Shulou(Shulou.com)05/31 Report--

Editor to share with you how to use Apk-Medit for memory search and data modification of APK, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Tool installation

First, we need to visit the project's to download the project's source code. After the download is complete, we need to copy the code to the / data/local/tmp/ directory of the target Android device:

$adb push medit / data/local/tmp/meditmedit: 1 file pushed. 29.0 MB/s (3135769 bytes in 0.103s) code construction

We can use the make command to build the code, which requires the use of the Go compiler. After the code is built, connect to the device using adb, and it will push the built code to the / data/local/tmp/ directory of the target Android device:

$makeGOOS=linux GOARCH=arm64 GOARM=7 go build-o medit/bin/sh-c "adb push medit/ data/local/tmp/medit" medit: 1 file pushed. 23.7 MB/s (3131205 bytes in 0.126s) tool command search

Search for a specific value in memory:

> find 999982Search UTF-8 String...Target Value: 999982 ([57 57 57 56 50]) Found: 0 value out of range----Search Double Word...Target Value: 999982 ([46 66 150]) Found: 1 hours address: 0xe7021f70

We can also specify the target data type, such as string, dword, qword, and so on:

> find dword 999996Search Double Word...Target Value: 999996 ([60 66 150]) Found: 1 filtering address: 0xe7021f70

We can filter the search results and match the current search values:

> filter 993881Check previous results of searching dword...Target Value: 993881 ([89 42 150]) Found: 1 modify address: 0xe7021f70 data modification

We can directly modify the data value of the destination address:

The patch 10Successfully patcheduplops command

To find the target process, if there is only one, we can use the ps command to automatically specify:

> psPackage: jp.aktsk.tap1000000, PID: 4398Target PID has been set to 4398. Binding process

If the target PID is set through the ps command, we can bind to the target process and terminate all processes within the App through ptrace:

> attachTarget PID: 4398Attached TID: 4398Attached TID: 4405Attached TID: 4407Attached TID: 4408Attached TID: 4410Attached TID: 4411Attached TID: 4412Attached TID: 4413Attached TID: 4414Attached TID: 4415Attached TID: 4418Attached TID: 4420Attached TID: 4424Attached TID: 4429Attached TID: 4430Attached TID: 4436Attached TID: 4437Attached TID: 4438Attached TID: 4439Attached TID: 4440Attached TID: 4441Attached TID: 4442

If the target PID is not set, we need to specify it on the command line:

Attach unbinding process

Unbind a bound process:

> detachDetached TID: 4398Detached TID: 4405Detached TID: 4407Detached TID: 4408Detached TID: 4410Detached TID: 4411Detached TID: 4412Detached TID: 4413Detached TID: 4414Detached TID: 4415Detached TID: 4418Detached TID: 4420Detached TID: 4424Detached TID: 4429Detached TID: 4430Detached TID: 4436Detached TID: 4437Detached TID: 4438Detached TID: 4439Detached TID: 4440Detached TID: 4441Detached TID: 4442 Export

Display memory export data:

> dump 0xf0aee000 0xf0aee300Address range: 0xf0aee000-0xf0aee300-00000000 34 32 20 61 6e 73 77 65 72 20 74 6f 20 6c 69 | 42 answer (to li | 00000010 66 65 20 74 68 65 20 75 6e 69 76 65 72 73 65 20 | fe the universe | 00000020 65 74 63 7c 33 29 0a 33 31 34 20 70 69 0a 31 30 | etc | 3) .314 pi.10 | 00000030 30 33 33 20 61 75 64 69 74 64 20 28 61 76 63 7c 33 | 03 auditd (avc | 3 | 00000040 29 0a 31 30 30 34 20 63 68 61 74 79 20 28 64 |). 1004 chatty (d | 00000050 72 6f 70 65 64 7c 33 29 0a 31 30 35 20 74 | ropped | 3) .1005 t | 00000060 61 67 5f 64 65 66 20 28 74 61 67 7c 31 29 2c 28 | ag_def (tag | 1) (| 00000070 6e 61 6d 65 7c 33 29 2c 28 66 6f 72 6d 61 74 7c | name | 3) (format | | 00000080 33 29 0a 31 30 30 36 20 6c 69 62 6c 6f 67 20 28 | 3). 1006 liblog (| 00000090 64 72 6f 70 65 64 7c 31 29 0a 32 37 31 38 20 | dropped | 1) .2718 | 000000a0 65 0a 32 37 31 39 20 63 6f 6e 66 69 75 72 61 | e.2719 configura | 000000b0 74 69 6f 6e 63 61 6e 67 65 20 28 63 6f | tion_changed (co | 000000c0 6e 66 69 67 20 6d 61 73 6b 7c 31 7c 35 29 0a 32 | nfig mask | 1 | 5). 2 | 000000d0 37 32 30 20 73 79 6e 63 20 28 69 764 c 29 2c | 720 sync (id 3) | | 000000e0 28 65 76 65 6e 74 7c 31 7c 35 29 2c 28 73 6f 75 | (event | 1 | 5), (sou | 000000f0 72 63 65 7c 31 7c 35 29 2c 28 61 63 6f 756e | rce | 1 | 5), (accoun | exit) |

To exit the tool, you can use the exit command or press Ctrl+D:

> exitBye! Tool testing

We can use the make command to run the test code:

The $make test tool uses Demo

The above is all the contents of the article "how to use Apk-Medit for memory search and data modification of APK". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.