Android reinforcement series-3. Learn to crack before reinforcement, static modification so, android reinforcement

Android reinforcement series-3. Learn to crack before reinforcement, static modification so, android reinforcement

[All Rights Reserved. For more information, see the source .]

Key code of the Project jni (for the Project address, see the bottom of the article) to obtain the package name com. example. shelldemo and com. example. compared with nocrack, the normal running result is this app is illegal. I will not introduce the compilation of jni, and the project also includes the compiled so

 

1. Tool Introduction

IDA6.5 for Static Analysis of so files

010 Editor, modify the so file hexadecimal code

 

2. IDA analysis of so

Drag so to IDA and locate the key code. BEQ indicates that the CMP comparison command in the previous line jumps to the loc_ED0 field if R0 is equal to 0, that is, the successful operation. However, after the program runs, the R0 value is not equal to 0.

 

Then go to options | General

 

 

The following shows the hexadecimal machine code corresponding to each line.

 

We can see that the hex machine code corresponding to redirect command B is E0. Now we need to change the command at 0EC2 to B loc_ED0, which means that the CMP command on the previous line does not need to be judged to jump directly.

 

2.010 Editor modify so

Open 010 Editor, drag the so file, and find 0EC2. Note that a number is 4 bits, and two numbers are 8 bits and one byte. Therefore, the number starts from 0EC0 and the third (starts from 0)

 

Manually change D0 to E0. Pay attention to the change of a number and a number.

 

Save and run the project again. The miracle is that the program runs successfully.

In fact, we can also drag the modified so into IDA again. We can see that the 0EC2 row is changed to B rather than the former BEQ.

 

 

【Project address]

【IDA tool address]

【010 Editor address]