Click above ↑ ↑ ↑ blue word [ protocol analysis and restoration ] to follow us
" Introduce the method of debugging smali code in Android reverse engineering. "
Recently, I am reorganizing the Android reverse analysis environment. Everything is starting from scratch, making a record and sharing it with everyone.
This article introduces the debugging of smali code and the preparation of the environment in Android reverse engineering.
Prepare the following tools in advance:
Android killer: a tool for decompiling APK applications into smali source code
Android studio: debug smali tools
smalidea: Plug-in that Android Studio needs to install when debugging smali
Android Device Monitor: used to view the process and port to be debugged
Apps to analyze and debug phones: nonsense
01
—
get smali
After we get an Android APK application, we can easily convert it into a smali project file by using the Android killer. This need not be introduced in detail. Please note that if necessary, please update the APKtool used in it to a new one and decompile it. The content looks like this:
02
—
Android Studio plugin installation
The decompiled smali file cannot be directly debugged if Android Studio does not install the smalidea plug-in. Import the project generated by the Android killer. Under the Run menu, you can see that the items for adding breakpoints are all gray:
The smalidea plugin is used to enable Android Studio to debug smali. The download address is: https://bitbucket.org/JesusFreke/smali/downloads/
Find smalidea on this page, the latest version is smalidea-0.05.zip. Other download links can be ignored, they are used for other things, so they are not used here.
The following describes the smalidea installation process, enter from the File-->settings menu of Android Studio, click the plugins tab to enter the plugin installation page:
Then click the button Install plugin from disk..., select the smalidea compressed package you downloaded in advance and click ok to install:
After installation, you can see the installed plug-ins on the Plugins page. You need to restart Android Studio to take effect:
After restarting, you can debug and add breakpoints normally:
Next, you can debug.
03
—
Debugging process
Android Studio debugging first needs to be configured for debugging. Under the menu Run-->Edit Configurations..., open the configuration page, there is a + in the upper left corner, and select remote:
The specific configuration page appears:
Note that the selected port box needs to be modified according to the specific conditions of the process to be debugged in Android Device Monitor, or directly 8700.
In Android Device Monitor, you will see process and port information:
The first column on the left is the process name, the second column is the process number, and the fifth column is the port. If you select a process, you will see two values in the port column, like 8xxx/8700. If the debug configuration writes 8700, when debugging, you need to select the specific process in ADM. If you don’t want to do this, you need to configure the previous value of 8xxx.
In the logcat below, you can also see the running log of the process, which is sometimes needed, but it is not used here temporarily.
Of course, if you use the adb shell command to start application debugging from scratch, you can use 8700 directly.
In addition, you can also use the adb forward command to perform port forwarding, and establish a channel between a certain process of the debugging mobile phone and the port configured on the debugging machine for debugging, but it is not as convenient as above.
After the configuration is complete, you can officially debug it. Click the menu Run-->Debug'xxxx', where xxxx is the name of the debugging project you configured above, and the default is unnamed:
You can break the smali where you need to debug. When the program runs to the breakpoint you set, it will stop. There are many kinds of windows. You can see or modify some variables of the current state in the variables window, frames The window can see the call level, and you can also add register variables in the watches window for observation and modification:
Of course, it should be noted that there are some places where there is no way to add breakpoints, so add them at appropriate places before and after, and in some places where some register values cannot be viewed, then change the method and analyze specific problems. Here is just an introduction to conventional methods.
04
—
Summarize
This is the most basic tool to use, I hope it can help some friends.
Long press to follow and communicate all the time.
Click "Watching" to share with friends↘