堆栈内存溢出
  简体   繁体   English

针对BLE协议的逆向工程中文应用程序的建议

[英]Advice on reverse engineering Chinese app for BLE protocol

 原文  2018-01-31 15:35:17       android/ bluetooth/ wearables

问题描述

Recently I got a Chinese clone of the Mi Band 2. The app it needs is horrible, though . 最近,我得到了中文版的Mi Band2。不过,它需要的应用程序太恐怖了 So I wondered how to create another app that interprets the data from the band into something more useful (I know it's possible because even the mi band has alternative, user-created apps). 因此,我想知道如何创建另一个应用程序,以将乐队中的数据解释为更有用的东西(我知道这是可能的,因为即使mi band也有用户创建的替代应用程序)。

I started trying to reverse engineer the apk to find most of the code that is used to communicate with the BLE device. 我开始尝试对apk进行逆向工程,以查找用于与BLE设备通信的大多数代码。 (Inspired by this thread on how someone did it with the mi fit app) 此线程启发了某人使用mi fit应用程序的操作方式)

So I followed the accepted answer on this stackoverflow question. 因此,我在这个stackoverflow问题上遵循了公认的答案

(Note that I downloaded the apk from a page called APKTurbo as it was the only option I found, and I have no way of copying the app from my device.) (请注意,我从名为APKTurbo的页面下载了apk,因为这是我找到的唯一选项,并且无法从设备中复制该应用。)

I followed the steps mentioned above, but I only found three files on the .jar file created ( screenshot ). 我按照上面提到的步骤进行操作,但是在创建的.jar文件中仅找到了三个文件( 屏幕截图 )。 All three can be found here: 这三个都可以在这里找到:

There are mentions of something like "com.qihoo360.crypt.entryRunApplication" . 提到了类似“ com.qihoo360.crypt.entryRunApplication”之类的东西。 (Qihoo is a Chinese security company). (奇虎是一家中国安全公司)。

I must mention I have some experience with Java, I have developed very basic apps for Android, but I am no expert, unfortunately. 我必须提到我对Java有一定的经验,我已经为Android开发了非常基本的应用程序,但是不幸的是,我不是专家。

So from what I found my only guesses are that either the app is encrypted or the place from where I got it adds some way of protection. 因此,根据我的发现,我唯一的猜测就是该应用程序已加密,或者从我获得它的位置添加了某种保护方式。

Next I tried using this app called BLE Scanner to read the band. 接下来,我尝试使用名为BLE Scanner的应用程序读取频段。 I found that the name of the BLE device is RB09_heart. 我发现BLE设备的名称是RB09_heart。 I also found 4 services, if I recall correctly, 3 of them were custom and only one was for the data of the band (eg name of device). 我还发现了4种服务,如果我没记错的话,其中3种是自定义的,只有一种用于频带数据(例如,设备名称)。

I don't know what to do with this data, I think I still need to see the app's code to understand how messages are send to the band. 我不知道如何处理这些数据,我想我仍然需要查看应用程序的代码以了解如何将消息发送到乐队。

What should I do next? 接下来我该怎么办? Or, where did I go wrong? 或者,我哪里出错了? Thanks in advance. 提前致谢。

1 个解决方案

解决方案1
 1  2018-01-31 15:41:17

Rather than trying to reverse engineer an APK that's likely been minified/obfuscated, have you tried looking for an SDK for the bands? 您是否尝试过为乐队寻找SDK,而不是对可能被缩小/混淆的APK进行反向工程处理? Checking git turned up both this and this as potential options, do these not provide what you need? 检查混帐止跌回升都这个这个作为潜在的选择,做这些你需要什么不能提供?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 逆向工程 BLE 设备 - 校验和? - Reverse Engineering BLE device - Checksum? 是否可以通过对apk进行反向工程来破解应用程序? - Is it possible to hack an app by reverse engineering the apk? 保护 flutter 应用程序中的机密免遭逆向工程 - protect secrets in flutter app from reverse engineering 保护 Android 应用程序免受逆向工程 - Protect Android App from reverse engineering 如何保护 Flutter 应用程序免受逆向工程 - How to protect Flutter app from reverse engineering 防止在Airwatch受管设备上进行Android应用反向工程 - Prevent android app reverse engineering on Airwatch managed devices PubNub安全反对某人逆向工程Android应用程序 - PubNub security against someone reverse engineering an android app 需要有关逆向工程和反编译的一些信息(Android App-JDK) - Need some information about reverse engineering and decompile (android app - jdk) 对应用程序进行反向工程时,构建类型资源是否可见? - can Build Types resources be visible while reverse engineering the app? 可以通过对我的应用程序进行反向工程来篡改Firebase项目中的数据吗? - Can the data in my Firebase project be tampered with by reverse engineering my app?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM