1
00:00:00,000 --> 00:00:03,480
‫-: Hi, within this lecture we are going to start working

2
00:00:03,480 --> 00:00:05,070
‫on our apk.

3
00:00:05,070 --> 00:00:07,420
‫So try to forget about the previous lecture

4
00:00:07,420 --> 00:00:10,590
‫where we have seen the codes of this game

5
00:00:10,590 --> 00:00:13,260
‫and pretend that it's the first time that you're going

6
00:00:13,260 --> 00:00:16,620
‫to see a decompiled version of this apk.

7
00:00:16,620 --> 00:00:18,750
‫So I'm going to move into my desktop

8
00:00:18,750 --> 00:00:23,040
‫and if I run less I can see a release.apk.

9
00:00:23,040 --> 00:00:27,180
‫I'm gonna start with running apktool-d for decompile.

10
00:00:27,180 --> 00:00:30,297
‫And I'm gonna call app-release.apk over here,

11
00:00:30,297 --> 00:00:34,080
‫and it will just decompile the app-release.apk

12
00:00:34,080 --> 00:00:36,930
‫and we will see all the files and folders.

13
00:00:36,930 --> 00:00:40,530
‫Of course over here we will get the deobf byte codes.

14
00:00:40,530 --> 00:00:44,280
‫So I'm going to try this with jadx as well.

15
00:00:44,280 --> 00:00:48,030
‫And I'm going to call -d jadxdecompile

16
00:00:48,030 --> 00:00:51,690
‫You can call this whatever you want and app-release.apk.

17
00:00:51,690 --> 00:00:55,050
‫And of course, I will enable deobfuscation as well

18
00:00:55,050 --> 00:00:59,220
‫since this is an obfuscated file or apk.

19
00:00:59,220 --> 00:01:01,200
‫So maybe you don't know

20
00:01:01,200 --> 00:01:04,560
‫if this is an obfuscated apk or not.

21
00:01:04,560 --> 00:01:07,740
‫You can still call dobf anyhow

22
00:01:07,740 --> 00:01:12,600
‫and add this as a parameter into your jadx commit.

23
00:01:12,600 --> 00:01:13,770
‫And here you go.

24
00:01:13,770 --> 00:01:18,098
‫Now my jadx and apk tool results are

25
00:01:18,098 --> 00:01:23,098
‫are over here and I'm gonna start with this jadx

26
00:01:23,310 --> 00:01:27,600
‫and let me come over here and show you something.

27
00:01:27,600 --> 00:01:31,320
‫If you go over here to app and build.gradle

28
00:01:31,320 --> 00:01:34,590
‫you will see that minifyEnabled is true.

29
00:01:34,590 --> 00:01:39,450
‫I haven't shown you in this previous section lecture.

30
00:01:39,450 --> 00:01:41,520
‫And over here I'm going to go

31
00:01:41,520 --> 00:01:46,520
‫for my GameActivity.java, as you can see.

32
00:01:46,729 --> 00:01:51,729
‫And as you can see, we don't have the other Java files.

33
00:01:52,620 --> 00:01:54,870
‫Maybe you remember that there are a couple of other

34
00:01:54,870 --> 00:01:56,610
‫Java files here as well,

35
00:01:56,610 --> 00:02:00,480
‫but we don't see them in this case.

36
00:02:00,480 --> 00:02:04,020
‫So if you cannot find them in jadx

37
00:02:04,020 --> 00:02:08,100
‫most probably you will find them in apk tool result.

38
00:02:08,100 --> 00:02:11,850
‫But that's not exactly what we want.

39
00:02:11,850 --> 00:02:13,500
‫We want to see all of those.

40
00:02:13,500 --> 00:02:17,610
‫So I'm going to open my Android Studio

41
00:02:17,610 --> 00:02:22,610
‫and I'm going to try and open this jadx d compile folder

42
00:02:22,860 --> 00:02:26,460
‫with Android Studio and try to see the content

43
00:02:26,460 --> 00:02:29,880
‫of this things inside of Android Studio.

44
00:02:29,880 --> 00:02:31,770
‫So let me open the Android Studio

45
00:02:31,770 --> 00:02:35,580
‫and let me just double click on this or say open

46
00:02:35,580 --> 00:02:39,990
‫and it will open the jadx decompile folder for us.

47
00:02:39,990 --> 00:02:43,350
‫So it will try to make sense out of this folder.

48
00:02:43,350 --> 00:02:47,100
‫It'll most probably give us some error like this,

49
00:02:47,100 --> 00:02:49,110
‫Android framework is detected,

50
00:02:49,110 --> 00:02:52,050
‫but it only detects the Android manifest.

51
00:02:52,050 --> 00:02:55,230
‫It doesn't matter right now, I'm just gonna say okay

52
00:02:55,230 --> 00:02:59,370
‫and it'll try to make sense out of this like that,

53
00:02:59,370 --> 00:03:01,320
‫but most probably it won't.

54
00:03:01,320 --> 00:03:03,240
‫So make sure you click on this Android

55
00:03:03,240 --> 00:03:05,370
‫and change it to Project View.

56
00:03:05,370 --> 00:03:07,620
‫When you see this in Project View

57
00:03:07,620 --> 00:03:11,100
‫you can see all the files and folders available for us.

58
00:03:11,100 --> 00:03:16,100
‫So you can double click on it and just start it like this.

59
00:03:16,260 --> 00:03:17,310
‫So as you can see

60
00:03:17,310 --> 00:03:21,180
‫we can actually open the Android Manifest inside

61
00:03:21,180 --> 00:03:23,060
‫of our Android Studio and see it

62
00:03:23,060 --> 00:03:25,500
‫in a way that we always see.

63
00:03:25,500 --> 00:03:28,783
‫So of course I can do that.

64
00:03:28,783 --> 00:03:32,940
‫I can try to open every file inside

65
00:03:32,940 --> 00:03:36,480
‫of this folder with Geany or Sublime Text.

66
00:03:36,480 --> 00:03:37,620
‫But I'm gonna go

67
00:03:37,620 --> 00:03:40,320
‫for Android Studio this time because I want to

68
00:03:40,320 --> 00:03:43,590
‫show you something about deobfuscation as well.

69
00:03:43,590 --> 00:03:48,060
‫So this is our Android Manifest and I'm going to try

70
00:03:48,060 --> 00:03:50,910
‫and see the other contents as well like this.

71
00:03:50,910 --> 00:03:54,750
‫So there isn't anything that actually matters to me.

72
00:03:54,750 --> 00:03:56,340
‫And in the under Android X

73
00:03:56,340 --> 00:04:00,737
‫we also have the Android related classes

74
00:04:01,590 --> 00:04:03,120
‫like Android related stuff.

75
00:04:03,120 --> 00:04:04,530
‫So I'm gonna skip that.

76
00:04:04,530 --> 00:04:08,903
‫So we have this p0, p0 jx or something like that.

77
00:04:10,830 --> 00:04:13,380
‫So these are all obfuscated files.

78
00:04:13,380 --> 00:04:16,530
‫So we don't know even if they're real or not

79
00:04:16,530 --> 00:04:20,520
‫at this point because program can add some gibberish codes

80
00:04:20,520 --> 00:04:23,730
‫over here to make this a little bit more complicated

81
00:04:23,730 --> 00:04:28,197
‫than it already is when they try to obfuscate,

82
00:04:29,130 --> 00:04:33,750
‫when they try to encode the codes like you can see.

83
00:04:33,750 --> 00:04:38,187
‫If you come over here to R.java, we don't see much.

84
00:04:38,187 --> 00:04:41,910
‫And if you come over here to GameActivity.java

85
00:04:41,910 --> 00:04:45,660
‫then we will see the Java codes as encoded.

86
00:04:45,660 --> 00:04:48,972
‫And as you can see this time it's much more encoded

87
00:04:48,972 --> 00:04:53,972
‫than we have experienced in the Hello World app.

88
00:04:55,140 --> 00:05:00,140
‫Or my reverse app actually because there were some,

89
00:05:00,210 --> 00:05:02,790
‫four or five lines of codes over there.

90
00:05:02,790 --> 00:05:05,640
‫But over here we have tons of codes,

91
00:05:05,640 --> 00:05:08,730
‫we have different kinds of classes.

92
00:05:08,730 --> 00:05:12,828
‫And so it gets to encoded, it gets to obfuscate it

93
00:05:12,828 --> 00:05:14,793
‫in a much efficient way.

94
00:05:15,780 --> 00:05:19,650
‫So we have still the text views and edit text

95
00:05:19,650 --> 00:05:21,630
‫and interiors and our array list,

96
00:05:21,630 --> 00:05:26,630
‫but we cannot see the proper definitions of them.

97
00:05:26,940 --> 00:05:30,360
‫For example, we see the on create over here.

98
00:05:30,360 --> 00:05:33,090
‫So it's creating some variables like this.

99
00:05:33,090 --> 00:05:37,770
‫So bvar, bvar2, bvar3 and adding these variables

100
00:05:37,770 --> 00:05:41,790
‫into some kind of objects, but we don't see what

101
00:05:41,790 --> 00:05:44,010
‫they are at this moment.

102
00:05:44,010 --> 00:05:46,740
‫So if you click one of those like bvar,

103
00:05:46,740 --> 00:05:48,720
‫it will highlight the other one.

104
00:05:48,720 --> 00:05:52,530
‫So what you can do in this kind of situation

105
00:05:52,530 --> 00:05:54,690
‫is to try and refactor everything.

106
00:05:54,690 --> 00:05:56,460
‫like refactor rename.

107
00:05:56,460 --> 00:06:00,177
‫If you refactor a variable, okay, it will refactor

108
00:06:00,177 --> 00:06:03,420
‫and rename every instance of that variable

109
00:06:03,420 --> 00:06:06,570
‫every usage of that variable like this.

110
00:06:06,570 --> 00:06:08,700
‫So if I call this b variable

111
00:06:08,700 --> 00:06:11,040
‫it will change the variable's name

112
00:06:11,040 --> 00:06:14,940
‫to b variable in every usage.

113
00:06:14,940 --> 00:06:17,550
‫So we will try to make sense out of this.

114
00:06:17,550 --> 00:06:20,910
‫For example, it's clear that we are creating some kind

115
00:06:20,910 --> 00:06:23,430
‫of object using this class.

116
00:06:23,430 --> 00:06:28,350
‫And this class is called C0608b.

117
00:06:28,350 --> 00:06:32,940
‫And remember this was our custom class

118
00:06:32,940 --> 00:06:36,540
‫but at this point we cannot understand that.

119
00:06:36,540 --> 00:06:41,040
‫Rather we will try to make sense out of this and try

120
00:06:41,040 --> 00:06:46,040
‫to find C008b class in the files and folders

121
00:06:49,290 --> 00:06:52,980
‫So that maybe we can understand something out of that.

122
00:06:52,980 --> 00:06:56,050
‫So look for C0608b

123
00:06:57,840 --> 00:07:02,700
‫and copy this and go to many of the Android Studio

124
00:07:02,700 --> 00:07:06,030
‫where we can find a find menu,

125
00:07:06,030 --> 00:07:09,240
‫a search menu so that we can search for this

126
00:07:09,240 --> 00:07:11,820
‫and we can find the related file.

127
00:07:11,820 --> 00:07:14,010
‫So as you can see there is a find

128
00:07:14,010 --> 00:07:18,210
‫in the edit section and there is a find over here.

129
00:07:18,210 --> 00:07:20,850
‫And if you just search for it like this

130
00:07:20,850 --> 00:07:24,210
‫you can actually hit control F to open this

131
00:07:24,210 --> 00:07:28,200
‫and you can actually see everything related

132
00:07:28,200 --> 00:07:31,860
‫to that C0608b.

133
00:07:31,860 --> 00:07:35,190
‫And here we see that it's importing that

134
00:07:35,190 --> 00:07:37,533
‫from some folder called P051B.

135
00:07:40,260 --> 00:07:44,400
‫So it's coming from P051b and here it is.

136
00:07:44,400 --> 00:07:48,600
‫And then later on P055b

137
00:07:48,600 --> 00:07:53,130
‫And then it's coming from P056a.

138
00:07:53,130 --> 00:07:55,263
‫And finally C0608b.

139
00:07:57,240 --> 00:08:00,780
‫Now if we open this, it's clearly a model

140
00:08:00,780 --> 00:08:03,180
‫it's clearly a custom class

141
00:08:03,180 --> 00:08:05,200
‫and we can rename it

142
00:08:07,050 --> 00:08:09,840
‫to make more sense out of this, right?

143
00:08:09,840 --> 00:08:12,240
‫So as you can see, it has two attributes

144
00:08:12,240 --> 00:08:16,770
‫one of which is a string, and the other one is an array list

145
00:08:16,770 --> 00:08:20,820
‫of strings and we can rename them as well.

146
00:08:20,820 --> 00:08:25,440
‫So if you right click it and go to refactor and rename it

147
00:08:25,440 --> 00:08:30,360
‫it gives already suggestions like string array list, okay?

148
00:08:30,360 --> 00:08:32,880
‫And you can change the other one as well

149
00:08:32,880 --> 00:08:37,590
‫like rather than F248, something like this.

150
00:08:37,590 --> 00:08:41,110
‫You can refactor it, you can call this my string

151
00:08:42,181 --> 00:08:46,920
‫or string of custom class in order to make more sense.

152
00:08:46,920 --> 00:08:50,970
‫And here is the constructor of this class

153
00:08:50,970 --> 00:08:55,170
‫and it's of course named after the class itself.

154
00:08:55,170 --> 00:08:59,370
‫So rather than the C0608b

155
00:08:59,370 --> 00:09:01,980
‫maybe we can give it a new name

156
00:09:01,980 --> 00:09:04,500
‫like maybe we can call this our model

157
00:09:04,500 --> 00:09:08,130
‫or custom class or custom model or something.

158
00:09:08,130 --> 00:09:09,690
‫In order to do that, just come

159
00:09:09,690 --> 00:09:12,120
‫over here to public class definition

160
00:09:12,120 --> 00:09:16,413
‫and say refactor and change like game model or something.

161
00:09:17,550 --> 00:09:21,030
‫So after we do that, it'll prompt us to

162
00:09:21,030 --> 00:09:22,980
‫if we really wanna do the refactor,

163
00:09:22,980 --> 00:09:25,320
‫just say do refactor

164
00:09:25,320 --> 00:09:27,930
‫it will refactored game like this.

165
00:09:27,930 --> 00:09:28,763
‫And here you go.

166
00:09:28,763 --> 00:09:32,760
‫Now we can do the same thing in this class as well.

167
00:09:32,760 --> 00:09:37,080
‫Right now we don't need the C0608b,

168
00:09:37,080 --> 00:09:40,530
‫I'm gonna go for refactor and rename

169
00:09:40,530 --> 00:09:42,960
‫and it doesn't let me do the rename.

170
00:09:42,960 --> 00:09:45,090
‫So let me try like this.

171
00:09:45,090 --> 00:09:49,230
‫Let me come over here, say refactor.

172
00:09:49,230 --> 00:09:52,440
‫Now it doesn't let me rename this one.

173
00:09:52,440 --> 00:09:55,890
‫However, we already know that this refers to game model.

174
00:09:55,890 --> 00:09:58,920
‫So I can just manually write game model

175
00:09:58,920 --> 00:10:02,880
‫over here where I see C0608b, right?

176
00:10:02,880 --> 00:10:06,390
‫I can just call game model like that,

177
00:10:06,390 --> 00:10:10,380
‫And I can do that for here

178
00:10:10,380 --> 00:10:13,803
‫and over the other usages as well.

179
00:10:14,700 --> 00:10:17,340
‫So of course you don't have to do that right now.

180
00:10:17,340 --> 00:10:20,610
‫I'm just trying to show you if you get an obfuscated

181
00:10:20,610 --> 00:10:23,700
‫if you get an encoded code like this

182
00:10:23,700 --> 00:10:26,400
‫you have to work a little bit hard

183
00:10:26,400 --> 00:10:29,640
‫in order to make sense out of the variables,

184
00:10:29,640 --> 00:10:31,890
‫Make sense out of the codes.

185
00:10:31,890 --> 00:10:35,970
‫Changing the names and giving it some proper names

186
00:10:35,970 --> 00:10:38,010
‫are a part of this in order

187
00:10:38,010 --> 00:10:41,463
‫for you to understand it in a more comprehensive way.

188
00:10:42,870 --> 00:10:47,820
‫So maybe we should have renamed this game model thing

189
00:10:47,820 --> 00:10:49,350
‫before we change the class,

190
00:10:49,350 --> 00:10:51,663
‫then it will have let us do this.

191
00:10:51,663 --> 00:10:54,660
‫But this will work as well.

192
00:10:54,660 --> 00:10:58,290
‫So I'm going to just copy and paste game model over here.

193
00:10:58,290 --> 00:11:02,880
‫And remember will not try to build this one more time,

194
00:11:02,880 --> 00:11:07,860
‫we're just trying to understand the code over here, okay?

195
00:11:07,860 --> 00:11:10,890
‫So that even if you make a mistake at this point

196
00:11:10,890 --> 00:11:13,260
‫it won't still matter much.

197
00:11:13,260 --> 00:11:17,283
‫So just try to stick this as long as you can.

198
00:11:18,210 --> 00:11:20,657
‫So as you can see in the sendButtonClicked

199
00:11:20,657 --> 00:11:25,657
‫we are looking for something that contains something.

200
00:11:25,800 --> 00:11:30,660
‫And it contains parameter coming from getText toString.

201
00:11:30,660 --> 00:11:33,960
‫So this is where we get suspicious.

202
00:11:33,960 --> 00:11:38,700
‫We can understand that user is giving an input

203
00:11:38,700 --> 00:11:43,590
‫to a text and we are trying to see

204
00:11:43,590 --> 00:11:46,590
‫if something contains that input.

205
00:11:46,590 --> 00:11:50,823
‫So we are gonna take a look at that methods in a deeper way.