Modifying React Native APK

icon

Intro

React native is a JavaScript framework supported by facebook to create hybrid application (combine native & web apps). For developers, React Native is the right choice for creating iOS and Android applications quickly and efficiently, because React Native can compile applications to Android and iOS with only a few changes, namely the use of devices API such as cameras, bluetooth, etc.

Like apk in general, the contents of the compiled apk will resemble native apps, which have the following contents:

▹assets →application assets

• index.android.bundle → compiled react native application (minified javascript)

▹lib →compiled code that is platform dependent

▹META-INF →META files

▹res →uncompiled resources, such as font, layout, animation, etc

• AndroidManifest.xml → application metadata
• classes.dex → compiled java class
• resources.arsc → precompiled resources

Modifying applications is generally done to avoid root detection or protection that runs on applications without communicating with the backend server

Content

How To

To be able to modify the application we only need to change the contents of index.android.bundle file

index.android.bundle

In order to edit the contents of index.android.bundle without destroying the apk, we have to edit without extracting … here’s step by step how to edit directly from the zip:

1. Change extension from .apk to .zip
2. Open with 7zipFM
3. Edit index.android.bundle and save
4. Change extension from .zip to .apk
5. Done

How to read source code easier

1. beautify index.android.bundle
2. Use search to find string
3. Trace parent function of annoying string

Warning (based from experience)

• Extracting file and recompressing will corrupt the apk

Example

For example, an application that detects the timezone and updates it to the latest version every time an application is used. Here is a display of the application

normal application (left) and broken application (right)

To be able to bypass the error popup, we need to delete the function that calls the popup … after looking for the function that calls the error message, it was found that the contents of case 11 are security checking carried out by the application, so we need to delete the contents of case 11.

Security checking on case 11 (beautified)

security checking on case 11 (raw)

Case 11 content deleted

After editing the contents of index.android.bundle don’t forget to save the file, and rename the extension to .apk

save zip content

when it has finished changing, we try to install the application again … but after the application is running, there is an auto update that forces the application to be updated, so the error popup “Timezone tidak otomatis” appears again

force update popup

In the same way, we can remove the function that calls the update popup by editing index.android.bundle again.. After searching for the string “Aplikasi versi baru ditemukan”, it was found that the function “fetchVersi” did a version check and performed an update, so we need to remove this function call

fetchVersi function (beautified)

fetchVersi called (beautified)

removing function call on index.android.bundle

After editing, saving, and changing the file extension to apk, we try to re-install the application, and the application can run normally

application run normally

References

• https://en.wikipedia.org/wiki/Android_application_package
• https://reactnative.dev/
• mas Dicky Hermansyah