[Kaizige takes you to make a high imitation] High imitation and optimization of the Android version of "fried eggs" (1)-Introduction to reverse engineering and TcpDump packet capture, androidtcpdump
Reprinted please indicate the source: http://blog.csdn.net/zhaokaiqiang1992
In a twinkling of an eye, the graduation season has arrived, and the four-year full and busy university is coming to an end. I am very much looking forward to my life after graduation!
First of all, I would like to thank you for your support for my Blog. In return, I will share my favorite articles with you, for details, please stamp a good article on Android-learn and learn about new things.
In addition, I have been busy working and preparing my graduation thesis recently, so the output of my thesis is less. Of course, my work is related to Android, that is, the reverse engineering, high imitation, and optimization of the "egg" App. It can be used as both a complete project and a small work of its own, prepare for future interviews ~ So I started this series, recorded the details of this project, and shared my experience with you. By the way, I used it as my graduation thesis materials ~
PS: the technology, data, and interface addresses involved in this series of articles are for learning and communication only. Do not do anything bad! Otherwise, you are at your own risk!
- Reverse Engineering
- Code Framework Analysis
- TcpDump packet capture
- WireShake analyze data packets
Reverse Engineering
Since it is a high imitation, of course it requires reverse engineering. Because Android is based on Java, The Decompilation is not very difficult and there are a wide variety of materials, so here is a brief introduction.
During decompilation, we can follow the process below
- Decompile the apk using apktool to obtain layout files in res, image resources in drawable, component declarations and permission declarations in AndroidManifest. xml, and constant values in values.
- Change the apk to zip suffix, decompress it to get the classes. dex file, then use the dex2jar tool to decompile it, get the classes. jar file, and then use the JD-GUI to view it.
This is a general decompilation process, but I want to introduce some other things. In the first step, there are not many things in the process. Generally, we can get the resources we want. But in the process of converting dex into jar, we can use the above method to view the java source code, however, dex2jar does not parse the switch statement in Android completely, so it looks very difficult. We will take a class after reverse engineering of "fried eggs" as an example. The following uses dex2jar, then use the com. danielstudio. app. wowtu. a. method a in AE class
protected void a(g paramg) { if (isCancelled()); do { return; w.e().remove(this.b.a); } while (!(h.a(paramg)); String str1 = (String)paramg.c(); String str2 = str1.split("\\|")[1]; if (!(str1.split("\\|")[2].trim().equals("0"))) switch (this.c) { default: case 1: case 0: } while (true) { while (true) { while (true) { this.a.c(this.d); com.danielstudio.app.wowtu.f.e.a(w.c(this.a), str2); } w.a(this.a).add(this.b.a); com.danielstudio.app.wowtu.c.e locale2 = this.b; locale2.i = (1 + locale2.i); } w.b(this.a).add(this.b.a); com.danielstudio.app.wowtu.c.e locale1 = this.b; locale1.j = (1 + locale1.j); } }
The above code format is very ugly and basically cannot see the original running logic. So I will introduce you to a decompilation tool called Procyon, which is easy to use,
Help java-jar decompiler. jar decompile a single class file java-jar procyon-decompiler-0.5.24.jar AutoCloseableExample. class decompile the entire Jar package java-jar procyon-decompiler.jar-jar myJar. jar-o out
The following code uses Procyon to decompile the same class:
protected void a(final g g) { if (!this.isCancelled()) { w.g.remove(this.b.a); if (h.a(g)) { final String s = (String)g.c(); final String s2 = s.split("\\|")[1]; if (!s.split("\\|")[2].trim().equals("0")) { switch (this.c) { case 1: { this.a.e.add(this.b.a); final e b = this.b; ++b.i; break; } case 0: { this.a.f.add(this.b.a); final e b2 = this.b; ++b2.j; break; } } this.a.c(this.d); } com.danielstudio.app.wowtu.f.e.a(this.a.b, s2); } } }
Is the code logic so clear ~
Therefore, you cannot simply know the human tools, and many other tools are also very useful.
Code Framework Analysis
Okay, now we get the source code we want. below is the directory structure after decompilation. Let's analyze it briefly.
If you have downloaded "fried eggs", you can see that the UI uses a very new Design style, that is, the Material Design style. However, the real Material Design requires support from the Android L version. Therefore, the latest support. v7 compatibility package and other compatible components are required to consider compatibility. This is also reflected in the above package structure.
The package com. afollestad. materialdialogs can also be regarded as a Material Design-Style Dialog from the name, in order to maintain a unified style.
The com. danielstudio. app. wowtu package is the core package of the egg App, which contains the specific logic code. All the things we need to analyze are shown here.
Loopj. android. http is not familiar with this package? This is android-async-http, a well-known open-source network request framework, which is the core network request package of the entire project.
The com. nostra13.universalimageloader package does not need to be nonsense. It is very powerful to load the image framework.
The packages below are third-party sdks used for sharing, such as QQ and Sina, and umeng is used for Channel statistics and upgrades.
The bottom uk. co. senab. phtotview is a powerful image display control, which can be scaled Freely based on gestures.
So far, we have known the main framework of this App. Next I will briefly describe the overall framework of this App.
For network requests, I tend to use Volley, because this library is optimized for frequent requests with small data volumes in complex networks, so it is suitable for apps such as fried eggs.
In terms of image loading, although UIL is competent for this job, I am going to try FaceBook's new Fresco image loading framework. I have translated an official introduction to Fresco before, for details, stamp FaceBook's Android image loading library-Fresco.
Other frameworks, such as butter knife, are also ready to give it a try. Although it seems that there is no need to use the IOC framework in this project, the previous projects used AFinal, it's easy to use ~
As a matter of fact, the main frameworks have come up with so many ideas for the moment. More of them need to be introduced at the same time. More are open-source projects of View, and Githun can be used skillfully ~
TcpDump packet capture
In fact, the above work is very simple, and more importantly, how do we obtain data interfaces, no interfaces, and how can we perform high imitation? Because the egg App is confusing and most of the core code is hard to read, I will introduce how to use TcpDump to capture packets on Android devices.
TcpDump is a powerful network data collection tool in Linux, which we often call a packet capture tool. packet capture can do a lot of bad things. However, we are all good kids ~
Because the Android system uses Linux 2.6 kenal as the kernel, we can use TcpDump to capture packets.
First of all, we need to upload TcpDump to our test machine. I am using the Nexus5 Test Machine in eng engineering mode, and the use of the Genymotion virtual machine fails, it may be because TcpDump cannot run on a x86 virtual machine. The native Virtual Machine of ADT is an ARM architecture and can be used. However, if I open it too slowly, I will not test it, if you want to use a real machine, make sure it is eng engineering mode.
With the test machine, adb connects to the device, and then use the following command to check whether the device is connected successfully.
kaiqiangzhaoMacBook:~ zhaokaiqiang$ adb devicesList of devices attached 16e8718e device
After the connection is successful, use the following command to upload TcpDump to the/data/local/tcpdump path.
kaiqiangzhaoMacBook:~ zhaokaiqiang$ adb push ~/Desktop/tcpdump /data/local/tcpdump4189 KB/s (1801155 bytes in 0.419s)kaiqiangzhaoMacBook:~ zhaokaiqiang$
Run the following command to modify the permission:
kaiqiangzhaoMacBook:~ zhaokaiqiang$ adb shell chmod 777 /data/local/tcpdump
So far, our TcpDump has been successfully deployed.
We will briefly introduce several common commands.
The following command is the simplest command used to capture packets.
adb shell /data/local/tcpdump -n -s 0
-N indicates that the network address is not converted to a name.
-S 0: the default capture length is 68 bytes. After-s 0 is added, the complete data packet can be captured.
Because we have many network requests, we need to filter them. For example, we need to obtain all packets received and sent by all hosts in 10.10.10.1.
kaiqiangzhaoMacBook:~ zhaokaiqiang$ adb shell /data/local/tcpdump -n -s 0 host 10.10.10.1
TcpDump has a lot of powerful usage, so I will not explain it one by one. I have added some articles to my favorites, so you can leave a message. Well-organized articles on Android-related issues
The command we use is as follows:
adb shell /data/local/tcpdump -n -s 0 -w /sdcard/jiandan.pcap host 10.10.10.your ip
In this way, we can capture all the packets that communicate with the current ip address, and then save them to the/sdcard/jiandan. pcap file, waiting for us to use the following WireShake for analysis.
WireShake analyze data packets
After the above steps, we have caught the communication packet between the egg App and the server. When capturing the packet, pay attention to the following points:
In this way, we can get our pcap data packets. The next step is to use WireShake for data analysis.
WireShake is also very powerful, but here we are just simple to use, more powerful functions to explore.
We can use the following command to download the file
adb pull /sdcard/jiandan.pcap ~/Desktop/jiandan.pcap
The following is a packet capture data. After it is opened with WireShark, it is as follows:
Pay attention to the red box. In general, information apps use Http interfaces to obtain data, while apps with high real-time requirements, such as stock quotations, use Socket communication, the TCP protocol is used here. We can see that the local ip address and 42.120.48.125 communicate with each other over Http. by clicking the package data below, we can see our complete request URL in the request text. This is the interface for obtaining segments, use page for paging.
In fact, in this way, we can capture basically all the interfaces using the Http protocol, but there is still a better way. In general, these addresses are hard-coded in the code, once we know an address format, we can directly search for other similar interfaces. For example, we put the class file decompiled in the first step in the Java project of Eclipse, search for the keyword oxwlxojflwblxbsapi in the entire project.
There are a lot of interface addresses, so we can save a lot of effort, the specific interface test is not much said, just try it yourself.
In fact, at the beginning, I wanted to make an egg client, which was implemented by parsing the Web site through Jsoup. It was also successfully parsed and can be used normally. However, I suddenly wondered how to write the code, by the way, after successfully obtaining the interface, you can use it more conveniently, so you can use it directly.
The module and sub-function modules of this project have been basically completed, and subsequent functions are being implemented. We hope this project will become a good learning material for new users.
I am also doing it with great care. If you have read the code and gained some benefits, it is excellent. If you find that the code I write has poor performance or has a better solution, I hope you can tell me whether to submit an issue or pull request. I want to make this project better than 9GAG.
The following are completed functions:
Github address for this project: https://github.com/ZhaoKaiQiang/JianDan
Thanks to the developer DanielWangDev.
Will be updated in the future...
Finally, I would like to warn you that the technology, data, and interface addresses involved in this series of articles are only for learning and communication, so do not do anything bad! Otherwise, you are at your own risk!