Smali - Decompiling/[Modifying]/Compiling

Wakati mwingine ni ya kuvutia kubadilisha msimbo wa programu ili kupata habari zilizofichwa kwako (labda nywila au bendera zilizofichwa vizuri). Kisha, inaweza kuwa ya kuvutia decompile apk, kubadilisha msimbo na kuirekebisha.

Opcodes reference: http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html

Fast Way

Kwa kutumia Visual Studio Code na kiendelezi cha APKLab, unaweza decompile kiotomatiki, kubadilisha, kuirekebisha, kusaini na kufunga programu bila kutekeleza amri yoyote.

Script nyingine inayorahisisha kazi hii sana ni https://github.com/ax/apk.sh

Decompile the APK

Kwa kutumia APKTool unaweza kufikia smali code and resources:

apktool d APP.apk

Ikiwa apktool inakupa kosa lolote, jaribu kusanikisha toleo jipya zaidi

Baadhi ya faili za kuvutia unapaswa kuangalia ni:

• res/values/strings.xml (na xml zote ndani ya res/values/*)

• AndroidManifest.xml

• Faili yoyote yenye kiendelezi .sqlite au .db

Ikiwa apktool ina shida katika kufungua programu angalia https://ibotpeaches.github.io/Apktool/documentation/#framework-files au jaribu kutumia hoja -r (Usifungue rasilimali). Kisha, ikiwa shida ilikuwa katika rasilimali na si katika msimbo wa chanzo, hutakuwa na shida hiyo (hutaweza pia kufungua rasilimali).

Badilisha msimbo wa smali

Unaweza kubadilisha maagizo, kubadilisha thamani ya baadhi ya mabadiliko au kuongeza maagizo mapya. Ninabadilisha msimbo wa Smali kwa kutumia VS Code, kisha unafunga smalise extension na mhariri atakuambia ikiwa kuna agizo lolote lililo sahihi. Baadhi ya mfano yanaweza kupatikana hapa:

• Mifano ya mabadiliko ya Smali

• Google CTF 2018 - Je, Tutacheza Mchezo?

Au unaweza kuangalia hapa chini baadhi ya mabadiliko ya Smali yaliyoelezewa.

Recompile APK

Baada ya kubadilisha msimbo unaweza kurekebisha msimbo kwa kutumia:

apktool b . #In the folder generated when you decompiled the application

It will compile the new APK inside the dist folder.

If apktool throws an error, try installing the latest version

Sign the new APK

Then, you need to generate a key (you will be asked for a password and for some information that you can fill randomly):

keytool -genkey -v -keystore key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias <your-alias>

Hatimaye, sign APK mpya:

jarsigner -keystore key.jks path/to/dist/* <your-alias>

Optimize new application

zipalign ni chombo cha kuoanisha archive ambacho kinatoa uboreshaji muhimu kwa faili za programu za Android (APK). More information here.

zipalign [-f] [-v] <alignment> infile.apk outfile.apk
zipalign -v 4 infile.apk

Saini APK mpya (tena?)

Ikiwa unataka kutumia apksigner badala ya jarsigner, unapaswa kusaini apk baada ya kutumia ukandamizaji na zipalign. LAKINI KUMBUKA KWAMBA UNAPASWA KUSAINI PROGRAMU KIMOJA TU KWA jarsigner (kabla ya zipalign) AU KWA aspsigner (baada ya zipalign).

apksigner sign --ks key.jks ./dist/mycompiled.apk

Kubadilisha Smali

Kwa msimbo wa Hello World Java ufuatao:

public static void printHelloWorld() {
System.out.println("Hello World")
}

Msimbo wa Smali utakuwa:

.method public static printHelloWorld()V
.registers 2
sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;
const-string v1, "Hello World"
invoke-virtual {v0,v1}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V
return-void
.end method

The Smali instruction set is available here.

Mabadiliko ya Mwanga

Badilisha thamani za awali za kigezo ndani ya kazi

Baadhi ya vigezo vinafafanuliwa mwanzoni mwa kazi kwa kutumia opcode const, unaweza kubadilisha thamani zake, au unaweza kufafanua mpya:

#Number
const v9, 0xf4240
const/4 v8, 0x1
#Strings
const-string v5, "wins"

Operesheni za Msingi

#Math
add-int/lit8 v0, v2, 0x1 #v2 + 0x1 and save it in v0
mul-int v0,v2,0x2 #v2*0x2 and save in v0

#Move the value of one object into another
move v1,v2

#Condtions
if-ge #Greater or equals
if-le #Less or equals
if-eq #Equals

#Get/Save attributes of an object
iget v0, p0, Lcom/google/ctf/shallweplayagame/GameActivity;->o:I #Save this.o inside v0
iput v0, p0, Lcom/google/ctf/shallweplayagame/GameActivity;->o:I #Save v0 inside this.o

#goto
:goto_6 #Declare this where you want to start a loop
if-ne v0, v9, :goto_6 #If not equals, go to: :goto_6
goto :goto_6 #Always go to: :goto_6

Mabadiliko Makubwa

Kurekodi

#Log win: <number>
iget v5, p0, Lcom/google/ctf/shallweplayagame/GameActivity;->o:I #Get this.o inside v5
invoke-static {v5}, Ljava/lang/String;->valueOf(I)Ljava/lang/String; #Transform number to String
move-result-object v1 #Move to v1
const-string v5, "wins" #Save "win" inside v5
invoke-static {v5, v1}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I #Logging "Wins: <num>"

Recommendations:

• Ikiwa unatumia mabadiliko yaliyotangazwa ndani ya kazi (iliyotangazwa v0,v1,v2...) weka mistari hii kati ya .local <number> na matangazo ya mabadiliko (const v0, 0x1)

• Ikiwa unataka kuweka msimbo wa logging katikati ya msimbo wa kazi:

• Ongeza 2 kwa idadi ya mabadiliko yaliyotangazwa: Mfano: kutoka .locals 10 hadi .locals 12

• Mabadiliko mapya yanapaswa kuwa nambari zinazofuata za mabadiliko yaliyotangazwa tayari (katika mfano huu yanapaswa kuwa v10 na v11, kumbuka kwamba inaanza katika v0).

• Badilisha msimbo wa kazi ya logging na utumie v10 na v11 badala ya v5 na v1.

Toasting

Kumbuka kuongeza 3 kwa idadi ya .locals mwanzoni mwa kazi.

Msimbo huu umeandaliwa kuingizwa katika katikati ya kazi (badilisha nambari ya mabadiliko kama inavyohitajika). Itachukua thamani ya this.o, kubadilisha kuwa String na kisha kutengeneza toast na thamani yake.

const/4 v10, 0x1
const/4 v11, 0x1
const/4 v12, 0x1
iget v10, p0, Lcom/google/ctf/shallweplayagame/GameActivity;->o:I
invoke-static {v10}, Ljava/lang/String;->valueOf(I)Ljava/lang/String;
move-result-object v11
invoke-static {p0, v11, v12}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v12
invoke-virtual {v12}, Landroid/widget/Toast;->show()V