-
-
[原创]【开源】BlackDex、新版指令回填脱壳,支持修复NOP
-
2021-6-8 15:35
-
如果不知道BlackDex的请看
https://bbs.pediy.com/thread-267804-1.htm#1690883
新版本变动
深度脱壳 模式下会自主修复被抽取的方法指令,将指向其他内存块的指令回填至DEX内,解决nop问题,但是不会确保一定会有用,例如:指令需要主动调用才解密等则无法回填或者说是无效回填。深度脱壳并不包含任何解密、主动调用等操作。本功能仍然在测试阶段,可能会出现以下情况,请悉知
- 脱壳时间会大幅度上升,预计几分钟都十几分钟不等
- 脱壳期间有可能会出现应用闪退(遇到反检测等)
- 会增加脱壳失败几率
- 不一定能够100%还原
脱壳前后对比:
仍是所有代码已开源、开源地址
https://github.com/CodingGay/BlackDex
成品见Releases
愿世上再无NOP
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
最后于 2021-6-8 15:37
被SuMilk编辑
,原因:
|
|
|---|---|
|
|
|
|
|
群友的图 |
|
|
|
|
|
最好提供一下logcat日志 |
|
|
|
|
|
怎么查看日志? |
|
|
|
|
|
|
|
|
没有。 
|
|
|
|
|
|
|
|
|
github上issues有模版,跟着走提供信息就可以了 |
|
|
|
|
|
辛苦了 必须支持一下
|
|
|
控制流不属于壳类型。所以是无法还原的。 |
|
|
|
|
|
2021-06-14 19:48:55.895 5343-5357/top.niunaijun.blackdexa32:black E/ackdexa32:blac: Invalid ID 0x00000000. 2021-06-14 19:48:55.921 5343-5357/top.niunaijun.blackdexa32:black W/PackageParser: Ignoring duplicate uses-permissions/uses-permissions-sdk-m: android.permission.VIBRATE in package: com.sup.android.superb at: Binary XML file line #-1 2021-06-14 19:48:55.923 5343-5357/top.niunaijun.blackdexa32:black W/PackageParser: Ignoring duplicate uses-permissions/uses-permissions-sdk-m: android.permission.GET_ACCOUNTS in package: com.sup.android.superb at: Binary XML file line #-1 2021-06-14 19:48:56.047 5343-5357/top.niunaijun.blackdexa32:black I/PackageParser: Parse times for '/data/app/com.sup.android.superb-ivY82FdQKI1BxGK8DXuQZw==/base.apk': parse=171ms, update_cache=0 ms 2021-06-14 19:48:56.076 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CreateUserExecutor exec: 0 2021-06-14 19:48:56.077 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CreatePackageExecutor exec: 0 2021-06-14 19:48:56.470 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CopyExecutor exec: 0 2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.file_provider (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.pm.PPMP (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.am.PAMP (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.m_push.account.provider (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.appbrand (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.ss.android.common.multiprocess.SHARE_PROVIDER_AUTHORITY1319 (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name downloads.com.sup.android.superb (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.ss.android.pushmanager.setting.PushMultiProcessSharedProvider1319 (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.umeng.message (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.applog.ipc (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.livedetector.fileprovider (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p0.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p1.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p2.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.wakeup.provider (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.lifecycle-trojan (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.newmedia.downloads (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.Interstellar (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.monitor (in package com.sup.android.superb): name already used by com.sup.android.superb 2021-06-14 19:48:56.687 5343-5357/top.niunaijun.blackdexa32:black D/Settings: loaded Package: com.sup.android.superb 2021-06-14 19:48:56.688 5343-5357/top.niunaijun.blackdexa32:black D/BPackageManagerService: onPackageInstalled: com.sup.android.superb, userId: 0 2021-06-14 19:48:56.741 5343-5356/top.niunaijun.blackdexa32:black D/TestActivity: startActivityLocked : ComponentInfo{com.sup.android.superb/com.sup.android.superb.SplashActivity} 2021-06-14 19:48:56.750 5343-5356/top.niunaijun.blackdexa32:black D/BProcessManager: init bUid = 10012, bPid = 0 2021-06-14 19:48:56.751 5343-5356/top.niunaijun.blackdexa32:black D/BProcessManager: initProcess: com.sup.android.superb 2021-06-14 19:48:57.203 5343-5356/top.niunaijun.blackdexa32:black I/Timeline: Timeline: Activity_launch_request time:260222 intent:Intent { flg=0x18080000 cmp=top.niunaijun.blackdexa32/top.niunaijun.blackbox.proxy.ProxyActivity$P0 (has extras) } 2021-06-14 19:49:00.898 5343-5356/top.niunaijun.blackdexa32:black I/Process: Sending signal. PID: 6642 SIG: 9 2021-06-14 19:49:00.932 5343-5356/top.niunaijun.blackdexa32:black D/BPackageInstallerService: uninstallPackageAsUser: RemoveAppExecutor exec: 0 2021-06-14 19:49:00.955 5343-6619/top.niunaijun.blackdexa32:black D/BProcessManager: App Died: com.sup.android.superb 2021-06-14 19:49:00.957 5343-6619/top.niunaijun.blackdexa32:black I/Process: Sending signal. PID: 6642 SIG: 9 2021-06-14 19:49:00.984 5343-5356/top.niunaijun.blackdexa32:black D/BPackageInstallerService: uninstallPackageAsUser: RemoveUserExecutor exec: 0 2021-06-14 19:49:00.994 5343-5356/top.niunaijun.blackdexa32:black D/BPackageManagerService: onPackageUninstalled: com.sup.android.superb, userId: 0 |
|
|
|
|
|
|
Dyingchen
孤独宇宙
