安卓反编译的一些笔记


Author: yifei / Created: Nov. 15, 2017, 1:09 p.m. / Modified: Nov. 15, 2017, 9:10 p.m. / Edit

工具

apk studio

如何 sign:https://www.nevermoe.com/?p=373

smali code tutorial: https://forum.xda-developers.com/showthread.php?t=2193735

一篇很好的pdf的文档,利用smali code:http://www.security-assessment.com/files/documents/whitepapers/Bypassing%20SSL%20Pinning%20on%20Android%20via%20Reverse%20Engineering.pdf

安卓中 pinning 的原理

使用自己的keystore实例化 TrustManagerFactory

关键语句

InputStream in = resources.openRawResource(certificateRawResource);//file name of res/raw keyStore = KeyStore.getInstance("BKS"); keyStore.load(resourceStream, password);

http://fdwills.github.io/diary/2014/06/13/ssl-pinning.html

一些现成的工具

https://github.com/ac-pm/SSLUnpinning_Xposed xposed 插件,已测试不好用 https://github.com/iSECPartners/Android-SSL-TrustKiller 需要cydia

豌豆荚商店中有一个 xposed installer miui专版,使用这个可以很好地安装 xposed

之后安装

另一种思路,找到bks文件,替换掉,重新打包,签名

https://stackoverflow.com/questions/30708548/how-to-modify-the-data-in-the-assets-folder-in-existing-apk-programmatically

另外一些工具

https://github.com/ac-pm/Inspeckage

https://github.com/iSECPartners/Android-SSL-TrustKiller 需要cydia

https://github.com/iSECPartners/android-ssl-bypass 一个基础工具,通过替换trust manager实现

arm 汇编教程

https://mp.weixin.qq.com/s/DKeXqzE6bj5t0eWTkLLCBQ


有任何问题可以发邮件到 kongyifei (at) gmail.com 讨论