search

androidSmali Code Patching Guide

hashtag
📌Changing the Return Value in Methods

📍Example: checkDebugger() Function

  • The original checkDebugger() function in smali checks whether a debugger is connected. By modifying this function, we can change its behavior always to return a specific result.

  • Original Code

    .method public checkDebugger()Z
    .locals 1

    .line 30
    invoke-static {}, Landroid/os/Debug;->isDebuggerConnected()Z

    move-result v0

    return v0
.end method

    In this case, the method returns the actual result of isDebuggerConnected(). To modify it, we can overwrite the value of v0 before returning it.

  • Modified Code

    .method public checkDebugger()Z
    .locals 1

    .line 30
    invoke-static {}, Landroid/os/Debug;->isDebuggerConnected()Z

    move-result v0

    const v0, 0x0  # Overwrite the result to always be false

    return v0
.end method

    Now, the method always returns false (represented by 0x0), no matter the actual result of the isDebuggerConnected() function.

  • Why modify this?

    • Debuggers are often used for reverse engineering or tampering with apps. By modifying checkDebugger(), developers (or attackers) can prevent an app from detecting a debugger, making it easier to analyze or bypass security mechanisms.

hashtag
📌Flipping the Logic in Conditionals (IF-ELSE-GOTO Patching)

📍Example: Processing getHit() Method in a Game

  • Here, we modify a method that processes a player getting hit, depending on whether the player has a shield. By flipping the conditional logic, we can change how the game behaves.

  • Original Code

    In this code, when the player has a shield (if-ne v0, v2), they don't lose lives. To flip this logic, we can change the if-ne to if-eq so that now the player will lose lives when they have a shield.

  • Modified Code

    Now, the game logic is reversed, and the player loses lives when they have a shield.

hashtag
📌Deleting Code to Alter Game Logic

  • In some cases, you can remove certain instructions to alter the game behavior entirely.

📍Example: processGame() Method in Java

In smali, this code translates into conditional logic that adds power based on whether the player has the MasterCap.

  • Original Smali Code

    By removing the if-eqz line, the game will always give the player 100 power, regardless of whether they have the MasterCap.

  • Modified Code

    By eliminating the condition, the player now gets a 100 power boost unconditionally.

hashtag
📌Changing Jump Instructions

  • Jump instructions (goto, if-*) can be modified to change how the program flow behaves.

📍Example: Modifying GOTO

  • In the same method, we can alter the jump instruction to make the player gain 110 power instead of choosing between 100 or 10.

  • Original Code

  • Modified Code

  • Now the program first adds 10 power and then immediately adds 100 power, giving a total of 110.

hashtag
📌Additional Method: Manipulating Currency in a Game

📍New Method: increaseCurrency()

  • This method will increase the player's in-game currency.

  • Code

  • Now the player will receive 1000 in-game currency every time this method is called.

PreviousIF statementNextRoot Detection

Last updated