Android Reverse Tips 2: Start with Activity to find the entry point and reversely analyze WeChat APP

new question

"Android Reverse Tips ①: Start with Activity to find the entry point, reverse analysis of Alipay APP"

In the previous chapter, we used the Android SDK's own tool [Android Device Monitor] (located in the path [tools\monitor.bat]) to quickly locate the key code position corresponding to a button on the Activity, but in actual combat, we found that some APPs, we The resource-id found in [Android Device Monitor] can't find any trace in the decompiled JAVA code.
insert image description here
Taking WeChat as an example, the interface similar to Alipay and the [Set Amount] button, the resource-id found through [Android Device Monitor] is com.tencent.mm :id/ama But when we search in the decompiled WeChat APP source code ama will find that it can't find any results. In fact, R.id.ama corresponds to a numerical constant. It is very likely that the WeChat APP has been optimized, and only the numerical id is left in the source code. Then find the corresponding relationship between ama and numerical id.

public.xml

The correspondence between R.id and numeric constants is actually stored in a public.xml file, which stores the correspondence between the resource id and numeric id in the APK. First use [apktool] to unpack the target APP, and then unpack the Find [res\values\public.xml] in the directory, search for ama in it, and soon we can find the corresponding digital id is [0x7f10073a], the decimal is [2131756858]
insert image description here
Note that there may be multiple results when searching for ama , what we need is the result of [type="id"], because we are looking for the id of the control, not the string or layout.
Get the digital id of the [Set Amount] button Hexadecimal [0x7f10073a] Decimal [2131756858], search the decompiled source code and
insert image description here
quickly find its definition, named [collect_set_money_tv], then continue to search This constant name quickly finds the response function of the button Click event, and quickly locates the key code.
insert image description here
In addition, if the hexadecimal and decimal numbers of the digital id cannot be searched in the decompiled source code, it is likely to be a problem with [jd-gui], due to incomplete decompilation of [jd-gui] or a bug in the search function. .

Solution:

  1. Try to export all the source code as .java files through [jd-gui] and search with other tools. If you still can't find it, it is likely that the decompilation is incomplete. After all, [d2j-dex2jar] and [jd-gui] are not omnipotent.
  2. Try to use [baksmali] to decompile to smali code, and then search in the smali code
  3. Use other decompilation tools, such as [jadx], [JEB Decompiler]

The official project addresses of the tools mentioned above:

apktool https://ibotpeaches.github.io/Apktool
d2j-dex2jar https://github.com/pxb1988/dex2jar
jd-gui https://github.com/java-decompiler/jd-gui
baksmali https ://github.com/JesusFreke/smali
jadx https://github.com/skylot/jadx
JEB Decompiler https://www.pnfsoftware.com

After finding the key address, you can conduct deeper research by inserting logs, smali debugging, Xposed Hook, etc., and then achieve some interesting effects.

For Android sourceless debugging third-party applications, see here: "Android Application Reverse - The Best Two Sourceless
Debuggers" This article was published by encoderlee on the CSDN blog: https://blog.csdn.net/CharlesSimonyi/article/ details/90647009 reproduced please indicate the source



Guess you like

Origin blog.csdn.net/CharlesSimonyi/article/details/90647009