1 00:00:00,570 --> 00:00:02,610 ‫Instructor: Hi. Within this lecture, 2 00:00:02,610 --> 00:00:04,620 ‫we are going to try and see 3 00:00:04,620 --> 00:00:07,230 ‫if the previous efforts paid out 4 00:00:07,230 --> 00:00:09,660 ‫and if we managed to manipulate the app 5 00:00:09,660 --> 00:00:11,280 ‫in a way that we want. 6 00:00:11,280 --> 00:00:13,230 ‫So I'm going to delete everything 7 00:00:13,230 --> 00:00:16,350 ‫other than our app-release folder, 8 00:00:16,350 --> 00:00:18,660 ‫which is our apktool folder, 9 00:00:18,660 --> 00:00:20,640 ‫because we are going to use that folder 10 00:00:20,640 --> 00:00:25,290 ‫to rebuild the app, the manipulated app, okay? 11 00:00:25,290 --> 00:00:26,460 ‫So, what I'm going to do, 12 00:00:26,460 --> 00:00:29,340 ‫I'm going to run apktool. 13 00:00:29,340 --> 00:00:30,870 ‫And this time rather than d, 14 00:00:30,870 --> 00:00:34,740 ‫I'm going to say b for built and say app-release. 15 00:00:34,740 --> 00:00:38,430 ‫This will compile the app-release folder for me 16 00:00:38,430 --> 00:00:42,720 ‫and create a new APK file for me. 17 00:00:42,720 --> 00:00:46,650 ‫Since I haven't specified an output folder, 18 00:00:46,650 --> 00:00:49,980 ‫most probably, it just generated the APK 19 00:00:49,980 --> 00:00:54,720 ‫inside of the build folder or dist folder over here. 20 00:00:54,720 --> 00:00:57,180 ‫Yeah, it's in the distribution folder. 21 00:00:57,180 --> 00:00:58,860 ‫So make sure you copy and paste 22 00:00:58,860 --> 00:01:01,950 ‫the app-release.apk into your desktop 23 00:01:01,950 --> 00:01:04,080 ‫because we want to work on that. 24 00:01:04,080 --> 00:01:07,740 ‫What we want to do is to sign this APK, right? 25 00:01:07,740 --> 00:01:09,660 ‫So I'm going to use the same commands 26 00:01:09,660 --> 00:01:12,090 ‫that we have been using so far. 27 00:01:12,090 --> 00:01:14,550 ‫I'm going to create a keystore. 28 00:01:14,550 --> 00:01:16,260 ‫And you already know how to do this, 29 00:01:16,260 --> 00:01:18,300 ‫so I'm going to make it fast. 30 00:01:18,300 --> 00:01:22,770 ‫I'm not going to give any of my specifications over here, 31 00:01:22,770 --> 00:01:26,070 ‫and I'm going to say yes to create the keystore. 32 00:01:26,070 --> 00:01:29,190 ‫And then, I'm going to change the APK name 33 00:01:29,190 --> 00:01:33,240 ‫from this command to app-release.apk. 34 00:01:33,240 --> 00:01:38,240 ‫And then use this command to sign our app-release.apk. 35 00:01:38,280 --> 00:01:41,580 ‫It will ask me for my password that I have just defined. 36 00:01:41,580 --> 00:01:42,870 ‫If I give it right, 37 00:01:42,870 --> 00:01:46,680 ‫it will just do the job and sign the APK. 38 00:01:46,680 --> 00:01:49,530 ‫Now it's time to see the truth. 39 00:01:49,530 --> 00:01:52,620 ‫Now let me delete the older one. 40 00:01:52,620 --> 00:01:53,453 ‫Let's see. 41 00:01:53,453 --> 00:01:55,200 ‫Yeah, here it is, WordGame. 42 00:01:55,200 --> 00:01:58,050 ‫I'm going to uninstall this, okay? 43 00:01:58,050 --> 00:02:00,420 ‫And I'm just going to drag and drop this 44 00:02:00,420 --> 00:02:03,270 ‫to install it on my emulator 45 00:02:03,270 --> 00:02:07,020 ‫and see if we managed to hack the game. 46 00:02:07,020 --> 00:02:10,230 ‫So let me open the game from here. 47 00:02:10,230 --> 00:02:11,760 ‫Okay, here you go. 48 00:02:11,760 --> 00:02:14,370 ‫Now, we are inside of Fruits. 49 00:02:14,370 --> 00:02:17,400 ‫Category of Fruits, so I'm going to go for a banana 50 00:02:17,400 --> 00:02:19,380 ‫to see if we broke it or not. 51 00:02:19,380 --> 00:02:21,300 ‫So score is zero right now. 52 00:02:21,300 --> 00:02:23,220 ‫So banana works. 53 00:02:23,220 --> 00:02:26,340 ‫And let me go for something like Ba. 54 00:02:26,340 --> 00:02:28,770 ‫And it still works, as you can see. 55 00:02:28,770 --> 00:02:31,560 ‫Now, we managed to hack into the game. 56 00:02:31,560 --> 00:02:34,050 ‫Now, if I write something, even gibberish, 57 00:02:34,050 --> 00:02:38,177 ‫it will still be okay with it, 58 00:02:38,177 --> 00:02:41,700 ‫and it will still increase the score like that. 59 00:02:41,700 --> 00:02:42,900 ‫And here you go. 60 00:02:42,900 --> 00:02:45,030 ‫Now, we really hacked a game. 61 00:02:45,030 --> 00:02:47,010 ‫And as I said before, 62 00:02:47,010 --> 00:02:50,910 ‫this method is not only for this game only, 63 00:02:50,910 --> 00:02:53,850 ‫you can actually hack into any application 64 00:02:53,850 --> 00:02:56,760 ‫using this kind of operation. 65 00:02:56,760 --> 00:03:00,840 ‫All you need to do is to define the method, 66 00:03:00,840 --> 00:03:04,500 ‫define the variable that you want to manipulate, 67 00:03:04,500 --> 00:03:07,890 ‫and find the Dalvik bytecode related to that 68 00:03:07,890 --> 00:03:09,720 ‫and try to change it. 69 00:03:09,720 --> 00:03:12,720 ‫Of course, there will be like many times 70 00:03:12,720 --> 00:03:15,540 ‫that you're going to fail while looking for this, 71 00:03:15,540 --> 00:03:18,000 ‫and there will be some much more times 72 00:03:18,000 --> 00:03:20,340 ‫that you may succeed as well. 73 00:03:20,340 --> 00:03:24,120 ‫So, the more you're capable of writing 74 00:03:24,120 --> 00:03:26,490 ‫the Java or Android codes, 75 00:03:26,490 --> 00:03:28,650 ‫the more you will understand 76 00:03:28,650 --> 00:03:31,500 ‫what's going on behind the curtains, 77 00:03:31,500 --> 00:03:35,040 ‫and you can find the related methods to exploit 78 00:03:35,040 --> 00:03:38,340 ‫or related methods to change and manipulate. 79 00:03:38,340 --> 00:03:39,173 ‫So that's it. 80 00:03:39,173 --> 00:03:41,010 ‫I hope you enjoyed this section. 81 00:03:41,010 --> 00:03:44,040 ‫Don't worry, we are going to do much more practice later on. 82 00:03:44,040 --> 00:03:45,363 ‫See you in the next one.