duangsuse::Echo

虚拟机 Segfault 了

14 views09:13

duangsuse::Echo

现在我在纯纯写作初始化时 suspend, 然后在 java.security.MessageDigest 上打断点

14 views09:16

duangsuse::Echo

>> tt
## Setting Hooks
   -- Hooked thread <1> main    (running suspended)
   -- Hooked thread <33> Okio Watchdog  (sleeping suspended)
   -- Hooked thread <32> OkHttp ConnectionPool  (sleeping suspended)
   -- Hooked thread <31> AsyncTask #2   (waiting suspended)
   -- Hooked thread <30> AsyncTask #1   (waiting suspended)
   -- Hooked thread <29> RxCachedThreadScheduler-9      (waiting suspended)
   -- Hooked thread <21> RxCachedThreadScheduler-8      (waiting suspended)
   -- Hooked thread <28> RxComputationThreadPool-1      (sleeping suspended)
   -- Hooked thread <27> RxCachedThreadScheduler-7      (waiting suspended)
   -- Hooked thread <24> RxCachedThreadScheduler-4      (waiting suspended)
   -- Hooked thread <23> RxCachedThreadScheduler-3      (waiting suspended)
   -- Hooked thread <22> RxCachedThreadScheduler-2      (waiting suspended)
   -- Hooked thread <20> pool-5-thread-2        (waiting suspended)
   -- Hooked thread <19> pool-5-thread-1        (waiting suspended)
   -- Hooked thread <18> RxCachedThreadScheduler-1      (waiting suspended)
   -- Hooked thread <17> RxCachedWorkerPoolEvictor-1    (sleeping suspended)
   -- Hooked thread <15> RxSchedulerPurge-1     (running suspended)
   -- Hooked thread <16> pool-3-thread-1        (waiting suspended)
   -- Hooked thread <14> Crashlytics Exception Handler1 (waiting suspended)
   -- Hooked thread <13> Answers Events Handler1        (sleeping suspended)
   -- Hooked thread <12> Queue  (waiting suspended)
   -- Hooked thread <11> Queue  (waiting suspended)
   -- Hooked thread <10> Binder_2       (running suspended)
   -- Hooked thread <9> Binder_1        (running suspended)
   -- Hooked thread <8> FinalizerWatchdogDaemon (sleeping suspended)
   -- Hooked thread <7> FinalizerDaemon (waiting suspended)
   -- Hooked thread <6> ReferenceQueueDaemon    (waiting suspended)
   -- Hooked thread <5> Compiler        (waiting suspended)
   -- Hooked thread <3> Signal Catcher  (waiting suspended)
   -- Hooked thread <2> GC      (waiting suspended)

Threads

19 views09:16

duangsuse::Echo

dse@susepc:~/reveng/pw$ andbug shell -d emulator-5554 -p com.drakeet.purewriter -s smali/
## AndBug (C) 2011 Scott W. Dunlop <[email protected]>
» suspend
## Process Suspended
» thread
thread-trace  threads       
» threads
## thread <1> main      (running suspended)
## thread <2> GC        (waiting suspended)
## thread <3> Signal Catcher    (waiting suspended)
## thread <5> Compiler  (waiting suspended)
## thread <6> ReferenceQueueDaemon      (waiting suspended)
## thread <7> FinalizerDaemon   (waiting suspended)
## thread <8> FinalizerWatchdogDaemon   (waiting suspended)
## thread <9> Binder_1  (running suspended)
## thread <10> Binder_2 (running suspended)

21 viewsedited 09:19

duangsuse::Echo

>> ct java.security.MessageDigest
## Setting Hooks
   -- Hooked java.security.MessageDigest

🌚🔒🗞

21 views09:20

duangsuse::Echo

20 views09:21

duangsuse::Echo

>> ct java.security.MessageDigest ## Setting Hooks -- Hooked java.security.MessageDigest 🌚🔒🗞

动态调试果然赛艇 🌚
我只是打了一个小小的类断点

... 这信息量比较大

19 views09:21

duangsuse::Echo

由于更新个没完我就中断了调试器
先分析开始的这些

20 views09:23

duangsuse::Echo

混淆不能太大的干扰动态分析( :-P

38 views09:24

duangsuse::Echo

由于那些访问 java.security.MessageDigest 的都是些 SDK 或者进行 Web 交互的(比如从 gh 上拖价格)
我重启写作, Hook 上面我提到的那个访问 Native Method 的方法.

20 views09:26

duangsuse::Echo

rt com.drakeet.purewriter.Ww.ww

20 viewsedited 09:29

duangsuse::Echo

这些也是

20 views09:30

duangsuse::Echo

我会 class-trace Android 应用进行自省的类 android.content.PackageManager
现在部分类还没被虚拟机加载

20 views09:31

duangsuse::Echo

20 views09:34

duangsuse::Echo

这个类已经被加载了( 不知道是只在启动时验证还是按时验证

18 views09:34

duangsuse::Echo

>> ct android.content.pm.PackageManager
## Setting Hooks
   -- Hooked android.content.pm.PackageManager
>> ct android.widget.Toast
## Setting Hooks
   -- Hooked android.widget.Toast

18 viewsedited 09:35

duangsuse::Echo

19 views09:37

duangsuse::Echo

我点击了纯纯打码标签，然后它带我去了宽市场下载
回来之后就出现了这个
🌚 我无限回滚的虚拟终端已经把发生的所有事情都记录下来了

19 views09:39

duangsuse::Echo

19 views09:40

duangsuse::Echo

所以说面对调试器混淆还是很苍白无力的 🌑

## trace thread <1> main        (running suspended)
   --
      android.app.ApplicationPackageManager.getCachedString(Landroid/app/ApplicationPackageManager$ResourceName;)Ljava/lang/CharSeque
      nce;:0
      -- this=Landroid/app/ApplicationPackageManager; <830057170080>
      -- name=Landroid/app/ApplicationPackageManager$ResourceName; <830057179696>

到这里都没什么

## trace thread <1> main        (running suspended)
   -- android.app.ApplicationPackageManager.getPackageInfo(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;:0
      -- this=Landroid/app/ApplicationPackageManager; <830057170080>
      -- packageName=me.drakeet.puremosaic
      -- flags=1
   -- com.drakeet.purewriter.vk.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Landroid/content/Context;Ljava/lang/String;)Z:5
   -- com.drakeet.purewriter.TimeMachineService.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww()V:55
      -- this=Lcom/drakeet/purewriter/TimeMachineService; <830057085360>
   --
      com.drakeet.purewriter.TimeMachineService.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Lcom/drakeet/purewriter/Wwwwwwwwwwwwwwwwwwwwwwww;)
      V:5

也没什么，实际上我 Hook android.content.pm.PackageInfo.getPackageInfo 会更简洁

19 views09:45

duangsuse::Echo

不过虽然弹了框，我还是没在记录里找到 Toast 类的访问记录（

18 views09:46

About

Blog

Apps

Platform