duangsues.is_a? SaltedFish
@dsuses
60 subscribers
609 photos
6 videos
91 files
562 links
🌶🐔🐟 duangsuse 的日常
尤其喜欢发些奇奇怪怪的东西
和转载别人的东西
Download Telegram
About
Blog
Apps
Platform
Join
duangsues.is_a? SaltedFish
60 subscribers
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
(这是 drakeet 的说法)
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
所以我当然是来解密鄙视文案的
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
那么问题来了:
看看 libcore.so 符号表没有什么与解密相关的东西
所以如果解密经手 Java API 的话,分析反而会更简单(至少是在我这里)
AndBug 给 Java 密码工具类打断点就行了....
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
也说不定,或许 @drakeet 自己研发了一套新的加密算法叫 PureCrypto 包含在了 libcore.so😂
( 还是继续看吧
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
毕竟不知道 drakeet 真的那样做(藏鄙视文档)了没有
暂先把目标定为破解签名验证
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
This media is not supported in your browser
VIEW IN TELEGRAM
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
我拿到了可以运行纯纯写作、能 ADB 调试的设备
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
libcore.so 里值得一看的几个函数:

0xf7ee8740: Java_com_drakeet_purewriter_Ww_www
0xf7ee8350: checkSignature
0xf7ee80c0: loadSignature
0xf7ee7d70: toMd5


另外:
0xf7ee85e0: Java_com_drakeet_rebase_tool_JPEGs_getRemoteUrl
0xf7ee84d0: Java_com_drakeet_rebase_tool_JPEGs_getLocalUrl
0xf7ee8430: JNI_OnLoad
0xf7ee8260: charAt
0xf7ee7cf0: byteToHexStr
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
dse@susepc:~/reveng/pw$ andbug shell --pid com.drakeet.purewriter --src smali -d BY2YYB154J084241
!! [Errno 104] Connection reset by peer

dse@susepc:~/reveng/pw$ andbug shell --pid f.oo --src smali -d BY2YYB154J084241

## AndBug (C) 2011 Scott W. Dunlop <[email protected]>
>>


估计要先加调试 Flag 才让连 JDWP(
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
dse@susepc:~/reveng/pw$ apt search radare2
正在排序... 完成
全文搜索... 完成  
libradare2-2.4/testing,now 2.4.0+dfsg-1 amd64 [已安装,自动]
  libraries from the radare2 suite

libradare2-common/testing,testing,now 2.4.0+dfsg-1 all [已安装,自动]
  arch independent files from the radare2 suite

libradare2-dev/testing,now 2.4.0+dfsg-1 amd64 [已安装,自动]
  devel files from the radare2 suite

radare2/testing,now 2.4.0+dfsg-1 amd64 [已安装]
  free and advanced command line hexadecimal editor

其实早装了(
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
看起来 OK
3 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
This media is not supported in your browser
VIEW IN TELEGRAM
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
很方便,还有图形界面
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
( 刚才为了 andbug navi 折腾了半天,才发现是 bottle 没装(
https://github.com/swdunlop/AndBug/issues/18
pip2 install bottle
GitHub
can not find navi command #18
navi !! command not supported: "navi."
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
This media is not supported in your browser
VIEW IN TELEGRAM
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
等会把纯纯写作放 simplify 上跑一会加个 debug flag 上 AndBug 调试
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
不仅能看还能改(
2 views
duangsues.is_a? SaltedFish
Forwarded from duangsuse::Echo
可以说是非常方便了
2 views