Android APK 静态分析与动态分析
来源:互联网 发布:证券分析软件下载 编辑:程序博客网 时间:2024/05/01 20:17
Android沙盘原理与实现
公布时间:发送短信:android.telephony.SmsManager(system.img中的framework/framework.jar)文件操作:org.apache.harmony.luni.platform.OSFileSystem(system.img中的framework/core.jar)网络操作:org.apache.harmony.luni.platform.OSNetworkSystem(system.img中的framework/core.jar)拔打电话:android.app.Activity(system.img中的framework/framework.jar)启动服务:android.content.ContextWrapper(system.img中的framework/framework.jar)数据加解密:javax.crypto.Cipher(system.img中的framework/core.jar)核心库:dalvik/vm/native(system.img中的lib/libdvm.so)
my %apis = ("IActivityManager\$Stub\$Proxy\;\-\>shutdown" => '关机',"ActivityManager\;\-\>killBackgroundProcesses" => '中断进程,可用于关闭杀软','ActivityManagerNative;->killBackgroundProcesses' => '中断进程,可用于关闭杀软','ActivityManagerNative;->restartPackage' => ' 中断进程,可用于关闭杀软','ActivityManager;->restartPackage' => ' 中断进程,可用于关闭杀软',#"BluetoothAdapter\;\-\>enable" => '开启蓝牙',#"BluetoothSocket\;\-\>connect" => '连接蓝牙',#"IBluetoothPbap\$Stub\$Proxy\;\-\>connect" => '连接蓝牙',"ContentResolver\;\-\>query" => '读取联系人、短信等数据库',"ContentService\;\-\>dump" => '转储联系人、短信等信息',"PackageManager\;\-\>installPackage" => '安装apk包',"Camera\;\-\>open" => '开启相机',"MediaRecorder\;\-\>setAudioSource" => '开启录音功能',"MediaRecorder\;\-\>setVideoSource" => '开启视频录制',"LocationManager\;\-\>getLastKnownLocation" => '获取地址位置',"Downloads\$ByUri\;\-\>startDownloadByUri" => '下载文件',"Downloads\$DownloadBase\;\-\>startDownloadByUri" => '下载文件',"PowerManager\;\-\>reboot" => '重启手机',"Settings\$Bookmarks\;\-\>add" => '添加浏览器书签',"TelephonyManager\;\-\>getDeviceId" => '搜集用户手机IMEI码、电话号码、系统版本号等信息',"TelephonyManager\;\-\>getSimSerialNumber()" => '获取SIM序列号',"Telephony\$Mms\;\-\>query" => '读取短信',"TelephonyManager\;\-\>getLine1Number" => '获取手机号',"SpeechRecognizer\;\-\>startListening" => '开启麦克风',"WifiManager\;\-\>setWifiEnabled" => '开启WIFI',"SmsManager\;\-\>getAllMessagesFromSim" => '获取sim卡上的短信',"SmsManager\;\-\>sendDataMessage" => '发送二进制消息',"SmsManager\;\-\>sendMultipartTextMessage" => '发送彩信',"SmsManager\;\-\>sendTextMessage" => '发送普通短信',#"http/multipart/FilePart;->sendData" => '发送http请求',#"http/multipart/Part\;\-\>send" => '发送http请求',#"http/multipart/Part\;\-\>sendParts" => '发送http请求',#"http/multipart/StringPart\;\-\>sendData" => '发送http请求',"internal/telephony/ISms\$Stub\$Proxy\;\-\>sendData" => '发送短信',"internal/telephony/ISms\$Stub\$Proxy\;\-\>sendMultipartText" => '发送短信',"internal/telephony/ISms\$Stub\$Proxy\;\-\>sendText" => '发送短信',"internal/telephony/ITelephony\$Stub\$Proxy\;\-\>call" => '拔打电话',"java/lang/Runtime\;\-\>exec" => '执行字符串命令',"java/net/HttpURLConnection\;\-\>connect" => '连接URL',#"java/net/URL\;\-\>getContent" => '获取网页内容',"java/net/URL\;\-\>openConnection" => '连接URL',"java/net/URLConnection\;\-\>connect" => '连接URL',"DefaultHttpClient\;\-\>execute" => '发送HTTP请求',"HttpClient\;\-\>execute" => '请求远程服务器', 'android/app/NotificationManager;->notify' => '信息通知栏',"SmsReceiver\;\-\>abortBroadcast" => '拦截短信接收',"ContentResolver\;\-\>delete" => '删除短信、联系人',"chmod " => '更改文件权限',"getRuntime" => '获取命令行环境',#'content://telephony/carriers' => '获取所有的APN(网络接入点)配置信息','content://telephony/carriers/preferapn' => '可能用于篡改APN(网络接入点)以调用应用市场M-Market扣费接口并验证','content://sms' => '获取短信数据库','content://browser/bookmarks' => '获取浏览器书签','mount -o remount' => '重新挂载档案系统','/system/bin/sh' => '执行shell','/proc/mounts' => '加载文件系统','/system/bin/cp' => '复制文件','/root/su' => '切换用户', '/system/bin/rm ' => '删除文件',);
system('start emulator -avd MalDroidAnalyzer -scale 0.8 -system images/root-system.img -ramdisk images/ramdisk.img -kernel images/zImage -prop dalvik.vm.execution-mode=int:portable &');
system("adb logcat -v time ActivityManager:I camera:V AudioHardware:D Telephony:V CallNotifier:D su:D MediaProvider:V videocamera:V BluetoothEnabler:V BluetoothHIDService:I dalvikvm:W *:S > log.txt");
09-16 10:18:04.583 W/dalvikvm( 299): MalDroid: { "DexClassLoader": { "path": "/data/data/com.test/files/anserverb.db" } }09-16 10:17:27.963 W/dalvikvm( 281): MalDroid: { "SendNet": { "desthost": "www.google.com", "destport": "80", "data": "7b2263656c6c5f746f77657273223a5b7b226d6f62696c655f6e6574776f726b5f636f6465223a32362c226c6f636174696f6e5f617265615f636f6465223a2d312c226d6f62696c655f636f756e7472795f636f6465223a3331302c2263656c6c5f6964223a2d317d5d2c22726571756573745f61646472657373223a747275652c22686f7374223a226d6170732e676f6f676c652e636f6d222c2276657273696f6e223a22312e312e30227d" } }09-09 08:37:10.371 W/dalvikvm( 191): MalDroid: { "CryptoUsage": { "operation": "keyalgo", "key": "53, 52, 67, 68, 65, 48, 54, 51, 67, 68, 53, 56, 68, 56, 53, 70", "algorithm": "AES" } }09-09 08:37:12.560 W/dalvikvm( 191): MalDroid: { "CryptoUsage": { "operation": "encryption", "algorithm": "AES/CBC/PKCS5Padding", "data": "ylmftg6" } }09-17 20:17:14.302 W/dalvikvm( 274): MalDroid: { "ServiceStart": { "name": "com.android.md5.Settings" } }09-17 20:24:24.944 W/dalvikvm( 126): MalDroid: { "FdAccess": { "path": "2f646174612f646174612f636f6d2e616e64726f69642e6c61756e636865722f66696c65732f6c61756e636865722e707265666572656e636573", "id": "588716465" } }09-17 20:24:24.965 W/dalvikvm( 126): MalDroid: { "FileRW": { "operation": "read", "data": "0005", "id": "588716465" } }
0 0
- Android APK 静态分析与动态分析
- MSF android apk动态分析
- 【Android SDK程序逆向分析与破解系列】之五:Android APK的静态分析
- Apk静态分析
- apk静态分析
- 【Android安全】APK静态分析-源码反编译逆向分析
- APK动态分析解析
- iOS - 静态与动态内存分析
- Android逆向之旅---静态分析技术来破解Apk
- Android逆向之旅---静态分析技术来破解Apk
- Android逆向之旅---静态分析技术来破解Apk
- Android逆向之旅---静态分析技术来破解Apk
- 内存静态,动态分析
- Android APK 签名分析
- android provision apk 分析
- Android APK分析工具
- 静态分析android代码, 循环与trycatch
- 【Android安全】APK静态分析-DEX反编译为Smali逆向分析
- ubuntu下分卷压缩
- tomcat字符,文档,数据库配置
- sonar,swap(交换分区),360代码质量管理,sigar
- IoT-Camera学习笔记之初识IoT-Camera(一)
- HTTP六种请求方法详解
- Android APK 静态分析与动态分析
- linux服务器被攻击怎么办
- 蓝牙协议分析4_IPv6 Over BLE介绍
- 延迟加载机制
- 查找并替换文件内容-编译选项的修改
- 算法学习笔记之深入浅出的傅立叶变换图文讲解分析
- 软件的生命周期
- HTTP协议的几种请求方法
- mongodb的基本语法