前言
在
android逆向中,经常会遇到加壳的app分析就要先脱壳
目前网上的脱壳工具已经很多了,但是大多都比较复杂,还是基于frida的比较简单
脱壳后会有多个dex一个一个分析太麻烦了
demo
叮咚买菜 app
参考: frida-unpack 基于 frida 的脱壳工具
代码
import os
import zipfile
def rename_class(path):
files = os.listdir(path)
dex_index = 0
if path.endswith('/'):
path = path[:-1]
print(path)
for i in range(len(files)):
if files[i].endswith('.dex'):
old_name = path + '/' + files[i]
if dex_index == 0:
new_name = path + '/' + 'classes.dex'
else:
new_name = path + '/' + 'classes%d.dex' % dex_index
dex_index += 1
if os.path.exists(new_name):
continue
os.rename(old_name, new_name)
print('[*] 重命名完毕')
def extract_META_INF_from_apk(apk_path, target_path):
r = zipfile.is_zipfile(apk_path)
if r:
fz = zipfile.ZipFile(apk_path, 'r')
for file in fz.namelist():
if file.startswith('META-INF'):
fz.extract(file, target_path)
else:
print('[-] %s 不是一个APK文件' % apk_path)
def zip_dir(dirname, zipfilename):
filelist = []
if os.path.isfile(dirname):
if dirname.endswith('.dex'):
filelist.append(dirname)
else:
for root, dirs, files in os.walk(dirname):
for dir in dirs:
# if dir == 'META-INF':
# print('dir:', os.path.join(root, dir))
filelist.append(os.path.join(root, dir))
for name in files:
# print('file:', os.path.join(root, name))
filelist.append(os.path.join(root, name))
z = zipfile.ZipFile(zipfilename, 'w', zipfile.ZIP_DEFLATED)
for tar in filelist:
arcname = tar[len(dirname):]
if ('META-INF' in arcname or arcname.endswith('.dex')) and '.DS_Store' not in arcname:
# print(tar + " -->rar: " + arcname)
z.write(tar, arcname)
print('[*] APK打包成功,你可以拖入APK进行分析啦!')
z.close()
if __name__ == '__main__':
dex_path = '/Users/admin/Desktop/dingdong'
apk_path = '/Users/admin/Desktop/android/file/dingdong.apk'
output = '/Users/admin/Desktop/dingdong.apk'
rename_class(dex_path)
extract_META_INF_from_apk(apk_path, dex_path)
zip_dir(dex_path, output)执行完后会生成一个新的 APK 再次反编译,就可以看到完整的代码了
