實現Android Native端爆破源碼

標籤：err   job   font   hand   super   src   hello   rri   handle   

嘗試在移動端so側做一些記憶體修改，使之走向不通的邏輯，一下為將要爆破的APP源碼

JAVA側：

 1 package com.example.grady.sectestone; 2  3 import android.os.Handler; 4 import android.os.Message; 5 import android.support.v7.app.AppCompatActivity; 6 import android.os.Bundle; 7 import android.widget.TextView; 8  9 import java.util.Timer;10 import java.util.TimerTask;11 12 public class MainActivity extends AppCompatActivity {13 14     // Used to load the ‘native-lib‘ library on application startup.15     static {16         System.loadLibrary("native-lib");17     }18 19     private TextView tv;20     private Timer timer;21     private int count = 0;22 23 24     private Handler mHandler = new Handler(){25         @Override26         public void handleMessage(Message msg) {27             super.handleMessage(msg);28             //tv.setText((String)(msg.getData().get("time")));29             String str = stringFromJNI();30             tv.setText(str);31         }32     };33 34     @Override35     protected void onCreate(Bundle savedInstanceState) {36         super.onCreate(savedInstanceState);37         setContentView(R.layout.activity_main);38 39         // Example of a call to a native method40         tv = (TextView) findViewById(R.id.sample_text);41         tv.setText(stringFromJNI());42 43         timer = new Timer();44         TimerTask timerTask = new TimerTask() {45             @Override46             public void run() {47                 count++;48                 Message msg = new Message();49                 msg.getData().putCharSequence("time", String.valueOf(count));50                 mHandler.sendMessage(msg);51             }52         };53         timer.schedule(timerTask, 1000, 1000);54     }55 56     @Override57     protected void onDestroy() {58         super.onDestroy();59         timer.cancel();60         timer = null;61     }62 63     /**64      * A native method that is implemented by the ‘native-lib‘ native library,65      * which is packaged with this application.66      */67     public native String stringFromJNI();68 }

View Code

Native側

#include <jni.h>#include <string>#include <sstream>static int count = 0;extern "C"JNIEXPORT jstringJNICALLJava_com_example_grady_sectestone_MainActivity_stringFromJNI(        JNIEnv *env,        jobject /* this */) {    std::string hello;    count++;    std::stringstream ss;    if (count > 30)    {        hello = "Grady JNI Count > 30 :count = ";    }    else if (count < 30 && count >= 0)    {        hello = "Grady JNI Check it : count = " ;    }    else    {        hello = "Grady Boom it !!!!! count < 0 : count = ";    }    ss << count;    std::string countStr;    ss >> countStr;    std::string result = hello + countStr;    return env->NewStringUTF(result.c_str());}

在此是永遠走不進彩蛋 count < 0 的邏輯中的；

後面將通過一定手段走入到彩蛋邏輯中

實現Android Native端爆破源碼