2

i'm experimenting on my android device, trying to play with application code so i can learn it in the mean time. But i'm pretty much stuck at how to edit the smali code. It's not really that straight forward for someone who has only learn't OOP Languages.

So this is my smali code:

const-string v0, "get_value_one"
invoke-virtual {p0, v0}, Lorg/json/JSONObject;->getInt(Ljava/lang/String;)I
move-result v0
iput v0, v2, Lcom/breakapp/dd/mymod/Processor;->l:I

and this is it's equivalent java code:

Processor MyProcessor = new Processor();
try { 
    MyProcessor.l = paramJSONObject.getInt("get_value_one");
    return MyProcessor;  
} catch (Exception e) { }    
return MyProcessor;

For now i would like to keep things simple and just put a constant in the parameter 'MyProcessor.l' I.E in Java:

MyProcessor.l = 10;

I have tried a few different approcaches like:

iput v0, v2, Lcom/breakapp/dd/mymod/Processor;->l:10

but i was getting compiling errors, so it was obviously wrong. And besides, i wasn't really understanding what and why i was doing what i did. Could anybody walk me through the Logical steps here? Thanks alot.

Caleb Fenton
  • 1,091
  • 14
  • 20
Scott_yers
  • 31
  • 1
  • 4

2 Answers2

3

I am also new to Android Reversing , and I have spent some time searching for simple understanding of Smali code and found this :

note class structure is L;

Lcom/breakapp/dd/mymod/Processor;->l:I

original java file name

.source "example.java"

these are class instance variables

.field private someString:Ljava/lang/String;

This assigns a string value to v0

const-string v0, "get_value_one"


Finals are not actually used directly, because references to them are replaced by the value itself primitive cheat sheet:

V - void, B - byte, S - short, C - char, I - int

J - long (uses two registers), F - float, D - double

.field public final someInt:I  # the :I means integer
.field public final someBool:Z # the :Z means boolean

Taken From : Android Cracking !

JDFuzyll
  • 77
  • 9
1

You may want to read the dalvik bytecode doc's since they are more detailed then the documentation you can find about smali. Anyway, I am also in the process of learning smali so, probably, I can't give you the best answer but maybe this will help. Let's start by looking at what iput does:

iput vx,vy, field_id Puts vx into an instance field. The instance is referenced by vy.

source: http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html from the dalvik opcodes

The same happens here. You are affecting the v2 register with the v0 register. That being said the change you made was misguided. You changed the 'I' to '10' but that is not a value. The I means integer in this case. Furthermore, this is not even the place where you want to make a change in your code. Let's see:

const-string v0, "get_value_one"

the reg v0 now has the value of the string "get_value_one" (value may not be the best word to describe it since it is a string but I think i get my point across) 

invoke-virtual {p0, v0}, Lorg/json/JSONObject;->getInt(Ljava/lang/String;)I
move-result v0

now you invoked the method getInt(String) on the JSONObject that you receive via parameter. You know this since the {p0, v0} means that you are passing v0 to the method of the object referenced by p0 which you know is a parameter since it follows the p* rule. (You can read about it here: https://code.google.com/p/smali/wiki/Registers).

By now you must be starting to understand that invoking this method won't help if you want to assing a cont value to your variable 'l'. 

iput v0, v2, Lcom/breakapp/dd/mymod/Processor;->l:I

This last instruction takes your v2 register and puts the value of v0 in it. v0, before this line is executed, has the value that comes out of the JSONObject getInt(String) method while v2 references the Object MyProcessor and the "Lcom/breakapp/dd/mymod/Processor;->l" references the variable 'l' contained in that said obj. The ' :I ' let's you know the type of the variable. Since Java is strongly typed there is always an associated type to a variable as I'm sure you know. This has, of course, to be referenced in the bytecode and this is the way it's done.

I hope this gave some information to be able to do the changes you want but I'll try to help out a little more by suggesting that you change the code you showed to something like this:

const/4 v0, 0xA
iput v0, v2, Lcom/breakapp/dd/mymod/Processor;->l:I

The first line assings a constant (0xA hexa = 10 decimal) to v0 and then passes it as I referenced before.

Good luck with learning smali and I hope it helped at least a little

XFCC
  • 376
  • 1
  • 2
  • 19