NCLoader
enced by a constant “2131099692”, which cannot be dereferenced and this is where apktool is very helpful. Before we get into apktool, we will try to understand what is being passed. getAction() will get whatever was set using setAction() in the MainActivity class. putExtra() sends additional parameters in the form of a dictionary <key:value>. So, the second condition requires the key to be the return value of getSecret(). getSecret() returns today’s date.
As the next step, we need to find out what intent is being sent to the application. You can get this information just by looking at the AndroidManifest.xml file. An <intent-filter> tag represents what intents this activity cares about. So, just by looking at Manifest file, we will see what is the intent that is supposed to be sent.
Note that we won’t have any information regarding the extra parameters associated with the intent.
The other way is to manually search for the string constant’s id identifier in the resources in the disassembled apk directory. Checking this out with help you to get more familiar with the files present in that directory. In the res/values/ folder you will need to map the above int value to string using the public.xml and strings.xml file.
Now we know, what our action string should be, we also know that key should be current date, so now decompile Lesson8AuxApp, figure out where the strings are being assigned and change them to the ones we just discovered.
Assemble the package back to .apk file, you can get this information from the instructions in “Preparing for App assessment.” Don’t forget to push the auxiliary app back to the device.
That’s it! With everything done correctly, you should see the following screen.
