在 apktool 尝试反编译/解压我的 apk 时抛出异常
[英]Throw exception while apktool try to decompile/unarchive my apk
问题描述
I tried to harden my APK from reverse engineering.
我试图通过逆向工程强化我的 APK。 I know it's impossible preventing decompile APK but I saw some APKs used a trick to throw exception apktool in decompile process (Not just APK tool, all of decompiler like QARK can't return a classes.dex APK), so I decided to do that for take longer time in reverse engineering我知道阻止反编译 APK 是不可能的,但是我看到一些 APK 在反编译过程中使用了一个技巧来抛出异常apktool (不仅仅是 APK 工具,所有像QARK这样的反编译器都无法返回 classes.dex APK),所以我决定这样做在逆向工程中需要更长的时间
Here you can see some result of result of hardened application : winrar: winrar .在这里你可以看到一些强化应用程序的结果: winrar: winrar 。 winrar2 winrar2
apktool: apk工具:
sudo apktool d -f app/TTT.apk --keep-broken-res
I: Using Apktool 2.3.1-dirty on TTT.apk
I: Loading resource table...
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
W: Multiple types detected! ignored!
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/lab/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
Exception in thread "main" java.lang.NullPointerException
at brut.androlib.res.data.value.ResEnumAttr.serializeBody(ResEnumAttr.java:56)
at brut.androlib.res.data.value.ResAttr.serializeToResValuesXml(ResAttr.java:64)
at brut.androlib.res.AndrolibResources.generateValuesFile(AndrolibResources.java:555)
at brut.androlib.res.AndrolibResources.decode(AndrolibResources.java:269)
at brut.androlib.Androlib.decodeResourcesFull(Androlib.java:132)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:124)
at brut.apktool.Main.cmdDecode(Main.java:163)
at brut.apktool.Main.main(Main.java:72)
Please explain for me, how it's possible ?(I need detail of implementation)请为我解释,这怎么可能?(我需要实现的细节)
2 个解决方案
解决方案1
0 2018-10-30 02:01:54
The first APK you linked to isn't a valid APK.您链接的第一个 APK 不是有效的 APK。 It's just a plain text file, with the following text repeated over and over:它只是一个纯文本文件,下面的文本一遍又一遍地重复:
HTTP/1.1 200 OK
Date: Sat, 27 Oct 2018 17:35:36 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
Last-Modified: Sat, 28 Jul 2018 11:40:03 GMT
ETag: "23b1fe5-5720db0636ac0"
Accept-Ranges: bytes
Content-Length: 37429221
Keep-Alive: timeout=20
Connection: Keep-Alive
Obviously, just HTTP response headers repeated don't form a valid APK.显然,只是重复的 HTTP 响应标头不会形成有效的 APK。 The reason that your tools are failing on that file isn't that it's encrypted/obfuscated/hardened, but that it's not really an APK at all, and wouldn't work if you tried to install it.你的工具在那个文件上失败的原因不是它被加密/混淆/强化,而是它根本不是一个 APK,如果你试图安装它就不会工作。
The second APK you linked to extracts for me fine when I unzip it.当我unzip它时,您链接到提取的第二个 APK 很好。
My conclusion is that the "hardening" you mention doesn't exist (it seemed to only due to mixing up valid and invalid APKs), and that any APK that successfully installs can also be successfully extracted.我的结论是你提到的“强化”不存在(这似乎只是由于混合了有效和无效的 APK),并且任何成功安装的 APK 也可以成功提取。
解决方案2
-1 2018-10-30 09:40:44
That's encryption java classes feature (Like dexgaurd or Bangcle kh);那是加密 java 类功能(如 dexgaurd 或 Bangcle kh); and also that's protected with Native Library Encryption (NLE) + JNI Obfuscation (JNI) From Something like dexprotector (i found that in dynamic analysis tools)并且还受到本地库加密 (NLE) + JNI 混淆 (JNI) 的保护,来自 dexprotector 之类的东西(我在动态分析工具中发现了这一点)
and many tanks to semanticscholar for This article and this和许多坦克到语义学者这篇文章和这个
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.