Wednesday, December 22, 2010

what are these empty methods in dalvik?

when i first started playing with dalvik, i would often get stuck at empty methods. something like this:
.method public abstract a()Z
.end method

.method public abstract b()V
.end method

i would trace a program's execution and get to one and not know what to do. maybe the decompiler could not handle the method? is there some trick preventing me from seeing the code? usually i would just backtrack and crack it elsewhere that works most of the time, but sooner or later you may need to know the implementation!

there are at least two reasons. either the method is abstract and is thus part of a super class that a child inherits from or the method is native and the method implementation is buried in a shared library (.so file). let's say you are looking at com/package/Super.smali and it has the two blank methods above, which are abstract. simply search the code for this line:
.implements Lcom/package/Super;

the file in which you find that line should also have a()Z and b()V and possibly some other methods. the code that calls Super;->a()Z or Super;->b()V is most likely initializing the child class before that and then storing it in a variable declared as Super. so all you need to do is correctly identify which child class is being used.


the other possibility is the code has been offloaded to some shared library. this is more common in technically complex apps or games that require fast, low-level code such as c. if you use apktool, look inside the dump directory for a folder called lib. in it there should be at least one .so file. you will need an arm decompiler such as ida pro. there are others but i do not have experience with them. if you do, post a comment. there are multiple variants of the arm instruction set if your decompiler asks which one it should try to use, try running:
aapt d --values badging your_apk_here.apk
aapt comes with apktool and the android-sdk. look near the bottom for the "native-code" portion. should look like this:
native-code: 'armeabi' 'armeabi-v7a'
the instruction set for this apk is armeabi v7 (quite common), so open the .so up in your decompiler and search for a function with a similar name to your empty abstract method. i believe the name will always be of the form Java_PackageName_ClassName_MethodName. if you find your method, hopefully you know arm enough to understand what it is doing. if you are lucky you will not need to modify the library because patching them is a little more difficult than simply editing a .smali file. i plan on including information on patching shared libraries in a later tutorial, but there are several out there.

2 comments :

  1. Nice post and I like your blog.
    You say there are tutorials for editing .so files? can you give an example?
    Thanks

    ReplyDelete
  2. there are many tutorials for ida pro and there are some for arm disassembly. then you'll really just need an arm reference manual and a lot of time. patching can be done by producing a diff file in ida pro which you can apply with a hex editor.

    ReplyDelete

Do NOT post about or link to specific apps!