Phase to recommend

Smali file details

Understand THE C language

Java layer debugging

Practical explanation: Crakeme01

Practical: AliCrackme

1.SMALI/BAKSMALI

SMALI/BAKSMALI is a powerful apK file editing tool that can be used in the Dalvik virtual machine (Google’s own virtual machine designed for Android) to decomcompile and backcompile classes.dex. The syntax is a loose Jasmin/ Dedexer syntax, and it implements all the functions of the. Dex format (annotations, debugging information, line information, etc.).

2. ANDBUG

Andbug is a debugging tool for Dalvik VIRTUAL machine on the Android platform. The tool is based on JDWP protocol and encapsulated in Python. Its flexibility and customizability is a magic tool for Android security for reverse engineers and developers. It uses the same interface as Eclipse plug-in debugging for Android, and its Java Debug Line protocol (JDWP) and Dalvik Debug Monitor (DDM) allow users to monitor the Dalvik VIRTUAL machine and check the process status. Unlike Google’s own Android software development kit debugging tool, AndBug does not require source code. However, it needs to be wrapped in Python because for most important tasks, it needs to use a scripted breakpoints concept called “hooks.”

3. ANDROGUARD

Androguard (also known as Android Guard) is a reverse engineering of Android applications, providing features such as malware analysis. Its characteristics are: using DAD as a decompiler; Can analyze malware; Written primarily in Python; Support visualization; Androguard supports: DEX, ODEX; APK. Binary XML for Android; Android resource files; Decomposed DEX/ODEX bytes; DEX/ODEX file decompiler;

4. APKTOOL

APKTool is an APK compilation tool provided by GOOGLE. It can decompile and decompile APK, install the Framework -RES framework required by the APK decompile system, and clean up the last decompile folder. It can unpack APK completely. After unpacking APK, you can see declaration files, layout files, image resource files, smali files unpacked from dex, language files, etc. If you want to Chinese, modify the interface, modify the code, ApkTool can help you one-stop completion.

Features:

Decompiler resource files to native formats (resources. Arsc, classes.dex, 9.png, XML, etc.); Rebuild decoding resources back to binary APK/JAR; Organize and process apKS that depend on framework resources; Smali debugging (removed in 2.1.0, replaced by IdeaSmali); Assist with repetitive tasks;

5. AFE

AFE (Android Frameworkfor Exploitation) is an open source project that runs on unix-based operating systems and can be used to demonstrate security vulnerabilities in the Android operating system. It also shows that Android botnets can exist. Leaking Content Providers, Insecure FileStorage, Directory Traversal, etc. And executing arbitrary commands on infected devices. AFE consists of two parts, PC (hereinafter referred to as AFE) and mobile (hereinafter referred to as AFEServer). AFE is mostly written entirely in Python. AFE is extensible, with the freedom to add additional modules or migrate existing tools to the AFE framework. AFEServer is an Android application running on a mobile phone. It is used to connect to the Python interface of AFE and execute commands sent by AFE to the mobile phone.

Function:

Complete command line interface; Find application vulnerabilities; Automatic creation of malicious applications;

6. BYPASS SIGNATURE AND PERMISSION CHECKS FORIPCS

The tool provides bypassing signature and permission checking services for IPCs by using Cydia Substrate. About Cydia Substrate Cydia Substrate is a code modification platform. It can modify any main process code, whether written in Java or C/C++ (native code).

7. ANDROID OPENDEBUG

The tool uses Cydia Substrate to run all applications on the device; Once any application is installed there is a Debugger connected to them. Note: This tool can only be used on test equipment!

8. DARE

Dare is an APK reverse engineering tool released by the University of Pennsylvania Computer Science Department. It decompiles APK files used in Android systems into JavaClass files. These Class files can then be processed by existing Java tools, including decompilation. Currently supported on Linux and Mac OS X.

9. DEX2JAR

Dex2jar is a set of tools that can operate both the Android Dalvik (.dex) file format and the Java (.class) file format. Contains the following functions: dex-reader/writer used to read and write DalvikExecutable (. Dex) file format. Contains a simple API(similar to ASM); D2j-dex2jar: converts files from dex to class. Smali/Baksmali: same functionality as smali tools, but more Friendly to Chinese; Other tools: string decryption

10. ENJARIFY

Enjarify is a Dex2jar-like decompression tool developed by Google and based on Python3. It can convert Dalvik bytecode into Java bytecode with better compatibility, accuracy and efficiency than Dex2jar.

11. DEDEXER

Dedexer is an open source tool for decompiling DEX files. Features include: no need to run in an Android emulator; Dex files can be built according to the directory structure of Java source code Package directory, each class file corresponds to a DDX file; Can be used as a decompiler engine like JASmin;

If you are also interested in Android reverse, you can scan the following TWO-DIMENSIONAL code, or wechat search [Chen Dao mobile security team], pay attention to surprise oh!

Qq: 1139349849 Vx: Yjxiaox