Android逆向

Alio
548 阅读2分钟

apktool 工具

介绍

apktool主要用于逆向apk文件。它可以将资源解码,并在修改后可以重新构建它们。它还可以执行一些自动化任务,例如构建apk。

功能

  • 将资源解码成原来的形式(包括resources.arsc,class.dex,9.png和xml)
  • 将解码的资源重新打包成apk/jar
  • 组织和处理依赖于框架资源的APK
  • Smali调试
  • 执行自动化任务

安装方式

ibotpeaches.github.io/Apktool/ins…

使用方式

Apktool v2.4.1 - a tool for reengineering Android apk files
with smali v2.3.4 and baksmali v2.3.4
Copyright 2014 Ryszard Wiśniewski <brut.alll@gmail.com>
Updated by Connor Tumbleson <connor.tumbleson@gmail.com>

usage: apktool
 -advance,--advanced   prints advance information.
 -version,--version    prints the version then exits
usage: apktool if|install-framework [options] <framework.apk>
 -p,--frame-path <dir>   Stores framework files into <dir>.
 -t,--tag <tag>          Tag frameworks using <tag>.
usage: apktool d[ecode] [options] <file_apk>
 -f,--force              Force delete destination directory.
 -o,--output <dir>       The name of folder that gets written. Default is apk.out
 -p,--frame-path <dir>   Uses framework files located in <dir>.
 -r,--no-res             Do not decode resources.
 -s,--no-src             Do not decode sources.
 -t,--frame-tag <tag>    Uses framework files tagged by <tag>.
usage: apktool b[uild] [options] <app_path>
 -f,--force-all          Skip changes detection and build all files.
 -o,--output <dir>       The name of apk that gets written. Default is dist/name.apk
 -p,--frame-path <dir>   Uses framework files located in <dir>.

For additional info, see: http://ibotpeaches.github.io/Apktool/
For smali/baksmali info, see: https://github.com/JesusFreke/smali

反编译apk文件

apktool d test.apk

将反编译后的文件重新打包

apktool b test

tcpdump的使用

操作步骤

1. 手机要有root权限

2. 下载tcpdump   http://www.strazzere.com/android/tcpdump

3. adb push c:\xxxx\tcpdump /data/local/tcpdump

如果这一步真机无法push,可以用adb push c:\xxxxx\tcpdump /sdcard,即先将文件存入不需要权限的文件夹中,这里用sdcard,然后在传到/data/local/tcpdump。
adb push c:\xxxxx\tcpdump /sdcard
adb shell
su
mv /sdcard/tcpdump /data/local/tcpdump

4. adb shell chmod 6755 /data/local/tcpdump

5, adb shell,

6.  su获得root权限
7, cd /data/local 

8, ./tcpdump -i any -p -s 0 -w /sdcard/capture.pcap

注意:可以直接进入adb shell,通过tcpdump命令看看是否已经存在tcpdump,已存在的就不需要在下载传到手机了

命令参数

# "-i any": listen on any network interface

# "-p": disable promiscuous mode (doesn't work anyway)

# "-s 0": capture the entire packet

# "-w": write packets to a file (rather than printing to stdout)

... do whatever you want to capture, then ^C to stop it ...

下载tcpdump文件到电脑

adb pull /sdcard/capture.pcap capture.pcap  #抓到的包导出到电脑,利用wireshark进行协助

然后用wireshark打开即可看到数据包的详细信息

资料

avatar
文章
阅读
粉丝