鼠小天
3/9/2019 - 3:51 PM

Android Studio 动态调试 Smali 代码

  1. APK的处理
    • 反编译APK获得Smali代码
      baksmali-2.2.6.jar d AliCrackme_1.apk -o ~/projects/myapp/src
      E:>baksmali-2.2.6.jar d "fuke guopan.apk" -o ~/projects/myapp/src
    • 修改APK为调试
      AndroidManifest.xml 的 android:debuggable="true"
    • 回编译程序为APK
    • 安装应用
      adb install D:\xxx.apk
    • 手机设置 开始 USB调试 选择调试应用 选中要调试的APK 打开要调试的APK,使APK处于Waiting For Debugger状态。
  2. Android Studio 打开现有反编译的项目
    Open an existing Android Studio project
    选择第二步反编译的文件夹 ~/projects/myapp
    右键工程主目录:Mark Directory As -> Sources Root
    File -> Project Structure.. -> Project SDK:-> 选择对应的API版本 调试选择Remote 设置端口号8700

其它

  • Android Studio 安装 smalidea 插件

  • CMD命令:netstat -ano | findstr "8700" 查找占用8700端口的程序PID
    C:\Users\t_s>netstat -ano | findstr "8700"
    TCP 127.0.0.1:8700 0.0.0.0:0 LISTENING 22688

  • CMD命令:tasklist /fi "pid eq 22688 查找PID为22688的程序名称
    C:\Users\t_s>tasklist /fi "pid eq 22688
    映像名称 PID 会话名 会话# 内存使用
    ========================= ======== ================ =========== ============
    adb.exe 22688 Console 1 9,268 K

  • smalidea官方使用说明
    do the following in recent Android Studio 3.2:

    1. Manually disassemble an application using baksmali into a "src" subdirectory of a new project directory, e.g. baksmali d myapp.apk -o ~/projects/myapp/src
    2. In Android Studio, close your current project and select "Open an existing Android Studio project".
    3. Once the project has been created, right click on the src directory and select "Mark Directory As->Sources Root"
    4. Make sure your app has android:debuggable="true" in Android Manifest. Turn on "USB debugging" and use "Select debug app" to select your app in "Developer options" on Android device
    5. Start your application and forward JDWP service to localhost using adb forward tcp:8700 jdwp:$(timeout 0.5 adb jdwp | tail -n 1)
    6. In Android Studio, Create a new "Remote" debug configuration (Run->Edit Configurations), and change the debug port to 8700
    7. In Android Studio, select Run -> Debug
    8. The application should pause if/when the breakpoint is hit, at which point you can single step, add watches, etc.