Android逆向利器和smali代码修改出错举例-入参类型

当smali修改代码出错举例1，log如下：

虚拟机层次：

1.本身做出了预测，寄存器v2是符合要求入参，暗示你这个也许是你想要的。VFY: register1 v2 type 17, wanted ref

2.下一句：报参数1不对，应该是String类型。 VFY: bad arg 1 (into Ljava/lang/String;)

3.第三行，拒绝调用初始化。VFY:  rejecting call to Ljava/lang/StringBuilder;.<init> (Ljava/lang/String;)V

4. 拒绝调用代码和偏移量。VFY:  rejecting opcode 0x70 at 0x031f

5. 函数调用堆栈。VFY:  rejected Lcom/dataviz/dxtg/common/android/AboutScreenActivity;.onCreate (Landroid/os/Bundle;)V

6.出错类，全路径。Verifier rejected class Lcom/dataviz/dxtg/common/android/AboutScreenActivity;

7.出错详细描述。Class init failed in newInstance call (Lcom/dataviz/dxtg/common/android/AboutScreenActivity;)

Android运行时日志：

略。

有的网络差（如我这）不好搞。

Baksmali - 使用最广泛的DEX反编译工具 (apktool/antilvl等使用)（https://code.google.com/p/smali/）

dex2jar - 可以把DEX反编译成jar的工具，然后通过JD-GUI查看。（http://code.google.com/p/dex2jar/）

 IDA Pro - 利器（https://www.hex-rays.com/index.shtml）

androguard - 也行的。（https://code.google.com/p/androguard/），github托管：https://github.com/androguard/androguard/ 看雪文章 关于androguard那点事 Androguard软件安装方法

AndBug - 动态逆向分析工具（https://github.com/anbc/AndBug/）， 看雪文章：Android动态逆向分析工具 ： Andbug之基本操作 、Andbug扩展功能 

jswat - java写的GUI。（https://code.google.com/p/jswat/）， 看雪文章：jswat无源码动态调试工具

eclipse（Apktool ）- 动态调试， 看雪文章：反编译apk+eclipse中动态调试smali

以下是引用：

dex2jar contains following compment

1. dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM. An example here
2. dex-translator is designed to do the convert job. It reads the dex instruction to dex-ir format, after some optimize, convert to ASM format.
3. dex-ir used by dex-translator, is designed to represent the dex instruction
4. dex-tools tools to work with .class files. here are examples:
• Modify a apk
• DeObfuscate a jar
5. d2j-smali [To be published] disassemble dex to smali files and assemble dex from smali files. different implementation to smali/baksmali, same syntax, but we support escape in type desc "Lcom/dex2jar u1234;"
6. dex-writer [To be published] write dex same way as dex-reader.

About

smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)

The names "smali" and "baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Why Icelandic you ask? Because dalvik was named for an Icelandic fishing village.

Curious what the smali format looks like? Here's a quick HelloWorld example to whet your appetite.

Got questions/comments? Need help? Come hang out in #smali on freenode.

News

2014-01-17 v2.0.3 is out

• More bugs being slaughtered in this release. Notably, smali's memory footprint should now be reduced, although it's still a good idea to use -JXmx512m when using multiple threads.
• We also managed to sneak in some new features as well. Thanks to whydoubt, it's now possible to add a comment with the resource name when a resource id is referenced in the bytecode as a constant, using the new -i flag.
• As a reminder, the googlecode downloads are deprecated and downloads are now hosted at bitbucket

Description

Androguard is mainly a tool written in python to play with :

• Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation),
• APK (Android application) (.apk),
• Android's binary xml (.xml),
• Android Resources (.arsc).

Androguard is available for Linux/OSX/Windows (python powered).

Features

Androguard has the following features :

• Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,
• Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
• Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
• Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
• Analysis a bunch of android apps,
• Analysis with ipython/Sublime Text Editor,
• Diffing of android applications,
• Measure the efficiency of obfuscators (proguard, ...),
• Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
• Check if an android application is present in a database (malwares, goodwares ?),
• Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
• Detection of ad/open source librairies (WIP),
• Risk indicator of malicious application,
• Reverse engineering of applications (goodwares, malwares),
• Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
• Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
• Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui...)
• ....

Downloads

Our new repository is hosted on github

Sublime Text 2 Plugin

Please read the documentation.