Background story I recently bought an action camera to shoot some cool underwater stuff. You can connect to it through WIFI and browse the content of the SD card or stream the current video to you phone. Pretty cool features, application is not the best but worked well with my phone. I wanted to try it on my tablet, that is where the trouble came. The app requires location to connect to the camera but my tablet haven’t got GPS so it wasn’t able to do so. Why does location is so important to connect, and why does it need GPS anyways? I bet it can work without it, let’s figure it out. Hacking time Currently I do not have any rooted android devices around so I decided to simply download it from . Now I have the apk, what to do with that?Let’s decompile it! APKpure To keep it simple I used an . It worked like a charm but now I have a bunch of obfuscated code to mess with. online apk decompiler I searched for the error message and I found the string resource name and it led me to the following code snippet. open_wifi_Permission <a href="https://medium.com/media/e5b3e949f166e0f35e7a4be4defb2f48/href">https://medium.com/media/e5b3e949f166e0f35e7a4be4defb2f48/href</a> As you can see if the android api version of the device is greater or equals than 23 (Android 6.0) it will request permission to use the GPS. If I would just change the number to a greater like would be enough for a while. The program would skip the location permission request but as you can read in the official the WifiManager needs the permission, otherwise it will return an empty list. Going deeper in the logic, there is the 23 Integer.MAX_VALUE, Android documentation Manifest.permission.ACCESS_FINE_LOCATION if(GlobalApp.m5984d(this.f5603e)) { //Checking permissions logic code } statement which implementation looks like this. <a href="https://medium.com/media/36d9ea6f7b1b96825480261ba5c1831b/href">https://medium.com/media/36d9ea6f7b1b96825480261ba5c1831b/href</a> It will always return false because, as I said, there is no GPS on my tablet. Just edit it to return constant true and the work is done. Few weeks earlier I read a really cool article about android application reverse engineering where the author described how he decompiled and rebuilt an app, so I dug it up from my bookmarks How I hacked modern Vending Machines I used the same steps to generate the signed apk again but the device couldn’t install the application. After a few more failed attempts I decided to decompile the apk with locally instead of the online decompiler. The output was the sources without the Java source files. apktool smali smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation What if I edit these smali source files? Can I make the app run after rebuilding? Let’s give it a try! I rebuilt the apk, signed and executed zipalign and it worked! Now I have to find the “ method in the smali files. As the comment says in the snippet, the method was renamed from “ With this information I was able to find this code in the file m5984d” java d “ smali method. GlobalApp.smali <a href="https://medium.com/media/3f36cd321fd45ef4ce2356019b91c52f/href">https://medium.com/media/3f36cd321fd45ef4ce2356019b91c52f/href</a> It doesn’t look very developer friendly. After some googling how does the smali works I came up with this solution, just return true as in the java file. <a href="https://medium.com/media/f7cfbe76628ad5ffdd0fab3b5a0e1b45/href">https://medium.com/media/f7cfbe76628ad5ffdd0fab3b5a0e1b45/href</a> I repeated the rebuild, and commands and it finally produced a runnable application, ready to use on my tablet. From now my tablet can connect to the action camera without any issue. apktool jarsign zipalign
