Ali ctf-2014 Android Third problem--so dynamic debugging and crack reinforcement

It's a good idea to learn the reverse of Android by doing a problem.

Although there are opportunistic ways to solve this problem, but in-depth study of this topic, learning to Dex's dynamic debugging, crack reinforcement and other technologies.

Thank you for your Android Daniel's detailed introduction to this topic. I just did it once, and I rehearsed it myself for some unclear areas, and made a brief summary of the so debugs for Android.

Start with Android's so code debugging from scratch:

First, the tool preparation:

Jre--java Runtime enveroment//All tools under this support

Jdk--java Development Kits//need to use the inside of the JDB program

Android SDK Manager//includes various tools such as ADB, DDMS, and various SDK version download management

Android AVD Manager//used to build various SDK versions and corresponding API-level Android virtual machines

For convenience, add directories, such as Sdk\platform-tools,sdk\tools, to the PATH environment variable that contain the various utility tools listed above.

Create a new virtual machine: see my previous post

I am using the SDK 4.0.3, API level 15.

Installing APK:ADB Install 3.apk

Second, commissioning

This is still a reference to Daniel's article. I'm only here to refer to the article I made after the Daniel Post.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/EA/wKiom1TAmG3RxlswAADncwrp7y4115.jpg "style=" float: none; "title=" 1.png "alt=" Wkiom1tamg3rxlswaadncwrp7y4115.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/E8/wKioL1TAmUSyyqI5AADCjMtrkHY925.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1tamusyyqi5aadcjmtrkhy925.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/EA/wKiom1TAmG2zTvUAAAB2RE6Zrxw480.jpg "style=" float: none; "title=" 3.png "alt=" Wkiom1tamg2ztvuaaab2re6zrxw480.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/58/E8/wKioL1TAmUWjWCjyAArrW7dRd58979.jpg "style=" width : 700px;height:419px; "title=" 4.png "width=" "height=" 419 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1tamuwjwcjyaarrw7drd58979.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/EA/wKiom1TAmG6QiX3GAAIX8S10sCA805.jpg "style=" float: none; "title=" 5.png "alt=" Wkiom1tamg6qix3gaaix8s10sca805.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/58/E8/wKioL1TAmUXxsRhlAAI9YOQRyrk117.jpg "style=" width : 700px;height:200px; "title=" 6.png "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1tamuxxsrhlaai9yoqryrk117.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/58/EA/wKiom1TAmG7DRHX0AAOeXcEYs8M922.jpg "style=" width : 700px;height:256px; "title=" 7.png "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1tamg7drhx0aaoexceys8m922.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/E8/wKioL1TAmUWSeVQzAAFrCGWrRy4504.jpg "style=" float: none; "title=" 8.png "alt=" Wkiol1tamuwsevqzaafrcgwrry4504.jpg "/>

Third, analysis

Because the IDC script is not used, my dump memory method uses the Edit menu to export the RawData. (It seems to be a good way to learn about Ida's advanced features)

Exported Dex, using Dex2jar to convert to jar package, Jd-gui view, did not see the full content.

Use Dexdecompile to fully decompile the specific content. This could be a dump out of the Odex format, and Dex2jar might only support Dex format.

Find the Addjavascriptinterface function directly and find that its exported interface object name is encrypted.

Of course, for this topic, the interface object name can be enumerated using the Wooyun link, or it will be debugged again using the method above. Or do not even need to directly find the Toast.maketext function inside the parameters, is the answer. See

As a person who likes to be inquisitive, the nature of the translate.so and decrypt_native functions should also be studied. On the one hand is to strengthen the debugging technology of so, another aspect is to exercise the arm instruction set reverse ability.

Finally thanks to the sharing IDA6.6 Daniel, the National People's reverse level can be a new step.

This article is from the "Everything is a Dog" blog, please be sure to keep this source http://cugou.blog.51cto.com/9637775/1607005

Ali ctf-2014 Android Third problem--so dynamic debugging and crack reinforcement