'm going to find My Reverse app.

102
00:04:11,070 --> 00:04:13,140
‫So I'm going to delete this

103
00:04:13,140 --> 00:04:15,780
‫like that uninstall, okay.

104
00:04:15,780 --> 00:04:17,490
‫Say okay.

105
00:04:17,490 --> 00:04:18,330
‫And here you go.

106
00:04:18,330 --> 00:04:21,780
‫We have uninstalled this My Reverse app.

107
00:04:21,780 --> 00:04:25,950
‫So in your emulator, you can try to drag and drop like this.

108
00:04:25,950 --> 00:04:28,830
‫As you can see, even in emulator we get this err.

109
00:04:28,830 --> 00:04:32,610
‫it says that APK has failed to install.

110
00:04:32,610 --> 00:04:35,040
‫So this is because of the signing issue.

111
00:04:35,040 --> 00:04:40,040
‫We need to sign this to make sure that it works on devices.

112
00:04:40,260 --> 00:04:43,680
‫So we have covered the signing thing.

113
00:04:43,680 --> 00:04:48,030
‫You can actually generate a signed APK from here

114
00:04:48,030 --> 00:04:51,060
‫but we are going to learn how to manually sign this.

115
00:04:51,060 --> 00:04:54,660
‫Actually, we covered that as well in the backdoor section,

116
00:04:54,660 --> 00:04:55,493
‫right?

117
00:04:55,493 --> 00:04:57,690
‫We had this terminal codes.

118
00:04:57,690 --> 00:05:00,870
‫We had this command prompt codes comment

119
00:05:00,870 --> 00:05:03,180
‫that created a key store for us

120
00:05:03,180 --> 00:05:06,330
‫and then we use Jar Signer to sign

121
00:05:06,330 --> 00:05:07,170
‫our APK

122
00:05:07,170 --> 00:05:08,850
‫with that key store.

123
00:05:08,850 --> 00:05:11,580
‫So I'm going to open my notes one more time.

124
00:05:11,580 --> 00:05:15,390
‫I assume that you already have this notes, but if you don't,

125
00:05:15,390 --> 00:05:18,960
‫you can find it from this resources of this lecture

126
00:05:18,960 --> 00:05:22,710
‫or resources of the backdoor section as well.

127
00:05:22,710 --> 00:05:26,130
‫Remember this key tool and jar signer comments

128
00:05:26,130 --> 00:05:28,050
‫that we have used.

129
00:05:28,050 --> 00:05:30,900
‫That's exactly what we are going to do now.

130
00:05:30,900 --> 00:05:34,380
‫So let me zoom in a little bit so you can see it better.

131
00:05:34,380 --> 00:05:35,490
‫Okay

132
00:05:35,490 --> 00:05:37,200
‫and since this is

133
00:05:37,200 --> 00:05:38,033
‫too

134
00:05:38,033 --> 00:05:38,866
‫long,

135
00:05:38,866 --> 00:05:39,750
‫I'm just gonna copy

136
00:05:39,750 --> 00:05:42,120
‫and paste this, okay?

137
00:05:42,120 --> 00:05:45,840
‫And this will create a key star file for me

138
00:05:45,840 --> 00:05:47,550
‫which I can use

139
00:05:47,550 --> 00:05:48,383
‫to sign

140
00:05:48,383 --> 00:05:50,070
‫APKs.

141
00:05:50,070 --> 00:05:52,410
‫And when I do that, it will ask me

142
00:05:52,410 --> 00:05:56,760
‫for my personal information and I can give them if

143
00:05:56,760 --> 00:05:59,520
‫I want but I can't just leave it blank

144
00:05:59,520 --> 00:06:03,780
‫if I don't want to give out my personal information as well.

145
00:06:03,780 --> 00:06:06,630
‫So after that I'm going to use Jar Signer

146
00:06:06,630 --> 00:06:07,800
‫to use

147
00:06:07,800 --> 00:06:09,300
‫this key store

148
00:06:09,300 --> 00:06:10,290
‫to sign

149
00:06:10,290 --> 00:06:12,270
‫the name APK.

150
00:06:12,270 --> 00:06:14,280
‫So all you have to change is the name

151
00:06:14,280 --> 00:06:17,700
‫of the APK in the second command.

152
00:06:17,700 --> 00:06:22,700
‫So I'm going to create my key store first with my terminal.

153
00:06:22,980 --> 00:06:25,650
‫And since I'm in Mac, I'm going to use my terminal.

154
00:06:25,650 --> 00:06:26,880
‫But if you're on Windows,

155
00:06:26,880 --> 00:06:30,030
‫you can use your command prompt as well.

156
00:06:30,030 --> 00:06:31,110
‫And if you're on Linux,

157
00:06:31,110 --> 00:06:35,130
‫of course you can use your terminal as well.

158
00:06:35,130 --> 00:06:39,060
‫All you need is to copy and paste this comments.

159
00:06:39,060 --> 00:06:40,563
‫So let's do that.

160
00:06:41,760 --> 00:06:45,450
‫First, I'm going to change the APK name

161
00:06:45,450 --> 00:06:48,300
‫to new APK over here, okay?

162
00:06:48,300 --> 00:06:52,230
‫It has to be exactly the same with your own APK name.

163
00:06:52,230 --> 00:06:55,890
‫Then I'm going to copy this first one

164
00:06:55,890 --> 00:06:57,210
‫and

165
00:06:57,210 --> 00:07:00,390
‫paste in my terminal like this.

166
00:07:00,390 --> 00:07:04,830
‫And I'm going to hit enter, it will ask for my password.

167
00:07:04,830 --> 00:07:06,360
‫So this is a new password

168
00:07:06,360 --> 00:07:07,410
‫that you're creating

169
00:07:07,410 --> 00:07:08,320
‫for this

170
00:07:09,210 --> 00:07:10,950
‫key store only.

171
00:07:10,950 --> 00:07:11,783
‫Okay?

172
00:07:11,783 --> 00:07:14,430
‫So you're more than welcome to choose your own password,

173
00:07:14,430 --> 00:07:18,480
‫just type it and it won't show up in your terminal like this

174
00:07:18,480 --> 00:07:19,980
‫for security reasons.

175
00:07:19,980 --> 00:07:22,890
‫Just retype it one more time and hit enter.

176
00:07:22,890 --> 00:07:25,590
‫It's typing actually, but you cannot see it.

177
00:07:25,590 --> 00:07:29,490
‫And over here it will ask you for your first name,

178
00:07:29,490 --> 00:07:32,610
‫last name, city, zip code and stuff.

179
00:07:32,610 --> 00:07:34,980
‫So we can just skip those.

180
00:07:34,980 --> 00:07:38,430
‫Most of the security researchers or hackers tend

181
00:07:38,430 --> 00:07:39,840
‫to skip those.

182
00:07:39,840 --> 00:07:43,200
‫So I'm going to hit enter until I see

183
00:07:43,200 --> 00:07:44,033
‫a

184
00:07:44,033 --> 00:07:44,970
‫no

185
00:07:44,970 --> 00:07:46,080
‫instance, okay?

186
00:07:46,080 --> 00:07:47,670
‫Until I see

187
00:07:47,670 --> 00:07:50,880
‫a no letter over here like this.

188
00:07:50,880 --> 00:07:52,860
‫So if I see this, no

189
00:07:52,860 --> 00:07:57,210
‫then I'm going to type yes and hit enter like this.

190
00:07:57,210 --> 00:07:58,650
‫So here you go.

191
00:07:58,650 --> 00:08:03,120
‫Now we created our key store file and here it is.

192
00:08:03,120 --> 00:08:06,930
‫So now we are going to use this key store, okay?

193
00:08:06,930 --> 00:08:11,930
‫To sign our APK, I've already changed my APK name to be APK.

194
00:08:12,120 --> 00:08:13,140
‫And as you can see,

195
00:08:13,140 --> 00:08:17,700
‫my release keystore.key.keystore is written here as well.

196
00:08:17,700 --> 00:08:19,710
‫Since I didn't change the first one,

197
00:08:19,710 --> 00:08:22,650
‫there is no need to change the second comment as well.

198
00:08:22,650 --> 00:08:25,860
‫So I'm going to paste it and hit enter.

199
00:08:25,860 --> 00:08:29,730
‫It will ask for the password that you have just chosen

200
00:08:29,730 --> 00:08:32,790
‫and just give that password to confirm

201
00:08:32,790 --> 00:08:35,940
‫that you are actually the one who's signing it.

202
00:08:35,940 --> 00:08:37,140
‫And here you go.

203
00:08:37,140 --> 00:08:40,380
‫Now you have a signed APK.

204
00:08:40,380 --> 00:08:42,870
‫Now let me open my emulator

205
00:08:42,870 --> 00:08:45,927
‫and after signing it should work fine like this.

206
00:08:45,927 --> 00:08:47,490
‫And here you go.

207
00:08:47,490 --> 00:08:50,700
‫Now we manage to install the APK.

208
00:08:50,700 --> 00:08:54,330
‫So if I open My Reverse app right now, here you go.

209
00:08:54,330 --> 00:08:59,330
‫Hello Dalvik appears on the main activity screen.

210
00:08:59,490 --> 00:09:02,880
‫So this was a fairly simple example

211
00:09:02,880 --> 00:09:04,410
‫but you have

212
00:09:04,410 --> 00:09:05,243
‫learned

213
00:09:05,243 --> 00:09:07,200
‫how to decompile apps

214
00:09:07,200 --> 00:09:08,940
‫using APK tool,

215
00:09:08,940 --> 00:09:10,890
‫how to manipulate the apps

216
00:09:10,890 --> 00:09:14,580
‫and how to rebuild the apps after you are done.

217
00:09:14,580 --> 00:09:18,600
‫And how to sign your apps to make them ready

218
00:09:18,600 --> 00:09:21,690
‫for using in Android devices.

219
00:09:21,690 --> 00:09:25,470
‫So this is a very, very big step actually.

220
00:09:25,470 --> 00:09:28,890
‫Now all you need to do is to find where you want

221
00:09:28,890 --> 00:09:33,660
‫to manipulate or where you want to change and try to find,

222
00:09:33,660 --> 00:09:36,390
‫try to locate that code

223
00:09:36,390 --> 00:09:37,851
‫in Dalvik bytecode

224
00:09:37,851 --> 00:09:41,070
‫and change it if it's applicable.

225
00:09:41,070 --> 00:09:41,903
‫So

226
00:09:41,903 --> 00:09:42,736
‫if

227
00:09:42,736 --> 00:09:43,920
‫that succeeds,

228
00:09:43,920 --> 00:09:47,130
‫then you will actually change the app.

229
00:09:47,130 --> 00:09:49,650
‫You will actually manipulate the app.

230
00:09:49,650 --> 00:09:53,040
‫This goes for apps, this goes for games.

231
00:09:53,040 --> 00:09:54,030
‫No matter

232
00:09:54,030 --> 00:09:54,960
‫what

233
00:09:54,960 --> 00:09:56,010
‫kind of

234
00:09:56,010 --> 00:09:56,843
‫thing

235
00:09:56,843 --> 00:09:58,260
‫that we are talking about,

236
00:09:58,260 --> 00:10:01,650
‫as long as this is an Android application.

237
00:10:01,650 --> 00:10:03,150
‫It's a big thing.

238
00:10:03,150 --> 00:10:06,660
‫Okay. Of course this is not sufficient for you.

239
00:10:06,660 --> 00:10:09,090
‫You have to do much more exercise.

240
00:10:09,090 --> 00:10:12,960
‫And we are going to try and do some other exercises,

241
00:10:12,960 --> 00:10:15,420
‫other practices in this section

242
00:10:15,420 --> 00:10:18,240
‫and in upcoming sections as well.

243
00:10:18,240 --> 00:10:21,270
‫So I'm not going to leave this here.

244
00:10:21,270 --> 00:10:23,070
‫We're going to use APK tool

245
00:10:23,070 --> 00:10:28,070
‫and the other JDX tool as much as we can during this course

246
00:10:28,080 --> 00:10:31,920
‫'cause they are so important in this process.

247
00:10:31,920 --> 00:10:35,493
‫So I'm gonna stop here and continue within the next one.