Shulou(Shulou.com)06/01 Report--

[toc]

# preface to 0x00

# # for some unknown reason, please see

Android reverse-Android basic reverse (1)

Android reverse-Android basic reverse (2)

# # and java series:

Android inverse-java Code Base (1)

Android reverse-java Code Base (2)

Android reverse-java Code Base (3)

Android reverse-java Code Base (4)

Android reverse-java Code Base (5)

Android reverse-java Code Base (6)

Android reverse-java Code Base (7)

Android inverse-java Code Base (8)

Because the pseudo-encryption part of the previous Android reverse-Android basic reverse (2) is too long, so the other content is not completed, so there is the Android reverse-Android basic reverse (2-2). Hope to be able to complete the contents of the plan.

# # Learning content

(1) pseudo-encrypt √ for APK files

(2) Anti-decompilation of resource files

(3) apk packaging process

(4) apk decompilation process

(5) apk recompilation process,

# Anti-decompilation of 0x01 resource files

As mentioned earlier, you can prevent a certain degree of decompilation by changing the fourth field. So in addition to this pseudo-encryption, is there any other way to prevent the emergence of this kind of pseudo-encryption?

Take a look at how resource files prevent decompilation.

Naturally, we need to study the format of the xml file. The fourth brother has already analyzed it in 2016, but it is analyzed by others, and only looking at the analysis of others can not carry out more in-depth study. Paper will sleep shallow, never know the matter want to practice. So, there is this article.

# # 1. The first module

Here we use an example analysis, which uses the simple apk in Android inverse-Android Foundation inverse (1) to analyze.

# 1.1 Magic Number

The number of demons here is 00 08 00 03, which is a fixed value.

# 1.2File Size

This is used to confirm the file size.

This is 00 00 07 90, or 1970 bytes.

# 1.3 Analysis with python

The fourth brother wrote it in java, so I made a fool of myself to write a python. In the process of learning python, please forgive me for any mistakes or bad things I did.

This is the code that implements this module. But I feel that my writing is so tedious. I'll revise it later.

At 11:57:35 on January 27th, 2018, I was busy with something else.

Def fenxi (filename): try: f=open (filename 'rb') print' start-' iTunes 0 p1 = "" p2 = "" p3 = "" p4 = "" p = "while True: t=f.read (1) t1=t.encode ('hex') if iTunes 0: p1=t1 if iTunes 1: P2=t1 if iTunes 2: p3=t1 if iTunes 3: p4=t1 i=i+1 if I

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.