前言
学习网易大神dex 加固方式,更好容易掌握最新技术,攻防对抗,只是为了更好得学习成长,了解自己得不足!一切学习都是为了进步!
一、网易大神得源码在哪里?
使用jadx-gui反编译apk
发现没有办法完全反编译出Java代码,压根反编译不全,挺ok得,我们不放弃继续换方法,于是我们用jeb 进行反编译。
我们查找ProxyApplication这个类
二、分析java层源码
1.java层ProxyApplication类全部代码
代码如下(示例):
package com.netease.dexshell;
import android.app.Application;
import android.content.Context;
import android.content.SharedPreferences$Editor;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager$NameNotFoundException;
import android.os.Build$VERSION;
import android.text.TextUtils;
import android.util.Log;
import dalvik.system.BaseDexClassLoader;
import java.lang.reflect.Array;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
public class ProxyApplication extends Application {
public static String I00I067;
public static String II0OO0II0O;
public boolean IOO00OOI0;
public static Application delegate;
public static Application proxy;
public ProxyApplication() {
super();
this.IOO00OOI0 = false;
}
private void I0O00OIIoO(Context arg6, String arg7) {
try {
if(Build$VERSION.SDK_INT < 29) {
if(Build$VERSION.SDK_INT <= 19) {
}
else {
if(this.getSharedPreferences("shell-config", 4).getBoolean("opt-finish", false)) {
}
else if(Utils.IOII0OO0I(arg6)) {
new Thread(new Runnable(arg6, arg7) {
public void run() {
try {
if(Build$VERSION.SDK_INT >= 26) {
TimeUnit.SECONDS.sleep(50);
goto label_15;
}
TimeUnit.SECONDS.sleep(55);
}
catch(InterruptedException v0) {
Log.e("InterruptedException %s", v0.getMessage());
}
label_15:
String v0_1 = Utils.II0OO0I0(this.val$context);
if(ProxyApplication.IOO0OO0IIo(this.val$context, new ArrayList(Arrays.asList(Utils.II0O0IIO(this.val$dir, "enc_opt"))), String.format(Locale.CHINA, "%s/oat/%s", new Object[]{this.val$dir.replace("/user/0", "/data"), v0_1}), v0_1) == 0) {
SharedPreferences$Editor v0_2 = ProxyApplication.this.getSharedPreferences("shell-config", 4).edit();
v0_2.putBoolean("opt-finish", true);
v0_2.apply();
}
}
}).start();
}
else {
}
return;
}
}
return;
}
catch(Exception ) {
double v6 = ((double)6);
double v0 = ((double)25);
if(v6 >= Math.sqrt(v0)) {
return;
}
while(true) {
if(v6 >= Math.sqrt(v0)) {
return;
}
try {
new Throwable().getCause();
continue;
}
catch(Throwable v6_1) {
break;
}
catch(NullPointerException ) {
continue;
}
}
throw v6_1;
}
}
private void I0O0I0OOo0(String arg8, Context arg9) {
try {
int v3 = 2;
if(arg8.contains("x86")) {
Utils.II0OIIO0(arg9, "netease_hook_x86", String.format("%s/.jiagu/%s/netease_hook_x86.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067));
StringBuilder v0 = new StringBuilder("netease_ssl");
if(arg8.contains("64")) {
v0.append("_x64");
}
arg8 = v0.toString();
System.load(Utils.II0OIIO0(arg9, arg8, String.format("%s/.jiagu/%s/netease_ssl.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067)));
return;
}
Utils.II0OIIO0(arg9, "netease_hook_arm", String.format("%s/.jiagu/%s/netease_hook_arm.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067));
System.loadLibrary("netease_ssl");
}
catch(Exception ) {
double v8 = ((double)6);
double v0_1 = ((double)25);
if(v8 >= Math.sqrt(v0_1)) {
return;
}
while(true) {
if(v8 >= Math.sqrt(v0_1)) {
return;
}
try {
new Throwable().getCause();
continue;
}
catch(NullPointerException ) {
continue;
}
catch(Throwable v8_1) {
break;
}
}
throw v8_1;
}
}
public static native void IO00OI0o0(Context arg0, String arg1) {
}
public static native int IOO0OO0IIo(Context arg0, ArrayList arg1, String arg2, String arg3) {
}
protected void attachBaseContext(Context arg7) {
super.attachBaseContext(arg7);
try {
ApplicationInfo v0_1 = this.getPackageManager().getApplicationInfo(this.getPackageName(), 128);
ProxyApplication.II0OO0II0O = v0_1.metaData.getString("II0OI00IO");
ProxyApplication.I00I067 = v0_1.metaData.getString("IOO0IIO0");
}
catch(PackageManager$NameNotFoundException v0) {
v0.printStackTrace();
ProxyApplication.I00I067 = "default";
}
try {
this.I0O0I0OOo0(Utils.II0OO0I0(arg7), arg7);
String v0_2 = String.format(Locale.CHINA, "%s/net_opt/%s/enc", this.getFilesDir(), ProxyApplication.I00I067);
ProxyApplication.IO00OI0o0(arg7, v0_2);
this.I0O00OIIoO(arg7, v0_2);
}
catch(Exception v7) {
v7.printStackTrace();
double v0_3 = ((double)6);
double v2 = ((double)25);
if(v0_3 >= Math.sqrt(v2)) {
return;
}
while(true) {
if(v0_3 >= Math.sqrt(v2)) {
return;
}
try {
new Throwable().getCause();
continue;
}
catch(Throwable v7_1) {
break;
}
catch(NullPointerException ) {
continue;
}
}
throw v7_1;
}
}
public native Context createPackageContext(String arg1, int arg2) throws PackageManager$NameNotFoundException {
}
public String getPackageName() {
try {
if(this.IOO00OOI0) {
goto label_29;
}
try {
Field v0_3 = Class.forName("android.app.ContextImpl").getDeclaredField("mMainThread");
boolean v1 = true;
v0_3.setAccessible(true);
Object v0_4 = v0_3.get(this.getBaseContext());
Field v2 = Class.forName("android.app.ActivityThread").getDeclaredField("mInitialApplication");
v2.setAccessible(true);
if(v2.get(v0_4) != null) {
}
else {
v1 = false;
}
this.IOO00OOI0 = v1;
goto label_29;
}
catch(NoSuchFieldException v0) {
try {
v0.printStackTrace();
label_29:
if(!this.IOO00OOI0) {
goto label_52;
}
if(ProxyApplication.delegate != null) {
goto label_52;
}
if(TextUtils.isEmpty(ProxyApplication.II0OO0II0O)) {
goto label_52;
}
return "";
}
catch(Exception ) {
label_38:
double v0_5 = ((double)6);
double v2_1 = ((double)25);
if(v0_5 >= Math.sqrt(v2_1)) {
goto label_52;
}
while(true) {
if(v0_5 >= Math.sqrt(v2_1)) {
goto label_52;
}
try {
new Throwable().getCause();
continue;
}
catch(Throwable v0_6) {
break;
}
catch(NullPointerException ) {
continue;
}
}
throw v0_6;
}
}
catch(ClassNotFoundException v0_1) {
}
catch(IllegalAccessException v0_2) {
try {
v0_2.printStackTrace();
goto label_29;
v0_1.printStackTrace();
goto label_29;
}
catch(Exception ) {
goto label_38;
}
}
}
catch(Exception ) {
goto label_38;
}
label_52:
return super.getPackageName();
}
public static Enumeration n11() {
Enumeration v0 = null;
try {
Field v1_1 = BaseDexClassLoader.class.getDeclaredField("pathList");
v1_1.setAccessible(true);
Object v1_2 = v1_1.get(ProxyApplication.delegate.getClassLoader());
Field v3 = v1_2.getClass().getDeclaredField("dexElements");
v3.setAccessible(true);
v1_2 = v3.get(v1_2);
int v3_1 = v1_2.length;
Object v6 = v0;
Object v7 = v6;
int v5;
for(v5 = 0; v5 < v3_1; ++v5) {
Object v8 = v1_2[v5];
Field v9 = v8.getClass().getDeclaredField("dexFile");
v9.setAccessible(true);
v8 = v9.get(v8);
if(v8 == null) {
}
else {
Method v9_1 = v8.getClass().getDeclaredMethod("entries");
v9_1.setAccessible(true);
if(v6 != null) {
v8 = v9_1.invoke(v8);
v9 = v8.getClass().getDeclaredField("mNameList");
v9.setAccessible(true);
v8 = v9.get(v8);
Object v9_2 = Array.newInstance(v8.getClass().getComponentType(), v8.length + v7.length);
System.arraycopy(v7, 0, v9_2, 0, v7.length);
System.arraycopy(v8, 0, v9_2, v7.length, v8.length);
v7 = v9_2;
}
else {
v6 = v9_1.invoke(v8);
Field v7_1 = v6.getClass().getDeclaredField("mNameList");
v7_1.setAccessible(true);
v7 = v7_1.get(v6);
}
}
}
if(v6 != null && v7 != null) {
v1_1 = v6.getClass().getDeclaredField("mNameList");
v1_1.setAccessible(true);
v1_1.set(v6, v7);
}
return ((Enumeration)v6);
}
catch(Exception v1) {
v1.printStackTrace();
double v1_3 = ((double)6);
double v3_2 = ((double)25);
if(v1_3 < Math.sqrt(v3_2)) {
while(true) {
if(v1_3 < Math.sqrt(v3_2)) {
try {
new Throwable().getCause();
continue;
}
catch(Throwable v0_1) {
break;
}
catch(NullPointerException ) {
continue;
}
}
return v0;
}
throw v0_1;
}
return v0;
}
}
public native void onCreate() {
}
}
2.第一部分代码分析
dex 有做过加固处理。我们仔细分析下面代码
代码如下(示例):
private void I0O0I0OOo0(String arg8, Context arg9) {
try {
int v3 = 2;
if(arg8.contains("x86")) {
Utils.II0OIIO0(arg9, "netease_hook_x86", String.format("%s/.jiagu/%s/netease_hook_x86.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067));
StringBuilder v0 = new StringBuilder("netease_ssl");
if(arg8.contains("64")) {
v0.append("_x64");
}
arg8 = v0.toString();
System.load(Utils.II0OIIO0(arg9, arg8, String.format("%s/.jiagu/%s/netease_ssl.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067)));
return;
}
Utils.II0OIIO0(arg9, "netease_hook_arm", String.format("%s/.jiagu/%s/netease_hook_arm.so", arg9.getFilesDir().getAbsolutePath(), ProxyApplication.I00I067));
System.loadLibrary("netease_ssl");
}
catch(Exception ) {
double v8 = ((double)6);
double v0_1 = ((double)25);
if(v8 >= Math.sqrt(v0_1)) {
return;
}
while(true) {
if(v8 >= Math.sqrt(v0_1)) {
return;
}
try {
new Throwable().getCause();
continue;
}
catch(NullPointerException ) {
continue;
}
catch(Throwable v8_1) {
break;
}
}
throw v8_1;
}
}
该代码 System.loadLibrary进行加载了so 文件,我们得dex就在so里面处理过了,需要解密。要想了解如何解析出dex,关注催更文章来源:https://www.toymoban.com/news/detail-562034.html
总结
dex不能正确解析出代码,我们使用jeb 反编译得到了正确得代码文章来源地址https://www.toymoban.com/news/detail-562034.html
到了这里,关于网易大神2022最新版本分析(1)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!