记录一次非常简单的so层小逆向,适合小白入门
题目要求:找出flag0x01 前景一个经过360加固了的APK,我们先用FART脱壳脱壳带走,分析testNative化,准备干libso0x02 操作==================================开始操作===================================首先查看init.array部分,它的运行时机真的很早。窥探一下这里的两个内容:第一个函数.datadiv是异或解密【双击进去后分析逻辑得到】第二个byte_8905是个被加密过的字节data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA2cAAABDCAYAAAAYnn3YAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAEnQAABJ0Ad5mH3gAACO5SURBVHhe7Z3br13Vdcb7l4Bv+LgW2DInIcZXcsMWNrZjY2yFmwQccLAcJRLUdcC18SU0jUMaEEQk6Usq1CgoL3mwK8XFIJU2ciNZqaxepCov6UvUp/apT11lbJ9vn7HHGXOusfaaa5919vm29BOsucYaY97WmuPbc53tP7rrrrsqQtowu/u+6qX3jlZ7n9vpnieTY+P9M9ULbx2udhyYdc8TQgghhJD+QnFGxgZCQITZOGJg9bpV1bPfPTi4PsfcX37FLddQjCwAscx+IYQQQghZXlCcEUIIIYQQQkgPoDgjhKxo8Fl/8E/JCsObD4QQQshSQnFGCFnR4OMl72S68eYDIYQQspRQnBFCVjT4eMk7mW68+UAIIYQsJRRnhJAVDT5e8k6mG28+EEIIIUsJxRkZi9Vr1lavffD31ZmffeSeJ2S5gI+XvJPpxpsPhEwDDxz9evX4T/6levjMX7vno5TyQ0iKVetmqgN/cb26d9ej7vmVSDFxtn379urmzZvV3Nyce74kpWIdPHiwun379pBLly4tqc2pU6dGbK5evVpt2LAha+P1QV0sex406c/S4uz+HV+o3vntf1cHT/yJe74kR795vvrJf/zfkDf+7t+rezZszNp49Xro8BMjNs//+Y+z58Ek2th3Hty8tfrV+WvVJ9/+aMjHF69Xe7fuWWS7ZtWa6kcn33Xt7Dnw6vEzi/ykwGeQsL95e/7ozud3H/xgUUKf5cAPqh//fv5i9XH9tI3VhGUY6/Sv5x3Mfz5807FrGcubD2SBmfu3V0fe+adBcg6OvvfbZBKFRP7RN/62Wn3PwtqF8hQ7n78c8hPhvocOuT7RFoiMh1763kgdvGvgy6LrlbJZajGDPrRtakqdH/TrZw6+4J5f6dj54fVjKRsB42Xn392r11R7X/ubER8pP9bWu+ftPe3dqxEbgeJsMStWnEGgwAd8aiEzSRsRXVI2O3vn36WamZmpbty4Uf30pz8d2ly5cmXERvzeunWr2r9//9AmWh/tZxyWqzgT0fXOP/9Pdd9ntg6O1838cfXmP/znSDte+sH7IzYist771/+tdh04NrSB8EJ9UX8t0MRG+yELQJw9s+epYdmL++YWCav1a9dXv/zWL6qfv/J+NbN2ZlAmguzcE68NjiHOfvi1t4fXwHdUoOGDRH8oAr7xYfW7T48bJfwQZ7/+2UKZ56dErCjLMNZAmOk+tH69sjFiefOBLOAl3qlkHQndzucuVoff+sdkoiU+c+ejfnKI8NIJJXweeec31T333Vn3xMYTWbqtUqav8YjYTDMUZ2nsnEJf6XunlA3Kdr34ncFcT4kzXe75EaF06M2PR+4NuXb3ie8Mj+UZoOc8rtG+IzaA4mwxK1KcrVmzpnr//fdHhI8g4ge7VX2w0YINYk232V4XiSXHK1WcpeqsBRvEmq6HvS7lR0Sd3oWjOEvjiTNBBNr1169VWzZuGRxffOr8iDCzeOLMK8uBzyJR9SkDkfD7D6vDB0aT+iSeOLNlns2nNI4VYVpiddSH3nwgCyB5s4m3TbxgK2Jq0+cP3xFXRrxZuzrxVucnh00EbXIrWHHmJY8R4RWxmWZSc2Sl44khQc+7UjZa3KTsvXKvzN4XlpR//UyI2OhyirPFtBZn9jU7jRUA2NUBWkRAcNlr4F92fprEstfqck/cQfxgJ2qSNlJmBZQtEz+ffPLJyC6ZIG3UNpFYpcWZfgVQixMptztOghZi9vVBjRU29jXBcYShFVC2TOr21m/+a1GdpZ7axgpJiDrdXoqzNClxpsuxa5bbASspzmTXZWRn5sDPqg8HZ/5Q/fgbnx7P78xU1e3qtEr+D3/wh0HpYMfGEw22bN5PNhbK29K3WJE+xLWajvrQmw/ThiREIkzGETmpxNsrlzhI6vT/6+uEOnEW9VMH2v25Y990v7FfCnGGOo0zFlEgRIFtNxJnqQPqI9h+rvOjr7WMI1atPxtP6iN1XHfv/YNxgp2egxEbIRdLznmv8aXuBfiyY+rZY47BfykblAspYeSV2zL4rZufnoCzZREbIHFz4qxubkwjE9s5s4IAosETaBBT9tjapWKBlDiTumixAn8XLlwY+p2kjS6H0JK6e9fZNoudlEu/RmOJnRa2gvVbB8SZiCSIFvuKII7t32J5Aqlu58wKHe91xAiIg/hWQKbqIXaIL3XxrnnujfdGrrViUki1b6VRJ85EkKVsNJ4Q27ftkeTfr3ksfFRSj+T/AyMC5suHIsIee+Js8Pqd8m2PU7FK0MdYdX3oMS+8hjaF2uXNh2kjlTxGSCWkKIdPnfDjfEqA5c418VMHfEnbPbFgE0UvKY8Ir4gNaDMWTfGScV2uk9xcUp7yA1JzpAnShzq2Vx+xkToLiCX9qfs+apOLleqLlLBIjanE0fNpeM88d3HYX6VsEFOoG3ddnvJtfVpgh/7w7p2IDciJMzt+GJ/UfJwWJiLO8LqdFUlaWKAMAuPxxx9fJN5ALlYELWLEF3aktN9J2qBe6CcRS3JO9wvO6d01+IBtk1ialIjNAXFmRZYWMXJshZj32qCQE2eIZUWejRVFC0t7vdcu1M0TZ3IOO225NghSX4lp27ESSQkvvVsmIkv+Bi0izvSPgdi/W6tj4TOf7A8Sff3/JtkfCoP5nRpvl8x8RoSHFhZ1sdrS11i5PnQYvK4If1JWqF3efCALpJI1m8CKnRZRqQTXs82dy/mJgMTZS+Qk2UYiL3gCS5JXbQNsguvZjFvnUtQl6VZoSH94/TQJceZh64N+1nHsfInYeNhYVohhHjZpoxY+ug66v0rZ6Lh1467nqKDnqdd/KbS/1JcTERtB+tcTZ6l+132iy6eJiYgz7JLpnRpgRYggr/Olzgl1YqMOiJizZ88OxYyUa7+TtNHHEEjoAy2YbD+KUDt9+vRQsEVjWTzhVwdEjN25Su0qQbDYHTCQEzYQdHoHCjQVZ4gDgSTiUfxowWTjiVB74tUrQ8GGNj7z+luhXTeQErQrkcjOWRNxpnfOIPCavtY4SPY/UEm/JPCJZP+OWJDP6Ot5/muNRoBAWARjtaLHsZJ9aICdK3BbtsubD2SBVAKIciR29tttwSa4QCeYulxo4qcOJHaSGHqJnPaLpNQKKinPJZVCxGYpqEvSbbkVKCBlD1JzpCkSX8ZAo2OWHIu6WLZN44yxXCPzbvszfzYy/7TvUjaIKTQZd9wjKJNY0hd1Y4nYuF/Qn/r+idjI/S6xtTiTMtig7fbeTbV9mpioOEuJA01u9wjUiY06cL31D3EjomaSNmiz90Me9jqL2OC6SCyUWfTft3nnLTlxpgWTtRMx5O0cRcRZSvRESdVZ6lQn8sQG16Gu9horTD3sTuJKJSXOtCDTQk3baFJ/X2Z/WCQHPpLULxIKeocGZSO7YwFx9il3/qZq3nZeQIRitaWvsXJ9qEj+LVqhdnnzgSyQSoJ0EoekT44tqcTKE2dN/dQhyaBct/nLjw8SUG+nSJfJsU3ApZ2lBMGkaZKkC9J+Wyak7EGJRNnre1ufUmMRiWXbLOe1qIiAfrGxpI6Yz6VsUCY0HXf9hQhi5dqamz/wE7GRY8STvwsVcfbAkZMjz4ZUG3EdxVkACANPMKXEhwdeddyxY8dA0HmCIRcrQqo+EhvxJmkD8eq99pkTVVb0RmLpcgA/9rocKaEjr+5Z8QHBNrvzi9Ub1//NFUE5cZaK1RSIPO/1yJyosuKwSds18NO2HdNASpzpX2eE8Gr6a43COOIsKarMr/8tCK35HTF9PiLOcjYT+gXFpY6V7UMwEFqffoy/AYXa5c0HskAqCZIkC8ImZYNv5W2iJ/aeOGvqJ4ckdSLqkBziWPvWbdA2Oo6U2aTYErFZCpom6dIftkxI2YO2ibLdvQG2PiXGIhpLgK+Z2R3V/jeuNR7fVL+JGMK8K2Wjy1P2OT/oM9h4fkHqfhQ/EFIRG5RJPx/83seDOWTvv9Tc6us9V5KwOMNrdqkEvi7BF4Eg1+cElezwaBscW9ESFROI6f0tlY3lCb5J2UBUSRl2vNDGlKiCD9u2SH0skR06iydQUgJLvyaYEiZ1wgV/r9Vm9wx11jteiJsSVWiTFXQiOHV9cuISRHboVgqeOBNhZn/IA3ZafIkgy/07Z5FfedTgAzEwfCXOe0XO2swfD3d2PNFgf8xCXZeNNY/7Wl8T+harrg9VmSvMQIN2pfDmw7QhiacWKk3wkiPxpxOsVKKUSvRS4qypnxSw1768MmmH9unFiSSBTRJFSU5tAjoOkTFFe6JJuidQhJQ9SAmeKF6/e+0rMRbRWALaVdfPuTGV+sg53D/e/VTKBjQZd09Ewbe2k2vx75zBj+5n+EG/RmzgW8jNZznn+Wl7D/WdkDiDeJCkPyeIIATETrAJP8SSBv4gKqx/iEIrLupiCTlxJiAm8ATMpGx0HwPbF7r/cjtqdbHsONSJ3BQQTJqUOKnbnRIgcODLChkvXtNdKAi0nA8dJ1dnCDRg227r27Su0wxEl/4Rj9QOGcQW7LSAgzjTfoTc36lZ8Bkk7BAF8x9PVFjBAEEzsIU4Mx9XMORiKe7sMskn/fpfLX2J1aIP8XH9zX9S7UrhzYdpA4ldXWLrgURNrgc2uZLkyUu4BO+bcvHpibOmflIg0bOJK/oBCaAXzybBOLbo68Qm2rclxBkSX/HjJbOIYUH/eUm6IP2hy+r86GvtPGk61+z10j8SX9cn0s8Rm0gsIOV18w79lBpTO4c8QVXCBvPeYsfdnvdiaWEq2D7wfNn+i9ho2y+98lfJcbNtm3ZhJhR7rZGQHCJU+LdWpI/g4yXvvSD36l9pJhmrB3jzYdpAkjSOOCNkJSPCK/WFASFdQnFGOifyQxmELBX4eMl7H8BuVtNdoXGYZKw+4M2HaQPfuK+Eb5sJKYXcN3W7ZoR0BcUZ6Qz5Gyt5na9rYab/pi1H6pVLsrLBx0vel5T5v6Eq/quKHpOM1SO8+TAt6Ne3vFeXCOkS+2pcir7NTbxCR2FGlhKKM0LIisdL3Mn0480FQgghZCmhOCOEEEIIIYSQHkBxRgghhBBCCCE9gOKMEEIIIYQQQnoAxRkhhBBCCCGE9ACKM0IIIYQQQgjpAcXE2aZNm6pz585VDz/8sHu+JKVibdu2rbp8+fKQ48ePL6nNvn37hnURXn755Wrt2rWDc8DaeH1QKhYhXfHg5q3Vr85fqz759kdDPr54vdq7dc8i2zWr1lQ/Ovmua9fET4TZ3fdVL713dMje53a6djmsD/D05f3VmnWrq9XrVlXPfvegayPsOHDnHwpO+Tl6euGej9gIux97YOQ8YmgibS9lU4oSsSJ9mLJBP969+u7q2Jk9i86P2z+R8bI2mF/aJhKrRB9GaRtr4/0z1QtvHR7xceLdx6otO+917dFHXt8Ibcei1L0c9QPq2lWKUnOjT/M5NRZL+XwuRaR/mgB/L7x9uJq5956wTZP5HJkbIFefiJ8m/RNpe5esWHEGAQMf8KmFzCRtRCydP3++2rhx4+BYhNKZM2eqEydODG2efPLJERvxe+HChWrr1q1Dm1KxCOkSiKpn9jw1LHtx39xAXL16/MywbP3a9dUvv/WL6uevvF/NrJ0ZlIlYO/fEa4PjqJ8IeBjjoY5EsOkCJ37GeaDLdTrRjPiJ2Ow/sXvExsZBWV3bS9mUolQs8dO2nyHOdNI1bv9ExksSEW2DZMhLDKdpvHANfAhIyqwfjMneZ3dUz3//K4sEXKmx8LB2clw3xzy8eHXtKkWkfyL0bT6LTYmxiPgZN9Y4RNreBP2FU6oNERuN7cMm91cuVqk1DjRtVxesSHG2atWq6uTJk4vEiIgf7CD1wUaLKAgo3WZ7XalYupyQLvBElSDC6vrr16otG7cMji8+dX5EmFmifurAw9h+oykP/abfTssi0PSB7sWP+KmzQZKDBUmwsSJtL2Wjy9tQMlaJfvbqY8sidW4zXjrBjcSK2OjyNpSKhYRK949gk3vYinj5zOc3DWLrJCxSn8hYeHg2pZ4JQq5dpSg1Xn2cz6XGosRzoxTRtjcB/b/90dlkGyI2wNax6f2VilVqjdPlTdrVFa3FmX09TmOTfezqAC0QILjsNfAvOz9NYtlrdbkn7iB+sBM1SRsp0wIKdrpM/Jw9e3Zkl0yQNmqbErFQRkhXpESVLseuWW4HLOJHl6fwkj489PENHGzsw1oe5PING5KkcRZkucb7pq/OT50NEjn7TaTUGYtSk7a3tUF5W5rUp8R41dl4i78ti9a5brzk2EsqdFmT/llO4+X5Ebxy3We2/6L1iYyFZdx72eL5EXLtKkW0fyLj1bf5XGosIn7GiTUOpcbLXitlqTZEbDS2D6NzQ8jFiviJzg1dHm1XV0xs50yEmRZQEA2eQIOYssfWLhULpMSZfR0Q/o4dOzb0O0kbXQ6BJHX3rrNtFjv0a6lYhHRNnagSQRYRWBE/ujyFt3DIw1xeHdIP9WH5/EJmj+GryQMdSbxdkCJ+6my8RUmQhQvXRdpeygbx2xKNNSxvOV5iIwmMRrfHE2e2jpE6o8z2lR4vfS3mjJxvGitiI+UliMYalifGC8e2btYO46Gv0wlcybHQtLmXNSk/de0qRdfjtZTzudRYRPw0jTUu0bYPyxPjBbQwTrUhYgO8PkTsurkh5GJF/ET7R2jSri6ZiDjDq3RWJGlhgTIIjF27di0SbyAXK4IWMeILO1La7yRtUC/0k7cTiHN6dws+PHHWJhYhXZMSVXq3bN+2RwZ/OzaOOIvsumn0w1se3Eh4vAc/bD/7pc2Db9jsqxJy3ibygrUDqcUl5UcvpHU2uUXRW7hSbS9lg3q3pUks2DYdL5uwaGTh1zbo55yPSJ0j4wV/OqY9F4nVpA/b0iQWbL3xStVNf9sNO8TwzpceC5Cqn8Szc0NIzbGUH11XObbtKkWp8erjfE6NxVI8n0sRbbu2TT0Pvf6y4xGx0Xj1iM6NulgRP9H+qYs1SSYizrBLJkLA4gkDecUudU7IxYoAEXPkyJGhmJFy7XeSNvoYAhZ9oAWt7UcRaocOHRoKtpKxCOmSyI5XG3Gm/ejyFHh4f/npbcOHuJTbhzWQb9dkkfUe3E0f6PqbOl0e8ROxQQKHxEBiffGrDw5jRtpeygZ1akvTWCXHS7AJAY51ooN+R1m0znXjpa9Bkof24Xhaxytlb/sj8u17pD6RsdC0uZc1KT917dK2bSg1XkLf5nOpsYj4aRprXKJtB6nx8p5jtg0RG0uqD+vmRjRWnZ9I/4zTri6ZqDjzzlkiOzq5WBFwvfUPcSOiZpI2aLP3Qx6pPgBig+u6jkVIKVKiSguyiMCK+NHlKfCQtg9iPNTxMBfwEPcWN1wTfaCnFk8h4mfcxUMWSyxCkbaXskFZW5ZqvDQ64fAWdkEn0236R49XKpbYNIm1HMcLfuz9In7EXidZcmwp0XY9FppU3QTxa2OlSPmJtEvbt6HUeKVYyvlcYiyEiJ8msdpQarw8e9uGiI0m14ceem40jaXRfiL90yZWF0z0tUbvFUULXnXcvHnzQNDp1/hALlaEVH0kNuJN0kaQtnqvfUJU6XKA69APXcYipCQpUaV/nRH/vtk4v9ZY9yuPllSCIMk1EnBdJg9seeDLt3X2fJMHuk5A7LmIn3EWD3zLiMUy0vZSNrq8DUs1XgB9iPi5+sD3uP1jxwvH2FUA4gfJxbSOVyrRk/sIdikb3W+lxkLT9l4GKT+RdunyNpQaL4+lns99fz6PQ6nxkvZq0W+R6w59/QvuOWDbm+tDi50bkfp4fq2fSP9EYulruyYszvDqm038AZL+1HlJ/uX6nKCSHR5tg2MrJOpiAcT0XtezsTzBNykbiCq9c4U2QlTBF4AP27YuYhFSGk9UiaCy/4A07H74tbeHZXX/zpnnJ4IspPIQxgPdS4asDY51YhFdkOE/lVRF/ERjgVRM265I28e1AVeuXKlu375dXbp0adG5COPUB8fjjJfGJhze4u8lnU36R5/XPhBLx0csm4Q27Z++j5d3jYyF/sZbrvHGE/2GPmrSdn3e3jt154RUnSw5P5F26fK+3F8ar32Tns9i03YshIifaCyhj+MltGlnXR9qorZ19Un5sW33+scSaXtXhMQZEnpJ+nOCCEJA7AT7mhzEkgb+ICqsf4hCLXaEulhCTpwJiAlsjEna6D4Gti90/+V2uUrEIqRLIKrk1UOQ2unCj3vATguvJn4i4AEOvIXNfvuGb9zsgmfRiQauyz34IwtDxEa+HUQd7GsbmlzbS9sIp06dGiQjN2/erGZnfZs6crFwLjJeTfrQ84kEU9sI4/RPZLy8eLZOQmQsIjZCH8YLCZX24d1XtgxI31ohp32NMxZCiXtZyPmJtEuX9eX+6tt8tufBUj2fQV/Gy9KmnXV9GL2/NF6sqJ9c/3hE2t4VxV5rJIQQQqLMzMxUN27cqK5evVpt2LDBtSH9geO1vOB4LS84XkRDcUYIIWTi4Jviubk59zzpFxyv5QXHa3nB8SIaijNCCCETY/v27YNXd27dulXt3z/6dzKkf3C8lhccr+UFx4t4UJwRQgghhBBCSA+gOCOEEEIIIYSQHkBxRgghhBBCCCE9gOKMEEIIIYQQQnoAxRkhhBBCCCGE9ACKM0IIIYQQQgjpAcXE2aZNm6pz585VDz+8+F91L02pWNu2basuX7485Pjx40tqs2/fvhGbl19+uVq7dm3WxuuDUrEI6YoHN2+tfnX+WvXJtz8a8vHF69XerXsW2a5Ztab60cl3XbsmfiLM7r6veum9o0P2PrfTtcthfYCnL++v1qxbXa1et6p69rsHXRthx4HZrJ+jpxfu+TY2iGOB/QtvH65m7r3HPQe8/tn92AMjNmi3tStBpD51WB8n3n2s2rLz3lo7L1a0PugjPU7eeeCNVaSfS9a5BCViWR+gi/sLlBivUmNRog+jlI4Ff/rZEhmv6JjqGEDX+e7Vd1fHzuwZOW9tQMmxqJs/pSg5Xrk62zipZ2bkGSVYf/b+2X9id/b8NLJixRkEDHzApxYyk7QRsXT+/Plq48aNg2MRSmfOnKlOnDgxtHnyySdHbMTvhQsXqq1btw5tSsUipEsgqp7Z89Sw7MV9cwNx9erxM8Oy9WvXV7/81i+qn7/yfjWzdmZQJmLt3BOvDY6jfiJggcCDf+P9M9ULbx1uvMCJH0/Y1CHX6UUu4qeUDdDJi71G/NT1jyzG+jokVV0kJZH6jIO0wSYbkVgRG5Q9Mrdr0M9ev0giovtQ/Nr6RPq5VJ1LUSqW+InOZ43tx4ifUuMVaXspm1KUjpV7tnh4/WixNnV1Rh30OHY5FijLzZ9SROoTYZw6e8/M6Fpg7x+LnNfX2HZOKytSnK1atao6efLkIjEi4gc7SH2w0SIKAkq32V5XKpYuJ6QLPFEliLC6/vq1asvGLYPji0+dHxFmlqifOrxFW5CFoenOjywekeRD48WP+CllA7Cgbn90duSaSP+kbOwiXYKS42VBEoHFv03btY34feaNRwcJTMrexhasbepa3c+l6qzL21Ay1qTur67Hq+lYRGx0eRu6iJV6tnik4muszbh9WMqPtYnMn1JE6qPLU4xbZ3sfpK61a0Gpe3kaaS3O7OtxGpvsY1cHaIEAwWWvgX/Z+WkSy16ryz1xB/GDnahJ2kiZFlCw02Xi5+zZsyO7ZIK0UduUiIUyQroiJap0OXbNcjtgET+6PAW+LdRJFhYcfCMIG7uYyIIj3+ThG8pxFhy5xvu2vc5PKRsB7ZV22Gsi/SNlXjLQNEGIUHK8LNZ3k1h1/QNSCYb4ef77X1lkL3XWfVjXz13UuQ1N6lM3XtH5rJFrbJua+GkzXqXGImKD8rY0qU/k/sK13rPFwxsvi7WJ1NkbR1vWxVh0LShKj5fQpM5e/MhaIMep53CKrvuyL0xs50yEmRZQEA2eQIOYssfWLhULpMSZfR0Q/o4dOzb0O0kbXQ6BJHX3rrNtFjv0a6lYhHRNnagSQRYRWBE/ujxFaqHf++yOkUVnWD6/oNhj+GqSPGKxsQtZNImJ2Mjiq9GLKNALp/Urx036B35k4feSlbY0rU9uvCw2gYjEitYHpBIMXGftpR/1eMAu1c9d1LkNJcdLfE3q/gJtxqvUWET7sATRWMPymvsr92yxpMarziZSZ28c7XURP9H+Aan5U4pofez42GNNkzrbZ6YA3yi3zyiIx4eOfm7wX6xNuXEXcJ1X52liIuIMr9JZkaSFBcogMHbt2rVIvIFcrAhaxIgv7Ehpv5O0Qb3QT95OIM7p3S348MRZm1iEdE1KVOndsn3bHhn87dg44iyy66bRi5ssKvg2HAuMXmxh+9kvbR4sEnbxkvNaCIHUIufFEFJ+9KIUsbHIImltbB3Er06g0OZI/2BRlxhNkugmNKkPbFPjBRv0Hfzqc3WxmtRHSCU+KNcJCnzYvsz1cxd1bkOTWLDtw/0F2oxXpO2lbHTd2tAkFmxT42WvEfvccyHSnlw9cnXW90xqzCN+mvSPkJo/pWhSH9jmnodCXZ3FD/oPsa2N7m875hBZujzSTyIEU/GmiYmIM+ySiRCweMJAXrFLnRNysSJAxBw5cmQoZqRc+52kjT6GgEUfaEFr+1GE2qFDh4aCrWQsQroksuPVRpxpP7o8BRasLz+9beTBn1psZYHwFhxBfOWSD4v3raMQ8dM0loAFEDG9BdH6jfYPjpHsoJ9yYnEcovUBufGy2DZEYjWtTy4JQdIi9RVknL741QddAZDq5y7q3IaS4yW+msz5NvcXaDNepcaiaR+2oWms1HhFni2W1HhpPJtInb36YPxQ1sVY5OZPCUqNl6ZJnRFHP+dtGWLiGP1u64a2oA0a62Oamag4885ZIjs6uVgRcL31D3EjomaSNmiz90MeqT4AYoPruo5FSClSokoLsojAivjR5SmwkNjFylsosGilFje5JrfoaVKLpxDx0ySWRic3Xhut30j/pBZziTVOHXOUHC8P3T+RWE3qIzRN1qQ+sI30cxd1bkPJ8ZJrvHIPxB33/gJtxqvUWCzH8fLspczagdx4gZRNpM6pcdSvoUb8NOkfoen8aUqT+tTdX9auyZzHMzN1rX5GQZxZoZXqQ++Nj2lmoq81eq8oWvCq4+bNmweCTr/GB3KxIqTqI7ERb5I2grTVe+0TokqXA1yHfugyFiElSYkq/euM+PfNxvm1xrpfebTkFm37DS0WclkQZXHxvsHNLXoavVjZcxE/TWIB+02x1EEWvRTif8Pm9bX9k1psxcZbbNtQcrw8IomGjtWkPkLK3sN+wxzp5y7q3IYmsaQsN16TvL9Am/EqNRbLcbwizxbd/7nxAimbtn0In12MRcq+FE3qg7bWPQ+b1lk/M9s+o+z4yr0q86Wr/usjYXGGV99s4g+Q9KfOS/Iv1+cElezwaBscWyFRFwsgpve6no3lCb5J2UBU6Z0rtBGiCr4AfNi2dRGLkNJ4okoElf0HpGH3w6+9PSyr+3fOPD8RsAAgqZLFy35Da21wrBehaNIH/6lvAiN+orE0kQTI84u2pvoHi62+Dou0lwBcuXKlun37dnXp0qWR8ih19fFscJzqc8Fe45VFYnk2IJr4eHMk2s+l69yX8ZKyyJz3+k4T9SO0GS9hnLaPawP6fH95/Z7qO02dTV2dvXH0hMQ4bfdsQGT+9G28onNesH6bPKP0F3e5sYjUY5oIiTMk9JL05wQRhIDYCfY1OYglDfxBVFj/EIVa7Ah1sYScOBMQE9gYk7TRfQxsX+j+y+1ylYhFSJdAVMmrhyC104Uf94CdFl5N/ETAQgC8hc0uEvh22C54FitQ6kSS+KlLHiM28k2krkd0sfX82rbp/hGwKGubVLxTp04NkpGbN29Ws7OjfqLk6oNzdeOFY5Dqz7q2R2xsLKATFD1eqR3HaD+XqDPoy3hZH6CL+6vUeAmRfi5lI/RlvCxyndfvdeMlRGxydfbuG2sDIv1cZxOZP6Cvz0Og62xtvDGJPqPs+qSFWWq8gDcm00Kx1xoJIYSQKDMzM9WNGzeqq1evVhs2bHBtSH/geC0vOF7LC44X0VCcEUIImTj4pnhubs49T/oFx2t5wfFaXnC8iIbijBBCyMTYvn374NWdW7duVfv373dtSH/geC0vOF7LC44X8aA4I4QQQgghhJAeQHFGCCGEEEIIIT2A4owQQgghhBBCegDFGSGEEEIIIYT0AIozQgghhBBCCFly7qr+H4+mpHqcOMWNAAAAAElFTkSuQmCC
我们接着看JNI_OnLoad,可以发现只动态注册了一个函数,那我们有理由猜测是test在动态注册时,我们通过观察IDA的.data.rel.ro需要知道方法结构体信息:
1
2
3
4
5
typedef struct {
const char* name;
const char* signature;
void* fnPtr;
} JNINativeMethod;
结构体包含三部分分别是:方法名、方法的签名、对应的native函数地址;那么这里我们肯定重点看第三部分,因为要找到具体的解密函数,这时候我们需要在动态注册段对应上:
我们来验证一下:函数名byte_1C066:0x87, 0x96, 0x80, 0x87, 0xF3, 0, 0, 0, 0, 0长度为4=0x87 ^ 0xF3 = 0x74 = t=0x96 ^ 0xF3 = 0x65 = e=0x80 ^ 0xF3 = 0x73 = s=0x87 ^ 0xF3 = 0x74 = t合成得:test所以这是test函数名
函数签名信息byte_1C070解密后是:(Ljava/lang/String;)Z正好就是boolean test(string content)
函数注册地址之后我们来到OOXX函数观看流程,发现JUMPOUT函数,而且进入sub_8930函数查看了一些逻辑之后发现流程晦涩难懂。当我们遇到晦涩难懂的问题时,不如尝试去用用Frida。
====================================转换思路=========================================
一直以来想用Frida解开一道这种验证输入的题,奈何没有找到机会,这一次想尝试一下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
//新建frida_test.js
function hookstrcmp(){
Java.perform(function() {
console.log("I am a Hook function");
var strcmp = Module.findExportByName("libc.so","strcmp");//这里发现无论“libnative-lib.so”还是“libc.so”都是一样的地址
console.log("find strcmp:",strcmp);
Interceptor.attach(strcmp, {
onEnter: function (args) {
//hook住后打印strcmp的第一个参数和第二个参数的内容
console.log("[*] strcmp (" + ptr(args).readCString() + "," + ptr(args).readCString()+")");
},onLeave:function(retval){}
});
})
}
启动frida并attach app的进程
1
frida -U com.kanxue.test -l frida_test.js
首先敲入
1
hookstrcmp()
然后再在手机端敲入“bangbang”
1
观察电脑端日志
我打印出来了整个运行过程中的strcmp,发现只有一处和bangbang进行了比较
毋庸置疑,kanxuetest即flag值
0x03 验证所以,kanxuetest就是flag。**** Hidden Message ***** 太给力了,这么多好东西! 非常不错啊,感谢楼主无私的共享精神!
页:
[1]