Edit

Smali Code Patching Guide

Changing the Return Value in Methods

Example: checkDebugger() Function

The original checkDebugger() function in smali checks whether a debugger is connected. By modifying this function, we can change its behavior to always return a specific result.

Original Code

.method public checkDebugger()Z
    .locals 1

    .line 30
    invoke-static {}, Landroid/os/Debug;->isDebuggerConnected()Z

    move-result v0

    return v0
.end method

In this case, the method returns the actual result of isDebuggerConnected(). To modify it, we can overwrite the value of v0 before returning it.

Modified Code

.method public checkDebugger()Z
    .locals 1

    .line 30
    invoke-static {}, Landroid/os/Debug;->isDebuggerConnected()Z

    move-result v0

    const v0, 0x0  # Overwrite the result to always be false

    return v0
.end method

Now, the method always returns false (represented by 0x0), no matter the actual result of the isDebuggerConnected() function.

Flipping the Logic in Conditionals (IF-ELSE-GOTO Patching)

Example: Processing getHit() Method in a Game

Here, we modify a method that processes a player getting hit, depending on whether the player has a shield. By flipping the conditional logic, we can change how the game behaves.

Original Code

In this code, when the player has a shield (if-ne v0, v2), they don't lose lives. To flip this logic, we can change the if-ne to if-eq so that now the player will lose lives when they have a shield.

Modified Code

Now, the game logic is reversed, and the player loses lives when they have a shield.

Deleting Code to Alter Game Logic

In some cases, you can remove certain instructions to alter the game behavior entirely.

Example: processGame() Method in Java

In smali, this code translates into conditional logic that adds power based on whether the player has the MasterCap.

Original Smali Code

By removing the if-eqz line, the game will always give the player 100 power, regardless of whether they have the MasterCap.

Modified Code

By eliminating the condition, the player now gets a 100 power boost unconditionally.

Changing Jump Instructions

Jump instructions (goto, if-*) can be modified to change how the program flow behaves.

Example: Modifying GOTO

In the same method, we can alter the jump instruction to make the player gain 110 power instead of choosing between 100 or 10.

Original Code

Modified Code

Now the program first adds 10 power and then immediately adds 100 power, giving a total of 110.

Additional Method: Manipulating Currency in a Game

New Method: increaseCurrency()

This method will increase the player's in-game currency.

Now the player will receive 1000 in-game currency every time this method is called.

PreviousSMALI Cheat SheetNextIntent Redirection Vulnerability

Last updated

Was this helpful?