Android 逆向相关
当你拿到Android手机的卡刷包/线刷包,你有没有想过解开它?当你眼前摆着一个APK/jar/so,你有没有想过反编译/反汇编/动态调试然后分析研究它?……
刷机包
sparse img -> ext4 img
线刷包里面找到system.img/vendor.img
1 | $ file system.img |
使用Android源码编译make simg2img得到out/host/linux-x86/bin/simg2img即可将Android的sparse image转为ext4的image
super img -> super ext4 img -> system product vendor ext4 img
预装Android 10的机型一般使用动态分区
线刷包里面找到super.img
使用simg2img将super.img转为super_ext4.img
使用Android源码编译make lpunpack得到out/host/linux-x86/bin/lpunpack super_ext4.img super
dat -> ext4 img
卡刷包中的system.new.dat.br转system.new.dat
brotli –decompress system.new.dat.br –output=system.new.dat
卡刷包中的system.new.dat system.patch.dat system.transfer.list转ext4 img
https://github.com/xpirt/sdat2img
payload dump
AB分区卡刷包相关
https://github.com/cyxx/extract_android_ota_payload
odex/oat/vdex
Android <=4.4 odex to dex
https://github.com/JesusFreke/smali/wiki/DeodexInstructions
https://bitbucket.org/JesusFreke/smali/downloads/
Android <=7 oat to dex
https://github.com/testwhat/SmaliEx/releases
https://github.com/testwhat/SmaliEx
https://github.com/JesusFreke/smali/wiki/DeodexInstructions
https://bitbucket.org/JesusFreke/smali/downloads/
Android 8 vdex to dex
https://github.com/anestisb/vdexExtractor
Android 9 vdex->cdex->dex
https://github.com/anestisb/vdexExtractor
https://github.com/anestisb/vdexExtractor/issues/23
tools/deodex/run.sh -h
dex
dex转smali
apktool工具 针对 apk包括dex和资源
https://github.com/iBotPeaches/Apktool
https://ibotpeaches.github.io/Apktool/
baksmali、smali 针对dex
https://github.com/JesusFreke/smali
https://bitbucket.org/JesusFreke/smali/downloads/
dex转jar/java
googe enjarify工具dex转jar
https://github.com/google/enjarify
dex2jar
https://github.com/pxb1988/dex2jar
https://github.com/pxb1988/dex2jar/releases
结合jd-gui
https://github.com/java-decompiler/jd-gui
http://jd.benow.ca/