easy-dex

easy-dex

程序没有dex文件发现，android有两个Activity其中的一个Activity名称为android.app.NativeActivity且android:hasCode="false"表面该应用不包含java代码。

   <activity android:configChanges="0xa0" android:label="@string/app_name" android:name="android.app.NativeActivity"><meta-data android:name="android.app.lib_name" android:value="native" /><intent-filter><action android:name="android.intent.action.MAIN" /><category android:name="android.intent.category.LAUNCHER" />intent-filter>activity>

此so的函数入口为Android_main函数

看到入口有个加密尝试进行解密

import struct
a = [0x9D888DC6, 0x888DC688, -1966700387, -2000190330, -2071422265, -947092071, -1920499569, -1936879484, -2138061167, -962950011, -1702328950, -946172774, -376337267]n = 0
d = ""
while n < len(a):num = a[n] ^ 0xe9e9e9e9d += struct.pack('n', num)[0:4].decode()n = n + 1
print(d)

解码得到如下/data/data/com.a.sample.findmydex/files/classes.dex

/data/data/com.a.sample.findmydex/files/odex dex文件的优化

找到解密dex的地方进行解密

首先dump内存

auto i,fp;
fp = fopen("d:\\dump.dex","wb");
for(i=0x7004;i<0x7004+0x3ca10;i++)
fputc(Byte(i),fp);

进行解密

import struct
import zlibf = open('dump.dex', 'rb')
a = ""
a = f.read()key = 0x3ca10
with open('dec.dex', 'wb') as fp:n = 0for i in range(99):if i % 10 == 9:v17 = key // 10v15 = i // 10v18 = (v15 + 1) * (key // 10)index = v17 * v15while v17:data = a[index] ^ id = struct.pack('B', data)fp.write(d)index = index + 1v17 = v17 - 1if i == 89:while v18 < key:data = a[v18] ^ iv18 = v18 + 1d = struct.pack('B', data)fp.write(d)
dec = open('dec.dex', 'rb')
b = dec.read()
with open('dec_decompress.dex', 'wb') as fp:m = zlib.decompress(b)fp.write(m)

代码分析

 if(Arrays.equals(MainActivity.a(this.a.getText().toString(), "I have a male fish and a female fish."), MainActivity.i())) {Toast.makeText(this.b, this.c.getString(0x7F060025), 1).show();}else {Toast.makeText(this.b, this.c.getString(0x7F060022), 1).show();

用了two_fish算法进行解密即可

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！