【银行逆向百例】18Android逆向之libDexHelper.so梆梆加固壳解密+frida-dexdump脱壳

admin 2026-06-30 06:28:54 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 该文档详细介绍了Android应用梆梆加固企业版壳的解密与脱壳过程。通过分析libDexHelper.so文件,使用IDA定位壳入口地址0x4780,识别RC4和XOR解密函数,并配合frida-dexdump工具完成脱壳操作。文章提供了完整的Python解密脚本和操作步骤,具有实际可操作性。 综合评分: 85 文章分类: 移动安全,二进制安全,逆向分析,安全工具,漏洞分析


cover_image

【银行逆向百例】18Android逆向之libDexHelper.so梆梆加固壳解密+frida-dexdump脱壳

原创

挖个洞先 挖个洞先

挖个洞先

2026年6月8日 09:00 北京

在小说阅读器读本章

去阅读

 只要有想见的人,就不是孤单一个人。——《夏目友人帐》S3E4 

01

环境版本

环境:

电脑,Windows 11 专业版 23H2

https://github.com/JiaoSuInfoSec/JiaoSuInfoSec_T00ls_Win11

软件:

Florida,16.1.8

https://github.com/Ylarod/Florida/releases/tag/16.1.8

frida-dexdump

https://github.com/hluwa/frida-dexdump

02

操作步骤

1、梆梆加固企业版

2、查看APP完整路径,拷贝libDexHelper.so到本地

adb shell dumpsys window | grep mCurrentFocusadb shell pm path com.xxx.xxxadb shell "su -c 'cp /data/app/xxx/com.xxx.xxx/lib/arm64/libDexHelper.so /data/local/tmp/ && chmod 777 /data/local/tmp/libDexHelper.so'"adb pull /data/local/tmp/libDexHelper.so ./dumps

3、libDexHelper.so导入IDA只有32个有名字的符号(25个导入函数+ 7个标记)

4、快捷键G跳到0,D切换显示模式

5、0x40查看ELF64 Program Header

6、导入parse_elf.py定位壳入口

0x26000查看.dynamic 段,DT_INIT_ARRAY = 0x14D08,DT_RELA = 0x26E8

0x26E8 查看重定位表

.init_array[0]的值= 0x4780

import&nbsp;structimport&nbsp;idc# ========== 第1步:解析 ELF Header ==========print("="&nbsp;*&nbsp;60)print("第1步:ELF Header")print("="&nbsp;*&nbsp;60)e_phoff = struct.unpack_from('<Q', idc.get_bytes(0x20,&nbsp;8),&nbsp;0)[0]e_phentsize = struct.unpack_from('<H', idc.get_bytes(0x36,&nbsp;2),&nbsp;0)[0]e_phnum = struct.unpack_from('<H', idc.get_bytes(0x38,&nbsp;2),&nbsp;0)[0]print(f"Program Header 偏移: 0x{e_phoff:X}")print(f"每个条目大小:&nbsp;{e_phentsize}&nbsp;字节")print(f"条目数量:&nbsp;{e_phnum}")print(f"-> 下一步去地址 0x{e_phoff:X}")# ========== 第2步:解析 Program Headers ==========print("")print("="&nbsp;*&nbsp;60)print("第2步:Program Header Table")print("="&nbsp;*&nbsp;60)type_names = {&nbsp; &nbsp;&nbsp;0:&nbsp;'NULL',&nbsp;1:&nbsp;'LOAD',&nbsp;2:&nbsp;'DYNAMIC',&nbsp;3:&nbsp;'INTERP',&nbsp; &nbsp;&nbsp;4:&nbsp;'NOTE',&nbsp;6:&nbsp;'PHDR',&nbsp;0x6474e550:&nbsp;'GNU_EH_FRAME',&nbsp; &nbsp;&nbsp;0x6474e551:&nbsp;'GNU_STACK',&nbsp;0x6474e552:&nbsp;'GNU_RELRO'}dynamic_vaddr =&nbsp;Nonefor&nbsp;i&nbsp;in&nbsp;range(e_phnum):&nbsp; &nbsp; off = e_phoff + i * e_phentsize&nbsp; &nbsp; data = idc.get_bytes(off, e_phentsize)&nbsp; &nbsp; p_type = struct.unpack_from('<I', data,&nbsp;0)[0]&nbsp; &nbsp; p_offset = struct.unpack_from('<Q', data,&nbsp;8)[0]&nbsp; &nbsp; p_vaddr = struct.unpack_from('<Q', data,&nbsp;16)[0]&nbsp; &nbsp; p_filesz = struct.unpack_from('<Q', data,&nbsp;32)[0]&nbsp; &nbsp; tname = type_names.get(p_type,&nbsp;f'0x{p_type:X}')&nbsp; &nbsp; marker =&nbsp;' <<<'&nbsp;if&nbsp;p_type ==&nbsp;2&nbsp;else&nbsp;''&nbsp; &nbsp;&nbsp;print(f"[{i}]&nbsp;{tname:15s}&nbsp;offset=0x{p_offset:08X}&nbsp; vaddr=0x{p_vaddr:08X}&nbsp; size=0x{p_filesz:X}{marker}")&nbsp; &nbsp;&nbsp;if&nbsp;p_type ==&nbsp;2:&nbsp; &nbsp; &nbsp; &nbsp; dynamic_vaddr = p_vaddrif&nbsp;dynamic_vaddr:&nbsp; &nbsp;&nbsp;print(f"\n-> 找到 DYNAMIC 段! 下一步去地址 0x{dynamic_vaddr:X}")# ========== 第3步:解析 .dynamic 段 ==========if&nbsp;dynamic_vaddr:&nbsp; &nbsp;&nbsp;print("")&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp;&nbsp;print(f"第3步: .dynamic 段 (地址 0x{dynamic_vaddr:X})")&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp; tag_names = {&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;0:&nbsp;'DT_NULL',&nbsp;1:&nbsp;'DT_NEEDED',&nbsp;4:&nbsp;'DT_HASH',&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;5:&nbsp;'DT_STRTAB',&nbsp;6:&nbsp;'DT_SYMTAB',&nbsp;7:&nbsp;'DT_RELA',&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;8:&nbsp;'DT_RELASZ',&nbsp;10:&nbsp;'DT_STRSZ',&nbsp;12:&nbsp;'DT_INIT',&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;13:&nbsp;'DT_FINI',&nbsp;25:&nbsp;'DT_INIT_ARRAY',&nbsp;26:&nbsp;'DT_FINI_ARRAY',&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;27:&nbsp;'DT_INIT_ARRAYSZ',&nbsp;28:&nbsp;'DT_FINI_ARRAYSZ'&nbsp; &nbsp; }&nbsp; &nbsp; init_array_addr =&nbsp;None&nbsp; &nbsp; rela_addr =&nbsp;None&nbsp; &nbsp; rela_size =&nbsp;None&nbsp; &nbsp; addr = dynamic_vaddr&nbsp; &nbsp;&nbsp;while&nbsp;addr < dynamic_vaddr +&nbsp;0x1000:&nbsp; &nbsp; &nbsp; &nbsp; data = idc.get_bytes(addr,&nbsp;16)&nbsp; &nbsp; &nbsp; &nbsp; d_tag = struct.unpack_from('<Q', data,&nbsp;0)[0]&nbsp; &nbsp; &nbsp; &nbsp; d_val = struct.unpack_from('<Q', data,&nbsp;8)[0]&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;d_tag ==&nbsp;0:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"0x{addr:08X}: DT_NULL (结束)")&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;break&nbsp; &nbsp; &nbsp; &nbsp; tname = tag_names.get(d_tag,&nbsp;f'DT_0x{d_tag:X}')&nbsp; &nbsp; &nbsp; &nbsp; marker =&nbsp;''&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;d_tag ==&nbsp;25:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; marker =&nbsp;' <<< .init_array 地址!'&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; init_array_addr = d_val&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;elif&nbsp;d_tag ==&nbsp;27:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; marker =&nbsp;' (.init_array 大小)'&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;elif&nbsp;d_tag ==&nbsp;7:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; marker =&nbsp;' <<< 重定位表地址'&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rela_addr = d_val&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;elif&nbsp;d_tag ==&nbsp;8:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; marker =&nbsp;' <<< 重定位表大小'&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rela_size = d_val&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"0x{addr:08X}:&nbsp;{tname:25s}&nbsp;= 0x{d_val:08X}{marker}")&nbsp; &nbsp; &nbsp; &nbsp; addr +=&nbsp;16&nbsp; &nbsp;&nbsp;# ========== 第4步:解析重定位表 ==========&nbsp; &nbsp;&nbsp;if&nbsp;rela_addr&nbsp;and&nbsp;init_array_addr:&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print("")&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"第4步: 重定位表 (地址 0x{rela_addr:X})")&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp; &nbsp; &nbsp; count = rela_size //&nbsp;24&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;i&nbsp;in&nbsp;range(count):&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; off = rela_addr + i *&nbsp;24&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; data = idc.get_bytes(off,&nbsp;24)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; r_offset = struct.unpack_from('<Q', data,&nbsp;0)[0]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; r_info = struct.unpack_from('<Q', data,&nbsp;8)[0]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; r_addend = struct.unpack_from('<q', data,&nbsp;16)[0]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; r_type = r_info &&nbsp;0xFFFFFFFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type_names_r = {0x401:&nbsp;'RELATIVE',&nbsp;0x403:&nbsp;'GLOB_DAT'}&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tname = type_names_r.get(r_type,&nbsp;f'0x{r_type:X}')&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; marker =&nbsp;''&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;r_offset == init_array_addr:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; marker =&nbsp;' <<< 这就是壳的入口地址!'&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"[{i}] 修改 0x{r_offset:08X}&nbsp;<- 0x{r_addend:X}&nbsp; 类型={tname}{marker}")&nbsp; &nbsp;&nbsp;# ========== 结论 ==========&nbsp; &nbsp;&nbsp;print("")&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp;&nbsp;print("结论")&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp;&nbsp;if&nbsp;init_array_addr&nbsp;and&nbsp;rela_addr:&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f".init_array 地址: 0x{init_array_addr:X}")&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"壳的真正入口: 0x4780")&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"")&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"-> 按 G 输入 4780 跳转到壳入口, 然后按 F5 反编译")

7、0x4780,F5反编译

8、0x33F8,F5反编译,壳主函数

9、在壳主函数中找到关键调用

0x36BC: BL sub_3184 (RC4解密)

0x3728: BL sub_2B1C (XOR解密)

0x454C: BL sub_2CD0 (ELF重定位)

10、解密壳

import&nbsp;struct# 读取原始外层壳with&nbsp;open('libDexHelper.so',&nbsp;'rb')&nbsp;as&nbsp;f:&nbsp; &nbsp; data = f.read()print(f"[*] 原始文件大小:&nbsp;{hex(len(data))}")# 关键常量 (从分析记录)PAYLOAD_OFFSET =&nbsp;0x8000&nbsp; &nbsp; &nbsp;&nbsp;# 内层payload起始偏移XOR_KEY =&nbsp;0x19&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;# 正文XOR keyHEADER_DECRYPT_LEN =&nbsp;0x40&nbsp; &nbsp; &nbsp;# 头部解密长度# 从文件尾部偏移0x104E3D读取密钥材料KEY_MATERIAL_OFFSET =&nbsp;0x104E3DKEY_MATERIAL_LEN =&nbsp;0x14HEADER_KEY_LEN =&nbsp;0x10&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;# 前0x10字节作为头部解密keykey_material = data[KEY_MATERIAL_OFFSET:KEY_MATERIAL_OFFSET + KEY_MATERIAL_LEN]print(f"[*] 密钥材料 ({hex(KEY_MATERIAL_OFFSET)}):&nbsp;{key_material.hex()}")header_key = key_material[:HEADER_KEY_LEN]print(f"[*] 头部解密key:&nbsp;{header_key.hex()}")# 提取加密的payloadencrypted_payload = data[PAYLOAD_OFFSET:]print(f"[*] 加密payload大小:&nbsp;{hex(len(encrypted_payload))}")# 第一步:对头部0x40字节做RC4-like解密# RC4-like: 简单的流密码,用key生成密钥流def&nbsp;rc4_like_decrypt(data, key):&nbsp; &nbsp;&nbsp;# 初始化S盒&nbsp; &nbsp; S =&nbsp;list(range(256))&nbsp; &nbsp; j =&nbsp;0&nbsp; &nbsp;&nbsp;for&nbsp;i&nbsp;in&nbsp;range(256):&nbsp; &nbsp; &nbsp; &nbsp; j = (j + S[i] + key[i %&nbsp;len(key)]) %&nbsp;256&nbsp; &nbsp; &nbsp; &nbsp; S[i], S[j] = S[j], S[i]&nbsp; &nbsp;&nbsp;# 生成密钥流并解密&nbsp; &nbsp; result =&nbsp;bytearray(len(data))&nbsp; &nbsp; i = j =&nbsp;0&nbsp; &nbsp;&nbsp;for&nbsp;k&nbsp;in&nbsp;range(len(data)):&nbsp; &nbsp; &nbsp; &nbsp; i = (i +&nbsp;1) %&nbsp;256&nbsp; &nbsp; &nbsp; &nbsp; j = (j + S[i]) %&nbsp;256&nbsp; &nbsp; &nbsp; &nbsp; S[i], S[j] = S[j], S[i]&nbsp; &nbsp; &nbsp; &nbsp; keystream_byte = S[(S[i] + S[j]) %&nbsp;256]&nbsp; &nbsp; &nbsp; &nbsp; result[k] = data[k] ^ keystream_byte&nbsp; &nbsp;&nbsp;return&nbsp;bytes(result)# 解密头部header_encrypted = encrypted_payload[:HEADER_DECRYPT_LEN]header_decrypted = rc4_like_decrypt(header_encrypted, header_key)print(f"[*] 头部解密完成")# 第二步:对正文做单字节XOR解密body_encrypted = encrypted_payload[HEADER_DECRYPT_LEN:]body_decrypted =&nbsp;bytes([b ^ XOR_KEY&nbsp;for&nbsp;b&nbsp;in&nbsp;body_encrypted])print(f"[*] 正文XOR解密完成 (key=0x{XOR_KEY:02X})")# 拼接完整的解壳后payloaddecrypted_payload = header_decrypted + body_decrypted# 验证ELF魔数if&nbsp;decrypted_payload[:4] ==&nbsp;b'\x7fELF':&nbsp; &nbsp;&nbsp;print(f"[+] ELF魔数验证通过!")else:&nbsp; &nbsp;&nbsp;print(f"[-] 警告: ELF魔数不匹配:&nbsp;{decrypted_payload[:4].hex()}")# 解析ELF头elf_magic = decrypted_payload[:4]ei_class = decrypted_payload[4] &nbsp;# 32/64位ei_data = decrypted_payload[5] &nbsp;&nbsp;# 字节序e_type = struct.unpack('<H', decrypted_payload[16:18])[0]e_machine = struct.unpack('<H', decrypted_payload[18:20])[0]e_entry = struct.unpack('<I', decrypted_payload[24:28])[0]e_phoff = struct.unpack('<I', decrypted_payload[28:32])[0]e_shoff = struct.unpack('<I', decrypted_payload[32:36])[0]e_phnum = struct.unpack('<H', decrypted_payload[42:44])[0]e_shnum = struct.unpack('<H', decrypted_payload[48:50])[0]print(f"\n[*] 内层ELF信息:")print(f" &nbsp;类型:&nbsp;{'64位'&nbsp;if&nbsp;ei_class ==&nbsp;2&nbsp;else&nbsp;'32位'}")print(f" &nbsp;字节序:&nbsp;{'小端'&nbsp;if&nbsp;ei_data ==&nbsp;1&nbsp;else&nbsp;'大端'}")print(f" &nbsp;e_type:&nbsp;{hex(e_type)}")print(f" &nbsp;e_machine:&nbsp;{hex(e_machine)}")print(f" &nbsp;入口点:&nbsp;{hex(e_entry)}")print(f" &nbsp;Program Header偏移:&nbsp;{hex(e_phoff)}")print(f" &nbsp;Section Header偏移:&nbsp;{hex(e_shoff)}")print(f" &nbsp;Program Header数量:&nbsp;{e_phnum}")print(f" &nbsp;Section Header数量:&nbsp;{e_shnum}")# 保存解壳后的文件output_file =&nbsp;'libDexHelper_inner.so'with&nbsp;open(output_file,&nbsp;'wb')&nbsp;as&nbsp;f:&nbsp; &nbsp; f.write(decrypted_payload)print(f"\n[+] 解壳完成! 保存到:&nbsp;{output_file}")print(f"[+] 文件大小:&nbsp;{hex(len(decrypted_payload))}")

11、libDexHelper_inner.so导入IDA,函数数量2211个

12、使用florida 16.1.8绕过frida检测

13、使用frida-dexdump -d模式

D:\path\python\python39\python39.exe -m frida_dexdump -U -f com.xxx.xxx --sleep&nbsp;15&nbsp;-d -o C:\Users\Administrator\Desktop\frida\dump_output

14、修复dex

import&nbsp;osimport&nbsp;structimport&nbsp;zlibimport&nbsp;hashlibdef&nbsp;fix_dex_checksum(filepath):&nbsp; &nbsp;&nbsp;"""修复 DEX 文件的 checksum 和签名"""&nbsp; &nbsp;&nbsp;with&nbsp;open(filepath,&nbsp;'rb')&nbsp;as&nbsp;f:&nbsp; &nbsp; &nbsp; &nbsp; data =&nbsp;bytearray(f.read())&nbsp; &nbsp;&nbsp;# 检查 DEX 魔数&nbsp; &nbsp;&nbsp;if&nbsp;data[:4] !=&nbsp;b'dex\n':&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"[跳过]&nbsp;{os.path.basename(filepath)}: 不是 DEX 文件")&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;False&nbsp; &nbsp;&nbsp;# 读取当前值&nbsp; &nbsp; old_checksum = struct.unpack_from('<I', data,&nbsp;8)[0]&nbsp; &nbsp;&nbsp;# 第一步:计算 SHA-1 签名(对偏移 32 开始的数据)&nbsp; &nbsp; sha1 = hashlib.sha1(bytes(data[32:])).digest()&nbsp; &nbsp;&nbsp;# 第二步:写入签名到偏移 12-31&nbsp; &nbsp; data[12:32] = sha1&nbsp; &nbsp;&nbsp;# 第三步:计算 adler32 checksum(对偏移 12 开始的数据,包含签名)&nbsp; &nbsp; new_checksum = zlib.adler32(bytes(data[12:])) &&nbsp;0xFFFFFFFF&nbsp; &nbsp;&nbsp;# 第四步:写入 checksum 到偏移 8-11&nbsp; &nbsp; struct.pack_into('<I', data,&nbsp;8, new_checksum)&nbsp; &nbsp;&nbsp;# 保存修复后的文件&nbsp; &nbsp;&nbsp;with&nbsp;open(filepath,&nbsp;'wb')&nbsp;as&nbsp;f:&nbsp; &nbsp; &nbsp; &nbsp; f.write(data)&nbsp; &nbsp;&nbsp;print(f"[修复]&nbsp;{os.path.basename(filepath)}: checksum=0x{new_checksum:08X}")&nbsp; &nbsp;&nbsp;return&nbsp;Truedef&nbsp;main():&nbsp; &nbsp; dex_dir =&nbsp;r'C:\Users\Administrator\Desktop\frida\dump_output'&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp;&nbsp;print("DEX 文件 checksum 修复工具 (v2)")&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp; fixed =&nbsp;0&nbsp; &nbsp; failed =&nbsp;0&nbsp; &nbsp;&nbsp;for&nbsp;filename&nbsp;in&nbsp;sorted(os.listdir(dex_dir)):&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;filename.endswith('.dex'):&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; filepath = os.path.join(dex_dir, filename)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;try:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;fix_dex_checksum(filepath):&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; fixed +=&nbsp;1&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;except&nbsp;Exception&nbsp;as&nbsp;e:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"[错误]&nbsp;{filename}:&nbsp;{e}")&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; failed +=&nbsp;1&nbsp; &nbsp;&nbsp;print()&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)&nbsp; &nbsp;&nbsp;print(f"修复完成:&nbsp;{fixed}&nbsp;个文件")&nbsp; &nbsp;&nbsp;print(f"失败:&nbsp;{failed}&nbsp;个文件")&nbsp; &nbsp;&nbsp;print("="&nbsp;*&nbsp;60)if&nbsp;__name__ ==&nbsp;'__main__':&nbsp; &nbsp; main()

15、AndroidManifest.xml找一个WebViewActivity

16、去脱壳的代码中查看WebViewActivity验证

插眼

免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:挖个洞先 挖个洞先 挖个洞先《【银行逆向百例】18Android逆向之libDexHelper.so梆梆加固壳解密+frida-dexdump脱壳》

XSecret|使用文档 网络安全文章

XSecret|使用文档

文章总结: XSecret是一款专注于文本和Markdown内容加密的轻量级笔记工具,支持强密码规则校验、文件加密存储、双栏编辑预览、图片插入、主题切换和自动超
评论:0   参与:  0