线下班第二期_安全测试基础_20180506

课程帖

jadx 把apk反编译为java代码

java source -> gradle class -> dx -> dex -> apk -> apk -> dex -> dex -> java(混淆后)

apktool 实现apk的反编译和重新构建

https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar
https://ibotpeaches.github.io/Apktool/
dex <–> smali

smali语法与示例

dex -> java —> dex 很难

const-string v0, "testerhome"
const-string v1, "hello from seveniruby"
invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I

Keep中加入testerhome输出示例

#反编译
  244  java -jar ../apktool_2.3.1.jar d keep.apk -o keep_decode
#修改Keep,在里面增加smali指令,参考上面的章节
  245  vim keep_decode//smali/com/gotokeep/keep/KApplication.smali
#重新构建出来新的apk
  246  java -jar ../apktool_2.3.1.jar  build keep_decode/ -o keep-new.apk
#生成自己的证书
keytool -genkey -v -keystore testerhome.keystore -alias testerhome -keyalg RSA -keysize 2048 -validity 10000
#利用之前的keytool生成的keystore文件签名新的apk
  249  jarsigner -verbose -keystore ../xueqiu/testerhome.keystore  -signedjar keep-signed.apk keep-new.apk testerhome
  261  adb devices
  262  adb -s VED7N18403003958 install -r keep-signed.apk
  264  adb -s VED7N18403003958 logcat | grep testerhome

作业

演练在keep中加入smali指令

把成功的结果发上来

关闭