Comments (2)
zhkl0228
commented on August 27, 2024
下载最新的代码即可
from unidbg.
zhkl0228
commented on August 27, 2024
`package com.dexshell.protect;
import cn.banny.auxiliary.Inspector;
import cn.banny.unidbg.Module;
import cn.banny.unidbg.Symbol;
import cn.banny.unidbg.arm.ARMEmulator;
import cn.banny.unidbg.file.FileIO;
import cn.banny.unidbg.file.IOResolver;
import cn.banny.unidbg.linux.android.AndroidARMEmulator;
import cn.banny.unidbg.linux.android.AndroidResolver;
import cn.banny.unidbg.linux.android.dvm.*;
import cn.banny.unidbg.memory.Memory;
import cn.banny.unidbg.pointer.UnicornPointer;
import com.sun.jna.Pointer;
import java.io.File;
import java.io.IOException;
public class DexShellUtil extends AbstractJni implements IOResolver {
private static final int SDK_INT = 19;
private static final String APP_PACKAGE_NAME = "com.zz.yzzj.aligames";
private final ARMEmulator emulator;
private static final String APK_PATH = "src/test/resources/app/yzzj.apk";
private final Module module;
private final DvmClass DexShell;
private DexShellUtil() throws IOException {
emulator = new AndroidARMEmulator(APP_PACKAGE_NAME);
emulator.getSyscallHandler().addIOResolver(this);
System.out.println("== init ===");
final Memory memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(SDK_INT));
memory.setCallInitFunction();
VM vm = emulator.createDalvikVM(new File(APK_PATH));
vm.setJni(this);
DalvikModule dm = vm.loadLibrary("dexshell", true);
dm.callJNI_OnLoad(emulator);
module = dm.getModule();
DexShell = vm.resolveClass("com/dexshell/protect/DexShell");
}
private void destroy() throws IOException {
emulator.close();
System.out.println("module=" + module);
System.out.println("== destroy ===");
}
public static void main(String[] args) throws Exception {
DexShellUtil test = new DexShellUtil();
test.Decrypt();
test.destroy();
}
private void Decrypt() throws IOException {
Symbol aeskey = module.findSymbolByName("aes_key");
System.out.println("aeskey address = " + aeskey.getAddress());
System.out.println("base address = " + module.base);
Inspector.inspect(aeskey.createPointer(emulator).getByteArray(0, 32), "aes_key");
byte[] result = new byte[128];
Symbol AES_set_decrypt_key = module.findSymbolByName("AES_set_decrypt_key");
System.out.println("address = " + AES_set_decrypt_key.getAddress());
System.out.println("base = " + module.base);
Number[] numbers = AES_set_decrypt_key.call(emulator, aeskey.createPointer(emulator), 128, result);
int ret = numbers[0].intValue();
Pointer p1 = UnicornPointer.pointer(emulator, numbers[1].intValue() & 0xffffffffL);
assert p1 != null;
Inspector.inspect(p1.getByteArray(0, 128), "AES_set_decrypt_key ret=" + ret);
}
@Override
public FileIO resolve(File workDir, String pathname, int oflags) {
return null;
}
@Override
public int callStaticIntMethod(BaseVM vm, DvmClass dvmClass, String signature, VarArg varArg) {
if ("com/dexshell/protect/Util->getSDKINT()I".equals(signature)) {
return SDK_INT;
}
return super.callStaticIntMethod(vm, dvmClass, signature, varArg);
}
}`
from unidbg.
Related Issues (20)
- 如何补一个返回 HashMap 的环境?
- 黑盒调用so文件种函数的问题请教,数组参数该如何传入
- Map<String, List<String>>参数如何构造啊啊啊啊,求解 HOT 2
- 如何补 KeyStore 的环境? HOT 1
- 非标准文件该怎样补
- AndroidModule VirtualModule执行上的一些小问题 HOT 3
- 没有对 SocketIO.SOCK_RAW 进行模拟
- 大佬,clock_gettime clk_id=2 报错问题,能否解决下 HOT 1
- 求大佬指点,这种环境怎么补,全网也没找到相似的例子。 HOT 3
- 这哪个app
- 怎么用vscode调试?
- 调用方法时报错 --- svc number :243184,求教各位大佬如何解决
- 本地正常,部署到服务器后报错。Read memory failed: address= HOT 1
- AttachCurrentThread 不执行
- pthread_join Pointer 对象为空
- NR=222 munmap 在unidbg中mmap已经被模拟,但是后续的java.lang.IllegalStateException是什么问题
- Static and dynamic analysis
- 如何反射拿到android/content/Context的方法
- ldid error
- 启动就自动停止了
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unidbg.