smali 动态调试
https://bitbucket.org/JesusFreke/smali/downloads/
IDA
adb root
adb remount
adb push android_server /system/bin
adb shell chmod 755 /system/bin/android_server
adb forward tcp:23946 tcp:23946
adb forward tcp:23946 tcp:23847
adb shell android_server
android_server 可能的坑,如果不root可能看不到进程
https://blog.csdn.net/swhard/article/details/50727805
IDA调试
启动后,先设置IDA 调试选项android,设置 host:127.0.0.1,然后可以附加进程开始调试
https://www.cnblogs.com/gordon0918/p/5581597.html
frida
下载android-server
https://github.com/frida/frida/releases
adb root
adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043
https://blog.csdn.net/jiangwei0910410003/article/details/80372118
mprop
下载mprop
https://github.com/wpvsyou/mprop
1.手机需要root权限
2.将 mprop 文件(请点击这里下载)复制到手机内存储的/data/local/tmp目录下。
3.输入命令 adb shell su , 进入 shell管理员权限
4.输入命令 cd /data/local/tmp ,进入到mprop文件路径
5.输入命令 chmod 755 mprop ,设定文件操作权限
6.输入命令 ./mprop ro.debuggable 1 ,运行mprop文件修改debug=
https://www.jianshu.com/p/e540f34cec07
https://blog.csdn.net/MarketAndTechnology/article/details/82111729
am
adb shell am start -D -n com.taobao.live/com.taobao.live.HomePageActivity
firda 模拟器 x86
用firda可能通过process查找模块找不到到so,其实在x86中,使用了libhoudini模块,将arm转换成了x86指令
const func = Module.findExportByName("libhoudini.so", "dlopen");
Interceptor.attach(func, {
onEnter: function (args) {
//console.log("Hello", arguments[0])
},
onLeave: function (ret) {
console.log("Bye")
}
});
真机小米5 启动frida-server
PS C:\Users\godtoy\Desktop\frida-server-12.6.23-android-x86> adb shell /data/local/tmp/fs
Unable to load SELinux policy from the kernel: Failed to open file 鈥?sys/fs/selinux/policy鈥? Permission denied
关闭selinux