折腾:
【已解决】从不同版本的小花生apk中反编译出包含业务逻辑代码的dex和jar包源码
期间,已经试过了v3.6.9所导出dex文件是无效dex:只有一个200多B的dex。
旧版本v1.5,导出dex,部分看起来是有效的,但是dex转jar后的源码,发现都是出错的opcode,找不到要的源码。
现在去尝试使用v3.4.8的版本去试试,是否可行。
把v3.4.8的apk:
安装到夜神模拟器后,再去启动FDex2,设置hook这个小花生app:
然后试了半天,终于hook出3.4.8版本中,N多个看起来是有效的dex文件了:
然后继续去dex转jar
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 | ➜ v3.4.8 lltotal 81656-rw------- 1 crifan staff 1.1M 3 19 14:05 com.huili.readingclub1166288.dex-rw------- 1 crifan staff 12M 3 19 14:04 com.huili.readingclub13088280.dex-rw------- 1 crifan staff 1.4M 3 19 14:04 com.huili.readingclub1461452.dex-rw------- 1 crifan staff 187K 3 19 14:04 com.huili.readingclub191572.dex-rw------- 1 crifan staff 2.7M 3 19 14:04 com.huili.readingclub2847840.dex-rw------- 1 crifan staff 3.8M 3 19 14:04 com.huili.readingclub3986968.dex-rw------- 1 crifan staff 8.3M 3 19 14:04 com.huili.readingclub8725900.dex-rw------- 1 crifan staff 8.4M 3 19 14:04 com.huili.readingclub8825612.dex➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub1166288.dex...GLITCH: 0000 Lcom/android/internal/telephony/uicc/VoiceMailConstants;.getVoiceMailTag(Ljava/lang/String;)Ljava/lang/String; | zero-width instruction op=0xf4Detail Error Information in File ./com.huili.readingclub1166288-error.zipPlease report this file to one of following link if possible (any one). https://sourceforge.net/p/dex2jar/tickets/ https://bitbucket.org/pxb1988/dex2jar/issues https://github.com/pxb1988/dex2jar/issues dex2jar@googlegroups.com➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub13088280.dex...GLITCH: 009f Lcom/tencent/bugly/legu/proguard/z;.a(Ljava/lang/Thread;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V | zero-width instruction op=0xf8Detail Error Information in File ./com.huili.readingclub13088280-error.zip➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub1461452.dex...GLITCH: 0000 Lcom/google/android/util/SmileyResources;.getSmileys()Lcom/google/android/util/AbstractMessageParser$TrieNode; | zero-width instruction op=0xf4WARN: can't get operand(s) for sub-double/2addr, out-of-range or not initialized ?WARN: can't get operand(s) for int-to-float, out-of-range or not initialized ?WARN: can't get operand(s) for return-wide, out-of-range or not initialized ?WARN: can't get operand(s) for move-exception, out-of-range or not initialized ?WARN: can't get operand(s) for move-exception, out-of-range or not initialized ?Detail Error Information in File ./com.huili.readingclub1461452-error.zip➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub191572.dex...GLITCH: 0006 Lcom/android/okhttp/internal/tls/OkHostnameVerifier;.verifyHostName(Ljava/lang/String;Ljava/lang/String;)Z | zero-width instruction op=0xeeDetail Error Information in File ./com.huili.readingclub191572-error.zip➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub2847840.dex...GLITCH: 0006 Lsun/misc/Unsafe;.unpark(Ljava/lang/Object;)V | zero-width instruction op=0xf8Detail Error Information in File ./com.huili.readingclub2847840-error.zip➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub3986968.dexdex2jar com.huili.readingclub3986968.dex -> ./com.huili.readingclub3986968-dex2jar.jar➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub8725900.dex...GLITCH: 0000 Landroid/widget/ZoomControls;.setOnZoomOutClickListener(Landroid/view/View$OnClickListener;)V | zero-width instruction op=0xf4GLITCH: 0000 Landroid/widget/ZoomControls;.setZoomSpeed(J)V | zero-width instruction op=0xf4WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-object/16, out-of-range or not initialized ?WARN: can't get operand(s) for shr-int/2addr, out-of-range or not initialized ?WARN: can't get operand(s) for move/16, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move/16, out-of-range or not initialized ?WARN: can't get operand(s) for move-result, wrong position ?WARN: can't get operand(s) for cmpl-float, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for sput-boolean, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-object/from16, out-of-range or not initialized ?WARN: can't get operand(s) for move-object/from16, out-of-range or not initialized ?WARN: can't get operand(s) for move-object/from16, out-of-range or not initialized ?WARN: can't get operand(s) for move-object/from16, out-of-range or not initialized ?WARN: can't get operand(s) for move-object/from16, out-of-range or not initialized ?WARN: can't get operand(s) for sput-boolean, out-of-range or not initialized ?WARN: can't get operand(s) for sput-boolean, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for aput-char, out-of-range or not initialized ?WARN: can't get operand(s) for mul-float, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for move-wide/16, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for mul-int/2addr, out-of-range or not initialized ?WARN: can't get operand(s) for aput-char, out-of-range or not initialized ?WARN: can't get operand(s) for aput-char, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for sput-byte, out-of-range or not initialized ?WARN: can't get operand(s) for aget-byte, out-of-range or not initialized ?WARN: can't get operand(s) for and-int/2addr, out-of-range or not initialized ?WARN: can't get operand(s) for move/from16, out-of-range or not initialized ?WARN: can't get operand(s) for iput-boolean, out-of-range or not initialized ?WARN: can't get operand(s) for iput-boolean, out-of-range or not initialized ?WARN: can't get operand(s) for move-result-object, wrong position ?WARN: can't get operand(s) for cmpg-float, out-of-range or not initialized ?Detail Error Information in File ./com.huili.readingclub8725900-error.zipPlease report this file to one of following link if possible (any one). https://sourceforge.net/p/dex2jar/tickets/ https://bitbucket.org/pxb1988/dex2jar/issues https://github.com/pxb1988/dex2jar/issues dex2jar@googlegroups.comjava.util.IllegalFormatConversionException: d != java.lang.String at java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302) at java.util.Formatter$FormatSpecifier.printInteger(Formatter.java:2793) at java.util.Formatter$FormatSpecifier.print(Formatter.java:2747) at java.util.Formatter.format(Formatter.java:2520) at java.util.Formatter.format(Formatter.java:2455) at java.lang.String.format(String.java:2940) at com.googlecode.d2j.smali.BaksmaliDumpOut.s(BaksmaliDumpOut.java:68) at com.googlecode.d2j.smali.BaksmaliCodeDumper.visitFilledNewArrayStmt(BaksmaliCodeDumper.java:248) at com.googlecode.d2j.node.insn.FilledNewArrayStmtNode.accept(FilledNewArrayStmtNode.java:19) at com.googlecode.d2j.smali.BaksmaliDumper.accept(BaksmaliDumper.java:569) at com.googlecode.d2j.smali.BaksmaliDumper.baksmaliCode(BaksmaliDumper.java:544) at com.googlecode.d2j.smali.BaksmaliDumper.baksmaliMethod(BaksmaliDumper.java:482) at com.googlecode.d2j.smali.BaksmaliDumper.baksmaliMethod(BaksmaliDumper.java:428) at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dumpMethod(BaksmaliBaseDexExceptionHandler.java:148) at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dumpTxt0(BaksmaliBaseDexExceptionHandler.java:126) at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dumpZip(BaksmaliBaseDexExceptionHandler.java:135) at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dump(BaksmaliBaseDexExceptionHandler.java:92) at com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:120) at com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:290) at com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:33)➜ v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub8825612.dexdex2jar com.huili.readingclub8825612.dex -> ./com.huili.readingclub8825612-dex2jar.jar➜ v3.4.8 lltotal 125288-rw------- 1 crifan staff 469K 3 21 09:55 com.huili.readingclub1166288-dex2jar.jar-rw-r--r-- 1 crifan staff 14K 3 21 09:55 com.huili.readingclub1166288-error.zip-rw------- 1 crifan staff 1.1M 3 19 14:05 com.huili.readingclub1166288.dex-rw------- 1 crifan staff 121K 3 21 09:56 com.huili.readingclub13088280-dex2jar.jar-rw-r--r-- 1 crifan staff 16K 3 21 09:56 com.huili.readingclub13088280-error.zip-rw------- 1 crifan staff 12M 3 19 14:04 com.huili.readingclub13088280.dex-rw------- 1 crifan staff 669K 3 21 09:56 com.huili.readingclub1461452-dex2jar.jar-rw-r--r-- 1 crifan staff 25K 3 21 09:56 com.huili.readingclub1461452-error.zip-rw------- 1 crifan staff 1.4M 3 19 14:04 com.huili.readingclub1461452.dex-rw------- 1 crifan staff 103K 3 21 09:57 com.huili.readingclub191572-dex2jar.jar-rw-r--r-- 1 crifan staff 7.0K 3 21 09:57 com.huili.readingclub191572-error.zip-rw------- 1 crifan staff 187K 3 19 14:04 com.huili.readingclub191572.dex-rw------- 1 crifan staff 1.6M 3 21 09:58 com.huili.readingclub2847840-dex2jar.jar-rw-r--r-- 1 crifan staff 47K 3 21 09:58 com.huili.readingclub2847840-error.zip-rw------- 1 crifan staff 2.7M 3 19 14:04 com.huili.readingclub2847840.dex-rw------- 1 crifan staff 3.5M 3 21 09:59 com.huili.readingclub3986968-dex2jar.jar-rw------- 1 crifan staff 3.8M 3 19 14:04 com.huili.readingclub3986968.dex-rw------- 1 crifan staff 5.1M 3 21 10:00 com.huili.readingclub8725900-dex2jar.jar-rw-r--r-- 1 crifan staff 68K 3 21 10:00 com.huili.readingclub8725900-error.zip-rw------- 1 crifan staff 8.3M 3 19 14:04 com.huili.readingclub8725900.dex-rw------- 1 crifan staff 9.5M 3 21 10:00 com.huili.readingclub8825612-dex2jar.jar-rw------- 1 crifan staff 8.4M 3 19 14:04 com.huili.readingclub8825612.dex |
然后再去看看,哪个jar包是包含业务逻辑代码,用jd-gui去打开并导出代码
然后看到了:
之前dex转jar时,没有报错的:
从:
8.8MB com.huili.readingclub8825612.dex
转出:
10MB com.huili.readingclub8825612-dex2jar.jar
打开后:
可以看到里面有我们要的
/com/huili/readingclub/activity/classroom/SelfReadingActivity.class
其中onSuccess中,就是我们希望得到的,对于J字段解密的逻辑。
【总结】
经过尝试,小花生的v3.4.8的安卓app,是可以用FDex2去hook导出有用的dex文件,且包含了我们希望的业务逻辑的那个dex,在dex转jar期间,是完美的不出错的,然后得到jar后,去用jd-gui打开后,导出全部代码,即可看到完整的代码,其中包含我们需要的,网络请求返回响应中json中的J字段的解密解码逻辑。
后续继续去:
【已未解决】从反编译小花生apk得到的包含业务逻辑代码中找到J字段解码的逻辑并用Python实现