版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/m0_37344790/article/details/78378429
最近苦于练习脱壳,奈何常常被打的晕头转向,想起立下每周都要写博客总结自己所学的flag,还是懒洋洋地来更新一篇,来点轻松的,关于打造自己的smali代码库,帮助我们进行Android java的层的辅助分析和爆力破解。我们在android killer里存起自己的代码。
首先看android killer 中 自带的三个板子,log / System.load / Toast
1 log
const-string v0, "you message"
invoke-static {v0}, Lcom/android/killer/Log;->LogStr(Ljava/lang/String;)V这里直接调用了android killer中的引用包,经过了一层封装,这里log的TAG为“AndroidKiller-string”
如果想自己写log的话,那就
const-string v1, "conghuachaodan"
const-string v2, "logcontent"
invoke-static {v1,v2} ,Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I这里的string v1是我们的TAG,v2使我们要查看的内容。
2 System.load
const-string v0, "so name"
invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V3 Toast
const-string v0, "you message"
const/4 v1, 0x1
invoke-static {p0, v0, v1}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V然后是查看函数调用关系
1 通过添加异常查看函数的调用关系
new-instance v1, Ljava/lang/Exception;
const-string v2, "Method Stack"
invoke-direct {v1, v2}, Ljava/lang/Exception;-><init>(Ljava/lang/String;)V
invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V2 stackTrace
invoke-static {}, Ljava/lang/Thread;->dumpStack()V3 Method Trace
invoke-static {}, Landroid/os/Debug;->startMethodTracing("MethodTraceDebug")Vinvoke-static {}, Landroid/os/Debug;->stopMethodTracing("MethodTraceDebug")V需添加权限文件存储,读取权限
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>然后是waitForDebugger
invoke-static{}, Landroid/os/Debug;->waitForDebugger()V然后是Intent启动
1 显示
new-instance v0, Landroid/content/Intent;
invoke-direct {v0}, Landroid/content/Intent;-><init>()V
.local v0, "intent":Landroid/content/Intent;
iget-object v1, p0, Lcom/conghuachaodan/mysmalilibrary/MainActivity$2;->this$0:Lcom/conghuachaodan/mysmalilibrary/MainActivity;
const-class v2, Lcom/conghuachaodan/mysmalilibrary/Main2Activity;
invoke-virtual {v0, v1, v2}, Landroid/content/Intent;->setClass(Landroid/content/Context;Ljava/lang/Class;)Landroid/content/Intent;
iget-object v1, p0, Lcom/conghuachaodan/mysmalilibrary/MainActivity$2;->this$0:Lcom/conghuachaodan/mysmalilibrary/MainActivity;
invoke-virtual {v1, v0}, Lcom/conghuachaodan/mysmalilibrary/MainActivity;->startActivity(Landroid/content/Intent;)V2 隐式
new-instance v0, Landroid/content/Intent;
invoke-direct {v0}, Landroid/content/Intent;-><init>()V
.local v0, "intent":Landroid/content/Intent;
const-string v1, "Main2ActivityAction"
invoke-virtual {v0, v1}, Landroid/content/Intent;->setAction(Ljava/lang/String;)Landroid/content/Intent;
iget-object v1, p0, Lcom/conghuachaodan/mysmalilibrary/MainActivity$3;->this$0:Lcom/conghuachaodan/mysmalilibrary/MainActivity;
invoke-virtual {v1, v0}, Lcom/conghuachaodan/mysmalilibrary/MainActivity;->startActivity(Landroid/content/Intent;)V持续更新中、、、