编程知识 cdmana.com

[Android reverse] Introduction to shell technology (dynamic loading | first generation shell technology - dex overall reinforcement | second generation shell technology - function extraction | third generation shell technology - VMP / dex2c | dynamic libr





One 、 Dynamic loading



Dynamic loading : call Java Class time , When used , Only from the DEX Load the corresponding bytecode class in the bytecode file ;


Hot repair , DEX shell , pluggable , Must use dynamic loading technology ;


Dynamic loading Of Java Class can only complete general function calls , If you load a Activity Component class , The loaded class does not have the characteristics of component life cycle , Cannot be used as a normal component ;

If you want to use it normally Dynamic loading Component class of , You need to modify the class loader , Yes 2 2 2 A correction method ;





Two 、 First generation shelling Technology ( DEX Integral reinforcement )



First generation shelling Technology :

  • DEX Bytecode files are encrypted as a whole
  • Use customization DexClassLoader load DEX file

The characteristics of the first generation shell : In memory , DEX A file is a continuous block of memory as a whole , If you find it DEX The starting address of the file , You can easily put the whole DEX file dump Come down ;

DEX Shelling loading scheme :

  • File loading : Access records by monitoring files , You can also find DEX file ;
  • Memory load : In memory DEX The document is complete , You can also load... From memory DEX file ;

The protection granularity is DEX Overall document ;





3、 ... and 、 Second generation shelling technology ( Function extraction )



Second generation shelling technology Yes DEX The file is protected as a whole , Will be one of the Key code is extracted externally , DEX After loading into memory , It's not complete DEX file , Even if the whole DEX file DUMP After coming down , Some of the extracted key code cannot be seen , That is to say DEX The key class or method in the file is empty ;

The second generation shell is characterized by In memory DEX The data is not continuous ;

DexHunter Tools You can traverse all class information in memory , take DEX Complete splicing , Get a complete DEX class ;


The granularity of protection is determined by DEX Refine to each function ; The cracker can put DEX I got the papers , But the key function is empty ;





Four 、 Third generation shelling technology ( Java function -> Native function )



Third generation shelling technology : take Java Conversion of function to Native function ;

  • VMP shell
  • Dex2C / Java2C

This type of shell protection is the strongest , Most reinforcement manufacturers need to pay for such shelling ;





5、 ... and 、so Dynamic library shell



so Dynamic library shell :

  • be based on init , init_array , JNI_Onload Function to shell ;
  • be based on Customize linker To shell ;

版权声明
本文为[Han Shuliang]所创,转载请带上原文链接,感谢
https://cdmana.com/2021/12/202112122241247120.html

Scroll to Top