欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

安卓应用程序的逆向工程

来源:本站整理 作者:佚名 时间:2017-09-20 TAG: 我要投稿

这两张截图都表现出了咱们应用了frida办法。用 Inspeckage阐发是相称简略的,你可以或许检测app履行的文件体系Activities, SQL行列步队操纵,在这面前应用的是和咱们应用frida办法雷同的观点: 在加密,文件体系,hash等操纵函数上停止hook,然则在这里,咱们可以或许履行函数hook吗? 固然了,正如你在末了一个标签上看到的,它供应了一个hook选项。然则随之而来的成绩是:它不像frida那样,Inseckage没有供应对重载的办法的笼罩,如今点击hook标签而且创立一个hook来验证咱们的想 法: 

以是如今为了可以或许创立一个有用的hook,咱们将会应用 ByteCodeViewer 或许 APKStudio 来改动apk中的 bytecode(字节码)。下面这是咱们对字节码的patch:
 

(留意:当关上apk的时刻,撤消抉择"Decode Resource",不然你将会碰到下面这些成绩)
ERROR: 9-patch image C:\Users\labuser\Desktop\CrackMe\res\drawable-mdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com malformed.
       Must have one-pixel frame that is either transparent or white.
ERROR: Failure processing png?www.myhack58.com image C:\Users\labuser\Desktop\CrackMe\res\drawable-mdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com
ERROR: 9-patch image C:\Users\labuser\Desktop\CrackMe\res\drawable-hdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com malformed.
       Must have one-pixel frame that is either transparent or white.
ERROR: Failure processing png?www.myhack58.com image C:\Users\labuser\Desktop\CrackMe\res\drawable-hdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com
ERROR: 9-patch image C:\Users\labuser\Desktop\CrackMe\res\drawable-xhdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com malformed.
       Must have one-pixel frame that is either transparent or white.
ERROR: Failure processing png?www.myhack58.com image C:\Users\labuser\Desktop\CrackMe\res\drawable-xhdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com
ERROR: 9-patch image C:\Users\labuser\Desktop\CrackMe\res\drawable-xxhdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com malformed.
       Must have one-pixel frame that is either transparent or white.
ERROR: Failure processing png?www.myhack58.com image C:\Users\labuser\Desktop\CrackMe\res\drawable-xxhdpi-v4\abc_list_divider_mtrl_alpha.9.png?www.myhack58.com
在下面那副截图中,可以或许看到第168行,咱们经由过程辨认第168行的参数范例和前往值,胜利的辨认出了这便是加密函数,在第197行,这个被赋值为1的变量也是咱们以前看到的。咱们曾经把这个函数的名字改成为了b ,而且解密函数称号改成c。如今为了包管咱们的app可以或许失常运转,咱们必要在MainActivity的字节码上做出雷同的更新:
 

如今咱们的义务曾经完成为了,可以或许创立一个keystore来对咱们的apk停止署名。
C:\Program Files\Java\jdk1.8.0_144\bin>keytool -genkey -v -keystore C:\users\labuser\Desktop\my.keystore -alias alias_na
me -keyalg RSA -keysize 2048 -validity 10000
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
        for: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Enter key password for
        (RETURN if same as keystore password):
[Storing C:\users\labuser\Desktop\my.keystore]
C:\Program Files\Java\jdk1.8.0_144\bin>jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore C:\users\labuser\Desktop\my.keystore C:\users\labuser\Desktop\CrackMe.apk alias_name
将曾经署名的apk装置到装备上。重启Inspeckage,开端hook来验证能否咱们的改动曾经起作用了。
 

极好地,咱们的改动是完美的,如今咱们可以或许对目的函数Util.b() 下hook。抉择这个函数而且点击 Add hook 按钮。如今让咱们点击ok按钮而且察看Inspeckage Server的关照。

上一页  [1] [2] [3] [4] [5] [6] [7] [8] [9]  下一页

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载