Android - Application Reversing
来源:互联网 发布:淘宝企业店铺贷款20万 编辑:程序博客网 时间:2024/05/18 01:44
How to pwn cocon.apk ?
A CTF Android apk called cocon.apk, and we need to decrypt the hash value (ctf flag). Please prepare a smartphone and install the apk file. If successful, android desktop will show a icon called com.co.con
Open the app, the main windows as follow, it says “Hello World, cocon!” and “KEY: Key is disable”:
If you want to know the app code structure, please use jadx to reverse the code. View the code, we should modify int key_val = 0; to int key_val = 1;
Rebuild the apk project, and sign the apk, install it in smartphone.
Pwned, we get the flag key.
How to decompile a APK file ?
If you can not find jadx in local computer, or remote source, please download jadx-0.6.1.zip, and extract it.
root@sh:~/andriod_security# jadx -d /root/android_security/cocon_jadx/ /root/andriod_security/cocon.apk22:19:36 INFO - loading ...22:19:36 INFO - processing ...22:19:37 INFO - done
If you decompile apk with jadx, you may need [gradle] or [Android Studio] to rebuild the apk. Of couse, apktool can also do it.
root@sh:~/andriod_security# apktool d cocon.apk -o cocon_apktool/I: Using Apktool 2.2.1-dirty on cocon.apkI: Loading resource table...I: Decoding AndroidManifest.xml with resources...I: Loading resource table from file: /root/.local/share/apktool/framework/1.apkI: Regular manifest package...I: Decoding file-resources...I: Decoding values */* XMLs...I: Baksmaling classes.dex...I: Copying assets and libs...I: Copying unknown files...I: Copying original files...
root@sh:~/andriod_security# ls -l cocon_apktool/total 20-rw-r--r-- 1 root root 549 Dec 12 22:23 AndroidManifest.xml-rw-r--r-- 1 root root 370 Dec 12 22:23 apktool.ymldrwxr-xr-x 3 root root 4096 Dec 12 22:23 originaldrwxr-xr-x 7 root root 4096 Dec 12 22:23 resdrwxr-xr-x 3 root root 4096 Dec 12 22:23 smali
How to compile src into a APK file ?
rebuild the apk files extracted by apktool.
root@sh:~/andriod_security# apktool b cocon_apktool -o cocon_pwned.apkI: Using Apktool 2.2.1I: Checking whether sources has changed...I: Smaling smali folder into classes.dex...I: Checking whether resources has changed...I: Building resources...I: Building apk file...I: Copying unknown files/dir...
How to sign APK file ?
If apk is built successfully, we can try to install it in smartphone.
root@sh:~/andriod_security# adb install cocon_pwned.apkFailed to install cocon_pwned.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed to collect certificates from /data/app/vmdl1691373271.tmp/base.apk: Attempt to get length of null array]
Every Android .apk needs to be signed if it is going to be installed on a phone, even if you’re not installing through the Market.
root@sh:~/andriod_security# bash apksign.sh cocon_pwned.apk[+] 1. Generate a new key for android apk signEnter keystore password:Re-enter new password:What is your first and last name? [Unknown]: GoogleWhat is the name of your organizational unit? [Unknown]: ITWhat is the name of your organization? [Unknown]: GoogleWhat is the name of your City or Locality? [Unknown]: FFWhat is the name of your State or Province? [Unknown]: FLWhat is the two-letter country code for this unit? [Unknown]: USIs CN=Google, OU=IT, O=Google, L=FF, ST=FL, C=US correct? [no]: yesGenerating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 1,000 days for: CN=Google, OU=IT, O=Google, L=FF, ST=FL, C=USEnter key password for <at> (RETURN if same as keystore password):Re-enter new password:[Storing google.key][+] 2. Sign android apkEnter Passphrase for keystore: adding: META-INF/MANIFEST.MF adding: META-INF/AT.SF adding: META-INF/AT.RSA signing: AndroidManifest.xml signing: classes.dex signing: res/drawable-hdpi-v4/icon.png signing: res/drawable-ldpi-v4/icon.png signing: res/drawable-mdpi-v4/icon.png signing: res/layout/main.xml signing: resources.arscjar signed.Warning:No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2019-09-08) or after any future revocation date.[+] 3. Verify sign results 589 Mon Dec 12 22:13:38 CST 2016 META-INF/MANIFEST.MF 710 Mon Dec 12 22:13:38 CST 2016 META-INF/AT.SF 1302 Mon Dec 12 22:13:38 CST 2016 META-INF/AT.RSAsm 1584 Wed Dec 31 18:00:00 CST 1980 AndroidManifest.xmlsm 3748 Wed Dec 31 18:00:00 CST 1980 classes.dexsm 3941 Wed Dec 31 18:00:00 CST 1980 res/drawable-hdpi-v4/icon.pngsm 1537 Wed Dec 31 18:00:00 CST 1980 res/drawable-ldpi-v4/icon.pngsm 2200 Wed Dec 31 18:00:00 CST 1980 res/drawable-mdpi-v4/icon.pngsm 816 Wed Dec 31 18:00:00 CST 1980 res/layout/main.xmlsm 1584 Wed Dec 31 18:00:00 CST 1980 resources.arsc s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scopejar verified.Warning:This jar contains entries whose certificate chain is not validated.This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2019-09-08) or after any future revocation date.Re-run with the -verbose and -certs options for more details.
apksign.sh
#!/bin/bash# If you want to test more times, please update the code.APKFILE=$1KEYNAME="androidtesting"ALIASNAME="google"[[ -z "$APKFILE" ]] && echo "[*] Usage: $0 <apkfile>" && exit 0echo "[+] 1. Generate a new key for android apk sign"keytool -genkey -v -keystore $KEYNAME -alias at -keyalg RSA -keysize 2048 -validity 1000echo "[+] 2. Sign android apk"jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore "$KEYNAME" "$APKFILE" "$ALIASNAME"echo "[+] 3. Verify sign result"jarsigner -verify -verbose "$APKFILE"
References
- https://github.com/skylot/jadx
- https://ibotpeaches.github.io/Apktool/
- https://gradle.org/
- https://blog.bramp.net/post/2015/08/01/decompile-and-recompile-android-apk/
- Android - Application Reversing
- Android Reversing Engineering II
- Android Application
- Android application
- Android Application
- android Application
- Android Application
- Android Application
- Android Application
- Android Application
- Android Application
- android application
- android application
- android application
- 【Android】Application
- android application
- android application
- android application
- Linux操作练习 demo
- adb 命令详解
- Nohttp的使用(一)
- 消息推送(个推推送)的原理
- 关于VS调试_ASSERTE(_BLOCK_TYPE_IS_VALID(pHead->nBlockUse))的相关问题解决办法
- Android - Application Reversing
- Oracle数据库exp和imp
- ios 如果获取cell上控件相对于屏幕的坐标
- Android工程代码目录介绍
- 【第一次】提交篇
- iOS高德地图之集成高德SDk.
- diff&&patch
- 命令行模式运行linux
- hadoop mapreduce hello world(wordcount)