Android逆向利器和smali代码修改出错举例-入参类型
当smali修改代码出错举例1,log如下:
虚拟机层次:
1.本身做出了预测,寄存器v2是符合要求入参,暗示你这个也许是你想要的。VFY: register1 v2 type 17, wanted ref
2.下一句:报参数1不对,应该是String类型。 VFY: bad arg 1 (into Ljava/lang/String;)
3.第三行,拒绝调用初始化。VFY: rejecting call to Ljava/lang/StringBuilder;.<init> (Ljava/lang/String;)V
4. 拒绝调用代码和偏移量。VFY: rejecting opcode 0x70 at 0x031f
5. 函数调用堆栈。VFY: rejected Lcom/dataviz/dxtg/common/android/AboutScreenActivity;.onCreate (Landroid/os/Bundle;)V
6.出错类,全路径。Verifier rejected class Lcom/dataviz/dxtg/common/android/AboutScreenActivity;
7.出错详细描述。Class init failed in newInstance call (Lcom/dataviz/dxtg/common/android/AboutScreenActivity;)
Android运行时日志:
略。

有的网络差(如我这)不好搞。
Baksmali - 使用最广泛的DEX反编译工具 (apktool/antilvl等使用)(https://code.google.com/p/smali/)
dex2jar - 可以把DEX反编译成jar的工具,然后通过JD-GUI查看。(http://code.google.com/p/dex2jar/)
IDA Pro - 利器(https://www.hex-rays.com/index.shtml)
androguard - 也行的。(https://code.google.com/p/androguard/),github托管:https://github.com/androguard/androguard/ 看雪文章 关于androguard那点事 Androguard软件安装方法
AndBug - 动态逆向分析工具(https://github.com/anbc/AndBug/), 看雪文章:Android动态逆向分析工具 : Andbug之基本操作 、Andbug扩展功能
jswat - java写的GUI。(https://code.google.com/p/jswat/), 看雪文章:jswat无源码动态调试工具
eclipse(Apktool )- 动态调试, 看雪文章:反编译apk+eclipse中动态调试smali
以下是引用:
dex2jar contains following compment
- dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM. An example here
- dex-translator is designed to do the convert job. It reads the dex instruction to dex-ir format, after some optimize, convert to ASM format.
- dex-ir used by dex-translator, is designed to represent the dex instruction
- dex-tools tools to work with .class files. here are examples:
- d2j-smali [To be published] disassemble dex to smali files and assemble dex from smali files. different implementation to smali/baksmali, same syntax, but we support escape in type desc "Lcom/dex2jar\t\u1234;"
- dex-writer [To be published] write dex same way as dex-reader.
About
smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
The names "smali" and "baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Why Icelandic you ask? Because dalvik was named for an Icelandic fishing village.
Curious what the smali format looks like? Here's a quick HelloWorld example to whet your appetite.
Got questions/comments? Need help? Come hang out in #smali on freenode.
News
2014-01-17 v2.0.3 is out
- More bugs being slaughtered in this release. Notably, smali's memory footprint should now be reduced, although it's still a good idea to use -JXmx512m when using multiple threads.
- We also managed to sneak in some new features as well. Thanks to whydoubt, it's now possible to add a comment with the resource name when a resource id is referenced in the bytecode as a constant, using the new -i flag.
- As a reminder, the googlecode downloads are deprecated and downloads are now hosted at bitbucket
Description
Androguard is mainly a tool written in python to play with :
- Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation),
- APK (Android application) (.apk),
- Android's binary xml (.xml),
- Android Resources (.arsc).
Androguard is available for Linux/OSX/Windows (python powered).
Features
Androguard has the following features :
- Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,
- Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
- Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
- Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
- Analysis a bunch of android apps,
- Analysis with ipython/Sublime Text Editor,
- Diffing of android applications,
- Measure the efficiency of obfuscators (proguard, ...),
- Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
- Check if an android application is present in a database (malwares, goodwares ?),
- Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
- Detection of ad/open source librairies (WIP),
- Risk indicator of malicious application,
- Reverse engineering of applications (goodwares, malwares),
- Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
- Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
- Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui...)
- ....
Downloads
Our new repository is hosted on github
Sublime Text 2 Plugin
Please read the documentation.
Android逆向利器和smali代码修改出错举例-入参类型的更多相关文章
- android逆向分析之smali语法
一 .smali数据类型 1.Dalvik字节码 Davlik字节码中,寄存器都是32位的,能够支持任何类型,64位类型(Long/Double)用2个连续的寄存器表示: Dalvik字节码有两种类型 ...
- Android逆向基础知识Smali
什么是Smali: 我们用工具反编译一些APP的时候,会看到一个smali文件夹,里面其实就是每个Java类所对应的smali文件.Android虚拟机Dalvik并不是执行java虚拟机JVM编译后 ...
- Android Studio动态调试smali代码
工具: Android Studio版本: 3.0.1 smalidea插件: https://github.com/JesusFreke/smali/wiki/smalidea. 反编译工具:本节先 ...
- 动态调试某个apk的smali代码,微信举例
本地环境: PC:windows 10,Intellij IDEA (android studio应该一样的) 手机:nexus5 8.1系统, 其他依赖:smalidea插件,xposed 插件 h ...
- Android调试系列—使用android studio调试smali代码
1.工具介绍 使用工具 android killer:用于反编译apk包,得到smali代码 android studio:调试smali代码工具,或者使用idea,android studio就是在 ...
- apk反编译(4)Smali代码注入
转自 : http://blog.sina.com.cn/s/blog_5674d18801019i89.html 应用场景 Smali代码注入只能应对函数级别的移植,对于类级别的移植是无能为力的.具 ...
- android smali代码注入 实战一
有同学在通服里面干活,最近一直忙着4g基站搭建的干活,测试设备(android)测量移动网络数据,没有自动保存记录的功能,只能手动记录各种测试参数,不知道测试软件供应商是怎样想的,竟然不提供的这样的功 ...
- 《Android逆向反编译代码注入》 - 逆向安全入门必看视频教程
适合人群: Android开发人员.逆向反编译开发人员.以及对Android逆向安全感兴趣的朋友. 视频地址: 51CTO学院:https://edu.51cto.com/course/24485 ...
- Android逆向之smali
Android逆向之smali 头信息 smail文件前三行 .class <访问权限> [关键修饰字] <类名>; .super <父类名>; .source & ...
随机推荐
- HDU-4847 Wow! Such Doge!,模拟!
Wow! Such Doge! 题意:给定的字符串中doge出现了多少次,直接模拟即可,不用KMP. char s[N]; int main() { // int n; int ans=0; whil ...
- POJ-2002 Squares,哈希模板+数学公式!
Squares 题意:二维坐标轴给出n个点求有多少个正方形. 要是平时做比赛的话毫无疑问会 ...
- 九度oj 题目1342:寻找最长合法括号序列II
题目描述: 假如给你一个由’(‘和’)’组成的一个随机的括号序列,当然,这个括号序列肯定不能保证是左右括号匹配的,所以给你的任务便是去掉其中的一些括号,使得剩下的括号序列能够左右括号匹配且长度最长,即 ...
- 九度oj 题目1120:全排列
题目描述: 给定一个由不同的小写字母组成的字符串,输出这个字符串的所有全排列. 我们假设对于小写字母有'a' < 'b' < ... < 'y' < 'z',而且给定的字符串中 ...
- iRule Event Order - HTTPSv7
v
- BZOJ 4128 Matrix ——BSGS
矩阵的BSGS. 只需要哈希一下存起来就可以了. 也并不需要求逆. #include <map> #include <cmath> #include <cstdio> ...
- 云计算与 OpenStack
“云计算” 算是近年来最热的词了.现在 IT 行业见面不说这三个字您都不好意思跟人家打招呼. 对于云计算,学术界有各种定义,大家有兴趣可以百度一下. CloudMan 这里主要想从技术的角度谈谈对云计 ...
- java私有构造函数
1. 强调类的单例模式 public class Elvs { //公有的静态域,来说明该类只能有一个实例(实例化一次后,后面都是同一个实例) public static final Elvs INS ...
- dbms_metadata.get_ddl的使用总结
https://blog.csdn.net/newhappy2008/article/details/34823339
- ajax中没法用response下载文件啊
ajax 下载不太现实第一,http 不支持直接的二进制传输,二进制数据需要编码 例如base64 ,这点服务器端可以实现第二,客户端获得编码后的文件要转换,js应该也可以第三点,最为致命,js无法操 ...