Android
逆向需要三个工具apktool
、dex2jar
和JD-GUI
,其作用如下:
apktool
:解析apk
包,获取资源文件和smail
代码;dex2jar
:逆向class.dex
文件,得到jar
包;JD-GUI
:查看jar
包文件里的Java
代码。
apktool
apktool
官网地址:http://ibotpeaches.github.io/Apktool/ 。
悲剧的是现在打不开了,可以从我这里直接下载 apktool_2.1.0.jar 。
此外还需要创建一个启动文件apktool
(没有后缀名),其内容如下:
#!/bin/bash
#
# Copyright (C) 2007 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script is a wrapper for smali.jar, so you can simply call "smali",
# instead of java -jar smali.jar. It is heavily based on the "dx" script
# from the Android SDK
# Set up prog to be the path of this script, including following symlinks,
# and set up progdir to be the fully-qualified pathname of its directory.
prog="$0"
while [ -h "${prog}" ]; do
newProg=`/bin/ls -ld "${prog}"`
newProg=`expr "${newProg}" : ".* -> \(.*\)$"`
if expr "x${newProg}" : 'x/' >/dev/null; then
prog="${newProg}"
else
progdir=`dirname "${prog}"`
prog="${progdir}/${newProg}"
fi
done
oldwd=`pwd`
progdir=`dirname "${prog}"`
cd "${progdir}"
progdir=`pwd`
prog="${progdir}"/`basename "${prog}"`
cd "${oldwd}"
jarfile=apktool.jar
libdir="$progdir"
if [ ! -r "$libdir/$jarfile" ]
then
echo `basename "$prog"`": can't find $jarfile"
exit 1
fi
javaOpts=""
# If you want DX to have more memory when executing, uncomment the following
# line and adjust the value accordingly. Use "java -X" for a list of options
# you can pass here.
#
javaOpts="-Xmx512M"
# Alternatively, this will extract any parameter "-Jxxx" from the command line
# and pass them to Java (instead of to dx). This makes it possible for you to
# add a command-line parameter such as "-JXmx256M" in your ant scripts, for
# example.
while expr "x$1" : 'x-J' >/dev/null; do
opt=`expr "$1" : '-J\(.*\)'`
javaOpts="${javaOpts} -${opt}"
shift
done
if [ "$OSTYPE" = "cygwin" ] ; then
jarpath=`cygpath -w "$libdir/$jarfile"`
else
jarpath="$libdir/$jarfile"
fi
# add current location to path for aapt
PATH=$PATH:`pwd`;
export PATH;
exec java $javaOpts -Djava.awt.headless=true -jar "$jarpath" "$@"
将下载的apktool_2.1.0.jar
重命名为apktool.jar
:
mv apktool_2.1.0.jar apktool.jar
将apktool
和apktool.jar
文件复制到/usr/local/bin
目录下并给apktool
添加可执行权限:
cp apktool /usr/local/bin
cp apktool.jar /usr/local/bin
chmod +x apktool
可以通过运行如下命令判断是否配置成功:
apktool -version
# 2.1.0
dex2jar
dex2jar
官方github
地址:https://github.com/pxb1988/dex2jar ;
官方下载地址:https://sourceforge.net/projects/dex2jar/ ;
也可以从我这里直接下载 dex2jar-2.0.zip 。
下载dex2jar-2.0.zip
文件后解压得到dex2jar-2.0
文件夹,进入该文件夹并给所有子文件添加可执行权限:
cd dex2jar-2.0
chmod +x ./*
JD-GUI
JD-GUI
官方地址:http://jd.benow.ca/ ;
悲剧的是现在也打不开了,可以从我这里直接下载 jd-gui-osx-1.4.0.tar 。
首先解压jd-gui-osx-1.4.0.tar
,然后进入解压后的文件夹,双击运行JD-GUI.app
,然后拖拽到“应用程序”中即可。
假设我们逆向的文件为demo.apk
。
xml
反编译文件和smail
代码apktool d demo.apk
命令跑完后我们就可以看到资源文件和samil
源码了。
class.dex
文件将demo.apk
该后缀名为demo.zip
并解压,将获取到的.dex
文件复制到dex2jar-2.0
目录下,然后反编译:
cd dex2jar-2.0
./d2j-dex2jar.sh classes.dex
完成后会得到classes-dex2jar.jar
文件。
如果项目大的话,1.2.1会得到多个.dex
文件,这样不便于我们阅读代码。
此时可以直接对demo.apk
反编译,首先将demo.apk
复制到dex2jar-2.0
目录下,然后反编译:
cd dex2jar-2.0
./d2j-dex2jar.sh demo.apk
完成后会得到quan-dex2jar.jar
文件。
jar
文件代码打开JD-GUI
,然后选择第二步生成的.jar
文件就可以看到Java
代码了。
本文参考:Mac上简单的Android逆向
本文仅浅层次地实现了逆向,若有更深层次的需求可参考:Android逆向