Ali ctf-2014 Android Third problem--so dynamic debugging and crack reinforcement

Source: Internet
Author: User

It's a good idea to learn the reverse of Android by doing a problem.

Although there are opportunistic ways to solve this problem, but in-depth study of this topic, learning to Dex's dynamic debugging, crack reinforcement and other technologies.

Thank you for your Android Daniel's detailed introduction to this topic. I just did it once, and I rehearsed it myself for some unclear areas, and made a brief summary of the so debugs for Android.


Start with Android's so code debugging from scratch:

First, the tool preparation:

Jre--java Runtime enveroment//All tools under this support

Jdk--java Development Kits//need to use the inside of the JDB program

Android SDK Manager//includes various tools such as ADB, DDMS, and various SDK version download management

Android AVD Manager//used to build various SDK versions and corresponding API-level Android virtual machines


For convenience, add directories, such as Sdk\platform-tools,sdk\tools, to the PATH environment variable that contain the various utility tools listed above.

Create a new virtual machine: see my previous post

I am using the SDK 4.0.3, API level 15.

Installing APK:ADB Install 3.apk


Second, commissioning

This is still a reference to Daniel's article. I'm only here to refer to the article I made after the Daniel Post.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/EA/wKiom1TAmG3RxlswAADncwrp7y4115.jpg "style=" float: none; "title=" 1.png "alt=" Wkiom1tamg3rxlswaadncwrp7y4115.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/E8/wKioL1TAmUSyyqI5AADCjMtrkHY925.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1tamusyyqi5aadcjmtrkhy925.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/EA/wKiom1TAmG2zTvUAAAB2RE6Zrxw480.jpg "style=" float: none; "title=" 3.png "alt=" Wkiom1tamg2ztvuaaab2re6zrxw480.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/58/E8/wKioL1TAmUWjWCjyAArrW7dRd58979.jpg "style=" width : 700px;height:419px; "title=" 4.png "width=" "height=" 419 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1tamuwjwcjyaarrw7drd58979.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/EA/wKiom1TAmG6QiX3GAAIX8S10sCA805.jpg "style=" float: none; "title=" 5.png "alt=" Wkiom1tamg6qix3gaaix8s10sca805.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/58/E8/wKioL1TAmUXxsRhlAAI9YOQRyrk117.jpg "style=" width : 700px;height:200px; "title=" 6.png "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1tamuxxsrhlaai9yoqryrk117.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/58/EA/wKiom1TAmG7DRHX0AAOeXcEYs8M922.jpg "style=" width : 700px;height:256px; "title=" 7.png "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1tamg7drhx0aaoexceys8m922.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/E8/wKioL1TAmUWSeVQzAAFrCGWrRy4504.jpg "style=" float: none; "title=" 8.png "alt=" Wkiol1tamuwsevqzaafrcgwrry4504.jpg "/>

Third, analysis

Because the IDC script is not used, my dump memory method uses the Edit menu to export the RawData. (It seems to be a good way to learn about Ida's advanced features)

Exported Dex, using Dex2jar to convert to jar package, Jd-gui view, did not see the full content.

Use Dexdecompile to fully decompile the specific content. This could be a dump out of the Odex format, and Dex2jar might only support Dex format.

Find the Addjavascriptinterface function directly and find that its exported interface object name is encrypted.

Of course, for this topic, the interface object name can be enumerated using the Wooyun link, or it will be debugged again using the method above. Or do not even need to directly find the Toast.maketext function inside the parameters, is the answer. See


As a person who likes to be inquisitive, the nature of the translate.so and decrypt_native functions should also be studied. On the one hand is to strengthen the debugging technology of so, another aspect is to exercise the arm instruction set reverse ability.


Finally thanks to the sharing IDA6.6 Daniel, the National People's reverse level can be a new step.

This article is from the "Everything is a Dog" blog, please be sure to keep this source http://cugou.blog.51cto.com/9637775/1607005

Ali ctf-2014 Android Third problem--so dynamic debugging and crack reinforcement

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.