Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (HackTricks AWS Red Team Expert) ! Njia nyingine za kusaidia HackTricks:
Ikiwa unataka kuona kampuni yako inatangazwa kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia MPANGO WA KUJIUNGA
Marafiki, mara nyingine inakuwa ya kuvutia kubadilisha nambari ya programu ili kupata habari iliyofichwa kwako (labda nywila zilizofichwa vizuri au bendera). Kwa hivyo, inaweza kuwa ya kuvutia kudecompile apk, kubadilisha nambari na kuijumuisha tena.
Marejeleo ya Opcodes: http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
Njia ya Haraka
Kwa kutumia Visual Studio Code na kifaa cha APKLab , unaweza kudecompile kiotomatiki , kubadilisha, kukusanya , saini na kusakinisha programu bila kutekeleza amri yoyote.
Script nyingine inayofanikisha sana kazi hii ni https://github.com/ax/apk.sh
Kudecompile APK
Kwa kutumia APKTool unaweza kupata nambari ya smali na rasilimali :
Ikiwa apktool inakupa kosa lolote, jaribu kusanikisha toleo jipya zaidi
Baadhi ya faili za kuvutia unazopaswa kutazama ni :
res/values/strings.xml (na xml zote ndani ya res/values/*)
Faili yoyote yenye kipengee cha .sqlite au .db
Ikiwa apktool ina matatizo ya kudekodea programu , angalia https://ibotpeaches.github.io/Apktool/documentation/#framework-files au jaribu kutumia hoja ya -r
Badilisha nambari ya smali
Unaweza kubadilisha maagizo , kubadilisha thamani ya baadhi ya variables au kuongeza maagizo mapya. Mimi hubadilisha nambari ya Smali kwa kutumia VS Code smalise extension na mhariri utakuambia ikiwa kuna maagizo yoyote yasiyo sahihi .
Baadhi ya mifano inaweza kupatikana hapa:
Au unaweza angalia hapa chini maelezo ya mabadiliko ya Smali
Kurejesha tena APK
Baada ya kubadilisha nambari, unaweza kurejesha nambari kwa kutumia:
Copy apktool b . #In the folder generated when you decompiled the application Itakuwa kuchakata APK mpya ndani ya folda ya dist
Ikiwa apktool inatoa kosa , jaribu kufunga toleo jipya
Saini APK mpya
Kisha, unahitaji kuzalisha ufunguo (utaulizwa nenosiri na habari ambayo unaweza kujaza kwa nasibu):
Copy keytool -genkey -v -keystore key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias < your-alia s > Hatimaye, saini APK mpya:
Copy jarsigner -keystore key.jks path/to/dist/* < your-alia s > Kuboresha programu mpya
zipalign ni zana ya kusawazisha nyaraka ambayo hutoa uboreshaji muhimu kwa faili za programu za Android (APK). Maelezo zaidi hapa .
Copy zipalign [-f] [-v] < alignment > infile.apk outfile.apk
zipalign -v 4 infile.apk Saini APK mpya (tena?)
Ikiwa unapendelea kutumia apksigner unapaswa kusaini apk baada ya kufanya uboreshaji na zipaling. LAKINI KUMBUKA KUWA UNAHITAJI KUSAJILI KIUNGANISHI MARA MOJA NA jarsigner (kabla ya zipalign) AU NA aspsigner (baada ya zipaling).
Copy apksigner sign --ks key.jks ./dist/mycompiled.apk Kubadilisha Smali
Kwa msimbo wa Java wa Hello World ufuatao:
Copy public static void printHelloWorld() {
System . out . println ( "Hello World" )
} Msimbo wa Smali ungekuwa:
Copy . method public static printHelloWorld() V
. registers 2
sget - object v0 , Ljava / lang / System; -> out : Ljava / io / PrintStream;
const- string v1 , "Hello World"
invoke - virtual {v0 , v1} , Ljava / io / PrintStream; -> println(Ljava / lang / String;) V
return-void
. end method Seti ya maagizo ya Smali inapatikana hapa .
Mabadiliko Mepesi
Badilisha thamani za awali za kivinjari ndani ya kazi
Baadhi ya kivinjari hutajwa mwanzoni mwa kazi kwa kutumia opcode const , unaweza kubadilisha thamani zake, au unaweza kutaja mpya:
Copy #Number
const v9, 0xf4240
const/4 v8, 0x1
#Strings
const-string v5, "wins" Operesheni za Msingi
Kusoma na Kuandika Faili
Kusoma faili:
Copy .method public static readTextFile(Ljava/lang/String;)Ljava/lang/String;
.locals 3
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
new-instance v1, Ljava/io/BufferedReader;
new-instance v2, Ljava/io/FileReader;
invoke-direct {v2, v0}, Ljava/io/FileReader;-><init>(Ljava/io/File;)V
invoke-direct {v1, v2}, Ljava/io/BufferedReader;-><init>(Ljava/io/Reader;)V
.line 3
const/4 v2, 0x0
:cond_0
:goto_0
invoke-virtual {v1}, Ljava/io/BufferedReader;->readLine()Ljava/lang/String;
move-result-object v0
if-eqz v0, :cond_1
.line 4
new-instance v2, Ljava/lang/StringBuilder;
invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V
.line 5
invoke-virtual {v2, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
.line 3
goto :goto_0
.line 7
:cond_1
invoke-virtual {v1}, Ljava/io/BufferedReader;->close()V
.line 8
invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v0
.line 9
return-object v0
.end method Kuandika faili:
Copy .method public static writeTextFile(Ljava/lang/String;Ljava/lang/String;)V
.locals 3
.param p0, "filePath" # Ljava/lang/String;
.param p1, "content" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
new-instance v1, Ljava/io/BufferedWriter;
new-instance v2, Ljava/io/FileWriter;
invoke-direct {v2, v0}, Ljava/io/FileWriter;-><init>(Ljava/io/File;)V
invoke-direct {v1, v2}, Ljava/io/BufferedWriter;-><init>(Ljava/io/Writer;)V
.line 3
invoke-virtual {v1, p1}, Ljava/io/BufferedWriter;->write(Ljava/lang/String;)V
.line 4
invoke-virtual {v1}, Ljava/io/BufferedWriter;->close()V
.line 5
return-void
.end method Kufuta Faili
Copy .method public static deleteFile(Ljava/lang/String;)Z
.locals 2
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/io/File;->delete()Z
move-result v1
.line 3
return v1
.end method Kupata Ukubwa wa Faili
Copy .method public static getFileSize(Ljava/lang/String;)J
.locals 3
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/io/File;->length()J
move-result-wide v1
.line 3
return-wide v1
.end method Kupata Tarehe ya Mwisho ya Kubadilishwa kwa Faili
Copy .method public static getLastModified(Ljava/lang/String;)J
.locals 3
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/io/File;->lastModified()J
move-result-wide v1
.line 3
return-wide v1
.end method Kupata Orodha ya Faili na Vichwa vya Habari
Copy .method public static getFiles(Ljava/lang/String;)[Ljava/lang/String;
.locals 4
.param p0, "dirPath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/io/File;->listFiles()[Ljava/io/File;
move-result-object v1
.line 3
array-length v2, v1
new-array v3, v2, [Ljava/lang/String;
.line 4
const/4 v2, 0x0
:goto_0
if-ge v2, v3, :cond_0
aget-object v0, v1, v2
invoke-virtual {v0}, Ljava/io/File;->getName()Ljava/lang/String;
move-result-object v0
aput-object v0, v3, v2
.line 3
add-int/lit8 v2, v2, 0x1
goto :goto_0
.line 6
:cond_0
return-object v3
.end method Kupata Orodha ya Vichwa vya Habari vya Faili
Copy .method public static getHeaders(Ljava/lang/String;)[Ljava/lang/String;
.locals 4
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
new-instance v1, Ljava/io/BufferedReader;
new-instance v2, Ljava/io/FileReader;
invoke-direct {v2, v0}, Ljava/io/FileReader;-><init>(Ljava/io/File;)V
invoke-direct {v1, v2}, Ljava/io/BufferedReader;-><init>(Ljava/io/Reader;)V
.line 3
new-instance v2, Ljava/util/ArrayList;
invoke-direct {v2}, Ljava/util/ArrayList;-><init>()V
.line 4
:cond_0
:goto_0
invoke-virtual {v1}, Ljava/io/BufferedReader;->readLine()Ljava/lang/String;
move-result-object v0
if-eqz v0, :cond_1
.line 5
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
goto :goto_0
.line 7
:cond_1
invoke-virtual {v1}, Ljava/io/BufferedReader;->close()V
.line 8
invoke-virtual {v2}, Ljava/util/ArrayList;->toArray()[Ljava/lang/Object;
move-result-object v0
check-cast v0, [Ljava/lang/String;
.line 9
return-object v0
.end method Kupata Aina ya Faili
Copy .method public static getFileType(Ljava/lang/String;)Ljava/lang/String;
.locals 2
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/io/File;->getName()Ljava/lang/String;
move-result-object v0
.line 3
const/4 v1, 0x2e
invoke-virtual {v0, v1}, Ljava/lang/String;->lastIndexOf(I)I
move-result v1
.line 4
if-lez v1, :cond_0
.line 5
invoke-virtual {v0, v1}, Ljava/lang/String;->substring(I)Ljava/lang/String;
move-result-object v0
.line 6
return-object v0
.line 8
:cond_0
const-string v0, ""
goto :goto_0
.end method Kupata Uendeshaji wa Faili
Copy .method public static getFilePermissions(Ljava/lang/String;)Ljava/lang/String;
.locals 3
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/io/File;->canRead()Z
move-result v1
.line 3
invoke-virtual {v0}, Ljava/io/File;->canWrite()Z
move-result v2
.line 4
new-instance v0, Ljava/lang/StringBuilder;
invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V
.line 5
const-string v3, "Read: "
invoke-virtual {v0, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
.line 6
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Z)Ljava/lang/StringBuilder;
.line 7
const-string v1, ", Write: "
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
.line 8
invoke-virtual {v0, v2}, Ljava/lang/StringBuilder;->append(Z)Ljava/lang/StringBuilder;
.line 9
invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v0
.line 10
return-object v0
.end method Kupata Muda wa Kuundwa kwa Faili
Copy .method public static getCreationTime(Ljava/lang/String;)J
.locals 3
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/io/File;
invoke-direct {v0, p0}, Ljava/io/File;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/io/File;->lastModified()J
move-result-wide v1
.line 3
return-wide v1
.end method Kupata Orodha ya Vichwa vya Habari vya Faili ya ZIP
Copy .method public static getZipFileHeaders(Ljava/lang/String;)[Ljava/lang/String;
.locals 4
.param p0, "filePath" # Ljava/lang/String;
.prologue
.line 1
new-instance v0, Ljava/util/zip/ZipFile;
invoke-direct {v0, p0}, Ljava/util/zip/ZipFile;-><init>(Ljava/lang/String;)V
.line 2
invoke-virtual {v0}, Ljava/util/zip/ZipFile;->entries()Ljava/util/Enumeration;
move-result-object v1
.line 3
new-instance v2, Ljava/util/ArrayList;
invoke-direct {v2}, Ljava/util/ArrayList;-><init>()V
.line 4
:cond_0
:goto_0
invoke-interface {v1}, Ljava/util/Enumeration;->hasMoreElements()Z
move-result v3
if-eqz v3, :cond_1
.line 5
invoke-interface {v1}, Ljava/util/Enumeration;->nextElement()Ljava/lang/Object;
move-result-object v0
check-cast v0, Ljava/util/zip/ZipEntry;
.line 6
invoke-virtual {v0}, Ljava/util/zip/ZipEntry;->getName()Ljava/lang/String;
move-result-object v0
.line 7
invoke-virtual {v2, v0}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
goto :goto_0
.line 9
:cond_1
invoke-virtual {v2}, Ljava/util/ArrayList;->toArray()[Ljava/lang/Object;
move-result-object v0
check-cast v0, [Ljava/lang/String;
.line 10
return-object v0
.end method
Copy #Math
add-int/lit8 v0, v2, 0x1 #v2 + 0x1 and save it in v0
mul-int v0,v2,0x2 #v2*0x2 and save in v0
#Move the value of one object into another
move v1,v2
#Condtions
if-ge #Greater or equals
if-le #Less or equals
if-eq #Equals
#Get/Save attributes of an object
iget v0, p0, Lcom/google/ctf/shallweplayagame/GameActivity ; ->o:I #Save this.o inside v0
iput v0, p0, Lcom/google/ctf/shallweplayagame/GameActivity ; ->o:I #Save v0 inside this.o
#goto
:goto_6 #Declare this where you want to start a loop
if-ne v0, v9, :goto_6 #If not equals, go to: :goto_6
goto :goto_6 #Always go to: :goto_6 Mabadiliko Makubwa
Kurekodi (Logging)
Copy #Log win: <number>
iget v5, p0, Lcom/google/ctf/shallweplayagame/GameActivity ; ->o:I #Get this.o inside v5
invoke-static {v5}, Ljava/lang/String ; ->valueOf(I )Ljava/lang/String; #Transform number to String
move-result-object v1 #Move to v1
const-string v5, "wins" #Save "win" inside v5
invoke-static {v5, v1}, Landroid/util/Log ; ->d(Ljava/lang/String ; Ljava/lang/String ;)I #Logging "Wins: <num>" Mapendekezo:
Ikiwa utatumia pembejeo zilizotangazwa ndani ya kazi (zilizotangazwa v0, v1, v2...), weka mistari hii kati ya .local <number> na tangazo la pembejeo (const v0, 0x1 )
Ikiwa unataka kuweka kificho cha kuingiza katikati ya kificho cha kazi:
Ongeza 2 kwenye idadi ya pembejeo zilizotangazwa: Mfano: kutoka .locals 10 hadi .locals 12
Pembejeo mpya inapaswa kuwa nambari inayofuata ya pembejeo zilizotangazwa tayari (katika mfano huu itakuwa v10 na v11 , kumbuka kuwa inaanza na v0).
Badilisha kificho cha kazi ya kuingiza na tumia v10 na v11 badala ya v5 na v1 .
Kutoa taarifa
Kumbuka kuongeza 3 kwenye idadi ya .locals mwanzoni mwa kazi.
Kificho hiki kimeandaliwa ili kiingizwe katika katikati ya kazi (badilisha idadi ya pembejeo kama inavyohitajika). Itachukua thamani ya this.o , itabadilisha kuwa String na kisha kutoa taarifa na thamani yake.
Copy const/4 v10, 0x1
const/4 v11, 0x1
const/4 v12, 0x1
iget v10, p0, Lcom/google/ctf/shallweplayagame/GameActivity ; ->o:I
invoke-static {v10}, Ljava/lang/String ; ->valueOf(I )Ljava/lang/String;
move-result-object v11
invoke-static {p0, v11, v12}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v12
invoke-virtual {v12}, Landroid/widget/Toast ; ->show () V Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks) ! Njia nyingine za kusaidia HackTricks:
Ikiwa unataka kuona kampuni yako ikionekana katika HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia MPANGO WA KUJIUNGA
