-
-
[原创]新手使用IDA进行so动态调试
-
发表于: 2020-4-14 22:54
-
刚入门第一次发帖, 大家多多包涵,哪里不对请大佬们指正谢谢。
嗯、、开整
adb push android_server /data/local/tmp
chmod 777 android_server
./android_server
adb forward tcp:23946 tcp:23946
94 0B 35 17 通过下面计算追加到 第一次 前面
这个app对新手挺友好的,没防护
抓的登录包,提交俩个参数被加密了
抓的登录包,提交俩个参数被加密了
正好学习了下firda,用一下
https://bbs.pediy.com/thread-258059.htm
正好学习了下firda,用一下
https://bbs.pediy.com/thread-258059.htm
把参数记录下到调试的时候对比一下,下面是加密后的
bparam,cparam
ke=1586868991378&t=&cp=0&re=0&bparam=F6041FE761BC726E826D5682C0A0A8B8BF697F65BDA7ABB9C06E6E777A82B8A4BFACB0AEB0B1B1A9ABAFB0A9BCB9BD6D7C707175756A80BFA0BCA5A3A5A3A5A6A69EBAB8BF727984747B4F666E83B8A2ACB9B86E7C76827962666E6F6A81704F78BFA5AD68&cparam=8A36C40261BC737481BDA7C0B4A6A8ACAEA6B0ADBDB9BD6D7782B8A2BEAEA6AAAFABBFB7BF81777ABAA6BF59ABADAEAEBDB9C0826F7CBEA7B8A2B3A4B3AEB3AEB0ACA8A4B1A9AEB1BDB9BD847782B8A2BEB0AC5DAEAE62A362BBAE9FA161BAA9AFB3ACBA60B2B260B3AFA461A9ADB260A5A463B062B8B4BE7A6981BFA5BFBDB9C07D696E816F69BCA7BDB4B9AEBCB0B8B4BE7A757E8277BFA5BF5A633EA0AEADB8B6BF6E806D82837CB8A2BEAEAAAEADB5AFB0B3AEC0B2BA7082727F807A7ABDA7C0AEB8B4BE7666BCA7BD8380A5AEA8A0A9B0AFA8A4827F8381A78483A6ADA6B37AAA82C081707A7B67A6BAB8BF747F716E717C717371B8A2BE746F8076BDB9BD807A777B7670737B6CBFA5BFAEBBB1BCA8BAB8BF7279807C71747C7CC0A0BAAFA5B4ACB1A3AFABB3BAAFA7ACBAB4AAAAB4AFB2BDB9C06E68777276747D82BDA7BD033031FB141304021BBFB7BF7E767267B8A2BE04052D023933002722031E1ABEB9B87E766E716D768172B8A2BEF50D1B020A1B001928C0B2BA71707B6C567FBFA5AD6B&pvers=2
搜索字符串
bparam
ke=1586868991378&t=&cp=0&re=0&bparam=F6041FE761BC726E826D5682C0A0A8B8BF697F65BDA7ABB9C06E6E777A82B8A4BFACB0AEB0B1B1A9ABAFB0A9BCB9BD6D7C707175756A80BFA0BCA5A3A5A3A5A6A69EBAB8BF727984747B4F666E83B8A2ACB9B86E7C76827962666E6F6A81704F78BFA5AD68&cparam=8A36C40261BC737481BDA7C0B4A6A8ACAEA6B0ADBDB9BD6D7782B8A2BEAEA6AAAFABBFB7BF81777ABAA6BF59ABADAEAEBDB9C0826F7CBEA7B8A2B3A4B3AEB3AEB0ACA8A4B1A9AEB1BDB9BD847782B8A2BEB0AC5DAEAE62A362BBAE9FA161BAA9AFB3ACBA60B2B260B3AFA461A9ADB260A5A463B062B8B4BE7A6981BFA5BFBDB9C07D696E816F69BCA7BDB4B9AEBCB0B8B4BE7A757E8277BFA5BF5A633EA0AEADB8B6BF6E806D82837CB8A2BEAEAAAEADB5AFB0B3AEC0B2BA7082727F807A7ABDA7C0AEB8B4BE7666BCA7BD8380A5AEA8A0A9B0AFA8A4827F8381A78483A6ADA6B37AAA82C081707A7B67A6BAB8BF747F716E717C717371B8A2BE746F8076BDB9BD807A777B7670737B6CBFA5BFAEBBB1BCA8BAB8BF7279807C71747C7CC0A0BAAFA5B4ACB1A3AFABB3BAAFA7ACBAB4AAAAB4AFB2BDB9C06E68777276747D82BDA7BD033031FB141304021BBFB7BF7E767267B8A2BE04052D023933002722031E1ABEB9B87E766E716D768172B8A2BEF50D1B020A1B001928C0B2BA71707B6C567FBFA5AD6B&pvers=2
搜索字符串
bparam
搜索java_ 是静态注册
嗯、、开整
adb push android_server /data/local/tmp
chmod 777 android_server
./android_server
adb forward tcp:23946 tcp:23946
找到so 和函数入口点下段(f2)
点击运行,手机点击登录触发函数。断下来了。f7步入,f8步过
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
