Injecting code into APK

Question

I know you can decompile code using apktool and recompile it again, but my question is how would you be able to inject large amounts of code into an apk and execute it.

Answer 1

There is a Python lib/tool, paraspace (my small project), can help you to inject one or more classes from a DEX file into another. It will insert the code of given class into target DEX file, and redirect all calls invoking a class to another one. So, you can implement a derivation of java.io.File, and replace all calls of the File with the derivation.

The paraspace is available at http://hg.assembla.com/paraspace, you can retrieve it with hg. It is still immature, but it is workable for simple examples. You can try following command when you have a copy of paraspace.

    PYTHONPATH=`pwd` python examples/inject_redir.py data/suffile.dex \
   'Lcom/codemud/fakefile/fakefile;' data/helloworld.dex 'Ljava/io/File;' \
   output.dex

This command will read com.codemud.fakefile.fakefile class from suffile.dex and inject it to helloworld.dex, and write it out as output.dex. All calls to java.io.File will be replaced by calling methods of com.codemud.fakefile.fakefile. The source of helloworld.dex and suffile.dex is here.

http://www.codemud.net/~thinker/downloads/paraspace-milestone1-sample.tar.gz

FYI