学习“重打包APK绕过签名校验”经验
作者:互联网
新手学习Android逆向 ,还没有开始就遇到了问题了,APP反编译使用了.so文件验证签名。
.so文件分析对于我这样的小白来说太难了。所以逆向之路开没有进入大门就结束了;
后来无意间看到吾爱破解的一篇文章 https://www.52pojie.cn/thread-1227128-1-3.html
这个思路对于我这样无法破解.so文件的新手来说是一个不错的方法;
写一个HookPackageManager,专门用来HOOK各种PM相关方法:
public class HookPackageManager extends PackageManager {
private PackageManager mBase;
public HookPackageManager(PackageManager base) {
this.mBase = base;
}
@Override // android.content.pm.PackageManager
public PackageInfo getPackageInfo(String packageName, int flags) throws PackageManager.NameNotFoundException {
//这里我没有进行架包名判断 感觉不需要
PackageInfo pkgInfo = new PackageInfo();
//获得签名字节是使用Java代码 下面会详细说明
byte[] bArr = {48, -126, 3, 111, 48, -126, 2, 87, -96, 3, 2, 1, 2, 2, 4, 115, -105, -71, 8, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0, 48, 103, 49, 12, 48, 10, 6, 3, 85, 4, 6, 19, 3, 99, 104, 110, 49, 18, 48, 16, 6, 3, 85, 4, 8, 19, 9, 103, 117, 97, 110, 103, 100, 111, 110, 103, 49, 15, 48, 13, 6, 3, 85, 4, 7, 19, 6, 122, 104, 117, 104, 97, 105, 49, 13, 48, 11, 6, 3, 85, 4, 10, 19, 4, 103, 97, 109, 101, 49, 16, 48, 14, 6, 3, 85, 4, 11, 19, 7, 104, 117, 97, 110, 103, 100, 105, 49, 17, 48, 15, 6, 3, 85, 4, 3, 19, 8, 115, 109, 111, 107, 101, 122, 104, 117, 48, 32, 23, 13, 49, 56, 49, 50, 49, 50, 48, 48, 53, 56, 51, 57, 90, 24, 15, 50, 49, 49, 55, 49, 49, 49, 56, 48, 48, 53, 56, 51, 57, 90, 48, 103, 49, 12, 48, 10, 6, 3, 85, 4, 6, 19, 3, 99, 104, 110, 49, 18, 48, 16, 6, 3, 85, 4, 8, 19, 9, 103, 117, 97, 110, 103, 100, 111, 110, 103, 49, 15, 48, 13, 6, 3, 85, 4, 7, 19, 6, 122, 104, 117, 104, 97, 105, 49, 13, 48, 11, 6, 3, 85, 4, 10, 19, 4, 103, 97, 109, 101, 49, 16, 48, 14, 6, 3, 85, 4, 11, 19, 7, 104, 117, 97, 110, 103, 100, 105, 49, 17, 48, 15, 6, 3, 85, 4, 3, 19, 8, 115, 109, 111, 107, 101, 122, 104, 117, 48, -126, 1, 34, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -126, 1, 15, 0, 48, -126, 1, 10, 2, -126, 1, 1, 0, -69, -100, -59, -68, -107, -116, 70, -86, 97, -13, 43, -59, 103, -109, -109, 107, -32, -23, -92, 77, 71, -17, -21, 25, 65, -31, 101, 48, -85, 114, -107, -51, 88, -56, 16, -88, 64, 104, 73, 81, 41, 43, -2, 58, 94, -31, -107, 11, 33, 117, -77, 56, -119, -128, 14, -85, -39, -120, 33, 17, 39, 71, -43, -53, -119, -29, -93, 100, -26, -114, 23, -44, -85, 31, -90, 90, -53, 80, 60, 42, -52, -86, -52, -73, 98, 28, -63, -89, 95, 107, -28, -48, 109, 14, -53, 100, 111, -83, -122, -84, 72, 55, -17, 50, 58, -102, -46, -36, 71, 37, 97, 36, -93, 3, -65, 120, -50, -31, -26, -58, -51, -10, 61, 68, 10, -28, -63, 74, 23, 83, 103, -36, 99, -111, 64, -68, 105, -108, -57, 2, -77, -35, -40, -59, -10, 4, 74, -118, -78, -99, -83, 115, 27, -96, -80, -4, 8, 121, -73, -104, 87, 114, -117, -43, -86, -124, 63, -15, 47, 18, -119, -64, -94, 42, 18, 50, -13, 57, 85, 120, -19, -55, -27, 21, 13, 99, -66, 2, -38, 100, -9, -30, 8, 10, 107, 49, -95, 45, 48, 22, 58, -106, -24, -70, 117, -91, 42, 53, 48, 112, 48, 88, -74, 17, 15, 31, -76, 10, -100, -4, 28, 46, -53, 114, -28, -26, 68, 6, -31, -111, -28, -50, -120, 83, 46, 37, -88, -68, 30, -18, -35, -53, -38, 107, 57, 107, 75, 37, -81, 77, -68, -43, -96, -94, 72, 115, 2, 3, 1, 0, 1, -93, 33, 48, 31, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 93, -72, 41, 40, 17, -18, 89, -19, 60, -115, -106, 9, 38, 1, 55, -44, 35, -57, 70, -80, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0, 3, -126, 1, 1, 0, 46, 38, 102, 76, 31, 96, -125, -45, -101, -64, 59, -1, -118, -93, -65, 71, -114, -84, -38, -53, 47, -121, -111, 92, -45, 85, 5, 54, 21, -20, -41, 126, 35, 40, 41, 16, -103, -21, -36, -98, -127, 3, 96, -59, 119, 90, 73, -110, 2, -122, -109, 107, -15, -60, 31, 79, 127, -32, 7, -98, 52, 29, -118, 122, 55, 89, -59, -12, 39, -56, 16, 9, -29, 124, 41, 108, -21, -125, -91, 93, 14, -68, 107, 94, 79, 26, -115, 99, -120, -92, -29, 34, 10, 117, 121, 34, -16, -123, -86, 66, -3, 49, -119, -52, 91, 11, -106, -7, -75, -75, 85, 14, 114, -116, 79, -40, -70, 23, 89, -83, -92, 59, -87, -109, -55, 100, 60, 101, -125, -1, -98, -66, 82, 94, -93, 1, 77, -41, 15, -10, 82, -9, -3, 64, 10, 111, 42, 23, -8, 111, -68, -35, -44, -111, -120, -110, 8, -47, -50, -71, 116, -109, 121, 77, 10, -98, -17, 124, -22, -14, 10, -63, 51, -67, 29, -42, 38, -56, -21, 67, 21, -61, -90, -32, 64, -128, -88, -18, 45, -89, 7, 0, 95, -75, -56, -15, -94, 21, -43, -29, -86, 11, -102, 84, -85, -73, 37, -31, 107, -34, -90, -74, 67, -65, 87, 123, -116, 54, -39, -36, 83, 15, 103, 2, 38, 39, 68, -58, -51, -71, -126, 84, -68, 34, -74, -75, 31, -52, -25, 23, 12, 91, -38, -95, 29, -75, -114, -128, -31, 87, -21, -61, -1, -15, 9, 7};
pkgInfo.signatures = new Signature[]{new Signature(bArr)};
return pkgInfo;
}
@Override
public PackageInfo getPackageInfo(@NonNull VersionedPackage versionedPackage, int i) throws NameNotFoundException {
return null;
}
@Override // android.content.pm.PackageManager
public List<PackageInfo> getInstalledPackages(int flags) {
return this.mBase.getInstalledPackages(flags);
}
@Override // android.content.pm.PackageManager
public String[] currentToCanonicalPackageNames(String[] names) {
return this.mBase.currentToCanonicalPackageNames(names);
}
@Override // android.content.pm.PackageManager
public String[] canonicalToCurrentPackageNames(String[] names) {
return this.mBase.canonicalToCurrentPackageNames(names);
}
@Override // android.content.pm.PackageManager
public Intent getLaunchIntentForPackage(String packageName) {
return this.mBase.getLaunchIntentForPackage(packageName);
}
@Override // android.content.pm.PackageManager
public Intent getLeanbackLaunchIntentForPackage(String packageName) {
return this.mBase.getLeanbackLaunchIntentForPackage(packageName);
}
@Override // android.content.pm.PackageManager
public int[] getPackageGids(String packageName) throws PackageManager.NameNotFoundException {
return this.mBase.getPackageGids(packageName);
}
@Override
public int[] getPackageGids(@NonNull String s, int i) throws NameNotFoundException {
return new int[0];
}
@Override
public int getPackageUid(@NonNull String s, int i) throws NameNotFoundException {
return 0;
}
@Override // android.content.pm.PackageManager
public PermissionInfo getPermissionInfo(String name, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getPermissionInfo(name, flags);
}
@Override // android.content.pm.PackageManager
public List<PermissionInfo> queryPermissionsByGroup(String group, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.queryPermissionsByGroup(group, flags);
}
@Override // android.content.pm.PackageManager
public PermissionGroupInfo getPermissionGroupInfo(String name, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getPermissionGroupInfo(name, flags);
}
@Override // android.content.pm.PackageManager
public List<PermissionGroupInfo> getAllPermissionGroups(int flags) {
return this.mBase.getAllPermissionGroups(flags);
}
@Override // android.content.pm.PackageManager
public ApplicationInfo getApplicationInfo(String packageName, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getApplicationInfo(packageName, flags);
}
@Override // android.content.pm.PackageManager
public ActivityInfo getActivityInfo(ComponentName component, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getActivityInfo(component, flags);
}
@Override // android.content.pm.PackageManager
public ActivityInfo getReceiverInfo(ComponentName component, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getReceiverInfo(component, flags);
}
@Override // android.content.pm.PackageManager
public ServiceInfo getServiceInfo(ComponentName component, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getServiceInfo(component, flags);
}
@Override // android.content.pm.PackageManager
public ProviderInfo getProviderInfo(ComponentName component, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getProviderInfo(component, flags);
}
@Override // android.content.pm.PackageManager
public List<PackageInfo> getPackagesHoldingPermissions(String[] permissions, int flags) {
return this.mBase.getPackagesHoldingPermissions(permissions, flags);
}
@Override // android.content.pm.PackageManager
public int checkPermission(String permName, String pkgName) {
return this.mBase.checkPermission(permName, pkgName);
}
@Override // android.content.pm.PackageManager
public boolean isPermissionRevokedByPolicy(String permName, String pkgName) {
return this.mBase.isPermissionRevokedByPolicy(permName, pkgName);
}
@Override // android.content.pm.PackageManager
public boolean addPermission(PermissionInfo info) {
return this.mBase.addPermission(info);
}
@Override // android.content.pm.PackageManager
public boolean addPermissionAsync(PermissionInfo info) {
return this.mBase.addPermissionAsync(info);
}
@Override // android.content.pm.PackageManager
public void removePermission(String name) {
this.mBase.removePermission(name);
}
@Override // android.content.pm.PackageManager
public int checkSignatures(String pkg1, String pkg2) {
return this.mBase.checkSignatures(pkg1, pkg2);
}
@Override // android.content.pm.PackageManager
public int checkSignatures(int uid1, int uid2) {
return this.mBase.checkSignatures(uid1, uid2);
}
@Override // android.content.pm.PackageManager
public String[] getPackagesForUid(int uid) {
return this.mBase.getPackagesForUid(uid);
}
@Override // android.content.pm.PackageManager
public String getNameForUid(int uid) {
return this.mBase.getNameForUid(uid);
}
@Override // android.content.pm.PackageManager
public List<ApplicationInfo> getInstalledApplications(int flags) {
return this.mBase.getInstalledApplications(flags);
}
@Override
public boolean isInstantApp() {
return false;
}
@Override
public boolean isInstantApp(@NonNull String s) {
return false;
}
@Override
public int getInstantAppCookieMaxBytes() {
return 0;
}
@NonNull
@Override
public byte[] getInstantAppCookie() {
return new byte[0];
}
@Override
public void clearInstantAppCookie() {
}
@Override
public void updateInstantAppCookie(@Nullable byte[] bytes) {
}
@Override // android.content.pm.PackageManager
public String[] getSystemSharedLibraryNames() {
return this.mBase.getSystemSharedLibraryNames();
}
@NonNull
@Override
public List<SharedLibraryInfo> getSharedLibraries(int i) {
return null;
}
@Nullable
@Override
public ChangedPackages getChangedPackages(int i) {
return null;
}
@Override // android.content.pm.PackageManager
public FeatureInfo[] getSystemAvailableFeatures() {
return this.mBase.getSystemAvailableFeatures();
}
@Override // android.content.pm.PackageManager
public boolean hasSystemFeature(String name) {
return this.mBase.hasSystemFeature(name);
}
@Override
public boolean hasSystemFeature(@NonNull String s, int i) {
return false;
}
@Override // android.content.pm.PackageManager
public ResolveInfo resolveActivity(Intent intent, int flags) {
return this.mBase.resolveActivity(intent, flags);
}
@Override // android.content.pm.PackageManager
public List<ResolveInfo> queryIntentActivities(Intent intent, int flags) {
return this.mBase.queryIntentActivities(intent, flags);
}
@Override // android.content.pm.PackageManager
public List<ResolveInfo> queryIntentActivityOptions(ComponentName caller, Intent[] specifics, Intent intent, int flags) {
return this.mBase.queryIntentActivityOptions(caller, specifics, intent, flags);
}
@Override // android.content.pm.PackageManager
public List<ResolveInfo> queryBroadcastReceivers(Intent intent, int flags) {
return this.mBase.queryBroadcastReceivers(intent, flags);
}
@Override // android.content.pm.PackageManager
public ResolveInfo resolveService(Intent intent, int flags) {
return this.mBase.resolveService(intent, flags);
}
@Override // android.content.pm.PackageManager
public List<ResolveInfo> queryIntentServices(Intent intent, int flags) {
return this.mBase.queryIntentServices(intent, flags);
}
@Override // android.content.pm.PackageManager
public List<ResolveInfo> queryIntentContentProviders(Intent intent, int flags) {
return this.mBase.queryIntentContentProviders(intent, flags);
}
@Override // android.content.pm.PackageManager
public ProviderInfo resolveContentProvider(String name, int flags) {
return this.mBase.resolveContentProvider(name, flags);
}
@Override // android.content.pm.PackageManager
public List<ProviderInfo> queryContentProviders(String processName, int uid, int flags) {
return this.mBase.queryContentProviders(processName, uid, flags);
}
@Override // android.content.pm.PackageManager
public InstrumentationInfo getInstrumentationInfo(ComponentName className, int flags) throws PackageManager.NameNotFoundException {
return this.mBase.getInstrumentationInfo(className, flags);
}
@Override // android.content.pm.PackageManager
public List<InstrumentationInfo> queryInstrumentation(String targetPackage, int flags) {
return this.mBase.queryInstrumentation(targetPackage, flags);
}
@Override // android.content.pm.PackageManager
public Drawable getDrawable(String packageName, int resid, ApplicationInfo appInfo) {
return this.mBase.getDrawable(packageName, resid, appInfo);
}
@Override // android.content.pm.PackageManager
public Drawable getActivityIcon(ComponentName activityName) throws PackageManager.NameNotFoundException {
return this.mBase.getActivityIcon(activityName);
}
@Override // android.content.pm.PackageManager
public Drawable getActivityIcon(Intent intent) throws PackageManager.NameNotFoundException {
return this.mBase.getActivityIcon(intent);
}
@Override // android.content.pm.PackageManager
public Drawable getActivityBanner(ComponentName activityName) throws PackageManager.NameNotFoundException {
return this.mBase.getActivityBanner(activityName);
}
@Override // android.content.pm.PackageManager
public Drawable getActivityBanner(Intent intent) throws PackageManager.NameNotFoundException {
return this.mBase.getActivityBanner(intent);
}
@Override // android.content.pm.PackageManager
public Drawable getDefaultActivityIcon() {
return this.mBase.getDefaultActivityIcon();
}
@Override // android.content.pm.PackageManager
public Drawable getApplicationIcon(ApplicationInfo info) {
return this.mBase.getApplicationIcon(info);
}
@Override // android.content.pm.PackageManager
public Drawable getApplicationIcon(String packageName) throws PackageManager.NameNotFoundException {
return this.mBase.getApplicationIcon(packageName);
}
@Override // android.content.pm.PackageManager
public Drawable getApplicationBanner(ApplicationInfo info) {
return this.mBase.getApplicationBanner(info);
}
@Override // android.content.pm.PackageManager
public Drawable getApplicationBanner(String packageName) throws PackageManager.NameNotFoundException {
return this.mBase.getApplicationBanner(packageName);
}
@Override // android.content.pm.PackageManager
public Drawable getActivityLogo(ComponentName activityName) throws PackageManager.NameNotFoundException {
return this.mBase.getActivityLogo(activityName);
}
@Override // android.content.pm.PackageManager
public Drawable getActivityLogo(Intent intent) throws PackageManager.NameNotFoundException {
return this.mBase.getActivityLogo(intent);
}
@Override // android.content.pm.PackageManager
public Drawable getApplicationLogo(ApplicationInfo info) {
return this.mBase.getApplicationLogo(info);
}
@Override // android.content.pm.PackageManager
public Drawable getApplicationLogo(String packageName) throws PackageManager.NameNotFoundException {
return this.mBase.getApplicationLogo(packageName);
}
@Override // android.content.pm.PackageManager
public Drawable getUserBadgedIcon(Drawable icon, UserHandle user) {
return this.mBase.getUserBadgedIcon(icon, user);
}
@Override // android.content.pm.PackageManager
public Drawable getUserBadgedDrawableForDensity(Drawable drawable, UserHandle user, Rect badgeLocation, int badgeDensity) {
return this.mBase.getUserBadgedDrawableForDensity(drawable, user, badgeLocation, badgeDensity);
}
@Override // android.content.pm.PackageManager
public CharSequence getUserBadgedLabel(CharSequence label, UserHandle user) {
return this.mBase.getUserBadgedLabel(label, user);
}
@Override // android.content.pm.PackageManager
public CharSequence getText(String packageName, int resid, ApplicationInfo appInfo) {
return this.mBase.getText(packageName, resid, appInfo);
}
@Override // android.content.pm.PackageManager
public XmlResourceParser getXml(String packageName, int resid, ApplicationInfo appInfo) {
return this.mBase.getXml(packageName, resid, appInfo);
}
@Override // android.content.pm.PackageManager
public CharSequence getApplicationLabel(ApplicationInfo info) {
return this.mBase.getApplicationLabel(info);
}
@Override // android.content.pm.PackageManager
public Resources getResourcesForActivity(ComponentName activityName) throws PackageManager.NameNotFoundException {
return this.mBase.getResourcesForActivity(activityName);
}
@Override // android.content.pm.PackageManager
public Resources getResourcesForApplication(ApplicationInfo app) throws PackageManager.NameNotFoundException {
return this.mBase.getResourcesForApplication(app);
}
@Override // android.content.pm.PackageManager
public Resources getResourcesForApplication(String appPackageName) throws PackageManager.NameNotFoundException {
return this.mBase.getResourcesForApplication(appPackageName);
}
@Override // android.content.pm.PackageManager
public void verifyPendingInstall(int id, int verificationCode) {
this.mBase.verifyPendingInstall(id, verificationCode);
}
@Override // android.content.pm.PackageManager
public void extendVerificationTimeout(int id, int verificationCodeAtTimeout, long millisecondsToDelay) {
this.mBase.extendVerificationTimeout(id, verificationCodeAtTimeout, millisecondsToDelay);
}
@Override // android.content.pm.PackageManager
public void setInstallerPackageName(String targetPackage, String installerPackageName) {
this.mBase.setInstallerPackageName(targetPackage, installerPackageName);
}
@Override // android.content.pm.PackageManager
public String getInstallerPackageName(String packageName) {
return this.mBase.getInstallerPackageName(packageName);
}
@Override // android.content.pm.PackageManager
public void addPackageToPreferred(String packageName) {
this.mBase.addPackageToPreferred(packageName);
}
@Override // android.content.pm.PackageManager
public void removePackageFromPreferred(String packageName) {
this.mBase.removePackageFromPreferred(packageName);
}
@Override // android.content.pm.PackageManager
public List<PackageInfo> getPreferredPackages(int flags) {
return this.mBase.getPreferredPackages(flags);
}
@Override // android.content.pm.PackageManager
public void addPreferredActivity(IntentFilter filter, int match, ComponentName[] set, ComponentName activity) {
this.mBase.addPreferredActivity(filter, match, set, activity);
}
@Override // android.content.pm.PackageManager
public void clearPackagePreferredActivities(String packageName) {
this.mBase.clearPackagePreferredActivities(packageName);
}
@Override // android.content.pm.PackageManager
public int getPreferredActivities(List<IntentFilter> outFilters, List<ComponentName> outActivities, String packageName) {
return this.mBase.getPreferredActivities(outFilters, outActivities, packageName);
}
@Override // android.content.pm.PackageManager
public void setComponentEnabledSetting(ComponentName componentName, int newState, int flags) {
this.mBase.setComponentEnabledSetting(componentName, newState, flags);
}
@Override // android.content.pm.PackageManager
public int getComponentEnabledSetting(ComponentName componentName) {
return this.mBase.getComponentEnabledSetting(componentName);
}
@Override // android.content.pm.PackageManager
public void setApplicationEnabledSetting(String packageName, int newState, int flags) {
this.mBase.setApplicationEnabledSetting(packageName, newState, flags);
}
@Override // android.content.pm.PackageManager
public int getApplicationEnabledSetting(String packageName) {
return this.mBase.getApplicationEnabledSetting(packageName);
}
@Override // android.content.pm.PackageManager
public boolean isSafeMode() {
return this.mBase.isSafeMode();
}
@Override
public void setApplicationCategoryHint(@NonNull String s, int i) {
}
@Override // android.content.pm.PackageManager
public PackageInstaller getPackageInstaller() {
return this.mBase.getPackageInstaller();
}
@Override
public boolean canRequestPackageInstalls() {
return false;
}
}
写一个HookMainActivity,就不在说了;
然后说明一下签名字符串的获得方法;
Android 读取APK签名信息_LIAN_1988的专栏-CSDN博客 查看了这个文章实现的
private static String toCharsString(byte[] sigBytes) { byte[] sig = sigBytes; System.out.println(Arrays.toString(sig));
在签名转字符中打印出需要的字节,这样可以直接复制到上面的签名字节中;
然后就是把Java文件转smali文件了;使用的是Android studio 的java2smali插件生成;
然后就是把文件加到项目中了,我测试的APP是可以通过使用的;
标签:return,mBase,校验,content,APK,Override,PackageManager,public,打包 来源: https://blog.csdn.net/qq_35069128/article/details/122537914