我刚接到一项任务,对一年前由一家咨询公司开发的应用程序进行逆向工程。他们没有源代码,这就是我必须这样做的原因。
无论如何,有一个标记可以从一个字符串转换为另一个字符串。
例子:
From:
H0zRNCGT4fnxPUaR0zuFO8HSWTZKYczetXf8vgfWgOAfZBwfE201MLgkbNu0lRuahspqLtrvMTMTivVxH6htYj+VGAbgJydH1OssYfW/RK4Acyxu1C/fCvlW1ccOePwzoboO9WLXj4781ahE+zQAVA==.
To:
H0zRNCGT4fnxPUaR0zuFO8HSWTZKYczetXf8vgfWgOAfZBwfE201MLgksNu0lRuahspqLtrvMTMTivVxH6htYj+VGAbgJydH1OsbYfW/RK4Acyxu1C/fCvlW1ccOePwzoboO9WLXj4781ahE+zQAVA==.
它们看起来确实一样,但 2 个字符已被替换,我不知道是什么原因。
这是通过使用空格更清楚的区别
From:
H0zRNCGT4fnxPUaR0zuFO8HSWTZKYczetXf8vgfWgOAfZBwfE201MLgk b Nu0lRuahspqLtrvMTMTivVxH6htYj+VGAbgJydH1Os s YfW/RK4Acyxu1C/fCvlW1ccOePwzoboO9WLXj4781ahE+zQAVA==.
To:
H0zRNCGT4fnxPUaR0zuFO8HSWTZKYczetXf8vgfWgOAfZBwfE201MLgk s Nu0lRuahspqLtrvMTMTivVxH6htYj+VGAbgJydH1Os b YfW/RK4Acyxu1C/fCvlW1ccOePwzoboO9WLXj4781ahE+zQAVA==.
来自 dex2jar 的 java 代码没有意义,它给了你一些线索,但它的代码不起作用。
这是java代码
private String b;
private String h()
{
int i = 56;
int j = 0;
String str;
if (this.b == null)
str = "";
do
{
str = this.b;
}
while (str.length() <= 100);
switch (str.charAt(71) % '\r')
{
case 2:
case 3:
case 4:
case 6:
default:
i = 0;
case 1:
case 5:
case 7:
case 8:
}
while (j != 0)
{
char c = str.charAt(j);
return methodA(methodA(str, j, str.charAt(i)), i, c);
j = 99;
continue;
j = 81;
i = 50;
continue;
j = 45;
i = 80;
continue;
j = 76;
}
}
private static String methodA(String paramString, int paramInt, char paramChar)
{
StringBuffer localStringBuffer = new StringBuffer(paramString);
localStringBuffer.setCharAt(paramInt, paramChar);
return localStringBuffer.toString();
}
这是来自 apktool 的 smali 代码
# instance fields
.field private b:Ljava/lang/String;
.method private h()Ljava/lang/String;
.locals 5
.prologue
const/16 v1, 0x38
const/4 v2, 0x0
.line 138
iget-object v0, p0, Lcom/example/MainActivity;->b:Ljava/lang/String;
if-nez v0, :cond_1
.line 139
const-string v0, ""
.line 185
:cond_0
:goto_0
return-object v0
.line 142
:cond_1
iget-object v0, p0, Lcom/example/MainActivity;->b:Ljava/lang/String;
.line 143
invoke-virtual {v0}, Ljava/lang/String;->length()I
move-result v3
const/16 v4, 0x64
if-le v3, v4, :cond_0
.line 145
const/16 v3, 0x47
invoke-virtual {v0, v3}, Ljava/lang/String;->charAt(I)C
move-result v3
rem-int/lit8 v3, v3, 0xd
.line 150
packed-switch v3, :pswitch_data_0
:pswitch_0
move v1, v2
.line 170
:goto_1
if-eqz v2, :cond_0
.line 177
invoke-virtual {v0, v2}, Ljava/lang/String;->charAt(I)C
move-result v3
.line 178
invoke-virtual {v0, v1}, Ljava/lang/String;->charAt(I)C
move-result v4
.line 180
invoke-static {v0, v2, v4}, Lcom/example/MainActivity;->methodA(Ljava/lang/String;IC)Ljava/lang/String;
move-result-object v0
.line 181
invoke-static {v0, v1, v3}, Lcom/example/MainActivity;->methodA(Ljava/lang/String;IC)Ljava/lang/String;
move-result-object v0
goto :goto_0
.line 153
:pswitch_1
const/16 v2, 0x63
.line 155
goto :goto_1
.line 158
:pswitch_2
const/16 v2, 0x51
.line 159
const/16 v1, 0x32
.line 160
goto :goto_1
.line 163
:pswitch_3
const/16 v2, 0x2d
.line 164
const/16 v1, 0x50
.line 165
goto :goto_1
.line 168
:pswitch_4
const/16 v2, 0x4c
.line 169
goto :goto_1
.line 150
nop
:pswitch_data_0
.packed-switch 0x1
:pswitch_1
:pswitch_0
:pswitch_0
:pswitch_0
:pswitch_2
:pswitch_0
:pswitch_3
:pswitch_4
.end packed-switch
.end method
.method private static methodA(Ljava/lang/String;IC)Ljava/lang/String;
.locals 1
.prologue
.line 189
new-instance v0, Ljava/lang/StringBuffer;
invoke-direct {v0, p0}, Ljava/lang/StringBuffer;-><init>(Ljava/lang/String;)V
.line 190
invoke-virtual {v0, p1, p2}, Ljava/lang/StringBuffer;->setCharAt(IC)V
.line 191
invoke-virtual {v0}, Ljava/lang/StringBuffer;->toString()Ljava/lang/String;
move-result-object v0
return-object v0
.end method
如果有人能弄清楚这里发生了什么,我将不胜感激。