-1

我试图通过逆向工程来强化我的 APK。我知道阻止反编译 APK 是不可能的,但我看到一些 APK 在反编译过程中使用了一个技巧来抛出异常apktool(不仅仅是 APK 工具,所有像QARK这样的反编译器都无法返回 classes.dex APK),所以我决定这样做在逆向工程中花费更长的时间

在这里您可以看到强化应用程序的一些结果:winrar:winrarwinrar2

APK工具:

    sudo apktool d -f app/TTT.apk --keep-broken-res
    I: Using Apktool 2.3.1-dirty on TTT.apk
I: Loading resource table...
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
W: Multiple types detected!  ignored!
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/lab/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
Exception in thread "main" java.lang.NullPointerException
    at brut.androlib.res.data.value.ResEnumAttr.serializeBody(ResEnumAttr.java:56)
    at brut.androlib.res.data.value.ResAttr.serializeToResValuesXml(ResAttr.java:64)
    at brut.androlib.res.AndrolibResources.generateValuesFile(AndrolibResources.java:555)
    at brut.androlib.res.AndrolibResources.decode(AndrolibResources.java:269)
    at brut.androlib.Androlib.decodeResourcesFull(Androlib.java:132)
    at brut.androlib.ApkDecoder.decode(ApkDecoder.java:124)
    at brut.apktool.Main.cmdDecode(Main.java:163)
    at brut.apktool.Main.main(Main.java:72)

请为我解释一下,这怎么可能?(我需要实施细节)

4

2 回答 2

0

您链接到的第一个 APK 不是有效的 APK。它只是一个纯文本文件,以下文本一遍又一遍地重复:

HTTP/1.1 200 OK
Date: Sat, 27 Oct 2018 17:35:36 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
Last-Modified: Sat, 28 Jul 2018 11:40:03 GMT
ETag: "23b1fe5-5720db0636ac0"
Accept-Ranges: bytes
Content-Length: 37429221
Keep-Alive: timeout=20
Connection: Keep-Alive

显然,只是重复的 HTTP 响应标头不会形成有效的 APK。您的工具在该文件上失败的原因不是它被加密/混淆/硬化,而是它根本不是一个真正的 APK,如果您尝试安装它就无法工作。

您链接到的第二个 APK 在我提取时对我来说很好unzip

我的结论是,您提到的“加固”不存在(似乎只是由于混淆了有效和无效的 APK),并且任何成功安装的 APK 也可以成功提取。

于 2018-10-30T02:01:54.000 回答
-1

这就是加密 java 类功能(如 dexgaurd 或 Bangcle kh);这也受到原生库加密 (NLE) + JNI 混淆 (JNI) 的保护,来自 dexprotector 之类的东西(我在动态分析工具中发现了这一点)

和许多坦克语义学者为这篇文章和这篇文章

于 2018-10-30T09:40:44.680 回答