|
|
CM是什么?Crackme是什么?这是什么东西?楼主发的什么?
他们都是一些公开给别人尝试破解的小程序,制作 Crackme 的人可能是程序员,想测试一下自己的软件保护技术,也可能是一位 Cracker,想挑战一下其它 Cracker 的破解实力,也可能是一些正在学习破解的人,自己编一些小程序给自己破解,KeyGenMe是要求别人做出它的 keygen (序号产生器), ReverseMe 要求别人把它的算法做出逆向分析, UnpackMe 是要求别人把它成功脱壳,本版块禁止回复非技术无关水贴。
本帖最后由 LivedForward 于 2019-8-28 12:07 编辑
之前发布的对抗爆破签名校验方法(https://www.52pojie.cn/thread-1011337-1-1.html), 只对Kstools和MT旧版去除签名校验有效,
检测APP自身是否被动态代{过}{滤}理Hook方案:https://www.52pojie.cn/thread-1015426-1-1.html
我又通过反射获取签名信息比对,MT管理器只在Android6.0及以下可以Hook,7.0及以上不能Hook,
大家可不可以·在这里指点以下呢?我猜想增强版去签名校验是否Hook了IO中相关函数.
测试APP:MT增强版去签名校验只对Android6.0及以下有效
链接: https://pan.baidu.com/s/1Ul-GpzvNpGxTtqk-ZPVnhg 提取码: u1f6
下面是反射获取签名信息代码:
public String getApkSignatureModules(Context context, String apkPath)
{
String sign = null;
try
{
Class clazz = Class.forName("android.content.pm.PackageParser");
Object packageParser = getParserObject(clazz);
Object packag = getPackage(context, clazz, packageParser, apkPath);
Method collectCertificatesMethod = clazz.getDeclaredMethod("collectCertificates", Class.forName("android.content.pm.PackageParser$Package"), int.class);
collectCertificatesMethod.setAccessible(true);
collectCertificatesMethod.invoke(packageParser, packag, PackageManager.GET_SIGNATURES);
android.content.pm.Signature mSignatures[] = (android.content.pm.Signature[]) packag.getClass().getField("mSignatures").get(packag);
//System.out.println("size:" + mSignatures.length);
android.content.pm.Signature apkSignature = mSignatures.length > 0 ? mSignatures[0] : null;
if (apkSignature != null)
{
/*
String originSSL = null;
byte[] signature = apkSignature.toByteArray();
X509Certificate cert = parseSignature(signature);
java.security.PublicKey pk = cert.getPublicKey();
originSSL = pk.toString();
int start = originSSL.indexOf("modulus=");
int end = originSSL.lastIndexOf(",public");
if (start != -1 && end != -1)
return originSSL.substring(start + 8, end);
return null;
*/
sign = getHash(new String(apkSignature.toByteArray(), "UTF-8"), "SHA");
// new String(apkSignature.toByteArray(), "UTF-8"); }
}
}
catch (Exception e)
{
showDialog(ExceptionUtils.getExceptionTips(e),"");
e.printStackTrace();
}
return sign;
}
private static Object getParserObject(Class clazz) throws InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException
{
Constructor con = null;
if(Build.VERSION.SDK_INT >= 21 ){
con = clazz.getDeclaredConstructor();
con.setAccessible(true);
return con.newInstance();
}else{
con = clazz.getDeclaredConstructor(String.class);
con.setAccessible(true);
return con.newInstance("");
}
}
private static Object getPackage(Context c, Class clazz, Object instance, String path) throws Exception
{
Object pkg = null;
if (Build.VERSION.SDK_INT >= 21)
{
Method method = clazz.getDeclaredMethod("parsePackage", File.class, int.class);
method.setAccessible(true);
pkg = method.invoke(instance, new File(path) , 0x0004);
}
else
{
Method method = clazz.getDeclaredMethod("parsePackage", File.class, String.class, DisplayMetrics.class, int.class);
method.setAccessible(true);
pkg = method.invoke(instance, new File(path), null, c.getResources().getDisplayMetrics(), 0x0004);
}
return pkg;
}
public static String getHash(String source, String hashType)
{
if (source == null || hashType == null)
return null;
// 用来将字节转换成 16 进制表示的字符
char hexDigits[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
StringBuilder sb = new StringBuilder();
MessageDigest md5 = null;
try
{
md5 = MessageDigest.getInstance(hashType);
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
try
{
md5.update(source.getBytes("UTF-8"));
}
catch (UnsupportedEncodingException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
byte[] encryptStr = md5.digest();
for (int i = 0; i < encryptStr.length; i++)
{
int iRet = encryptStr; //这里是encryptStr【i】 帖子显示不出来
if (iRet < 0)
{
iRet += 256;
}
int iD1 = iRet / 16;
int iD2 = iRet % 16;
sb.append(hexDigits[iD1] + "" + hexDigits[iD2]);
}
return sb.toString();
} |
免费评分
-
查看全部评分
|
发表于 2019-8-27 15:43
狗仔卡
