【Android安全】APK静态分析-DEX反编译为Smali逆向分析
来源:互联网 发布:php倒着做乘法表 编辑:程序博客网 时间:2024/05/16 19:13
还是用之前写的一个实例,界面包含2个文本框,2个按钮,判断2个文本框中内容是否相等,相等返回成功,不等返回失败,使用apktool工具获取反编译后的smali文件,本实例中只包含3个smail文件,MainActivity.smail,MainActivity$1.smail,MainActivity$2.smail,其中1个为MainActivity.smail为MainActivity.java所对应的反编译代码,其它2个为内部类产生的代码。带$符合的说明都是内部类产生的类。
access$0由外部调用的合成方法。
.method static synthetic access$0(Lcom/example/testtwo/MainActivity;Ljava/lang/String;Ljava/lang/String;)
.locals 1
.parameter
.parameter
.parameter
.prologue
.line 12
invoke-direct {p0, p1, p2}, Lcom/example/testtwo/MainActivity;->checkSN(Ljava/lang/String;Ljava/lang/String;)Z
//添加注释,p0为本类成员,p1为参数1用户名信息,p2为参数2密码信息
move-result v0
return v0
.end method
成员方法判断校验和的代码
.method private checkSN(Ljava/lang/String;Ljava/lang/String;)Z
.locals 1
.parameter "userName"
.parameter "passWord"
.prologue
.line 14
invoke-virtual {p1, p2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
//调用判断2个string是否相等,下面是如果返回值为0则直接返回0,否则返回1。
move-result v0
if-eqz v0, :cond_0
.line 16
const/4 v0, 0x1
.line 18
:goto_0
return v0
:cond_0
const/4 v0, 0x0
goto :goto_0
.end method
//onCreate方法中注册按钮监听事件
# virtual methods
.method protected onCreate(Landroid/os/Bundle;)V
.locals 5
.parameter "savedInstanceState"
.prologue
.line 24
invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V
.line 25
const/high16 v4, 0x7f03
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->setContentView(I)V
.line 27
const v4, 0x7f080004
//int com.example.testtwo.R.id.editText1 = 2131230724 [0x7f080004]
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v3
//找到View赋值给v3
check-cast v3, Landroid/widget/EditText;
.line 28
.local v3, edit_UserName:Landroid/widget/EditText;
//v3变量名为edit_UserName
const v4, 0x7f080005
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v2
check-cast v2, Landroid/widget/EditText;
.line 29
.local v2, edit_PassWd:Landroid/widget/EditText;
const v4, 0x7f080002
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v1
check-cast v1, Landroid/widget/Button;
.line 30
.local v1, btn_OK:Landroid/widget/Button;
const v4, 0x7f080003
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v0
check-cast v0, Landroid/widget/Button;
.line 32
.local v0, btn_Exit:Landroid/widget/Button;
new-instance v4, Lcom/example/testtwo/MainActivity$1;
invoke-direct {v4, p0, v3, v2}, Lcom/example/testtwo/MainActivity$1;-><init>(Lcom/example/testtwo/MainActivity;Landroid/widget/EditText;Landroid/widget/EditText;)V
invoke-virtual {v1, v4}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V
//btn_OK,内部类/MainActivity$1实例设置监听事件,在/MainActivity$1中查看监听调用的onClick函数。
.line 44
new-instance v4, Lcom/example/testtwo/MainActivity$2;
invoke-direct {v4, p0}, Lcom/example/testtwo/MainActivity$2;-><init>(Lcom/example/testtwo/MainActivity;)V
invoke-virtual {v0, v4}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V
.line 49
return-void
.end method
MainActivity$1.smail中的事件监听调用的函数如下:
# interfaces
.implements Landroid/view/View$OnClickListener;
# virtual methods
.method public onClick(Landroid/view/View;)V
.locals 4
.parameter "v"
.prologue
const/4 v3, 0x0
.line 34
iget-object v0, p0, Lcom/example/testtwo/MainActivity$1;->this$0:Lcom/example/testtwo/MainActivity;
iget-object v1, p0, Lcom/example/testtwo/MainActivity$1;->val$edit_UserName:Landroid/widget/EditText;
invoke-virtual {v1}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v1
invoke-interface {v1}, Landroid/text/Editable;->toString()Ljava/lang/String;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v1
//取文本框中文本放的v1中
iget-object v2, p0, Lcom/example/testtwo/MainActivity$1;->val$edit_PassWd:Landroid/widget/EditText;
invoke-virtual {v2}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v2
invoke-interface {v2}, Landroid/text/Editable;->toString()Ljava/lang/String;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v2
//取文本框中文本放的v2中
invoke-static {v0, v1, v2}, Lcom/example/testtwo/MainActivity;->access$0(Lcom/example/testtwo/MainActivity;Ljava/lang/String;Ljava/lang/String;)Z
//调用MainActivity中的access$0即判断v1和v2是否相等。
move-result v0
if-eqz v0, :cond_0
//如果失败返回fail
.line 36
iget-object v0, p0, Lcom/example/testtwo/MainActivity$1;->this$0:Lcom/example/testtwo/MainActivity;
const-string v1, "success!"
invoke-static {v0, v1, v3}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
.line 42
:goto_0
return-void
.line 40
:cond_0
iget-object v0, p0, Lcom/example/testtwo/MainActivity$1;->this$0:Lcom/example/testtwo/MainActivity;
const-string v1, "fail!"
invoke-static {v0, v1, v3}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
goto :goto_0
.end method
access$0由外部调用的合成方法。
.method static synthetic access$0(Lcom/example/testtwo/MainActivity;Ljava/lang/String;Ljava/lang/String;)
.locals 1
.parameter
.parameter
.parameter
.prologue
.line 12
invoke-direct {p0, p1, p2}, Lcom/example/testtwo/MainActivity;->checkSN(Ljava/lang/String;Ljava/lang/String;)Z
//添加注释,p0为本类成员,p1为参数1用户名信息,p2为参数2密码信息
move-result v0
return v0
.end method
成员方法判断校验和的代码
.method private checkSN(Ljava/lang/String;Ljava/lang/String;)Z
.locals 1
.parameter "userName"
.parameter "passWord"
.prologue
.line 14
invoke-virtual {p1, p2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
//调用判断2个string是否相等,下面是如果返回值为0则直接返回0,否则返回1。
move-result v0
if-eqz v0, :cond_0
.line 16
const/4 v0, 0x1
.line 18
:goto_0
return v0
:cond_0
const/4 v0, 0x0
goto :goto_0
.end method
//onCreate方法中注册按钮监听事件
# virtual methods
.method protected onCreate(Landroid/os/Bundle;)V
.locals 5
.parameter "savedInstanceState"
.prologue
.line 24
invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V
.line 25
const/high16 v4, 0x7f03
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->setContentView(I)V
.line 27
const v4, 0x7f080004
//int com.example.testtwo.R.id.editText1 = 2131230724 [0x7f080004]
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v3
//找到View赋值给v3
check-cast v3, Landroid/widget/EditText;
.line 28
.local v3, edit_UserName:Landroid/widget/EditText;
//v3变量名为edit_UserName
const v4, 0x7f080005
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v2
check-cast v2, Landroid/widget/EditText;
.line 29
.local v2, edit_PassWd:Landroid/widget/EditText;
const v4, 0x7f080002
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v1
check-cast v1, Landroid/widget/Button;
.line 30
.local v1, btn_OK:Landroid/widget/Button;
const v4, 0x7f080003
invoke-virtual {p0, v4}, Lcom/example/testtwo/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v0
check-cast v0, Landroid/widget/Button;
.line 32
.local v0, btn_Exit:Landroid/widget/Button;
new-instance v4, Lcom/example/testtwo/MainActivity$1;
invoke-direct {v4, p0, v3, v2}, Lcom/example/testtwo/MainActivity$1;-><init>(Lcom/example/testtwo/MainActivity;Landroid/widget/EditText;Landroid/widget/EditText;)V
invoke-virtual {v1, v4}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V
//btn_OK,内部类/MainActivity$1实例设置监听事件,在/MainActivity$1中查看监听调用的onClick函数。
.line 44
new-instance v4, Lcom/example/testtwo/MainActivity$2;
invoke-direct {v4, p0}, Lcom/example/testtwo/MainActivity$2;-><init>(Lcom/example/testtwo/MainActivity;)V
invoke-virtual {v0, v4}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V
.line 49
return-void
.end method
MainActivity$1.smail中的事件监听调用的函数如下:
# interfaces
.implements Landroid/view/View$OnClickListener;
# virtual methods
.method public onClick(Landroid/view/View;)V
.locals 4
.parameter "v"
.prologue
const/4 v3, 0x0
.line 34
iget-object v0, p0, Lcom/example/testtwo/MainActivity$1;->this$0:Lcom/example/testtwo/MainActivity;
iget-object v1, p0, Lcom/example/testtwo/MainActivity$1;->val$edit_UserName:Landroid/widget/EditText;
invoke-virtual {v1}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v1
invoke-interface {v1}, Landroid/text/Editable;->toString()Ljava/lang/String;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v1
//取文本框中文本放的v1中
iget-object v2, p0, Lcom/example/testtwo/MainActivity$1;->val$edit_PassWd:Landroid/widget/EditText;
invoke-virtual {v2}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v2
invoke-interface {v2}, Landroid/text/Editable;->toString()Ljava/lang/String;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v2
//取文本框中文本放的v2中
invoke-static {v0, v1, v2}, Lcom/example/testtwo/MainActivity;->access$0(Lcom/example/testtwo/MainActivity;Ljava/lang/String;Ljava/lang/String;)Z
//调用MainActivity中的access$0即判断v1和v2是否相等。
move-result v0
if-eqz v0, :cond_0
//如果失败返回fail
.line 36
iget-object v0, p0, Lcom/example/testtwo/MainActivity$1;->this$0:Lcom/example/testtwo/MainActivity;
const-string v1, "success!"
invoke-static {v0, v1, v3}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
.line 42
:goto_0
return-void
.line 40
:cond_0
iget-object v0, p0, Lcom/example/testtwo/MainActivity$1;->this$0:Lcom/example/testtwo/MainActivity;
const-string v1, "fail!"
invoke-static {v0, v1, v3}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
goto :goto_0
.end method
0 0
- 【Android安全】APK静态分析-DEX反编译为Smali逆向分析
- 【Android安全】APK静态分析-源码反编译逆向分析
- Android 静态分析 smali
- Android apk dex odex smali 反编译、回编译、签名
- Smali和逆向分析
- Smali和逆向分析
- Smali和逆向分析
- android逆向分析之smali语法
- android逆向分析之smali练习
- Android逆向笔记之smali代码分析
- Android软件安全与逆向分析入门-壹-初识反编译
- Android中的软件安全和逆向分析[一]—apk反编译破解以及java汇编代码读写
- android逆向分析之反编译
- Android逆向之旅---静态分析技术来破解Apk
- Android逆向之旅---静态分析技术来破解Apk
- Android逆向之旅---静态分析技术来破解Apk
- Android逆向之旅---静态分析技术来破解Apk
- 171120 逆向-静态分析安卓(Smali文件格式)
- HBase和Hive的整合
- Android学习日记-schema相关知识
- bp
- MATLAB字符串数组中查找指定子串
- sysctl.conf
- 【Android安全】APK静态分析-DEX反编译为Smali逆向分析
- FlatBuffers初体验
- stm32变更外部晶振时如何配置外部时钟(转)
- hdu 4819 Mosaic
- android 获取sim卡运营商信息
- Linux下定时删除指定目下n天前的文件
- 泛型练习2
- scheduleAtFixedRate与schedule区别
- MySql避免重复插入记录