reverse tool
phone root
The prerequisite for Android reverse engineering is that you need a rooted phone, preferably a real phone. Without a rooted mobile phone, it is difficult to continue the reverse work. For mobile phones, you can unlock the OEM. There are generally the following steps to Root your phone:
- unlock OEM
- Unlock BootLoader
- Install Magisk
- make root package
- Brush into the phone
For details, please refer to this article .
For the Android system, it is not recommended to use the latest version, because some reverse engineering tools do not support the latest version of the system.
decompilation tool
There are many decompilation tools, old apktool, jeb and some niche decompilation tools, here I recommend to use, MT文件管理器
really easy to use, can extract apk, decompile, view source code, smali to java, package signature, etc., functions There are many, and it is very convenient to use. The fly in the ointment is that you need to open a membership, but a lifetime membership is also very cheap. Again, a good tool can save a lot of time.
Hook tool
There are also many Hook tools. For Android, there are Hooks at the jvm layer and Hooks at the native layer. Here I just list some of my commonly used Hook tools
- Hook tools at the java layer include: Algorithm Assistant.apk, JSHook.apk, Frida
- Hook tools in the native layer include: Frida, Unidbg
These tools can all be obtained in the planet.
WebViewTools
The WebView tool I am talking about here refers to the ability to debug the H5 in the application, so that it can be used inspect
for debugging.
Such tools are:
- Algorithm Assistant.apk
- WebViewPP.apk
Capture tool
There are two types of packet capture tools, one is the mobile terminal and the other is the computer terminal.
- Mobile terminal: HttpCanary
(android)
, Stream(ios)
- Computer: Charles, Fiddler
Dynamic Debugging Tool
Let me first talk about what is dynamic debugging. Dynamic debugging is to set a breakpoint in the code when the program is running. At this time, you can debug step by step to see the value of some variables and the business logic of the code.
The commonly used dynamic debugging tools for Android reverse engineering are: AndroidStudio and IDA . AS is mainly for dynamic debugging of smali language. For IDA, it is for debugging so library and assembly language.
Summarize
Sharpening a knife is not a mistake for woodcutters. Before starting the reverse, prepare the reverse environment and tools first, so that you will be handy during the reverse process. This article mainly introduces the tools used in reverse engineering, and the usage of some tools will be explained in later articles.
Such as Smali instructions, packing and unpacking, Xposed framework, Frida, packet capture, encryption and decryption algorithms, etc., these are the knowledge points that Android reverse security development engineers must master.
As for the study notes, I have organized them based on the knowledge points mentioned above, so that it is more convenient for everyone to learn, and everyone can learn together. Reference method:https://qr18.cn/CQ5TcL
Android reverse security study notes
Android reverse emulator environment construction (detailed explanation)
Smali instruction detailed explanation
Getting Started with Packing and Unpacking
NDK and reverse engineering:https://qr18.cn/CQ5TcL
Xposed framework
Frida-The Dragon Slaying Knife Reverse Development
Commonly used encryption algorithms for Android reverse:https://qr18.cn/CQ5TcL