Thursday, May 12, 2016

I repurposed an app instead of writing a new one...

The microblogging service I installed has been working well. It's easily accessible via any browser, and presents a nice mobile face to the world. It's inconvenient (Yes, I know, cry) to access through a browser, so I figured I'd see if the author of the original code offered any kind of application for Android devices.

Well, yes and no.

They do offer an application, but it's to demo their own install. There appears to be no way of changing that from within the application, so I almost simply tossed it aside, as I don't need to access theirs. However...

I noticed that the mobile version of their install and the app looked identical, so I assumed that they were simply using a browser-based wrapper instead of writing an actual application to retrieve data from their system. Turns out I was right.

I confess I know little of Java, and nothing of writing Android applications, so I made a lot of leaps of faith here (and probably did some of them wrong.) I also run my devices as root, which makes it a lot easier to do what I did.

I started by grabbing an APK decompiler. There are a number of them, from command line to online, but I settled on one called APK Studio which is available from here. It isn't the most full featured thing of it's kind, but it was the only one that worked without seeming to need a lot of know-how on it's own. I also had to grab the apk file from my the backups created from Titanium Backup. Again, running as root allows me to grab them, but you can also use various online tools to either get the APK directly or download it from the play store.

Open APK Studio, and...

What am I looking at? Who knows? Off to read a little about APK files...

Turns out I was right. The application provided by the vendor is simply a web wrapper that calls a specific website, and displays it fullscreen. Nothing more. So I just started clicking on things, opening folders.

Ah ha! What's this? app_name? I remember that, it's the name displayed by the Android launcher! I make the change to my new name, "Chirper". And what else has revealed itself? A number of .png files that turn out to be the launcher icons. Great! I import those into, and simply overwrite them with my own icon image, keeping the original size and color depth. So far, so good. Now, I just need to figure out where the program calls the website in question.

Buried down in the structure, under FullscreenActivity, is what I'm looking for...

const-string v2 contains a URL which points directly to the address of the vendor's site. I made that point to my own install. Interestingly, the .smali file directly above this one also had the address, minus the http:// prefix. I changed that as well, following the format already established. I'm not even going to guess why this is like it is.

I save everything, push the APK back to my device, and have to do one more step: Resign the file. Android expects all files to be signed by some sort of key. Most files are signed by the Play Store, so you can get updates to the application. I didn't want this to happen, so I used an Android app called ZipSigner to resign it with my own personal key. That way, while the internal name of the file still matches that of the Play Store, the keys no longer match, it won't try to update, and I can install it on my device.

Signed, and installed, and it works just like I expected. The name is correct, the icon is correct, and it points directly to my own webserver.

So, was this the best way to go about getting what I needed? Probably not. Was it useful? Sure was, I learned some stuff about how Android applications work, and I'm on my way to actually being able to write this myself. Did it work? Perfectly.

The moral of the story? Don't be afraid to dig into stuff, you may learn something!