Android逆向工程工具
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Android逆向工程工具相关的知识,希望对你有一定的参考价值。
android上的编程主要有两种,一种是使用Adroid SDK(Software Development Kit),用Java开发;一种是使用Android NDK(Native Development Kit),用C/C++开发,因为Android内核是基于Linux Kernel的,用C/C++是最便捷的方式但相对复杂。这里针对的是Java开发的方式。
Adroid上的Java虚拟机Dalvik虚拟机和经典java运作模式大致相同,但Dalvik虚拟机是为Adroid系统优化定制过的。
标准的Java开发流程中,编译时用Java JDK(Java Development Kit)编译Java源码文件到.class文件即Java字节码文件(多个.class文件可以打包成.jar文件,仅仅是打包),标准Java虚拟机中运行的是.class字节码。
而Adroid上的Java编译流程中同样需要先编译到.class文件,但还需要Android SDK中的dx工具将.class文件转换成.dex文件(在Dalvik虚拟机中执行的是dex字节码),然后用Android SDK中的打包工具aapt将.dex文件、资源文件、manifest.xml打包成程序包.apk文件,.apk文件就是可以被发布的最终程序。
Mobile移动平台开发中,有种所谓的Native Application原生程序,这是相对Web开发中的Hyrid Application而言的,前面所述的Android上的两种编程方式都可以算作Android平台上的Native Application,ios平台的Native开发使用Object-C开发、不过现在又要改用Swift语言。
因为移动平台越来越多样复杂,所以前端/客户端Web开发越来越复杂,但通过一个Native Container来提供一个各个平台功能的统一接口是一种趋势,于是就有Hybrid Application模式。Web开发中的Hyrid Application,是指在客户端,用客户机(Android or iOS)上的浏览器,比如iOS中的UIWebView、Android中的WebView作为运行载体,Hyrid Application本身用html5、CSS、javascript编写,可用Cordova包装成Native程序存取运行平台的功能、可以一套代码多个移动平台运行,相比于每个平台一套Native Application的开发方式大大减少工作量,但缺点是性能较差,PhoneGap是Cordova的一个变种被Javascript库ExtJS所使用。
https://en.wikipedia.org/wiki/Apache_Cordova#Design_and_rationale
Apache Cordova (formerly PhoneGap) is a mobile application development framework originally created by Nitobi. Adobe Systems purchased Nitobi in 2011, rebranded it as PhoneGap, and later released an open source version of the software called Apache Cordova.[3] Apache Cordova enables software programmers to build applications for mobile devices using CSS3, HTML5, and JavaScript instead of relying on platform-specific APIs like those in Android, iOS, or Windows Phone.[4] It enables wrapping up of CSS, HTML, and JavaScript code depending upon the platform of the device. It extends the features of HTML and JavaScript to work with the device. The resulting applications are hybrid, meaning that they are neither truly native mobile application (because all layout rendering is done via Web views instead of the platform‘s native UI framework) nor purely Web-based (because they are not just Web apps, but are packaged as apps for distribution and have access to native device APIs). Mixing native and hybrid code snippets has been possible since version 1.9.
......
The core of Apache Cordova applications use CSS3 and HTML5 for their rendering and JavaScript for their logic. HTML5 provides access to underlying hardware such as the accelerometer, camera, and GPS. However, browsers‘ support for HTML5-based device access is not consistent across mobile browsers, particularly older versions of Android. To overcome these limitations, Apache Cordova embeds the HTML5 code inside a native WebView on the device, using a foreign function interface to access the native resources of it.[26]Apache Cordova can be extended with native plug-ins, allowing developers to add more functionalities that can be called from JavaScript, making it communicate directly between the native layer and the HTML5 page. These plugins allow access to the device‘s accelerometer, camera, compass, file system, microphone, and more.
However, the use of Web-based technologies leads some Apache Cordova applications to run slower than native applications with similar functionality.[27] Adobe Systems warns that applications may be rejected by Apple for being too slow or not feeling "native" enough (having appearance and functionality consistent with what users have come to expect on the platform). This can be an issue for some Apache Cordova applications.[28][29]
React前端库的Native功能与Cordova类似,也是提供一个运行平台与应用app之间的功能缓冲层。
https://facebook.github.io/react-native/
1. APKTool
反编译android上的app文件apk到smali代码。apktool反编译.apk文件后会有个smali目录和目录中.smali结尾的文件。
apktool的installation guid:
https://ibotpeaches.github.io/Apktool/install/
smali和dex很容易混淆,因为dalvik虚拟机运行的是dex字节码,从.apk文件加载到dalvik虚拟机再运行的流程中,是没有smali代码存在的位置的,而.smali文件和.dex文件可以互相转换,之所以如此,是因为.dex字节码是不容易阅读的,而转换成smali语法的代码则容易阅读的多,也容易修改,修改完.smali后可以再转换成.dex字节码,再用aapt工具重新打包、再重新签名,那么一个经过纂改的.apk文件就完工了,但是前提是得有原先.apk文件的签名密钥,不过对于有些厂商来说,他们的.apk文件的签名密钥可以买到。。。
https://www.quora.com/What-is-smali-in-Android
Smali/Baksmali is an assembler/disassembler for the dex format used by dalvik, Android‘s Java VM implementation. The names "Smali" and "Baksmali" are the Icelandic冰岛语 equivalents of "assembler" and "disassembler" respectively.
https://stackoverflow.com/questions/30837450/what-is-smali-code-android
When you create an application code, the apk file contains a .dex file, which contains binary Dalvik bytecode. This is the format that the platform actually understands. However, it‘s not easy to read or modify binary code, so there are tools out there to convert to and from a human readable representation. The most common human readable format is known as Smali.
But the platform doesn‘t know anything about smali, it‘s just a tool to make it easier to work with the bytecode.
2. Signapk.jar
signapk.jar是android sdk自带的工具,用Android自带的signapk.jar + .x509.pem + .pk8签名应用程序。这是一年多前写的总结,现在找不到了目录了,晕,得重新找。
3. dex2jar
可以将.dex文件反编译成.jar文件,然后.jar文件就可以用jd-jui查看,jd-jui本身可以查看标准java编译成的.jar文件。
https://github.com/pxb1988/dex2jar
4. jd-jui
jd-jui本身可以查看标准java编译成的.jar文件。
http://jd.benow.ca/
5. apkpure.com
是不是烦透了android上的应用程序下载安装都得经过应用商店,那就试试在apkpure.com上查找下载,我自己亲自验证过,apkpure.com可以安全下载apk文件,apk都是经过校验的,没有被替换过,因为我用apk作者或厂商的公开的签名密钥对apkpure.com上下载的apk校验过,是无误的。
不过缺点是,程序自动升级一般得经过应用商店,apkpure.com上下载的apk安装后升级可能要自己手动。
以上是关于Android逆向工程工具的主要内容,如果未能解决你的问题,请参考以下文章
Android 逆向Android 逆向通用工具开发 ( Windows 平台静态库程序类型 | 编译逆向工具依赖的 Windows 平台静态库程序 )
Android 逆向Android 逆向工具 ( Apktool | IDA | Python )
Android 逆向Android 逆向通用工具开发 ( Windows 平台运行的控制台应用程序类型 | 编译 Windows 平台运行的 Android 逆向程序 )
Android 逆向Android 逆向通用工具开发 ( PC 端工程分析 | 网络初始化操作 | PC 端工程核心业务逻辑 )