逆向问题及关键词

此篇介绍逆向过程中涉及到的关键词以及脱壳修复换入口遇到的报错和它的解决方案。

关键词

签名校验关键词

java层

getPackageInfo.signatures

smali就是

getPackageInfo;->signatures

arm中提取的关键词

模拟器检测

isEmulator
System.exit
android.os.Environment

禁止截屏

const/16 v1, 0x2000
invoke-virtual {p1}, Landroid/app/Activity;->getWindow()Landroid/view/Window;
move-result-object v0
invoke-virtual {v0, v1, v1}, Landroid/view/Window;->setFlags(II)V

抓包检测

 vpn检测
  "ppp0" //字符串
  "tun0" //字符串
  getInterfaceAddresses
  getNetworkInterfaces
 wifi代理检测
  http.proxyPort
  http.proxyHost
最终都是system.out

断网检测

"connectivity" //字符串
getActiveNetworkInfo
System.exit

获取设备id

Build.getSerial()

TelephonyManager tm = (TelephonyManager)this.getSystem(Context.TELEPHONY_);
String deviceId = tm.getDeviceId();

String serial =null;
try {undefined
        Class c = Class.forName("android.os.SystemProperties");
        Method get = c.getMethod("get", String.class);
        serial = (String) get.invoke(c, "ro.serialno");
}catch (Exception e) {undefined
        e.printStackTrace();
}
return serial;

其他

获取设备id(比较靠谱)

AXML添加权限<uses-permission android:name="android.permission.READ_PHONE_STATE" />
调用
    invoke-static {p0}, 类名->getDeviceId(Landroid/content/Context;)Ljava/lang/String;

    move-result-object v0

        
.method public static getDeviceId(Landroid/content/Context;)Ljava/lang/String;
    .registers 4

    .line 193
    :try_start_0
    sget v0, Landroid/os/Build$VERSION;->SDK_INT:I
    :try_end_2
    .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_2} :catch_48

    const/16 v1, 0x1d

    const-string v2, "android_id"

    if-ge v0, v1, :cond_3b

    :try_start_8
    const-string v0, "phone"

    .line 194
    invoke-virtual {p0, v0}, Landroid/content/Context;->getSystemService(Ljava/lang/String;)Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Landroid/telephony/TelephonyManager;

    if-eqz v0, :cond_2e

    .line 196
    invoke-virtual {v0}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String;

    move-result-object v1

    invoke-static {v1}, Landroid/text/TextUtils;->isEmpty(Ljava/lang/CharSequence;)Z

    move-result v1

    if-nez v1, :cond_21

    .line 197
    invoke-virtual {v0}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String;

    move-result-object p0

    goto :goto_4e

    .line 199
    :cond_21
    invoke-virtual {p0}, Landroid/content/Context;->getApplicationContext()Landroid/content/Context;

    move-result-object p0

    invoke-virtual {p0}, Landroid/content/Context;->getContentResolver()Landroid/content/ContentResolver;

    move-result-object p0

    invoke-static {p0, v2}, Landroid/provider/Settings$Secure;->getString(Landroid/content/ContentResolver;Ljava/lang/String;)Ljava/lang/String;

    move-result-object p0

    goto :goto_4e

    .line 203
    :cond_2e
    invoke-virtual {p0}, Landroid/content/Context;->getApplicationContext()Landroid/content/Context;

    move-result-object p0

    invoke-virtual {p0}, Landroid/content/Context;->getContentResolver()Landroid/content/ContentResolver;

    move-result-object p0

    invoke-static {p0, v2}, Landroid/provider/Settings$Secure;->getString(Landroid/content/ContentResolver;Ljava/lang/String;)Ljava/lang/String;

    move-result-object p0

    goto :goto_4e

    .line 207
    :cond_3b
    invoke-virtual {p0}, Landroid/content/Context;->getApplicationContext()Landroid/content/Context;

    move-result-object p0

    invoke-virtual {p0}, Landroid/content/Context;->getContentResolver()Landroid/content/ContentResolver;

    move-result-object p0

    invoke-static {p0, v2}, Landroid/provider/Settings$Secure;->getString(Landroid/content/ContentResolver;Ljava/lang/String;)Ljava/lang/String;

    move-result-object p0
    :try_end_47
    .catch Ljava/lang/Exception; {:try_start_8 .. :try_end_47} :catch_48

    goto :goto_4e

    :catch_48
    move-exception p0

    .line 210
    invoke-virtual {p0}, Ljava/lang/Exception;->printStackTrace()V

    const-string p0, ""

    :goto_4e
    return-object p0
.end method

遇到的报错

脱壳子换入口报错 Unable to instantiate application

看看入口的init方法是不是 public 的
入口类attachBaseContext方法 是不是 public 的