在进行 APK static 分析时,有没有办法获取 API 调用的参数值?
[英]Is there a way to get the parameter value of API call while doing APK static analysis?
问题描述
I have get the api calls (external methods) of a apk file by androguard,and I also want to get some params value of sensitive apis.
我得到了androguard对apk文件的api调用(外部方法),我也想得到一些敏感api的参数值。 Are there some functions or methods for that?是否有一些功能或方法?
or或者
Is there a way to get the parameter value of the API call from smali file traversal method?有没有办法通过smali文件遍历方法获取API调用的参数值?
example:例子:
invoke-static {v0}, Lcom/xyz/sdk/impl/bd;->setWebContentsDebuggingEnabled(Z)V
How can I find the boolean value of the setWebContentsDebuggingEnabled API call?如何找到 setWebContentsDebuggingEnabled API 调用的 boolean 值?
I read the documentation that last value of the registers will hold the method parameter but can you provide some simple example?我阅读了寄存器的最后一个值将保存方法参数的文档,但你能提供一些简单的例子吗?
1 个解决方案
解决方案1
0 2022-01-29 12:49:34
The common way is to build an intra-procedural control flow graph so you can check which possible flows and thus what commands are executed before the invocation you are interested in.常见的方法是构建一个过程内控制流图,这样您就可以检查哪些可能的流以及在您感兴趣的调用之前执行了哪些命令。
Then check each those flows (go backwards through the list of commands that are executed) where the register you are looking for is written.然后检查每个流(通过已执行的命令列表倒退)您要查找的寄存器被写入的位置。
Often you end up in processing another method because the register is written using the return value of another method invocation or you go back until you reach the start of the method and recognize that the register value was handed over as argument to the method you are in. So you have to check the whole app code where are calls to this method and thus trace again the used register.通常您最终会处理另一个方法,因为寄存器是使用另一个方法调用的返回值写入的,或者您返回 go 直到您到达方法的开头并认识到寄存器值已作为参数移交给您所在的方法. 所以你必须检查整个应用程序代码在哪里调用这个方法,从而再次跟踪使用的寄存器。
I am not sure if and how Androguard provides such a functionality.我不确定 Androguard 是否以及如何提供这样的功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.