设为首页收藏本站
开启辅助访问

网易大神2022最新版本分析(1)

 您所在的位置:网站首页 大神app最新版本 网易大神2022最新版本分析(1)

网易大神2022最新版本分析(1)

2024-06-04 14:02| 来源: 网络整理| 查看: 265

文章目录 前言一、网易大神得源码在哪里?二、分析java层源码1.java层ProxyApplication类全部代码2.第一部分代码分析 总结

前言

学习网易大神dex 加固方式,更好容易掌握最新技术,攻防对抗,只是为了更好得学习成长,了解自己得不足!一切学习都是为了进步!

一、网易大神得源码在哪里?

使用jadx-gui反编译apk 在这里插入图片描述 发现没有办法完全反编译出Java代码,压根反编译不全,挺ok得,我们不放弃继续换方法,于是我们用jeb 进行反编译。 在这里插入图片描述

我们查找ProxyApplication这个类 在这里插入图片描述

二、分析java层源码 1.java层ProxyApplication类全部代码

代码如下(示例):

​ package com.netease.dexshell; import android.app.Application; import android.content.Context; import android.content.SharedPreferences$Editor; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager$NameNotFoundException; import android.os.Build$VERSION; import android.text.TextUtils; import android.util.Log; import dalvik.system.BaseDexClassLoader; import java.lang.reflect.Array; import java.lang.reflect.Field; import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Arrays; import java.util.Enumeration; import java.util.Locale; import java.util.concurrent.TimeUnit; public class ProxyApplication extends Application { public static String I00I067; public static String II0OO0II0O; public boolean IOO00OOI0; public static Application delegate; public static Application proxy; public ProxyApplication() { super(); this.IOO00OOI0 = false; } private void I0O00OIIoO(Context arg6, String arg7) { try { if(Build$VERSION.SDK_INT } else { if(this.getSharedPreferences("shell-config", 4).getBoolean("opt-finish", false)) { } else if(Utils.IOII0OO0I(arg6)) { new Thread(new Runnable(arg6, arg7) { public void run() { try { if(Build$VERSION.SDK_INT >= 26) { TimeUnit.SECONDS.sleep(50); goto label_15; } TimeUnit.SECONDS.sleep(55); } catch(InterruptedException v0) { Log.e("InterruptedException %s", v0.getMessage()); } label_15: String v0_1 = Utils.II0OO0I0(this.val$context); if(ProxyApplication.IOO0OO0IIo(this.val$context, new ArrayList(Arrays.asList(Utils.II0O0IIO(this.val$dir, "enc_opt"))), String.format(Locale.CHINA, "%s/oat/%s", new Object[]{this.val$dir.replace("/user/0", "/data"), v0_1}), v0_1) == 0) { SharedPreferences$Editor v0_2 = ProxyApplication.this.getSharedPreferences("shell-config", 4).edit(); v0_2.putBoolean("opt-finish", true); v0_2.apply(); } } }).start(); } else { } return; } } return; } catch(Exception ) { double v6 = ((double)6); double v0 = ((double)25); if(v6 >= Math.sqrt(v0)) { return; } while(true) { if(v6 >= Math.sqrt(v0)) { return; } try { new Throwable().getCause(); continue; } catch(Throwable v6_1) { break; } catch(NullPointerException ) { continue; } } throw v6_1; } } private void I0O0I0OOo0(String arg8, Context arg9) { try { int v3 = 2; if(arg8.contains("x86")) { Utils.II0OIIO0(arg9, "netease_hook_x86", String.format("%s/.jiagu/%s/netease_hook_x86.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067)); StringBuilder v0 = new StringBuilder("netease_ssl"); if(arg8.contains("64")) { v0.append("_x64"); } arg8 = v0.toString(); System.load(Utils.II0OIIO0(arg9, arg8, String.format("%s/.jiagu/%s/netease_ssl.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067))); return; } Utils.II0OIIO0(arg9, "netease_hook_arm", String.format("%s/.jiagu/%s/netease_hook_arm.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067)); System.loadLibrary("netease_ssl"); } catch(Exception ) { double v8 = ((double)6); double v0_1 = ((double)25); if(v8 >= Math.sqrt(v0_1)) { return; } while(true) { if(v8 >= Math.sqrt(v0_1)) { return; } try { new Throwable().getCause(); continue; } catch(NullPointerException ) { continue; } catch(Throwable v8_1) { break; } } throw v8_1; } } public static native void IO00OI0o0(Context arg0, String arg1) { } public static native int IOO0OO0IIo(Context arg0, ArrayList arg1, String arg2, String arg3) { } protected void attachBaseContext(Context arg7) { super.attachBaseContext(arg7); try { ApplicationInfo v0_1 = this.getPackageManager().getApplicationInfo(this.getPackageName(), 128); ProxyApplication.II0OO0II0O = v0_1.metaData.getString("II0OI00IO"); ProxyApplication.I00I067 = v0_1.metaData.getString("IOO0IIO0"); } catch(PackageManager$NameNotFoundException v0) { v0.printStackTrace(); ProxyApplication.I00I067 = "default"; } try { this.I0O0I0OOo0(Utils.II0OO0I0(arg7), arg7); String v0_2 = String.format(Locale.CHINA, "%s/net_opt/%s/enc", this.getFilesDir(), ProxyApplication.I00I067); ProxyApplication.IO00OI0o0(arg7, v0_2); this.I0O00OIIoO(arg7, v0_2); } catch(Exception v7) { v7.printStackTrace(); double v0_3 = ((double)6); double v2 = ((double)25); if(v0_3 >= Math.sqrt(v2)) { return; } while(true) { if(v0_3 >= Math.sqrt(v2)) { return; } try { new Throwable().getCause(); continue; } catch(Throwable v7_1) { break; } catch(NullPointerException ) { continue; } } throw v7_1; } } public native Context createPackageContext(String arg1, int arg2) throws PackageManager$NameNotFoundException { } public String getPackageName() { try { if(this.IOO00OOI0) { goto label_29; } try { Field v0_3 = Class.forName("android.app.ContextImpl").getDeclaredField("mMainThread"); boolean v1 = true; v0_3.setAccessible(true); Object v0_4 = v0_3.get(this.getBaseContext()); Field v2 = Class.forName("android.app.ActivityThread").getDeclaredField("mInitialApplication"); v2.setAccessible(true); if(v2.get(v0_4) != null) { } else { v1 = false; } this.IOO00OOI0 = v1; goto label_29; } catch(NoSuchFieldException v0) { try { v0.printStackTrace(); label_29: if(!this.IOO00OOI0) { goto label_52; } if(ProxyApplication.delegate != null) { goto label_52; } if(TextUtils.isEmpty(ProxyApplication.II0OO0II0O)) { goto label_52; } return ""; } catch(Exception ) { label_38: double v0_5 = ((double)6); double v2_1 = ((double)25); if(v0_5 >= Math.sqrt(v2_1)) { goto label_52; } while(true) { if(v0_5 >= Math.sqrt(v2_1)) { goto label_52; } try { new Throwable().getCause(); continue; } catch(Throwable v0_6) { break; } catch(NullPointerException ) { continue; } } throw v0_6; } } catch(ClassNotFoundException v0_1) { } catch(IllegalAccessException v0_2) { try { v0_2.printStackTrace(); goto label_29; v0_1.printStackTrace(); goto label_29; } catch(Exception ) { goto label_38; } } } catch(Exception ) { goto label_38; } label_52: return super.getPackageName(); } public static Enumeration n11() { Enumeration v0 = null; try { Field v1_1 = BaseDexClassLoader.class.getDeclaredField("pathList"); v1_1.setAccessible(true); Object v1_2 = v1_1.get(ProxyApplication.delegate.getClassLoader()); Field v3 = v1_2.getClass().getDeclaredField("dexElements"); v3.setAccessible(true); v1_2 = v3.get(v1_2); int v3_1 = v1_2.length; Object v6 = v0; Object v7 = v6; int v5; for(v5 = 0; v5 } else { Method v9_1 = v8.getClass().getDeclaredMethod("entries"); v9_1.setAccessible(true); if(v6 != null) { v8 = v9_1.invoke(v8); v9 = v8.getClass().getDeclaredField("mNameList"); v9.setAccessible(true); v8 = v9.get(v8); Object v9_2 = Array.newInstance(v8.getClass().getComponentType(), v8.length + v7.length); System.arraycopy(v7, 0, v9_2, 0, v7.length); System.arraycopy(v8, 0, v9_2, v7.length, v8.length); v7 = v9_2; } else { v6 = v9_1.invoke(v8); Field v7_1 = v6.getClass().getDeclaredField("mNameList"); v7_1.setAccessible(true); v7 = v7_1.get(v6); } } } if(v6 != null && v7 != null) { v1_1 = v6.getClass().getDeclaredField("mNameList"); v1_1.setAccessible(true); v1_1.set(v6, v7); } return ((Enumeration)v6); } catch(Exception v1) { v1.printStackTrace(); double v1_3 = ((double)6); double v3_2 = ((double)25); if(v1_3 if(v1_3 new Throwable().getCause(); continue; } catch(Throwable v0_1) { break; } catch(NullPointerException ) { continue; } } return v0; } throw v0_1; } return v0; } } public native void onCreate() { } } ​ 2.第一部分代码分析

dex 有做过加固处理。我们仔细分析下面代码

代码如下(示例):

private void I0O0I0OOo0(String arg8, Context arg9) { try { int v3 = 2; if(arg8.contains("x86")) { Utils.II0OIIO0(arg9, "netease_hook_x86", String.format("%s/.jiagu/%s/netease_hook_x86.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067)); StringBuilder v0 = new StringBuilder("netease_ssl"); if(arg8.contains("64")) { v0.append("_x64"); } arg8 = v0.toString(); System.load(Utils.II0OIIO0(arg9, arg8, String.format("%s/.jiagu/%s/netease_ssl.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067))); return; } Utils.II0OIIO0(arg9, "netease_hook_arm", String.format("%s/.jiagu/%s/netease_hook_arm.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067)); System.loadLibrary("netease_ssl"); } catch(Exception ) { double v8 = ((double)6); double v0_1 = ((double)25); if(v8 >= Math.sqrt(v0_1)) { return; } while(true) { if(v8 >= Math.sqrt(v0_1)) { return; } try { new Throwable().getCause(); continue; } catch(NullPointerException ) { continue; } catch(Throwable v8_1) { break; } } throw v8_1; } }

该代码 System.loadLibrary进行加载了so 文件,我们得dex就在so里面处理过了,需要解密。要想了解如何解析出dex,关注催更

总结

dex不能正确解析出代码,我们使用jeb 反编译得到了正确得代码



【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3