iis 反向代理 应用程序
Android安全性(Android Security)
Being a mobile apps developer, we have to know many things. But one thing we often miss is how to protect our app from tampering. Most of the books ignore this topic, that’s the reason many app developers don’t know about this.
乙eing移动应用开发者,我们要知道很多东西。 但是我们经常错过的一件事是如何保护我们的应用程序免遭篡改。 大多数书籍都忽略了这个主题,这就是许多应用程序开发人员对此一无所知的原因。
In this post, I want to share with you some concerns related to android application development. Basically, if you are an intermediate or advanced android app developer, know the pitfall about the security of an android application.
在这篇文章中,我想与您分享一些与android应用程序开发相关的问题。 基本上,如果您是中级或高级android应用程序开发人员,请了解有关android应用程序安全性的陷阱。
Many of us don’t know that somebody can reverse engineer our app. So
我们许多人不知道有人可以对我们的应用程序进行反向工程。 所以
What is reverse engineering?
什么是逆向工程?
According to Wikipedia:
根据维基百科:
Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, code or to extract knowledge from the object;
逆向工程,也叫回来工程,是由一个人造物体被解构,以揭示其设计,建筑,代码或从对象中提取知识的过程;
In short, using some tools and techniques anybody can transform an app to extract the original code.
简而言之,使用某些工具和技术,任何人都可以转换应用程序以提取原始代码。
为什么知道逆向工程很重要? (Why knowing Reverse Engineering is important?)
So, you can obfuscate your code in production or if it is more important like banking or Fintech app, you can encrypt the whole app using some tools.
因此,您可以混淆生产中的代码,或者如果它更重要(如银行或Fintech应用程序),则可以使用一些工具对整个应用程序进行加密。
我们将按照以下步骤进行操作:(Here are the steps we will follow:)
Download an APK file from Google Play Store (it could be any APK file)
从Google Play商店下载APK文件(可能是任何APK文件)
- Using some free tools, we will reverse engineer the APK file to see the code. 使用一些免费工具,我们将对APK文件进行反向工程以查看代码。
If the APK file is protected using any premium software, then we can not reverse the code actually, or if the code is obfuscated then it will also be difficult to read the code after reverse engineering.
如果APK文件已使用任何高级软件保护,那么我们将无法实际撤消代码,或者如果代码被混淆,则在进行反向工程后也将难以阅读代码。
APK stands for the Android application package, a file format used by the Android operating system for distribution and installation.
APK代表Android应用程序包,这是Android操作系统用于分发和安装的文件格式。
Disclaimer: This tutorial is for educational purposes. During this demonstration, we selected an application APK file from the Google Play Store. If this chosen APK file is not working, try a different one or may use your own. There is no intention to harm or tamper with the APK file we chosen from the Google Play Store.
免责声明:本教程用于教育目的。 在演示过程中,我们从Google Play商店中选择了一个应用APK文件。 如果此选择的APK文件不起作用,请尝试使用其他文件或使用自己的APK。 我们无意损害或篡改我们从Google Play商店中选择的APK文件。
第1步: (Step 1:)
We will use the dex2jar software.
我们将使用dex2jar软件。
Let’s download dex2jar software from the following link: https://sourceforge.net/projects/dex2jar/.
让我们从以下链接下载dex2jar软件: https : //sourceforge.net/projects/dex2jar/ 。
If you want to see the code there is a GitHub link, that is https://github.com/pxb1988/dex2jar
如果您想查看代码,则有一个GitHub链接,即https://github.com/pxb1988/dex2jar
This is a zip file and in my desktop->demo3 directory I put the unzipped directory of this zip file.
这是一个zip文件,在我的desktop-> demo3目录中,放置了该zip文件的解压缩目录。
第2步: (Step 2:)
We need to download JD-GUI software. You can visit the following link http://java-decompiler.github.io/ and in the download section based on your operating system, you can download the software.
我们需要下载JD-GUI软件。 您可以访问以下链接http://java-decompiler.github.io/,并在基于您的操作系统的下载部分中,可以下载软件。
I store the software in my desktop->demo3 directory.
我将该软件存储在我的Desktop-> demo3目录中。
第三步:(Step 3:)
We need to target any android app. So in this case I am targeting EnglishScore: Free British Council English Test app from the following google play store link. https://play.google.com/store/apps/details?id=com.englishscore
我们需要定位任何Android应用。 因此,在这种情况下,我的目标是EnglishScore:来自以下Google Play商店链接的免费British Council English Test应用程序。 https://play.google.com/store/apps/details?id=com.englishscore
第4步: (Step 4:)
We need to download the APK file.
我们需要下载APK文件。
Visit the following site https://apkpure.com/region-free-apk-download
On the website, at the top text field, paste the google play store app link and click download.
在网站的顶部文本字段中,粘贴google play store应用链接,然后点击下载。
It will take some time, and will show you another download link. Use that link to download the APK file.
这将需要一些时间,并会显示另一个下载链接。 使用该链接下载APK文件。
After downloading store the app in demo3->dex2jar-2.0 directory
下载后,将应用程序存储在demo3-> dex2jar-2.0目录中
步骤5:(Step 5:)
Open your terminal if you use mac or open your Windows PowerShell if you use windows.
如果使用Mac ,请打开终端;如果使用Windows ,请打开Windows PowerShell 。
In the terminal, go to the target directory. In my case it will be:
cd /Users/mahmud/Desktop/demo3/dex2jar-2.0在终端中,转到目标目录。 就我而言,它将是:
cd /Users/mahmud/Desktop/demo3/dex2jar-2.0Now fix the permission of all files by pasting the following commands:
现在,通过粘贴以下命令来修复所有文件的权限:
Now fix the permission of all files by pasting the following commands:
chmod 0777 *现在,通过粘贴以下命令来修复所有文件的权限:
chmod 0777 *Now type
./d2j-dex2jar.shand then type Eng and clicktabto get the full file name.EnglishScore\ Free\ British\ Council\ English\ Test_v1.00.32_apkpure.com.apk.现在键入
./d2j-dex2jar.sh,然后键入Eng并单击tab获得完整的文件名。EnglishScore\ Free\ British\ Council\ English\ Test_v1.00.32_apkpure.com.apk。Now click enter. It will take some time, and you will see a new file named
现在点击回车。 这将需要一些时间,您将看到一个名为
Now click enter. It will take some time, and you will see a new file namedEnglishScore Free British Council English Test_v1.00.32_apkpure.com-dex2jar.jar is created.
现在点击回车。 这将需要一些时间,您将看到一个名为EnglishScore Free British Council English Test_v1.00.32_apkpure.com-dex2jar.jar的新文件。
步骤6:(Step 6:)
Now go to your jd-gui->build->libs directory. And in my case, if I double click jd-gui-1.6.1.jar you will see the following interface of the app.
现在转到jd-gui-> build-> libs目录。 就我而言,如果我双击jd-gui-1.6.1.jar,您将看到该应用程序的以下界面。
Now drag and paste the EnglishScore Free British Council English Test_v1.00.32_apkpure.com-dex2jar.jar file within the app and you will see the following things.
现在,将EnglishScore Free British Council English Test_v1.00.32_apkpure.com-dex2jar.jar文件拖放到应用程序中,您将看到以下内容。
If you click the com section, you will see what 3rd party libraries this app is used.
如果单击com部分,您将看到该应用程序使用了哪些第三方库。
Also in this app, if you click englishscore section, you will see the source code of the app.
同样在此应用程序中,如果您单击englishscore部分,您将看到该应用程序的源代码。
Now click any file, for example, BritishCouncil.class file and you will see the actual code of the app. If this app was protected by any premium tool, or even obfuscated the code before releasing the app, we couldn’t easily understand the code after reverse engineering.
现在单击任何文件,例如BritishCouncil.class文件,您将看到该应用程序的实际代码。 如果此应用程序受到任何高级工具的保护,或者甚至在发布该应用程序之前混淆了代码,则在进行反向工程后,我们将无法轻松理解代码。
But unfortunately, many android app developers didn’t know about reverse engineering and spying eyes can easily reverse engineer the app.
但是不幸的是,许多android应用程序开发人员并不了解逆向工程,而窥探眼睛很容易就能对应用程序进行逆向工程。
So it is important to know by all android developers.
因此,所有Android开发人员都必须知道这一点。
结论 (Conclusion)
If you click distinct classes of this application, you can see all the code. Now think, if you are an android developer, you are developing a financial or banking app and you didn’t use any obfuscation techniques or especially for financial type app; you didn’t use any protection then how easy it is for hackers to hack your application or breach the security right?
如果单击此应用程序的不同类,则可以看到所有代码。 现在想想,如果您是一名Android开发人员,那么您正在开发金融或银行应用程序,并且没有使用过任何混淆技术,尤其是对于金融类型的应用程序; 您没有使用任何保护,那么黑客入侵您的应用程序或破坏安全性有多容易?
So I hope you understand how vulnerable our app is. In another post, I will share some techniques and tools to protect an Android app.
因此,我希望您了解我们的应用程序有多脆弱。 在另一篇文章中,我将分享一些保护Android应用程序的技术和工具。
I write about programming, technology, and self-enrichment. If you follow me on Twitter, you’ll get new ideas and approaches.
我写有关编程,技术和自我充实的文章。 如果您在Twitter上关注我,您将获得新的想法和方法。
翻译自: https://medium.com/swlh/how-to-reverse-engineering-an-android-app-be5835f6fa1e
iis 反向代理 应用程序
2538
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
