preface
You know when we’re doing reverse analysis, a lot of the time we’re doing logic. Network packet capture, data source flow analysis, page logical jump analysis, dynamic debugging, etc. Because a lot of code can be confusing, a lot of times we can’t see the logic going directly through the code, so we choose breakpoints for debugging.
While the C layer typically uses IDA for debugging analysis, the Java layer often requires debugging analysis of Smali code.
Just contact reverse this piece, read a lot of methods on the Internet, so I put it into practice, in the process of practice and found a new method, so, share.
plan
Without further ado, go straight to the plan:
1, through IDE+DDMS+Smalidea to debug 2, through Android Studio +Smalidea to debug
The first way: IDE+DDMS+Smalidea
Android Studio 3.2 IDE For macOS crackTool
1, first decompile an APK, change its debuggable to true, and repackage
(of course, if you can also root and then use mprop to modify the system IO. Debuggable properties, methods online many)
AndroidCrackTool is a collection of tools that can be set to use Apktool, which is a relatively new version
Open the Androidmanifest.xml file and add android:debuggable=”true” under application.
As you can see, there are multiple smAli files, because dex is subcontracted, so there are also multiple smALI files (it is possible that the code under the same module will be divided into several folders).
Later we will copy the SMALI code to the new project for debugging.
Then again, use AndroidCrackTool (or you can use apkTool yourself, it’s just a toolset) to repackage.
Then use AndroidCrackTool to sign the APK and it becomes a debuggable APK.
2. Use IDE to create new projects (both Android Studio and IDEA are ok, I use Android Studio here, because everyone has AS, and Android projects have unique benefits, which will be mentioned later). Then copy the smali code to the source root directory (usually SRC).
3. Download and install the Smalidea plug-in, and then create the debugger
Download address [Smalidea] (bitbucket.org/JesusFreke/…). Download the zip package, directly use AS to introduce the plug-in.
The introduction of the pluginThen, create the Remote debugger
Change the port to 8700 and module to APP
4. Attach the debugging process with DDMS
DDMS can no longer be opened directly from the IDE
sdk/tools/monitor
Then execute the debug ADB command
The adb shell am start - D - n {replaced registration} /. UI. Activity. LaunchActivityCopy the codeHere also provides a quick query package name command (can also use top, that is more information)
adb shell dumpsys activity activities | sed -En -e '/Running activities/,/Run #0/p'Copy the code
After executing the command, a pop-up box appears in the app. Wait until the debugger attaches, DDMS opens, and then the adjustable process appears in the device. And the default port is 8700
Then AS runs our debugger,
Now we can debug the smali code and look at the Frames on the left and see the function call stack, which is great.
Note:
Lsof -i:8700: indicates the process that uses this port. Kill -9: indicates the process that uses this port and reconnect to ADB. Just open the DDMS.
Second way: Android Studio +Smalidea
The second one is easier, in fact, just use AS. We all know about the Android App project. After running the app, we can directly click “Attach to Android Processor “button to the left of Stop to debug the app. It also allows us to debug the apK process we want to debug.
After executing adb shell am start -d -n XXXX, click this button. Note that you need to check “Show all processes” so that you can see the process being debugged.
Same, hit a breakpoint, you can debug! Ha ha ha, how convenient.
The second method is the most convenient, Android developers just use AS, do not need to use IDEA what, but also to download. This is what I recommend sharing with you.
The last
I have just started to contact reverse correlation, there is still a lot to learn, if there are good things to share, if you have good resources also welcome to leave a message to share, thank you.