Android安全:ApkTool
来源:互联网 发布:vip视频解析源码php 编辑:程序博客网 时间:2024/06/05 23:50
1.跨平台工具,可以在Windows平台与Ubuntu平台下直接使用;
2.ApkTool反编译,生成Smail格式的反汇编代码;
3.阅读Smail文件的代码理解程序的运行机制,找到程序突破口进行修改;
4.使用ApkTool重新编译成apk文件并签名,最后运行测试破解程序是否成功;
二、安装ApkTool(以Ubuntu为例演示)
1.下载Linux包装脚本apktool.sql(https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool);
2.从官方网站(https://bitbucket.org/iBotPeaches/apktool/downloads)下载最新的安装包(apktool_2.1.1jar);
3.如果你是64位的Ubuntu系统,安装32位补丁包;
4.将apktool.jar和apktool移动到/usr/local/bin目录;
pengchengxiang@ubuntu:/usr/local/bin$ sudo mv /home/pengchengxiang/Desktop/apktool.sql /usr/local/bin/ pengchengxiang@ubuntu:/usr/local/bin$ sudo mv /home/pengchengxiang/Desktop/apktool_2.1.1.jar /usr/local/bin/ pengchengxiang@ubuntu:/usr/local/bin$ ls apktool_2.1.1.jar apktool.sql5.重命名apktool_2.1.1.jar为apktool.jar;
pengchengxiang@ubuntu:/usr/local/bin$ sudo mv apktool.sql apktool pengchengxiang@ubuntu:/usr/local/bin$ sudo mv apktool_2.1.1.jar apktool.jar pengchengxiang@ubuntu:/usr/local/bin$ ls apktool apktool.jar6.确定这两个文件有可执行权限;
pengchengxiang@ubuntu:/usr/local/bin$ sudo chmod u+x apktool pengchengxiang@ubuntu:/usr/local/bin$ sudo chmod u+x apktool.jar pengchengxiang@ubuntu:/usr/local/bin$ ls -al total 6344 drwxr-xr-x 2 root root 4096 Jul 10 00:14 . drwxr-xr-x 11 root root 4096 May 28 08:53 .. -rwxrw-rw- 1 pengchengxiang pengchengxiang 2297 Jul 10 00:10 apktool -rwxrw-rw- 1 pengchengxiang pengchengxiang 6481574 Jul 10 00:11 apktool.jar7.在控制台运行apktool验证是否安装成功;
pengchengxiang@ubuntu:/usr/local/bin$ apktoolApktool v2.1.1 - a tool for reengineering Android apk files with smali v2.1.2 and baksmali v2.1.1 … … -o,--output <dir> The name of apk that gets written. Default is dist/name.apk -p,--frame-path <dir> Uses framework files located in <dir>. For additional info, see: http://ibotpeaches.github.io/Apktool/ For smali/baksmali info, see: https://github.com/JesusFreke/smali
三、ApkTool使用
1.使用解压工具解压app-release.apk,查看反编译前结构;
assets:声音、字体、网页...资源,无编译可以直接查看;
lib:应用中使用到的库;
armeabi:.so文件,C/C++代码库文件;
META-INF:APK的签名文件(***.RSA、***.SF、***.MF);
res:应用中使用到的资源目录,已编译无法直接阅读;
anim:动画资源animation;
color:颜色资源;
drawable:可绘制的图片资源;
layout:页面布局文件;
xml:应用属性配置文件;
AndroidManifest.xml:应用的清单文件,已压缩无法直接阅读;
classes.dex:Java源码编译后的代码文件;
resourse.arsc:编译后的资源文件,如strings.xml;
apktool d[decode] [OPTS] <file.apk> [<dir>];
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$apktool d app-release.apk I: Using Apktool 2.1.1 on app-release.apk I: Loading resource table... I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /home/pengchengxiang/apktool/framework/1.apk I: Regular manifest package... I: Decoding file-resources... I: Decoding values */* XMLs... I: Baksmaling classes.dex... I: Copying assets and libs... I: Copying unknown files... I: Copying original files...注意:你必须使用release签名的apk才能编译出可以阅读的Smail文件(如找不到Activity相关的smial文件);
3.查看反编译后结构:
build:重新编译apk的构建产物输出目录;
dist:重新编译apk输出目录;
original:重新编译apk清单文件和签名;
res:应用中用到的资源;
anim:动画资源(可直接阅读);
color:颜色资源(可直接阅读);
drawable:可绘制的图片资源(可直接阅读);
layout:页面布局文件(可以直接阅读);
smali:代码反编译后生成的代码文件(smali语法);
AndroidManifest.xml:反编译清单文件(可以直接阅读);
Apktool.yml:反编译配置文件,用于重新打包;
4.查看反编译的文件如下:
5.编译apk文件:
apktool b[uild] [OPTS] <app_patch> [<out_file>];
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release$apktool b I: Using Apktool 2.1.1 I: Checking whether sources has changed... I: Checking whether resources has changed... I: Building apk file... I: Copying unknown files/dir... pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release$ cd dist/ pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release/dist$ ls app-release.apk6.签名Apk:
生成签名:keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
签名APK:jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
验证是否已签名:jarsigner -verify -verbose -certs my_application.apk
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release/dist$ keytool -genkey -v -keystore my-release-key.keystore -alias MyAndroidKey -keyalg RSA -keysize 2048 -validity 10000 Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: ChengXiangPeng What is the name of your organizational unit? [Unknown]: Test What is the name of your organization? [Unknown]: Test What is the name of your City or Locality? [Unknown]: BeiJing What is the name of your State or Province? [Unknown]: BeiJing What is the two-letter country code for this unit? [Unknown]: 86 Is CN=ChengXiangPeng, OU=Test, O=Test, L=BeiJing, ST=BeiJing, C=86 correct? [no]: yes Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days for: CN=ChengXiangPeng, OU=Test, O=Test, L=BeiJing, ST=BeiJing, C=86 Enter key password for <MyAndroidKey> (RETURN if same as keystore password): Re-enter new password: [Storing my-release-key.keystore] pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release/dist$ ls app-release.apk my-release-key.keystore pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release/dist$jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore app-release.apk MyAndroidKeyEnter Passphrase for keystore: Enter key password for MyAndroidKey: adding: META-INF/MANIFEST.MF adding: META-INF/MYANDROI.SF adding: META-INF/MYANDROI.RSA signing: AndroidManifest.xml signing: classes.dex signing: res/anim/abc_fade_in.xml ... ... signing: res/mipmap-xxhdpi-v4/ic_launcher.png signing: res/mipmap-xxxhdpi-v4/ic_launcher.png signing: resources.arsc jar signed. pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release/dist$jarsigner -verify -verbose -certs app-release.apks 35029 Sun Jul 10 02:42:52 PDT 2016 META-INF/MANIFEST.MF ... ... sm 195784 Sun Jul 10 02:27:56 PDT 2016 resources.arsc X.509, CN=ChengXiangPeng, OU=Test, O=Test, L=BeiJing, ST=BeiJing, C=86 [certificate is valid from 7/10/16 2:40 AM to 11/26/43 1:40 AM] [CertPath not validated: Path does not chain with any of the trust anchors] s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope jar verified. Warning: This jar contains entries whose certificate chain is not validated. This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2043-11-26) or after any future revocation date.7.安装apk
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-release/dist$ adb install app-release.apk Success提示1:在反编译一些apk的时候,会提示错误如下
pengchengxiang@ubuntu:~/SecurityWorkSpace$ apktool d test.apk
I: Using Apktool 2.1.1 on test.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/pengchengxiang/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
W: Could not decode attr value, using undecoded value instead: ns=app, name=bdName, value=0x00000034
I: Decoding values */* XMLs...
Can't find framework resources for package of id: 114. You must install proper framework files, see project website for more info.
分析1:你反编译的app可能针对特定框架(如HTC,三星等定制了某些资源文件)做了适配依赖某些资源,或者采用组件化模块app依赖于平台app的一些资源;
处理1:使用apktool if framework-res.apk/main.apk安装定制的apk或者平台apk,然后使用apktool d test.apk -t 127(安装时的编号);
提示2:在反编译一些apk的时候,会提示错误如下:
pengchengxiang@ubuntu:~/SecurityWorkSpace$ apktool d test.apk -t 127
I: Using Apktool 2.1.1 on test.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Regular manifest package...
I: Decoding file-resources...
I: Loading resource table from file: /home/pengchengxiang/apktool/framework/1.apk
I: Loading resource table from file: /home/pengchengxiang/apktool/framework/127.apk
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
Exception in thread "main" java.lang.NullPointerException
at brut.androlib.res.xml.ResXmlPatcher.pullValueFromStrings(ResXmlPatcher.java:128)
at brut.androlib.ApkDecoder.putVersionInfo(ApkDecoder.java:360)
at brut.androlib.ApkDecoder.writeMetaFile(ApkDecoder.java:299)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:162)
at brut.apktool.Main.cmdDecode(Main.java:163)
at brut.apktool.Main.main(Main.java:81)
处理2:该错误输出由低版本ApkTool的Bug,没有处理没有versionCode或者versionName属性的异常情况。检查你的ApkTool版本,升级到2.2.1及以上即可;
- Android安全:ApkTool
- android安全学习01,apktool的使用,重新签名apk
- 【Android安全】使用apktool工具进行对apk反编译和回编
- Android反编译工具apktool
- Android反编译工具apktool
- android数字签名apktool,jarsigner
- android-apktool 中文使用说明
- android apktool 反编译
- android-apktool 中文使用说明
- Android使用apktool反编译
- apktool for android
- Android反编译工具apktool
- 【Android工具】apktool反编译
- Android ClassyShark vs ApkTool
- Android ClassyShark vs ApkTool
- Android逆向apktool使用
- apktool
- apktool
- Web前端 - React 还是 AngularJS 持续更新中
- 1106. Lowest Price in Supply Chain (25)
- Plinq
- C++ Redis服务端搭建与客户端开发
- Git
- Android安全:ApkTool
- 为什么wince 启动时一直在无缘无故执行OEMSetAlarmTime?
- 微博 c8998 文件不存在 的问题解决
- window对象的属性和方法
- 使用AFN传递json字符串参数
- 博弈论 —— 公有知识与共同知识
- Linux核心调度器之周期性调度器scheduler_tick--Linux进程的管理与调度(十八)
- centos下nginx+postgresql+php+memcached+apc
- 华为机试题:输入一组大于等于0的整数,从小到大排序输出,输出有连续数时,只输出连续数的最小和最大值