Android逆向之初
环境搭建
系统:Windows 10(1709) 64bit
java环境:JDK 1.8.0_144 ; JRE 1.8.0_144
Android Studio Version 3.1.1
Android SDK 4.4&8.1
安卓模拟器(我使用的是"夜神")
AndroidKiller
First Android CrackMe
测试程序
首先查看程序,运行看一下.
在程序中输入用户名和序列号后出现"未成功,还需努力"的提示
找到入手点
使用AndroidKiller打开这个APK文件,分析这个文件.尝试使用工程搜索功能,查找这个提示的字符串,找到如下图所示
分析代码:
查看整个工程入口和其他文件.发现MainActivity$2.smail文件如下代码就是判断验证是否成功的地方
主要代码:
.line 46
.local v1, "user":Ljava/lang/String;
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
invoke-static {v2}, Lcom/bluelesson/crackme000/MainActivity;->access$100(Lcom/bluelesson/crackme000/MainActivity;)Landroid/widget/EditText;
move-result-object v2
invoke-virtual {v2}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/Object;->toString()Ljava/lang/String;
move-result-object v0
.line 47
.local v0, "name":Ljava/lang/String;
const-string v2, ""
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v2
if-nez v2, :cond_0
const-string v2, ""
invoke-virtual {v0, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v2
if-eqz v2, :cond_1
.line 48
:cond_0
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
invoke-static {v2, v5, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;II)Landroid/widget/Toast;
move-result-object v2
.line 49
invoke-virtual {v2}, Landroid/widget/Toast;->show()V
.line 61
:goto_0
return-void
.line 52
:cond_1
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
const v3, 0x7f060024
invoke-virtual {v2, v3}, Lcom/bluelesson/crackme000/MainActivity;->getString(I)Ljava/lang/String;
move-result-object v2
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v2
if-eqz v2, :cond_2
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
const v3, 0x7f060022
invoke-virtual {v2, v3}, Lcom/bluelesson/crackme000/MainActivity;->getString(I)Ljava/lang/String;
move-result-object v2
invoke-virtual {v0, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v2
if-eqz v2, :cond_2
.line 53
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
const v3, 0x7f06001a
invoke-static {v2, v3, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;II)Landroid/widget/Toast;
move-result-object v2
.line 54
invoke-virtual {v2}, Landroid/widget/Toast;->show()V
.line 55
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
invoke-static {v2}, Lcom/bluelesson/crackme000/MainActivity;->access$200(Lcom/bluelesson/crackme000/MainActivity;)Landroid/widget/Button;
move-result-object v2
invoke-virtual {v2, v4}, Landroid/widget/Button;->setEnabled(Z)V
.line 56
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
const v3, 0x7f060019
invoke-virtual {v2, v3}, Lcom/bluelesson/crackme000/MainActivity;->setTitle(I)V
goto :goto_0
.line 58
:cond_2
iget-object v2, p0, Lcom/bluelesson/crackme000/MainActivity$2;->this$0:Lcom/bluelesson/crackme000/MainActivity;
invoke-static {v2, v5, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;II)Landroid/widget/Toast;
move-result-object v2
.line 59
invoke-virtual {v2}, Landroid/widget/Toast;->show()V
goto :goto_0
.end method
转成伪代码分析:
我们看到其中用了id取到的字符串.分析这几个对比的对象id.在结合之前看到的name和user对象.搜索name和user找到其id赋值的地方.对比发现正是验证的字符串.
注册验证:
user对应的用户名ID,name对应的序列号ID
在软件中输入字符串测试一下.提示 "恭喜,成功注册了",注册按钮也变灰色不可点击了.完成了第一个Android CrackMe.
总结:
安卓的逆向刚刚兴起,很多思路和套路都是简单的.分析程序可直接从 字符串,进程提示,log信息,资源文件等简单的去入手.很少直接去看反编译代码