Android 逆向流程

smali 动态调试

https://bitbucket.org/JesusFreke/smali/downloads/

IDA

adb root
adb remount
adb push android_server /system/bin
adb shell chmod 755 /system/bin/android_server
adb forward tcp:23946 tcp:23946
adb forward tcp:23946 tcp:23847
adb shell android_server

android_server 可能的坑，如果不root可能看不到进程

https://blog.csdn.net/swhard/article/details/50727805

IDA调试

启动后，先设置IDA 调试选项android，设置 host:127.0.0.1,然后可以附加进程开始调试

https://www.cnblogs.com/gordon0918/p/5581597.html

frida

下载android-server
https://github.com/frida/frida/releases

adb root 
adb push frida-server /data/local/tmp/ 
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"

adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043

https://blog.csdn.net/jiangwei0910410003/article/details/80372118

mprop

下载mprop
https://github.com/wpvsyou/mprop

 1.手机需要root权限

    2.将 mprop 文件（请点击这里下载）复制到手机内存储的/data/local/tmp目录下。

    3.输入命令  adb shell su  ，   进入  shell管理员权限

    4.输入命令 cd /data/local/tmp ，进入到mprop文件路径

    5.输入命令 chmod 755 mprop ，设定文件操作权限

    6.输入命令 ./mprop ro.debuggable 1  ，运行mprop文件修改debug=

https://www.jianshu.com/p/e540f34cec07

https://blog.csdn.net/MarketAndTechnology/article/details/82111729

am

adb shell am start -D -n com.taobao.live/com.taobao.live.HomePageActivity

firda 模拟器 x86

用firda可能通过process查找模块找不到到so，其实在x86中，使用了libhoudini模块，将arm转换成了x86指令

    const func = Module.findExportByName("libhoudini.so", "dlopen");
    Interceptor.attach(func, {
        onEnter: function (args) {
            //console.log("Hello", arguments[0])
        },
        onLeave: function (ret) {
            console.log("Bye")
        }
    });

真机小米5 启动frida-server

PS C:\Users\godtoy\Desktop\frida-server-12.6.23-android-x86> adb shell /data/local/tmp/fs
Unable to load SELinux policy from the kernel: Failed to open file 鈥?sys/fs/selinux/policy鈥? Permission denied

关闭selinux