主要是梳理一下Android业务安全涉及到的知识点,不定期更新,欢迎补充。
第一行代码——Android(第3版)Android应用安全防护和逆向分析Android软件安全权威指南深入理解Android:Java虚拟机ART
http://91fans.com.cn/https://blog.vivcms.com/https://www.qinless.com/http://www.520monkey.com/https://www.cnblogs.com/2014asm/还有一些付费的培训课程知识星球等等,可以自己酌情付费学习。
1.KernelSU和Magiskhttps://github.com/tiann/KernelSUhttps://github.com/topjohnwu/Magisk2.相关模块安装证书:https://github.com/ys1231/MoveCertificate改system分区:https://github.com/HuskyDG/magic_overlayfs
https://github.com/Impact-I/reFlutterhttps://github.com/worawit/blutter
jadx,GDA,JEB,androguard
ghidra,IDA Pro,binary ninja
https://github.com/libffi/libffi
https://github.com/DenuvoSoftwareSolutions/GAMBA
https://github.com/CodingGay/BlackObfuscator
我之前总结过对抗ollvm的常见方法:https://bbs.kanxue.com/thread-272414.htm
https://github.com/abcz316/rwProcMem33(教程:https://bbs.kanxue.com/thread-278647.htm)
1.hluwa和r0ysue大佬发布的frida教程:https://github.com/hookmaster/frida-all-in-one2.kevinspider的教程:https://kevinspider.github.io/frida/frida-hook-java/https://kevinspider.github.io/frida/frida-hook-so/
1.跟随frida上游自动修补程序,并为Android构建反检测版本的frida-server:https://github.com/hzzheyang/strongR-frida-android2.基于frida实现的逆向工具包:https://github.com/sensepost/objection3.跟踪app的JNI调用:https://github.com/chame1eon/jnitrace4.快速分析Java类/对象结构的objection插件:https://github.com/hluwa/Wallbreaker(原理介绍:https://bbs.kanxue.com/thread-260110.htm)5.精简版objection+Wallbreaker:https://github.com/r0ysue/r0tracer6.frida+QBDI trace:https://github.com/lasting-yang/frida-qbdi-tracer
1.安卓应用层抓包通杀脚本:https://github.com/r0ysue/r0capture(原理介绍:https://mp.weixin.qq.com/s/lMV1UZYOaSRJjMa8PNFkow)2.拦截okhttp的脚本:https://github.com/siyujie/OkHttpLogger-Fridahttps://github.com/httptoolkit/frida-android-unpinning3.基于eBPF技术实现TLS加密的明文捕获:https://github.com/ehids/ecapture4.Android HTTPS认证的N种方式和对抗方法总结 :https://ch3nye.top/Android-HTTPS%E8%AE%A4%E8%AF%81%E7%9A%84N%E7%A7%8D%E6%96%B9%E5%BC%8F%E5%92%8C%E5%AF%B9%E6%8A%97%E6%96%B9%E6%B3%95%E6%80%BB%E7%BB%93/5.通用SSL pinning bypass脚本:https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
https://github.com/F8LEFT/SoFixer
在内存中搜索并dump出dex文件的工具https://github.com/hluwa/FRIDA-DEXDump(原理介绍:https://bbs.kanxue.com/thread-257829.htm)
https://github.com/Perfare/Il2CppDumperhttps://github.com/Perfare/Zygisk-Il2CppDumperlinux/macOS版:https://github.com/AndnixSH/Il2CppDumper
脱函数抽取壳基本都是采用主动调用的思路。代表工具:dexhunter,FUPK3,FART实现demo:1.分享一个自己做的函数抽取壳:https://bbs.kanxue.com/thread-271139.htm2.Android中实现「类方法指令抽取方式」加固方案原理解析:http://www.520monkey.com/archives/1118
大佬开源的java2c实现方案:https://github.com/amimo/dcc
1.360https://bbs.kanxue.com/thread-280609.htm2.百度https://bbs.kanxue.com/thread-257926.htm
https://github.com/bytedance/bhook
3.https://github.com/jmpews/Dobby4.https://github.com/bytedance/android-inline-hook
unidbg,AndroidNativeEmu,ExAndroidNativeEmu龙哥的unidbg系列教程:https://blog.csdn.net/qq_38851536/category_11102404.html
使用Qiling仿真框架运行Android Runtime:https://bbs.kanxue.com/thread-272605.htm
1.寻找加密算法常量:findcrypt2.提供各种加密算法的在线web工具:https://gchq.github.io/CyberChef/
记一次某汽车app白盒aes还原过程 :https://bbs.kanxue.com/thread-280600.htm
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法