3 smali to javakeys 游戏攻略
点击联系发帖人
时间:2015-01-27 07:16
《Smali Viewer Manual》 | AVL Team
1 Basic information
Welcome SmaliViewer ( referred to as “SV”), SV is a free APK analysis software, regardless of the depth or breadth of analysis from the point of view, are designed to meet user needs, making the process in the APK in your analysis , more handy. SV for Android mobile smart device applications APK files reverse , for the analysis of mobile application software code , using a variety of methods to determine the suspected samples for screening , such as certificate information , permissions information sensitive SP number information , Android Manifest , the function flowchart (CFG), a string table resource file information, sensitive information behavior , dynamic behavior , and so comprehensive determination .
2 Installation
Operating Environment:
Need to install java 1.7 and above
Installation:
Download
.zip package, extract the installation directory in the specified folder open SmaliViewer
Start method:
Click SmaliViewer.bat under windows system under Linux Click SmaliViewer.sh run the program. The first time you run the program , agree to ” user agreement .”
3.1 Interface Workspace
Work area is divided into four regions, see the following picture :
1- menus and toolbars.
2- the main work area.
3- Operation log and status display area.
4- class structure display.
5- member list display area.
3.2 Loading apk
SV ‘s core purpose is to make the analysis easier APK , so the use of methods, is also particularly convenient: loading APK There are three main ways :
1- Through the Open button in the File menu , and then select Open apk
2- will need to analyze the apk directly dragged into the designated area
3- Pass the historical path directly open
After loading successfully , through menus and toolbars , select the desired view of the working window .
3.3 Workspace
View the work area through the operation menu and shortcut menu , you can open the following eight working window , the window through which eight kinds of work , to show you the results of the analysis contained SV depth and breadth of the APK ‘s :
Working window
Description
can view through SV disassembled . Smali code information dex format files .
can view the information to the calling function relationship diagram with arrows.
AndroidManifest
can view the AndroidManifest APK file information.
can see Dex in the decompiled code string information , and the use of regular expressions, get the URL information.
Resouces String
can view resource.asrc file decompiled resource file information.
Certification
can view the certificate file information Apk.
compressed files can be viewed within the packet.
can record their own analysis of information.
can smali code for the global search.
1- shortcut keys , you can quickly open the String workspace , Resouces String workspace and Zip View workspace.
2- Tab directory , display opened Tab, and you can double-click or click the Close icon to close the Tab.
3- Additional Tab in the menu bar to open the View.
3.4 Common viewing
Search function: When using the SV view the code , you can open the Search feature to quickly find their desired code location. When using the Search Comsearch into global search and Search to find the current page . You can open the Options , or use the shortcut key.
Comment function: In Smali Tab window , add notes to code , location of the mouse , right click , you can open the menu , select Comment feature, add a comment
Jump function: In the Manifest Tab window , move the mouse to the code content underlined , double-click the left button , you can jump to the corresponding code content Smali Tab Window.
Vt networking analysis : Connect via the Internet to virustotal, APK online analysis , click on the shortcut icon to start the network analysis functions
4 Other Features
4.1 View reference relationship
A member of the class structure of the display area of the list display area , select a method or variable , see the context menu select ref to, you can see the relationship between the reference method , and a list of references to double-click on the window above relationship can jump.
4.2 Graph
After the list of selected members of the method , open the View in Graph, you can view the code within the method jumps view 1 – preview view , drag the blue box , you can change the display contents of the main workspace
4.3 Save DEX2jar
Under Options select the directory to save dex2jar button , you can apk the . Dex file as . Jar format , save in the original APK file directory , and then use dex2jar_gui but other software to open , view java code.
5 Config Settings
Open Config in Options, catalog , content settings , including functional display style , and the style interface displays two under Functions window can display format of the code, click OK to confirm the selection . Under View window, you can open the night mode, language patterns , as well as the font size display window , and the window style , click OK to confirm the selection .
6 About AVL Team
AVL Team is safe laboratory ‘s independence day mobile security company , was founded in 2010 . Since its establishment , AVL Team has always focused on the mobile anti-virus field , is committed to partner with the best anti-virus engines and solutions on a profound understanding of customer needs , and has accumulated rich experience and technology .
AVL Team also made major security threats and efficient emergency response , and actively participate in academia and industry activities. AVL Team ‘s main product is mobile anti-virus engine middleware called AVL SDK for Mobile , the mobile platform can be used to detect malicious code , adware and spyware and so on. AVL SDK for Mobile users can easily integrate it into its own network equipment , software or mobile applications, immediate access to the top anti-virus capabilities.
AVL SDK for Mobile can be ported to different hardware platforms , and to adapt to different network environments and computing power. AVL SDK for Mobile malicious code detection capability has been validated authoritative test : 2014.2, AVL SDK for Mobile won the top international testing organization AV-TEST awarded the 2013 Annual Awards only mobile security .
病毒名:Trojan/Android.arydigital.a[prv,spy]
危险等级:高
描述:该应用运行后隐藏图标,窃取用户短信。联系人、通话记录、浏览器历史记录、地理位置等隐私信息,私自拍照、录音,并将用户隐私上传至服务器、造成用户隐私泄露。
病毒名:G-Ware/Android.FakeSexApp.f[pay,fra]
危险等级:高
描述:该程序伪装色情应用,诱导点击付费,拦截短信,实际跳转到搜狐视频网页,可能造成用户资费损失,建议不要使用。
病毒名:Trojan/Android.Downloader.dz[exp,spr,rog]
危险等级:高
描述:该程序运行隐藏图标,联网下载多个恶意软件,造成用户资费损耗,建议卸载。
病毒名:Trojan/Android.Joye.h[pay,exp,prv]
危险等级:高
描述:该病毒运行后隐藏图标,上传用户硬件信息,后台联网获取支付信息,通过短信发送扣费短信,会对用户的资费造成消耗,建议立即卸载。
病毒名:Trojan/Android.FakeInst.fa[pay,fra]
危险等级:高
描述:该程序伪装文件下载工具,运行私自发送付费短信,拦截短信,会造成用户资费损失,建议卸载。随着智能手机的普及,移动APP已经贯穿到人们生活的各个领域。越来越多的人甚至已经对这些APP应用产生了依赖,包括手机QQ、游戏、导航地图、微博、微信、手机支付等等,尤其2015年春节期间各大厂商推出的抢红包活动,一时让移动支付应用变得异常火热。
然后移动安全问题接憧而至,主要分为移动断网络安全和客户端应用安全。目前移动APP软件保护方面还处于初级阶段,许多厂商对APP安全认识不够深入,产品未经过加密处理,使得逆向分析者能够通过逆向分析、动态调试等技术来破解APP,这样APP原本需要账号密码的功能可以被破解者顺利绕过,使得厂商利益严重受损。
对未加壳的APP进行动态调试,通常可以非常顺利且快速地绕过一些登陆限制或功能限制。本文将以安卓APP为例,来详细介绍一下移动APP动态调试技术。
0x01 调试环境搭建
1.1 安装JDK
JAVA环境的搭建请自行查找资料,这里不做详述。
1.2 安装Android SDK
下载地址:http://developer.android.com/sdk/index.html。
下载完安装包后解压到任意一目录,然后点击运行SDK Manager.exe,然后选择你需要的版本进行安装,如图:
1.3 安装Eclipse集成开发环境
下载地址:http://www.eclipse.org/downloads。选择Eclipse for Mobile Developers,解压到任意目录即可。
1.4 创建Android Virtual Device
动态调试可以用真实的手机来做调试环境,也可以用虚拟机来做调试环境,本文采用虚拟机环境。因此创建虚拟机步骤如下:
1打开Eclipse –&windows-&Android Virtual Device
2点击Create,然后选择各个参数如图:
这里Target 就是前面步骤中安装的SDK 选择任意你觉得喜欢的版本就可以。点击OK 就创建完毕。
1.5 安装 APK改之理
这个是一个很好用的辅助调试的软件,请自行搜索下载。
1.6 安装 IDA6.6
IDA6.6开始支持安卓APP指令的调试,现该版本已经提供免费下载安装,请自行搜搜。
0x02 Dalvik指令动态调试
2.1 准备工作
安卓APP应用程序后缀为apk,实际上是一个压缩包,我们把它改后缀为rar打开如图:
其中classes.dex是应用的主要执行程序,包含着所有Dalvik指令。我们用APK改之理打开apk,软件会自动对其进行反编译。反编译后会有很多smail文件,这些文件保存的就是APP的Dalvik指令。
在APK改之理里双击打开AndroidManifest.xml,为了让APP可调试,需要在application 标签里添加一句android:debuggable="true" 如图:
然后点击保存按钮,然后编译生成新的apk文件。接着打开Eclipse –&windows-&Android Virtual Device,选择刚才创建的虚拟机,然后点击start,虚拟机便开始运行。偶尔如果Eclipse启动失败,报错,可以同目录下修改配置文件:
把配置参数原本为512的改为256 原本为1024的改为512,然后再尝试启动。
在SDK安装目录有个命令行下的调试工具adb shell,本机所在目录为E:\adt-bundle-windows-x86-\sdk\platform-tools,把adb.exe注册到系统环境变量中,打开dos命令行窗口执行adb shell 就可以进入APP命令行调试环境,或者切换到adb所在目录来执行adb shell。
这里先不进入adb shell,在DOS命令行下执行命令:adb install d:\1.apk 来安装我们刚才重新编译好的APK文件。安装完毕会有成功提示。
2.2 利用IDA动态调试
将APP包里的classes.dex解压到任意一目录,然后拖进IDA。等待IDA加载分析完毕,点击Debugger-&Debugger Options如图
按图所示勾选在进程入口挂起,然后点击Set specific options 填入APP包名称和入口activity 如图:
其中包的名称和入口activity 都可以通过APK改之理里的AndroidManifest.xml 文件获取:
&manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.simpleencryption"&
&application android:allowBackup="true" android:debuggable="true" android:icon="@drawable/creakme_bg2" android:label="@string/app_name" android:theme="@style/AppTheme"&
&activity android:label="@string/app_name" android:name=".MainActivity"&
然后在IDA点击Debugger-&Process Options
其他默认不变,端口这里改为8700。这里默认端口是23946,我在这里困扰了很久,就是因为这个端口没有改为8700所致。然后我们看看这个8700端口是怎么来的。在Android SDK里提供了一款工具DDMS,用来监视APP的运行状态和结果。在SDK的TOOLS目录有个DDMS.BAT的脚步,运行后就会启动DDMS。由于我的本机安装了SDK的ADT插件,DDMS集成到了Eclips中,打开Eclips-&Open perspective-&ddms就启动了DDMS。
如图所示:
在DDMS选中某个进程后面就会注释出它的调试端口,本机这里是8700。
到此所有的工作就准备就绪,然后就可以下断点来调试该APP了。我们在APK改之理中在com目录下查看smali文件 发现MainActivity.smali里有一个感兴趣的函数getPwdFromPic(),那么我们就对它下断以跟踪APP的运行。
在IDA里搜索字符串getPwdFromPic,发现onClick有调用该函数
我们在onClick 函数开始位置按F2下断如图:
然后点击上图中绿色三角形按钮启动调试如图:
调试过程中有一个问题出现了很多次,浪费了我大量的时间,就在写文章的时候,操作时还是遇到了这样的问题。就是点击启动后IDA提示can’t bind socket,琢磨了很久终于找到原因了,当打开过一次DDMS后 每次启动Eclips都会启动DDMS 而8700端口正是被这个DDMS给占用了,然后每次都会启动失败,解决办法就是 虚拟机运行起来后关闭掉Eclips,这时一切就正常了!
事例中是一个APP crackme 提示输入密码才能进入正确界面。这个时候我们输入123,点击登陆,IDA中断在了我们设置断点的地方,这时选中ida-&debugger-&use source level debugger,然后点击ida-&debugger-&debugger windows-&locals打开本地变量窗口,如图:
然后按F7或F8单步跟踪程序流程,同时可以观察到变量值的变化,也可以在IDA右键选择图形视图,可以看到整个APP执行的流程图:
如上图所示 变量窗口中我们输入了123 被转化成的密码是么广亡,pw变量也显示出了正确的密码,其实这个时候已经很容易判断出正确密码了。
0x03 Andoid原生动态链接库动态调试
通常为了加密保护等措施,有时dex执行过程中会调用动态链接库文件,该文件以so为后缀,存在于APP文件包里。
这里我们以动态附加的方式来调试原生库。
3.1 准备工作
1、将IDA-&dbgsrv目录下的android_server拷贝到虚拟机里,并赋予可执行权限
DOS命令分别为:
adb shell pull d:\ android_server /data/data/sv
adb shell chmod 755 /data/data/sv
2、启动调试服务器android_server
命令:adb shell /data/data/sv
服务器默认监听23946端口。
3、重新打开DOS窗口进行端口转发,命令:
adb forward tcp:23946 tcp:23946 如图:
3.2 利用IDA进行动态调试
1、虚拟机里启动要调试的APP 2、启动IDA,打开debugger-&attach-&remote Armlinux/andoid debugger
端口改为23946 其他保持不变,点击OK
如上图,选中要调试的APP 的数据包名,然后点击OK。
正常情况下,IDA会把APP进程挂起。
3、由于当前程序不是在动态链接库领空,这时我们要重新打开一个IDA,用它打开需要调试的so文件,找到需要下断的位置的文件偏移,并做记录,然后关闭后面打开的这个IDA。
4、在原IDA界面按下ctrl+s键,找到并找到需要调试的so,同时记录该文件的加载基址。然后点击OK 或者cancel按钮关闭对话框。
5、按下快捷键G 输入基址+文件偏移所得地址,点击OK 就跳转到SO文件需要下断的地方,这时按下F2键设置断点。当APP执行到此处时便可以断下来。
3.3 在反调试函数运行前进行动态调试
程序加载so的时候,会执行JNI_OnLoad函数,做一系列的准备工作。通常反调试函数也会放到JNI_OnLoad函数里。进行4.2中第2步时也许会遇到如下情况:
这时APP检测到了调试器,会自动退出,那么这时调试策略需要有所改变。
接着4.1第3步后,在DOS命令行执行命令:
adb shell am start -D -n com.yaotong.crackme/com.yaotong.crackme.MainActivity
来以调试模式启动APP 如图:
com.yaotong.crackme是APP包名称,com.yaotong.crackme.MainActivity是执行入口 这些可以用APK改之理查看。
这时由于APP还未运行,那么反调试函数也起不了作用,按照4.2中第2步把APP挂起。这时IDA会中断在某个位置
然后点击debugger-&debugger opions设置如下:
点击OK 后按F9运行APP,然后再DOS命令下执行命令:
jdb -connect com.sun.jdi.SocketAttach:hostname=127.0.0.1,port=8700
这时APP会断下来,然后按照4.2中的3、4、5补找到JNI_OnLoad函数的地址并下断,然后按F9 会中断下来。然后便可以继续动态跟踪调试分析。
0x04 主要参考资料
1、《Andoroid 软件安全与逆向分析》
2、看雪论坛安卓安全版
3、吾爱破解论坛安卓版
感谢看雪论坛好友:我是小三、QEver、非虫等的热心指教!
jpg 改 rar
阅读(...) 评论()loganyang123的专栏
https://blog.csdn.net/
https://static-blog.csdn.net/images/logo.gif
https://blog.csdn.net/loganyang123
https://blog.csdn.net/
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
本文主要介绍了网络安全通讯协议 SSL/TLS 和 Java 中关于安全通讯的实现部分。并通过一个简单的样例程序实现,来展示如何在 Java 平台上正确建立安全通讯。
人类建立了通信系统之后,如何保证通信的安全始终是一个重要的问题。伴随着现代化通信系统的建立,人们利用数学 理论找到了一些行之有效的方法来保证数字通信的安全。简单来说就是把两方通信的过程进行保密处理,比如对双方通信的内容进行加密,这样就可以有效防止偷听者轻易截获通信的内容。目前
SSL(Secure Sockets Layer) 及其后续版本 TLS(Transport Layer Security)是比较成熟的通信加密协议,它们常被用于在客户端和服务器之间建立加密通信通道。各种开发语言都给出 SSL/TLS 协议的具体实现,Java 也不例外。在 JDK 中有一个 JSSE(javax.net.ssl)包,提供了对 SSL 和 TLS 的支持。通过其所提供的一系列 API,开发者可以像使用普通 Socket 一样使用基于 SSL 或 TLS 的安全套接字,而不用关心 SSL 和
TLS 协议的细节,例如握手的流程等等。这使得利用 Java 开发安全的 SSL/TLS 服务器或客户端非常容易,本文将通过具体的例子来说明如何用 Java 语言来开发 SSL/TLS 应用。
SSL/TLS 协议的介绍
SSL/TLS 协议(RFC2246 RFC4346)处于 TCP/IP 协议与各种应用层协议之间,为数据通讯提供安全支持。
从协议内部的功能层面上来看,SSL/TLS 协议可分为两层:
1. SSL/TLS 记录协议(SSL/TLS Record Protocol),它建立在可靠的传输层协议(如 TCP)之上,为上层协议提供数据封装、压缩、加密等基本功能。
2. SSL/TLS 握手协议(SSL/TLS Handshake Protocol),它建立在 SSL/TLS 记录协议之上,用于在实际的数据传输开始前,通讯双方进行身份认证、协商加密算法、交换加密密钥等初始化协商功能。
从协议使用方式来看,又可以分成两种类型:
1. SSL/TLS 单向认证,就是用户到服务器之间只存在单方面的认证,即客户端会认证服务器端身份,而服务器端不会去对客户端身份进行验证。首先,客户端发起握手请求,服务器收到握手请求后,会选择适合双方的协议版本和加密方式。然后,再将协商的结果和服务器端的公钥一起发送给客户端。客户端利用服务器端的公钥,对要发送的数据进行加密,并发送给服务器端。服务器端收到后,会用本地私钥对收到的客户端加密数据进行解密。然后,通讯双方都会使用这些数据来产生双方之间通讯的加密密钥。接下来,双方就可以开始安全通讯过程了。
2.SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书。基本的过程和单向认证完全一样,只是在协商阶段多了几个步骤。在服务器端将协商的结果和服务器端的公钥一起发送给客户端后,会请求客户端的证书,客户端则会将证书发送给服务器端。然后,在客户端给服务器端发送加密数据后,客户端会将私钥生成的数字签名发送给服务器端。而服务器端则会用客户端证书中的公钥来验证数字签名的合法性。建立握手之后过程则和单向通讯完全保持一致。
SSL/TLS 协议建立通讯的基本流程如图 1 所示,
图 1. SSL/TLS 基本流程图
步骤 1. ClientHello – 客户端发送所支持的 SSL/TLS 最高协议版本号和所支持的加密算法集合及压缩方法集合等信息给服务器端。
步骤 2. ServerHello – 服务器端收到客户端信息后,选定双方都能够支持的 SSL/TLS 协议版本和加密方法及压缩方法,返回给客户端。
(可选)步骤 3. SendCertificate – 服务器端发送服务端证书给客户端。
(可选)步骤 4. RequestCertificate – 如果选择双向验证,服务器端向客户端请求客户端证书。
步骤 5. ServerHelloDone – 服务器端通知客户端初始协商结束。
(可选)步骤 6. ResponseCertificate – 如果选择双向验证,客户端向服务器端发送客户端证书。
步骤 7. ClientKeyExchange – 客户端使用服务器端的公钥,对客户端公钥和密钥种子进行加密,再发送给服务器端。
(可选)步骤 8. CertificateVerify – 如果选择双向验证,客户端用本地私钥生成数字签名,并发送给服务器端,让其通过收到的客户端公钥进行身份验证。
步骤 9. CreateSecretKey – 通讯双方基于密钥种子等信息生成通讯密钥。
步骤 10. ChangeCipherSpec – 客户端通知服务器端已将通讯方式切换到加密模式。
步骤 11. Finished – 客户端做好加密通讯的准备。
步骤 12. ChangeCipherSpec – 服务器端通知客户端已将通讯方式切换到加密模式。
步骤 13. Finished – 服务器做好加密通讯的准备。
步骤 14. Encrypted/DecryptedData – 双方使用客户端密钥,通过对称加密算法对通讯内容进行加密。
步骤 15. ClosedConnection – 通讯结束后,任何一方发出断开 SSL 连接的消息。
除了以上的基本流程,SSL/TLS 协议本身还有一些概念需要在此解释说明一下。
Key:Key 是一个比特(bit)字符串,用来加密解密数据的,就像是一把开锁的钥匙。
对称算法(symmetric cryptography):就是需要双方使用一样的
key 来加密解密消息算法,常用密钥算法有 Data Encryption Standard(DES)、triple-strength DES(3DES)、Rivest Cipher 2 (RC2)和 Rivest Cipher 4(RC4)。因为对称算法效率相对较高,因此 SSL 会话中的敏感数据都用通过密钥算法加密。
非对称算法(asymmetric cryptography):就是
key 的组成是公钥私钥对 (key-pair),公钥传递给对方私钥自己保留。公钥私钥算法是互逆的,一个用来加密,另一个可以解密。常用的算法有 Rivest Shamir Adleman(RSA)、Diffie-Hellman(DH)。非对称算法计算量大比较慢,因此仅适用于少量数据加密,如对密钥加密,而不适合大量数据的通讯加密。
公钥证书(public key certificate):公钥证书类似数字护照,由受信机构颁发。受信组织的公钥证书就是
certificate authority(CA)。多证书可以连接成证书串,第一个是发送人,下一个是给其颁发证书实体,往上到根证书是世界范围受信组织,包括 VeriSign, Entrust, 和 GTE CyberTrust。公钥证书让非对称算法的公钥传递更安全,可以避免身份伪造,比如 C 创建了公钥私钥,对并冒充 A 将公钥传递给 B,这样 C 与 B 之间进行的通讯会让 B 误认是 A 与 B 之间通讯。
加密哈希功能(Cryptographic Hash Functions): 加密哈希功能与
checksum 功能相似。不同之处在于,checksum 用来侦测意外的数据变化而前者用来侦测故意的数据篡改。数据被哈希后产生一小串比特字符串,微小的数据改变将导致哈希串的变化。发送加密数据时,SSL 会使用加密哈希功能来确保数据一致性,用来阻止第三方破坏通讯数据完整性。SSL 常用的哈希算法有 Message Digest 5(MD5)和 Secure Hash Algorithm(SHA)。
消息认证码(Message Authentication Code): 消息认证码与加密哈希功能相似,除了它需要基于密钥。密钥信息与加密哈希功能产生的数据结合就是哈希消息认证码(HMAC)。如果
A 要确保给 B 发的消息不被 C 篡改,他要按如下步骤做 --A 首先要计算出一个 HMAC 值,将其添加到原始消息后面。用 A 与 B 之间通讯的密钥加密消息体,然后发送给 B。B 收到消息后用密钥解密,然后重新计算出一个 HMAC,来判断消息是否在传输中被篡改。SSL 用 HMAC 来保证数据传输的安全。
数字签名(Digital Signature):一个消息的加密哈希被创建后,哈希值用发送者的私钥加密,加密的结果就是叫做数字签名。
JSSE(Java Secure Socket Extension)使用介绍
在 Java SDK 中有一个叫 JSSE(javax.net.ssl)包,这个包中提供了一些类来建立 SSL/TLS 连接。通过这些类,开发者就可以忽略复杂的协议建立流程,较为简单地在网络上建成安全的通讯通道。JSSE 包中主要包括以下一些部分:
安全套接字(secure socket)和安全服务器端套接字
非阻塞式 SSL/TLS 数据处理引擎(SSLEngine)
套接字创建工厂 , 用来产生 SSL 套接字和服务器端套接字
套接字上下文 , 用来保存用于创建和数据引擎处理过程中的信息
符合 X.509 规范密码匙和安全管理接口
下面将通过一个简单的例子来展示如何通过 JSSE,在客户端和服务器端建立一个 SSL/TLS 连接。设计两个类 SSLClient 和 SSLServer,分别来表示客户端和服务器端。客户端将会向服务器端发起连接请求,在通过服务器端验证建立 SSL 连接后,服务器端将会向客户端发送一串内容,客户端将会把收到的内容打印出来。样例代码如下,
SSLClient Source code:
package example.ssl.
import java.io.*;
import javax.net.ssl.SSLS
import javax.net.ssl.SSLSocketF
class SSLClient {
private SSLSocket socket =
public SSLClient() throws IOException {
// 通过套接字工厂,获取一个客户端套接字
SSLSocketFactory socketFactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
socket = (SSLSocket) socketFactory.createSocket("localhost", 7070);
public void connect() {
// 获取客户端套接字输出流
PrintWriter output = new PrintWriter(
new OutputStreamWriter(socket.getOutputStream()));
// 将用户名和密码通过输出流发送到服务器端
String userName = "principal";
output.println(userName);
String password = "credential";
output.println(password);
output.flush();
// 获取客户端套接字输入流
BufferedReader input = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
// 从输入流中读取服务器端传送的数据内容,并打印出来
String response = input.readLine();
response += "\n " + input.readLine();
System.out.println(response);
// 关闭流资源和套接字资源
output.close();
input.close();
socket.close();
} catch (IOException ioException) {
ioException.printStackTrace();
} finally {
System.exit(0);
public static void main(String args[]) throws IOException {
new SSLClient().connect();
SSLServer Source code:
package example.ssl.
import java.io.*;
import javax.net.ssl.SSLServerS
import javax.net.ssl.SSLServerSocketF
import javax.net.ssl.SSLS
class SSLServer {
// 服务器端授权的用户名和密码
private static final String USER_NAME = "principal";
private static final String PASSWORD = "credential";
// 服务器端保密内容
private static final String SECRET_CONTENT =
"This is confidential content from server X, for your eye!";
private SSLServerSocket serverSocket =
public SSLServer() throws Exception {
// 通过套接字工厂,获取一个服务器端套接字
SSLServerSocketFactory socketFactory = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket)socketFactory.createServerSocket(7070);
private void runServer() {
while (true) {
System.out.println("Waiting for connection...");
// 服务器端套接字进入阻塞状态,等待来自客户端的连接请求
SSLSocket socket = (SSLSocket) serverSocket.accept();
// 获取服务器端套接字输入流
BufferedReader input = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
// 从输入流中读取客户端用户名和密码
String userName = input.readLine();
String password = input.readLine();
// 获取服务器端套接字输出流
PrintWriter output = new PrintWriter(
new OutputStreamWriter(socket.getOutputStream()));
// 对请求进行认证,如果通过则将保密内容发送给客户端
if (userName.equals(USER_NAME) && password.equals(PASSWORD)) {
output.println("Welcome, " + userName);
output.println(SECRET_CONTENT);
output.println("Authentication failed, you have no
access to server X...");
// 关闭流资源和套接字资源
output.close();
input.close();
socket.close();
} catch (IOException ioException) {
ioException.printStackTrace();
public static void main(String args[]) throws Exception {
SSLServer server = new SSLServer();
server.runServer();
SSL 样例程序:
java -cp ./build/classes example.ssl.codes.SSLServer
java -cp ./build/classes example.ssl.codes.SSLClient
执行结果如下:
服务器端输出:
Waiting for connection...
javax.net.ssl.SSLHandshakeException: no cipher suites in common
Waiting for connection...
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1836)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
客户端输出:
javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1426)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at example.ssl.codes.SSLClient.connect(SSLClient.java:29)
at example.ssl.codes.SSLClient.main(SSLClient.java:44)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1911)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1027)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake
(SSLSocketImpl.java:1262)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:680)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:85)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.PrintWriter.flush(PrintWriter.java:320)
at example.ssl.codes.SSLClient.connect(SSLClient.java:25)
... 1 more
通过程序的错误输出,我们能够发现 SSL 建立失败了,在握手阶段双方没有能够协商出加密方法等信息。这是因为默认情况下,java 虚拟机没有与 SSL 相关的配置,需要开发者自己按照文档进行一些配置。在 JDK 中提供了一个安全钥匙与证书的管理工具 Keytool。Keytool 把钥匙,证书以及和与它们相关联的证书链储存到一个 keystore 中,默任的实现 keystore 的是一个文件,它本身有一个访问密码来保护存储在其中的内容。就本样例程序而言,只需要配置客户端和服务器端双方信任就可以了。可以按照如下几步来完成:
1. 进入本地的 java 安装位置的 bin 目录中 cd /java/bin
2. 创建一个客户端 keystore 文件,如图 2 所示
keytool -genkey -alias sslclient -keystore sslclientkeys
图 2. 创建 keystore 文件
3. 将客户端 keystore 文件导出成证书格式
keytool -export -alias sslclient -keystore sslclientkeys -file sslclient.cer
4. 创建一个服务器端 keystore 文件
keytool -genkey -alias sslserver -keystore sslserverkeys
5. 将服务器端 keystore 文件导出成证书格式
keytool -export -alias sslserver -keystore sslserverkeys -file sslserver.cer
6. 将客户端证书导入到服务器端受信任的 keystore 中
keytool -import -alias sslclient -keystore sslservertrust -file sslclient.cer
7. 将服务器端证书导入到客户端受信任的 keystore 中
keytool -import -alias sslserver -keystore sslclienttrust -file sslserver.cer
以上所有步骤都完成后,还可以通过命令来查看 keystore 文件基本信息,如图 3 所示
keytool -list -keystore sslclienttrust
图 3. 查看 keystore 文件
将前面创建的所有 keystore 文件从 java 的 bin 目录中剪切出来,移动到样例程序的执行目录中,通过运行程序时候的系统属性来指定这些文件,重新执行一遍样例程序。
java -cp ./build/classes
-Djavax.net.ssl.keyStore=sslserverkeys
-Djavax.net.ssl.keyStorePassword=123456
-Djavax.net.ssl.trustStore=sslservertrust
-Djavax.net.ssl.trustStorePassword=123456
example.ssl.codes.SSLServer
java -cp ./build/classes
-Djavax.net.ssl.keyStore=sslclientkeys
-Djavax.net.ssl.keyStorePassword=123456
-Djavax.net.ssl.trustStore=sslclienttrust
-Djavax.net.ssl.trustStorePassword=123456
example.ssl.codes.SSLClient
执行结果如下:
客户端输出
Welcome, principal
This is confidential content from server X, for your eye!
客户端与服务器端成功建立起 SSL 的连接,然后服务器端成功将字符串发送给客户端,客户端将其打印出来。
作者:loganyang123 发表于
https://blog.csdn.net/loganyang123/article/details/
阅读:4938 评论:1
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
作者:loganyang123 发表于
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
handy recovery
.input_btn_1{width: height:30 padding:0 15 border: background:url() repeat-x 0; color:# font:bold 12px/30px Arial, Helvetica, sans- text-align: cursor:}
作者:loganyang123 发表于
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
Dalvik opcodes
Vx values in the table denote a Dalvik register. Depending on the instruction, 16, 256 or 64k registers can be accessed. Operations on long and double values use two registers, e.g. a double value addressed in
the V0 register occupies the V0 and V1 registers.
Boolean values are stored as 1 for true and 0 for false. Operations on booleans are translated into integer operations.
All the examples are in hig-endian format, e.g. 0F00 0A00 is coded as 0F, 00, 0A, 00 sequence.
Note there are no explanation/example at some instructions. This means that I have not seen that instruction "in the wild" and its presence/name is only known from .Opcode (hex)
Opcode name
Explanation
No operation
0000 - nop
move vx,vy
Moves the content of vy into vx. Both registers must be in the first 256 register range.
0110 - move v0, v1
Moves v1 into v0.
move/from16 vx,vy
Moves the content of vy into vx. vy may be in the 64k register range while vx is one of the first 256 registers.
- move/from16 v0, v25
Moves v25 into v0.
move-wide/from16 vx,vy
Moves a long/double value from vy to vx. vy may be in the 64k register range while wx is one of the first 256 registers.
- move-wide/from16 v22, v0
Moves v0 into v22.
move-wide/16
move-object vx,vy
Moves the object reference from vy to vx.
0781 - move-object v1, v8
Moves the object reference in v8 to v1.
move-object/from16 vx,vy
Moves the object reference from vy to vx, vy can address 64k registers and vx can address 256 registers.
- move-object/from16 v1, v21
Move the object reference in v21 to v1.
move-object/16
move-result vx
Move the result value of the previous method invocation into vx.
0A00 - move-result v0
Move the return value of a previous method invocation into v0.
move-result-wide vx
Move the long/double result value of the previous method invocation into vx,vx+1.
0B02 - move-result-wide v2
Move the long/double result value of the previous method invocation into v2,v3.
move-result-object vx
Move the result object reference of the previous method invocation into vx.
0C00 - move-result-object v0
move-exception vx
Move the exception object reference thrown during a method invocation into vx.
0D19 - move-exception v25
return-void
Return without a return value
0E00 - return-void
Return with vx return value
0F00 - return v0
Returns with return value in v0.
return-wide vx
Return with double/long result in vx,vx+1.
1000 - return-wide v0
Returns with a double/long value in v0,v1.
return-object vx
Return with vx object reference value.
1100 - return-object v0
Returns with object reference value in v0
const/4 vx,lit4
Puts the 4 bit constant into vx
1221 - const/4 v1, #int2
Moves literal 2 into v1. The destination register is in the lower 4 bit in the second byte, the literal 2 is in the higher 4 bit.
const/16 vx,lit16
Puts the 16 bit constant into vx
- const/16 v0, #int 10
Puts the literal constant of 10 into v0.
const vx, lit32
Puts the integer constant into vx
BC00 - const v0, # // #00BC614E
Moves literal
const/high16 v0, lit16
Puts the 16 bit constant into the topmost bits of the register. Used to initialize float values.
- const/high16 v0, #float 10.0 // #
Moves the floating literal of 10.0 into v0. The 16 bit literal in the instruction carries the top 16 bits of the floating point number.
const-wide/16 vx, lit16
Puts the integer constant into vx and vx+1 registers, expanding the integer constant into a long constant..
- const-wide/16 v0, #long 10
Moves literal 10 into v0 and v1 registers.
const-wide/32 vx, lit32
Puts the 32 bit constant into vx and vx+1 registers, expanding the integer constant into a long constant.
bc00 - const-wide/32 v2, #long
// #00bc614e
Puts # into v2 and v3 registers.
const-wide vx, lit64
Puts the 64 bit constant into vx and vx+1 registers.
b5d 54dc 2b00- const-wide v2, #long 34567 // #002bdc545d6b4b87
Puts #34567 into v2 and v3 registers.
const-wide/high16 vx,lit16
Puts the 16 bit constant into the highest 16 bit of vx and vx+1 registers. Used to initialize double values.
- const-wide/high16 v0, #double 10.0 // #
Puts the double constant of 10.0 into v0 register.
const-string vx,string_id
Puts reference to a string constant identified by string_id into vx.
1A08 0000 - const-string v8, "" // string@0000
Puts reference to string@0000 (entry #0 in the string table) into v8.
const-string-jumbo
const-class vx,type_id
Moves the class object of a class identified by type_id (e.g. Object.class) into vx.
1C00 0100 - const-class v0, Test3 // type@0001
Moves reference to Test3.class (entry#1 in the type id table) into
monitor-enter vx
Obtains the monitor of the object referenced by vx.
1D03 - monitor-enter v3
Obtains the monitor of the object referenced by v3.
monitor-exit
Releases the monitor of the object referenced by vx.
1E03 - monitor-exit v3
Releases the monitor of the object referenced by v3.
check-cast vx, type_id
Checks whether the object reference in vx can be cast to an instance of a class referenced by type_id. Throws ClassCastException if the cast is not possible, continues execution otherwise.
1F04 0100 - check-cast v4, Test3 // type@0001
Checks whether the object reference in v4 can be cast to type@0001 (entry #1 in the type id table)
instance-of vx,vy,type_id
Checks whether vy is instance of a class identified by type_id. Sets vx non-zero if it is, 0 otherwise.
- instance-of v0, v4, Test3 // type@0001
Checks whether the object reference in v4 is an instance of type@0001 (entry #1 in the type id table). Sets v0 to non-zero if v4 is instance of Test3, 0 otherwise.
array-length vx,vy
Calculates the number of elements of the array referenced by vy and puts the length value into vx.
2111 - array-length v1, v1
Calculates the number of elements of the array referenced by v1 and puts the result into v1.
new-instance vx,type
Instantiates an object type and puts the reference of the newly created instance into vx.
- new-instance v0, java.io.FileInputStream // type@0015
Instantiates type@0015 (entry #15H in the type table) and puts its reference into v0.
new-array vx,vy,type_id
Generates a new array of type_id type and vy element size and puts the reference to the array into vx.
- new-array v2, v1, char[] // type@0025
Generates a new array of type@0025 type and v1 size and puts the reference to the new array into v2.
filled-new-array {parameters},type_id
Generates a new array of type_id and fills it with the parameters5. Reference to the newly generated array can be obtained by a move-result-object instruction, immediately following the filled-new-array instruction.
00 - filled-new-array {v0,v0},[I // type@0D53
Generates a new array of type@0D53. The array's size will be 2 and both elements will be filled with the contents of v0 register.
filled-new-array-range {vx..vy},type_id
Generates a new array of type_id and fills it with a range of parameters. Reference to the newly generated array can be obtained by a move-result-object instruction, immediately following the filled-new-array instruction.
00 - filled-new-array/range {v19..v21}, [B // type@0006
Generates a new array of type@0D53. The array's size will be 3 and the elements will be filled using the v19,v20 and v21 registers4.
fill-array-data vx,array_data_offset
Fills the array referenced by vx with the static data. The location of the static data is the sum of
the position of the current instruction and the offset
00 - fill-array-data v6, 00e6 // +0025
Fills the array referenced by v0 with the static data at current instruction+25H words location. The offset is expressed as a 32-bit number. The static data is stored in the following format:
0003 // Table type: static array data
0400 // Byte per array element (in this case, 4 byte integers)
// Number of elements in the table
// Element #0: integer 1
// Element #1: integer 2
// Element #2: integer3
Throws an exception object. The reference of the exception object is in vx.
2700 - throw v0
Throws an exception. The exception object reference is in v0.
goto target
Unconditional jump by short offset2.
28F0 - goto 0005 // -0010
Jumps to current position-16 words (hex 10). 0005 is the label of the target instruction.
goto/16 target
Unconditional jump by 16 bit offset2.
2900 0FFE - goto/16 002f // -01f1
Jumps to the current position-1F1H words. 002F is the label of the target instruction.
goto/32 target
packed-switch vx,table
Implements a switch statement where the case constants are close to each other. The instruction uses an index table. vx indexes into this table to find the offset of the instruction for a particular case. If vx falls out of the
index table, the execution continues on the next instruction (default case).
2B02 0C00 0000 - packed-switch v2, 000c // +000c
Execute a packed switch according to the switch argument in v2. The position of the index table is at current instruction+0CH words. The table looks like the following:
0001 // Table type: packed switch table
0300 // number of elements
// element base
// case 0: +
// case 1: +
// case 2: +
sparse-switch vx,table
Implements a switch statement with sparse case table. The instruction uses a lookup table with case constants and offsets for each case constant. If there is no match in the table, execution continues on the next instruction (default
2C02 0c00 0000 - sparse-switch v2, 000c // +000c
Execute a sparse switch according to the switch argument in v2. The position of the lookup table is at current instruction+0CH words. The table looks like the following.
0002 // Table type: sparse switch table
0300 // number of elements
9cff ffff // first case: -100
fa00 0000 // second case constant: 250
e803 0000 // third case constant: 1000
// offset for the first case constant: +5
// offset for the second case constant: +7
// offset for the third case constant: +9
cmpl-float
Compares the float values in vy and vz and sets the integer value in vx accordingly3
2D00 0607 - cmpl-float v0, v6, v7
Compares the float values in v6 and v7 then sets v0 accordingly. NaN bias is less-than, the instruction will return -1 if any of the parameters is NaN.
cmpg-float vx, vy, vz
Compares the float values in vy and vz and sets the integer value in vx accordingly3.
2E00 0607 - cmpg-float v0, v6, v7
Compares the float values in v6 and v7 then sets v0 accordingly. NaN bias is greater-than, the instruction will return 1 if any of the parameters is NaN.
cmpl-double vx,vy,vz
Compares the double values in vy and vz2 and sets the integer value in vx accordingly3.
2F19 0608 - cmpl-double v25, v6, v8
Compares the double values in v6,v7 and v8,v9 and sets v25 accordingly. NaN bias is less-than, the instruction will return -1 if any of the parameters is NaN.
cmpg-double vx, vy, vz
Compares the double values in vy and vz2 and sets the integer value in vx accordingly3.
A - cmpg-double v0, v8, v10
Compares the double values in v8,v9 and v10,v11 then sets v0 accordingly. NaN bias is greater-than, the instruction will return 1 if any of the parameters is NaN.
cmp-long vx, vy, vz
Compares the long values in vy and vz and sets the integer value in vx accordingly3.
- cmp-long v0, v2, v4
Compares the long values in v2 and v4 then sets v0 accordingly.
if-eq vx,vy,target
Jumps to target if vx==vy2. vx and vy are integer values.
32b3 6600 - if-eq v3, v11, 0080 // +0066
Jumps to the current position+66H words if v3==v11. 0080 is the label of the target instruction.
if-ne vx,vy,target
Jumps to target if vx!=vy2. vx and vy are integer values.
33A3 1000 - if-ne v3, v10, 002c // +0010
Jumps to the current position+10H words if v3!=v10. 002c is the label of the target instruction.
if-lt vx,vy,target
Jumps to target is vx&vy2. vx and vy are integer values.
3432 CBFF - if-lt v2, v3, 0023 // -0035
Jumps to the current position-35H words if v2&v3. 0023 is the label of the target instruction.
if-ge vx, vy,target
Jumps to target if vx&=vy2. vx and vy are integer values.
- if-ge v0, v1, 002b // +001b
Jumps to the current position+1BH words if v0&=v1. 002b is the label of the target instruction.
if-gt vx,vy,target
Jumps to target if vx&vy2. vx and vy are integer values.
- if-ge v0, v1, 002b // +001b
Jumps to the current position+1BH words if v0&v1. 002b is the label of the target instruction.
if-le vx,vy,target
Jumps to target if vx&=vy2. vx and vy are integer values.
- if-le v6, v5, 0144 // +000b
Jumps to the current position+0BH words if v6&=v5. 0144 is the label of the target instruction.
if-eqz vx,target
Jumps to target if vx==02. vx is an integer value.
- if-eqz v2, 0038 // +0019
Jumps to the current position+19H words if v2==0. 0038 is the label of the target instruction.
if-nez vx,target
Checks vx and jumps if vx is nonzero2.
- if-nez v2, 0014 // +0012
Jumps to current position+18 words (hex 12) if v2 is nonzero. 0014 is the label of the target instruction.
if-ltz vx,target
Checks vx and jumps if vx&02.
3A00 1600 - if-ltz v0, 002d // +0016
Jumps to the current position+16H words if v0&0. 002d is the label of the target instruction.
if-gez vx,target
Checks vx and jumps if vx&=02.
3B00 1600 - if-gez v0, 002d // +0016
Jumps to the current position+16H words if v0 &=0. 002d is the label of the target instruction.
if-gtz vx,target
Checks vx and jumps if vx&02.
3C00 1D00 - if-gtz v0, 004a // +001d
Jumps to the current position+1DH words if v0&0. 004A is the label of the target instruction.
if-lez vx,target
Checks vx and jumps if vx&=02.
3D00 1D00 - if-lez v0, 004a // +001d
Jumps to the current position+1DH words if v0&=0. 004A is the label of the target instruction.
aget vx,vy,vz
Gets an integer value of an object reference array into vx. The array is referenced by vy and is indexed by vz.
- aget v7, v3, v6
Gets an integer array element. The array is referenced by v3 and the element is indexed by v6. The element will be put into v7.
aget-wide vx,vy,vz
Gets a long/double value of long/double array into vx,vx+1. The array is referenced by vy and is indexed by vz.
- aget-wide v5, v1, v4
Gets a long/double array element. The array is referenced by v1 and the element is indexed by v4. The element will be put into v5,v6.
aget-object vx,vy,vz
Gets an object reference value of an object reference array into vx. The array is referenced by vy and is indexed by vz.
- aget-object v2, v2, v0
Gets an object reference array element. The array is referenced by v2 and the element is indexed by v0. The element will be put into v2.
aget-boolean vx,vy,vz
Gets a boolean value of a boolean array into vx. The array is referenced by vy and is indexed by vz.
- aget-boolean v0, v0, v1
Gets a boolean array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0.
aget-byte vx,vy,vz
Gets a byte value of a byte array into vx. The array is referenced by vy and is indexed by vz.
- aget-byte v0, v0, v1
Gets a byte array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0.
aget-char vx, vy,vz
Gets a char value
of a character array into vx. The element is indexed by vz, the array object is referenced by vy
- aget-char v5, v0, v3
Gets a character array element. The array is referenced by v0 and the element is indexed by v3. The element will be put into v5.
aget-short vx,vy,vz
Gets a short value
of a short array into vx. The element is indexed by vz, the array object is referenced by vy.
4A00 0001 - aget-short v0, v0, v1
Gets a short array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0.
aput vx,vy,vz
Puts the integer value in vx into an element of an integer array. The element is indexed by vz, the array object is referenced by vy.
4B00 0305 - aput v0, v3, v5
Puts the integer value in v2 into an integer array referenced by v0. The target array element is indexed by v1.
aput-wide vx,vy,vz
Puts the double/long value in vx,vx+1 into a double/long array. The array is referenced by vy, the element is indexed by vz.
4C05 0104 - aput-wide v5, v1, v4
Puts the double/long value in v5,v6 into a double/long array referenced by v1. The target array element is indexed by v4.
aput-object vx,vy,vz
Puts the object reference value in vx into an element of an object reference array. The element is indexed by vz, the array object is referenced by vy.
4D02 0100 - aput-object v2, v1, v0
Puts the object reference value in v2 into an object reference array referenced by v0. The target array element is indexed by v1.
aput-boolean vx,vy,vz
Puts the boolean value in vx into an element of a boolean array. The element is indexed by vz, the array object is referenced by vy.
4E01 0002 - aput-boolean v1, v0, v2
Puts the boolean value in v1 into an object reference array referenced by v0. The target array element is indexed by v2.
aput-byte vx,vy,vz
Puts the byte value in vx into an element of a byte array. The element is indexed by vz, the array object is referenced by vy.
4F02 0001 - aput-byte v2, v0, v1
Puts the boolean value in v2 into a byte array referenced by v0. The target array element is indexed by v1.
aput-char vx,vy,vz
Puts the char value in vx into an element of a character array. The element is indexed by vz, the array object is referenced by vy.
- aput-char v3, v0, v1
Puts the character value in v3 into a character array referenced by v0. The target array element is indexed by v1.
aput-short vx,vy,vz
Puts the short value in vx into an element of a short array. The element is indexed by vz, the array object is referenced by vy.
- aput-short v2, v0, v1
Puts the short value in v2 into a character array referenced by v0. The target array element is indexed by v1.
iget vx, vy, field_id
Reads an instance field into vx. The instance is referenced by vy.
- iget v0, v1, Test2.i6:I // field@0003
Reads field@0003 into v0 (entry #3 in the field id table). The instance is referenced by v1.
iget-wide vx,vy,field_id
Reads an instance field into vx1. The instance is referenced by vy.
- iget-wide v0, v2, Test2.l0:J // field@0004
Reads field@0004 into v0 and v1 registers (entry #4 in the field id table). The instance is referenced by v2.
iget-object vx,vy,field_id
Reads an object reference instance field into vx. The instance is referenced by vy.
iget-object v1, v2, LineReader.fis:Ljava/io/FileInputS // field@0002
Reads field@0002 into v1
(entry #2 in the field id table). The instance is referenced by v2.
iget-boolean vx,vy,field_id
Reads a boolean instance field into vx. The instance is referenced by vy.
55FC 0000 - iget-boolean v12, v15, Test2.b0:Z // field@0000
Reads the boolean field@0000 into v12 register (entry #0 in the field id table). The instance is referenced by v15.
iget-byte vx,vy,field_id
Reads a byte instance field into vx. The instance is referenced by vy.
- iget-byte v2, v3, Test3.bi1:B // field@0001
Reads the char field@0001 into v2 register (entry #1 in the field id table). The instance is referenced by v3.
iget-char vx,vy,field_id
Reads a char instance field into vx. The instance is referenced by vy.
- iget-char v0, v2, Test3.ci1:C // field@0003
Reads the char field@0003 into v0 register (entry #3 in the field id table). The instance is referenced by v2.
iget-short vx,vy,field_id
Reads a short instance field into vx. The instance is referenced by vy.
- iget-short v0, v3, Test3.si1:S // field@0008
Reads the short field@0008 into v0 register (entry #8 in the field id table). The instance is referenced by v3.
iput vx,vy, field_id
Puts vx into an instance field. The instance is referenced by vy.
- iput v0,v2, Test2.i6:I // field@0002
Stores v0 into field@0002 (entry #2 in the field id table). The instance is referenced by v2.
iput-wide vx,vy, field_id
Puts the wide value located in vx and vx+1 registers into an instance field. The instance is referenced by vy.
5A20 0000 - iput-wide v0,v2, Test2.d0:D // field@0000
Stores the wide value in v0, v1 registers into field@0000 (entry #0 in the field id table). The instance is referenced by v2.
iput-object vx,vy,field_id
Puts the object reference in vx into an instance field. The instance is referenced by vy.
5B20 0000 - iput-object v0, v2, LineReader.bis:Ljava/io/BufferedInputS // field@0000
Stores the object reference in v0 into field@0000 (entry #0 in the field table). The instance is referenced by v2.
iput-boolean vx,vy, field_id
Puts the boolean value located in vx into an instance field. The instance is referenced by vy.
5C30 0000 - iput-boolean v0, v3, Test2.b0:Z // field@0000
Puts the boolean value in v0 into field@0000 (entry #0 in the field id table). The instance is referenced by v3.
iput-byte vx,vy,field_id
Puts the byte value located in vx into an instance field. The instance is referenced by vy.
5D20 0100 - iput-byte v0, v2, Test3.bi1:B // field@0001
Puts the boolean value in v0 into field@0001 (entry #1 in the field id table). The instance is referenced by v2.
iput-char vx,vy,field_id
Puts the char value located in vx into an instance field. The instance is referenced by vy.
5E20 0300 - iput-char v0, v2, Test3.ci1:C // field@0003
Puts the char value in v0 into field@0003 (entry #3 in the field id table). The instance is referenced by v2.
iput-short vx,vy,field_id
Puts the short value located in vx into an instance field. The instance is referenced by vy.
5F21 0800 - iput-short v1, v2, Test3.si1:S // field@0008
Puts the short value in v1 into field@0008 (entry #8 in the field id table). The instance is referenced by v2.
sget vx,field_id
Reads the integer field identified by the field_id into vx.
- sget v0, Test3.is1:I // field@0007
Reads field@0007 (entry #7 in the field id table) into v0.
sget-wide vx, field_id
Reads the static field identified by the field_id into vx and vx+1 registers.
- sget-wide v0, Test2.l1:J // field@0005
Reads field@0005 (entry #5 in the field id table) into v0 and v1 registers.
sget-object vx,field_id
Reads the object reference field identified by the field_id into vx.
- sget-object v1, Test3.os1:Ljava/lang/O // field@000c
Reads field@000c (entry #CH in the field id table) into v1.
sget-boolean vx,field_id
Reads the boolean static field identified by the field_id into vx.
- sget-boolean v0, Test2.sb:Z // field@000c
Reads boolean field@000c (entry #12 in the field id table) into v0.
sget-byte vx,field_id
Reads the byte static field identified by the field_id into vx.
- sget-byte v0, Test3.bs1:B // field@0002
Reads byte field@0002 (entry #2 in the field id table) into v0.
sget-char vx,field_id
Reads the char static field identified by the field_id into vx.
- sget-char v0, Test3.cs1:C // field@0007
Reads byte field@0007 (entry #7 in the field id table) into v0.
sget-short vx,field_id
Reads the short static field identified by the field_id into vx.
- sget-short v0, Test3.ss1:S // field@000b
Reads short field@000b (entry #BH in the field id table) into v0.
sput vx, field_id
Puts vx into a static field.
- sput v0, Test2.i5:I // field@0001
Stores v0 into field@0001 (entry #1 in the field id table).
sput-wide vx, field_id
Puts vx and vx+1 into a static field.
- sput-wide v0, Test2.l1:J // field@0005
Puts the long value in v0 and v1 into the field@0005 static field (entry #5 in the field id table).
sput-object vx,field_id
Puts object reference in vx into a static field.
- sput-object v0, Test3.os1:Ljava/lang/O // field@000c
Puts the object reference value in v0 into the field@000c static field (entry #CH in the field id table).
sput-boolean vx,field_id
Puts boolean value in vx into a static field.
6A00 0300 - sput-boolean v0, Test3.bls1:Z // field@0003
Puts the byte value in v0 into the field@0003 static field (entry #3 in the field id table).
sput-byte vx,field_id
Puts byte value in vx into a static field.
6B00 0200 - sput-byte v0, Test3.bs1:B // field@0002
Puts the byte value in v0 into the field@0002 static field (entry #2 in the field id table).
sput-char vx,field_id
Puts char value in vx into a static field.
6C01 0700 - sput-char v1, Test3.cs1:C // field@0007
Puts the char value in v1 into the field@0007 static field (entry #7 in the field id table).
sput-short vx,field_id
Puts short value in vx into a static field.
6D00 0B00 - sput-short v0, Test3.ss1:S // field@000b
Puts the short value in v0 into the field@000b static field (entry #BH in the field id table).
invoke-virtual { parameters }, methodtocall
Invokes a virtual method with parameters.
- invoke-virtual { v4, v0, v1, v2, v3}, Test2.method5:(IIII)V // method@0006
Invokes the 6th method in the method table with the following arguments: v4 is the "this" instance, v0, v1, v2, and v3 are the method parameters. The method has 5 arguments (4 MSB bits of the second byte)5.
invoke-super {parameter},methodtocall
Invokes the virtual method of the immediate parent class.
6F10 A601 0100 invoke-super {v1},java.io.FilterOutputStream.close:()V // method@01a6
Invokes method@01a6 with one parameter, v1.
invoke-direct { parameters }, methodtocall
Invokes a method with parameters without the virtual method resolution.
00 - invoke-direct {v1}, java.lang.Object.&init&:()V // method@0008
Invokes the 8th method in the method table with just one parameter, v1 is the "this" instance5.
invoke-static {parameters}, methodtocall
Invokes a static method with parameters.
00 - invoke-static {v4}, java.lang.Integer.parseInt:( Ljava/lang/S)I // method@0034
Invokes method@34 static method. The method is called with one parameter, v45.
invoke-interface {parameters},methodtocall
Invokes an interface method.
54 invoke-interface {v1, v3, v4, v5}, mwfw.IReceivingProtocolAdapter.receivePackage:(
ILjava/lang/SLjava/io/InputS)Z // method@0221
Invokes method@221 interface method using parameters in v1,v3,v4 and v55.
invoke-virtual/range {vx..vy},methodtocall
Invokes virtual method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
00 - invoke-virtual {v19..v21}, Test2.method5:(IIII)V // method@0006
Invokes the 6th method in the method table with the following arguments: v19 is the "this" instance, v20 and v21 are the method parameters.
invoke-super/range
the virtual method of the immediate parent class. The instruction specifies the first register and the number of registers to be passed to the method.
00 invoke-super {v1},java.io.FilterOutputStream.close:()V // method@01a6
Invokes method@01a6 with one parameter, v1.
invoke-direct/range {vx..vy},methodtocall
Invokes direct method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
1300 - invoke-direct/range {v19..21},java.lang.Object.&init&:()V // method@003a
Invokes method@3A with 1 parameters (second byte of the instruction=03). The parameter is stored in v19 (5th,6th bytes of the instruction).
invoke-static/range {vx..vy},methodtocall
Invokes static method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
1300 - invoke-static/range {v19..21},java.lang.Integer.parseInt:( Ljava/lang/S)I // method@0034
Invokes method@3A with 1 parameters (second byte of the instruction=03). The parameter is stored in v19 (5th,6th bytes of the instruction).
invoke-interface-range
Invokes an interface method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
00 invoke-interface {v1..v4}, mwfw.IReceivingProtocolAdapter.receivePackage:(
ILjava/lang/SLjava/io/InputS)Z // method@0221
Invokes method@221 interface method using parameters in v1..v4.
neg-int vx,vy
Calculates vx=-vy.
7B01 - neg-int v1,v0
Calculates -v0 and stores the result in v1.
not-int vx,vy
neg-long vx,vy
Calculates vx,vx+1=-(vy,vy+1)
7D02 - neg-long v2,v0
Calculates -(v0,v1) and stores the result into (v2,v3)
not-long vx,vy
neg-float vx,vy
Calculates vx=-vy
7F01 - neg-float v1,v0
Calculates -v0 and stores the result into v1.
neg-double vx,vy
Calculates vx,vx+1=-(vy,vy+1)
8002 - neg-double v2,v0
Calculates -(v0,v1) and stores the result into (v2,v3)
int-to-long vx, vy
Converts the integer in vy into a long in vx,vx+1.
8106 - int-to-long v6, v0
Converts an integer in v0 into a long in v6,v7.
int-to-float vx, vy
Converts the integer in vx into a float in vx.
8206 - int-to-float v6, v0
Converts the integer in v0 into a float in v6.
int-to-double vx, vy
Converts the integer in vy into the double in vx,vx+1.
8306 - int-to-double v6, v0
Converts the integer in v0 into a double in v6,v7
long-to-int vx,vy
Converts the long value in vy,vy+1 into an integer in vx.
8424 - long-to-int v4, v2
Converts the long value in v2,v3 into an integer value in v4.
long-to-float vx, vy
Converts the long value in vy,vy+1 into a float in vx.
8510 - long-to-float v0, v1
Convcerts the long value in v1,v2 into a float value in v0.
long-to-double vx, vy
Converts the long value in vy,vy+1 into a double value in vx,vx+1.
8610 - long-to-double v0, v1
Converts the long value in v1,v2 into a double value in v0,v1.
float-to-int vx, vy
Converts the float value in vy into an integer value in vx.
8730 - float-to-int v0, v3
Converts the float value in v3 into an integer value in v0.
float-to-long vx,vy
Converts the float value in vy into a long value in vx.
8830 - float-to-long v0, v3
Converts the float value in v3 into a long value in v0,v1.
float-to-double vx, vy
Converts the float value in vy into a double value in vx,vx+1.
8930 - float-to-double v0, v3
Converts the float value in v3 into a double value in v0,v1.
double-to-int vx, vy
Converts the double value in vy,vy+1 into an integer value in vx.
- double-to-int v0, v4
Converts the double value in v4,v5 into an integer value in v0.
double-to-long vx, vy
Converts the double value in vy,vy+1 into a long value in vx,vx+1.
8B40 - double-to-long v0, v4
Converts the double value in v4,v5 into a long value in v0,v1.
double-to-float vx, vy
Converts the double value in vy,vy+1 into a float value in vx.
8C40 - double-to-float v0, v4
Converts the double value in v4,v5 into a float value in v0,v1.
int-to-byte vx,vy
Converts the int value in vy to a byte value and stores it in vx.
8D00 - int-to-byte v0, v0
Converts the integer in v0 into a byte and puts the byte value into v0.
int-to-char vx,vy
Converts the int value in vy to a char value and stores it in vx.
- int-to-char v3, v3
Converts the integer in v3 into a char and puts the char value into v3.
int-to-short vx,vy
Converts the int value in vy to a short value and stores it in vx.
8F00 - int-to-short v0, v0
Converts the integer in v0 into a short and puts the short value into v3.
add-int vx,vy,vz
Calculates vy+vz and puts the result into vx.
- add-int v0, v2, v3
Adds v3 to v2 and puts the result into v04.
sub-int vx,vy,vz
Calculates vy-vz and puts the result into vx.
- sub-int v0, v2, v3
Subtracts v3 from v2 and puts the result into v0.
mul-int vx, vy, vz
Multiplies vz with wy and puts the result int vx.
- mul-int v0,v2,v3
Multiplies v2 with w3 and puts the result into v0
div-int vx,vy,vz
Divides vy with vz and puts the result into vx.
- div-int v3, v0, v1
Divides v0 with v1 and puts the result into v3.
rem-int vx,vy,vz
Calculates vy % vz and puts the result into vx.
- rem-int v0, v2, v3
Calculates v3 % v2 and puts the result into v0.
and-int vx, vy, vz
Calculates vy AND vz and puts the result into vx.
- and-int v3, v0, v1
Calculates v0 AND v1 and puts the result into v3.
or-int vx, vy, vz
Calculates vy OR vz and puts the result into vx.
- or-int v3, v0, v1
Calculates v0 OR v1 and puts the result into v3.
xor-int vx, vy, vz
Calculates vy XOR vz and puts the result into vx.
- xor-int v3, v0, v1
Calculates v0 XOR v1 and puts the result into v3.
shl-int vx, vy, vz
Shift vy left by the positions specified by vz and store the result into vx.
- shl-int v2, v0, v1
Shift v0 left by the positions specified by v1 and store the result in v2.
shr-int vx, vy, vz
Shift vy right by the positions specified by vz and store the result into vx.
- shr-int v2, v0, v1
Shift v0 right by the positions specified by v1 and store the result in v2.
ushr-int vx, vy, vz
Unsigned shift right (&&&) vy by the positions specified by vz and store the result into vx.
9A02 0001 - ushr-int v2, v0, v1
Unsigned shift v0 right by the positions specified by v1 and store the result in v2.
add-long vx, vy, vz
Adds vy to vz and puts the result into vx1.
9B00 0305 - add-long v0, v3, v5
The long value in v3,v4 is added to the value in v5,v6 and the result is stored in v0,v1.
sub-long vx,vy,vz
Calculates vy-vz and puts the result into vx1.
9C00 0305 - sub-long v0, v3, v5
Subtracts the long value in v5,v6 from the long value in v3,v4 and puts the result into v0,v1.
mul-long vx,vy,vz
Calculates vy*vz and puts the result into vx1.
9D00 0305 - mul-long v0, v3, v5
Multiplies the long value in v5,v6 with the long value in v3,v4 and puts the result into v0,v1.
div-long vx, vy, vz
Calculates vy/vz and puts the result into vx1.
9E06 0002 - div-long v6, v0, v2
Divides the long value in v0,v1 with the long value in v2,v3 and pust the result into v6,v7.
rem-long vx,vy,vz
Calculates vy % vz and puts the result into vx1.
9F06 0002 - rem-long v6, v0, v2
Calculates v0,v1 %
v2,v3 and puts the result into v6,v7.
and-long vx, vy, vz
Calculates the vy AND vz and puts the result into vx1.
A006 0002 - and-long v6, v0, v2
Calculates v0,v1 AND v2,v3 and puts the result into v6,v7.
or-long vx, vy, vz
Calculates the vy OR vz and puts the result into vx1.
A106 0002 - or-long v6, v0, v2
Calculates v0,v1 OR v2,v3 and puts the result into v6,v7.
xor-long vx, vy, vz
Calculates the vy XOR vz and puts the result into vx1.
A206 0002 - xor-long v6, v0, v2
Calculates v0,v1 XOR v2,v3 and puts the result into v6,v7.
shl-long vx, vy, vz
Shifts left vy by vz positions and stores the result in vx1.
A302 0004 - shl-long v2, v0, v4
Shift v0,v1 by postions specified by v4 and puts the result into v2,v3.
shr-long vx,vy,vz
Shifts right vy by vz positions and stores the result in vx1.
A402 0004 - shr-long v2, v0, v4
Shift v0,v1 by postions specified by v4 and puts the result into v2,v3.
ushr-long vx, vy, vz
Unsigned shifts right vy by vz positions and stores the result in vx1.
A502 0004 - ushr-long v2, v0, v4
Unsigned shift v0,v1 by postions specified by v4 and puts the result into v2,v3.
add-float vx,vy,vz
Adds vy to vz and puts the result into vx.
A600 0203 - add-float v0, v2, v3
Adds the floating point numbers in v2 and v3 and puts the result into v0.
sub-float vx,vy,vz
Calculates vy-vz and puts the result into vx.
A700 0203 - sub-float v0, v2, v3
Calculates v2-v3 and puts the result into v0.
mul-float vx, vy, vz
Multiplies vy with vz and puts the result into vx.
A803 0001 - mul-float v3, v0, v1
Multiplies v0 with v1 and puts the result into v3.
div-float vx, vy, vz
Calculates vy/vz and puts the result into vx.
A903 0001 - div-float v3, v0, v1
Divides v0 with v1 and puts the result into v3.
rem-float vx,vy,vz
Calculates vy % vz and puts the result into vx.
AA03 0001 - rem-float v3, v0, v1
Calculates v0 %
v1 and puts the result into v3.
add-double vx,vy,vz
Adds vy to vz and puts the result into vx1.
AB00 0305 - add-double v0, v3, v5
Adds the double value in v5,v6 registers to the double value in v3,v4 registers and places the result
in v0,v1 registers.
sub-double vx,vy,vz
Calculates vy-vz and puts the result into vx1.
AC00 0305 - sub-double v0, v3, v5
Subtracts the value in v5,v6 from the value in v3,v4 and puts the result into v0,v1.
mul-double vx, vy, vz
Multiplies vy with vz and puts the result into vx1.
AD06 0002 - mul-double v6, v0, v2
Multiplies the double value in v0,v1 with the double value in v2,v3 and puts the result into v6,v7.
div-double vx, vy, vz
Calculates vy/vz and puts the result into vx1.
AE06 0002 - div-double v6, v0, v2
Divides the double value in v0,v1 with the double value in v2,v3 and puts the result into v6,v7.
rem-double vx,vy,vz
Calculates vy % vz and puts the result into vx1.
AF06 0002 - rem-double v6, v0, v2
Calculates v0,v1 % v2,v3 and puts the result into v6,v7.
add-int/2addr vx,vy
Adds vy to vx.
B010 - add-int/2addr v0,v1
Adds v1 to v0}
1 Basic information
Welcome SmaliViewer ( referred to as “SV”), SV is a free APK analysis software, regardless of the depth or breadth of analysis from the point of view, are designed to meet user needs, making the process in the APK in your analysis , more handy. SV for Android mobile smart device applications APK files reverse , for the analysis of mobile application software code , using a variety of methods to determine the suspected samples for screening , such as certificate information , permissions information sensitive SP number information , Android Manifest , the function flowchart (CFG), a string table resource file information, sensitive information behavior , dynamic behavior , and so comprehensive determination .
2 Installation
Operating Environment:
Need to install java 1.7 and above
Installation:
Download
.zip package, extract the installation directory in the specified folder open SmaliViewer
Start method:
Click SmaliViewer.bat under windows system under Linux Click SmaliViewer.sh run the program. The first time you run the program , agree to ” user agreement .”
3.1 Interface Workspace
Work area is divided into four regions, see the following picture :
1- menus and toolbars.
2- the main work area.
3- Operation log and status display area.
4- class structure display.
5- member list display area.
3.2 Loading apk
SV ‘s core purpose is to make the analysis easier APK , so the use of methods, is also particularly convenient: loading APK There are three main ways :
1- Through the Open button in the File menu , and then select Open apk
2- will need to analyze the apk directly dragged into the designated area
3- Pass the historical path directly open
After loading successfully , through menus and toolbars , select the desired view of the working window .
3.3 Workspace
View the work area through the operation menu and shortcut menu , you can open the following eight working window , the window through which eight kinds of work , to show you the results of the analysis contained SV depth and breadth of the APK ‘s :
Working window
Description
can view through SV disassembled . Smali code information dex format files .
can view the information to the calling function relationship diagram with arrows.
AndroidManifest
can view the AndroidManifest APK file information.
can see Dex in the decompiled code string information , and the use of regular expressions, get the URL information.
Resouces String
can view resource.asrc file decompiled resource file information.
Certification
can view the certificate file information Apk.
compressed files can be viewed within the packet.
can record their own analysis of information.
can smali code for the global search.
1- shortcut keys , you can quickly open the String workspace , Resouces String workspace and Zip View workspace.
2- Tab directory , display opened Tab, and you can double-click or click the Close icon to close the Tab.
3- Additional Tab in the menu bar to open the View.
3.4 Common viewing
Search function: When using the SV view the code , you can open the Search feature to quickly find their desired code location. When using the Search Comsearch into global search and Search to find the current page . You can open the Options , or use the shortcut key.
Comment function: In Smali Tab window , add notes to code , location of the mouse , right click , you can open the menu , select Comment feature, add a comment
Jump function: In the Manifest Tab window , move the mouse to the code content underlined , double-click the left button , you can jump to the corresponding code content Smali Tab Window.
Vt networking analysis : Connect via the Internet to virustotal, APK online analysis , click on the shortcut icon to start the network analysis functions
4 Other Features
4.1 View reference relationship
A member of the class structure of the display area of the list display area , select a method or variable , see the context menu select ref to, you can see the relationship between the reference method , and a list of references to double-click on the window above relationship can jump.
4.2 Graph
After the list of selected members of the method , open the View in Graph, you can view the code within the method jumps view 1 – preview view , drag the blue box , you can change the display contents of the main workspace
4.3 Save DEX2jar
Under Options select the directory to save dex2jar button , you can apk the . Dex file as . Jar format , save in the original APK file directory , and then use dex2jar_gui but other software to open , view java code.
5 Config Settings
Open Config in Options, catalog , content settings , including functional display style , and the style interface displays two under Functions window can display format of the code, click OK to confirm the selection . Under View window, you can open the night mode, language patterns , as well as the font size display window , and the window style , click OK to confirm the selection .
6 About AVL Team
AVL Team is safe laboratory ‘s independence day mobile security company , was founded in 2010 . Since its establishment , AVL Team has always focused on the mobile anti-virus field , is committed to partner with the best anti-virus engines and solutions on a profound understanding of customer needs , and has accumulated rich experience and technology .
AVL Team also made major security threats and efficient emergency response , and actively participate in academia and industry activities. AVL Team ‘s main product is mobile anti-virus engine middleware called AVL SDK for Mobile , the mobile platform can be used to detect malicious code , adware and spyware and so on. AVL SDK for Mobile users can easily integrate it into its own network equipment , software or mobile applications, immediate access to the top anti-virus capabilities.
AVL SDK for Mobile can be ported to different hardware platforms , and to adapt to different network environments and computing power. AVL SDK for Mobile malicious code detection capability has been validated authoritative test : 2014.2, AVL SDK for Mobile won the top international testing organization AV-TEST awarded the 2013 Annual Awards only mobile security .
病毒名:Trojan/Android.arydigital.a[prv,spy]
危险等级:高
描述:该应用运行后隐藏图标,窃取用户短信。联系人、通话记录、浏览器历史记录、地理位置等隐私信息,私自拍照、录音,并将用户隐私上传至服务器、造成用户隐私泄露。
病毒名:G-Ware/Android.FakeSexApp.f[pay,fra]
危险等级:高
描述:该程序伪装色情应用,诱导点击付费,拦截短信,实际跳转到搜狐视频网页,可能造成用户资费损失,建议不要使用。
病毒名:Trojan/Android.Downloader.dz[exp,spr,rog]
危险等级:高
描述:该程序运行隐藏图标,联网下载多个恶意软件,造成用户资费损耗,建议卸载。
病毒名:Trojan/Android.Joye.h[pay,exp,prv]
危险等级:高
描述:该病毒运行后隐藏图标,上传用户硬件信息,后台联网获取支付信息,通过短信发送扣费短信,会对用户的资费造成消耗,建议立即卸载。
病毒名:Trojan/Android.FakeInst.fa[pay,fra]
危险等级:高
描述:该程序伪装文件下载工具,运行私自发送付费短信,拦截短信,会造成用户资费损失,建议卸载。随着智能手机的普及,移动APP已经贯穿到人们生活的各个领域。越来越多的人甚至已经对这些APP应用产生了依赖,包括手机QQ、游戏、导航地图、微博、微信、手机支付等等,尤其2015年春节期间各大厂商推出的抢红包活动,一时让移动支付应用变得异常火热。
然后移动安全问题接憧而至,主要分为移动断网络安全和客户端应用安全。目前移动APP软件保护方面还处于初级阶段,许多厂商对APP安全认识不够深入,产品未经过加密处理,使得逆向分析者能够通过逆向分析、动态调试等技术来破解APP,这样APP原本需要账号密码的功能可以被破解者顺利绕过,使得厂商利益严重受损。
对未加壳的APP进行动态调试,通常可以非常顺利且快速地绕过一些登陆限制或功能限制。本文将以安卓APP为例,来详细介绍一下移动APP动态调试技术。
0x01 调试环境搭建
1.1 安装JDK
JAVA环境的搭建请自行查找资料,这里不做详述。
1.2 安装Android SDK
下载地址:http://developer.android.com/sdk/index.html。
下载完安装包后解压到任意一目录,然后点击运行SDK Manager.exe,然后选择你需要的版本进行安装,如图:
1.3 安装Eclipse集成开发环境
下载地址:http://www.eclipse.org/downloads。选择Eclipse for Mobile Developers,解压到任意目录即可。
1.4 创建Android Virtual Device
动态调试可以用真实的手机来做调试环境,也可以用虚拟机来做调试环境,本文采用虚拟机环境。因此创建虚拟机步骤如下:
1打开Eclipse –&windows-&Android Virtual Device
2点击Create,然后选择各个参数如图:
这里Target 就是前面步骤中安装的SDK 选择任意你觉得喜欢的版本就可以。点击OK 就创建完毕。
1.5 安装 APK改之理
这个是一个很好用的辅助调试的软件,请自行搜索下载。
1.6 安装 IDA6.6
IDA6.6开始支持安卓APP指令的调试,现该版本已经提供免费下载安装,请自行搜搜。
0x02 Dalvik指令动态调试
2.1 准备工作
安卓APP应用程序后缀为apk,实际上是一个压缩包,我们把它改后缀为rar打开如图:
其中classes.dex是应用的主要执行程序,包含着所有Dalvik指令。我们用APK改之理打开apk,软件会自动对其进行反编译。反编译后会有很多smail文件,这些文件保存的就是APP的Dalvik指令。
在APK改之理里双击打开AndroidManifest.xml,为了让APP可调试,需要在application 标签里添加一句android:debuggable="true" 如图:
然后点击保存按钮,然后编译生成新的apk文件。接着打开Eclipse –&windows-&Android Virtual Device,选择刚才创建的虚拟机,然后点击start,虚拟机便开始运行。偶尔如果Eclipse启动失败,报错,可以同目录下修改配置文件:
把配置参数原本为512的改为256 原本为1024的改为512,然后再尝试启动。
在SDK安装目录有个命令行下的调试工具adb shell,本机所在目录为E:\adt-bundle-windows-x86-\sdk\platform-tools,把adb.exe注册到系统环境变量中,打开dos命令行窗口执行adb shell 就可以进入APP命令行调试环境,或者切换到adb所在目录来执行adb shell。
这里先不进入adb shell,在DOS命令行下执行命令:adb install d:\1.apk 来安装我们刚才重新编译好的APK文件。安装完毕会有成功提示。
2.2 利用IDA动态调试
将APP包里的classes.dex解压到任意一目录,然后拖进IDA。等待IDA加载分析完毕,点击Debugger-&Debugger Options如图
按图所示勾选在进程入口挂起,然后点击Set specific options 填入APP包名称和入口activity 如图:
其中包的名称和入口activity 都可以通过APK改之理里的AndroidManifest.xml 文件获取:
&manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.simpleencryption"&
&application android:allowBackup="true" android:debuggable="true" android:icon="@drawable/creakme_bg2" android:label="@string/app_name" android:theme="@style/AppTheme"&
&activity android:label="@string/app_name" android:name=".MainActivity"&
然后在IDA点击Debugger-&Process Options
其他默认不变,端口这里改为8700。这里默认端口是23946,我在这里困扰了很久,就是因为这个端口没有改为8700所致。然后我们看看这个8700端口是怎么来的。在Android SDK里提供了一款工具DDMS,用来监视APP的运行状态和结果。在SDK的TOOLS目录有个DDMS.BAT的脚步,运行后就会启动DDMS。由于我的本机安装了SDK的ADT插件,DDMS集成到了Eclips中,打开Eclips-&Open perspective-&ddms就启动了DDMS。
如图所示:
在DDMS选中某个进程后面就会注释出它的调试端口,本机这里是8700。
到此所有的工作就准备就绪,然后就可以下断点来调试该APP了。我们在APK改之理中在com目录下查看smali文件 发现MainActivity.smali里有一个感兴趣的函数getPwdFromPic(),那么我们就对它下断以跟踪APP的运行。
在IDA里搜索字符串getPwdFromPic,发现onClick有调用该函数
我们在onClick 函数开始位置按F2下断如图:
然后点击上图中绿色三角形按钮启动调试如图:
调试过程中有一个问题出现了很多次,浪费了我大量的时间,就在写文章的时候,操作时还是遇到了这样的问题。就是点击启动后IDA提示can’t bind socket,琢磨了很久终于找到原因了,当打开过一次DDMS后 每次启动Eclips都会启动DDMS 而8700端口正是被这个DDMS给占用了,然后每次都会启动失败,解决办法就是 虚拟机运行起来后关闭掉Eclips,这时一切就正常了!
事例中是一个APP crackme 提示输入密码才能进入正确界面。这个时候我们输入123,点击登陆,IDA中断在了我们设置断点的地方,这时选中ida-&debugger-&use source level debugger,然后点击ida-&debugger-&debugger windows-&locals打开本地变量窗口,如图:
然后按F7或F8单步跟踪程序流程,同时可以观察到变量值的变化,也可以在IDA右键选择图形视图,可以看到整个APP执行的流程图:
如上图所示 变量窗口中我们输入了123 被转化成的密码是么广亡,pw变量也显示出了正确的密码,其实这个时候已经很容易判断出正确密码了。
0x03 Andoid原生动态链接库动态调试
通常为了加密保护等措施,有时dex执行过程中会调用动态链接库文件,该文件以so为后缀,存在于APP文件包里。
这里我们以动态附加的方式来调试原生库。
3.1 准备工作
1、将IDA-&dbgsrv目录下的android_server拷贝到虚拟机里,并赋予可执行权限
DOS命令分别为:
adb shell pull d:\ android_server /data/data/sv
adb shell chmod 755 /data/data/sv
2、启动调试服务器android_server
命令:adb shell /data/data/sv
服务器默认监听23946端口。
3、重新打开DOS窗口进行端口转发,命令:
adb forward tcp:23946 tcp:23946 如图:
3.2 利用IDA进行动态调试
1、虚拟机里启动要调试的APP 2、启动IDA,打开debugger-&attach-&remote Armlinux/andoid debugger
端口改为23946 其他保持不变,点击OK
如上图,选中要调试的APP 的数据包名,然后点击OK。
正常情况下,IDA会把APP进程挂起。
3、由于当前程序不是在动态链接库领空,这时我们要重新打开一个IDA,用它打开需要调试的so文件,找到需要下断的位置的文件偏移,并做记录,然后关闭后面打开的这个IDA。
4、在原IDA界面按下ctrl+s键,找到并找到需要调试的so,同时记录该文件的加载基址。然后点击OK 或者cancel按钮关闭对话框。
5、按下快捷键G 输入基址+文件偏移所得地址,点击OK 就跳转到SO文件需要下断的地方,这时按下F2键设置断点。当APP执行到此处时便可以断下来。
3.3 在反调试函数运行前进行动态调试
程序加载so的时候,会执行JNI_OnLoad函数,做一系列的准备工作。通常反调试函数也会放到JNI_OnLoad函数里。进行4.2中第2步时也许会遇到如下情况:
这时APP检测到了调试器,会自动退出,那么这时调试策略需要有所改变。
接着4.1第3步后,在DOS命令行执行命令:
adb shell am start -D -n com.yaotong.crackme/com.yaotong.crackme.MainActivity
来以调试模式启动APP 如图:
com.yaotong.crackme是APP包名称,com.yaotong.crackme.MainActivity是执行入口 这些可以用APK改之理查看。
这时由于APP还未运行,那么反调试函数也起不了作用,按照4.2中第2步把APP挂起。这时IDA会中断在某个位置
然后点击debugger-&debugger opions设置如下:
点击OK 后按F9运行APP,然后再DOS命令下执行命令:
jdb -connect com.sun.jdi.SocketAttach:hostname=127.0.0.1,port=8700
这时APP会断下来,然后按照4.2中的3、4、5补找到JNI_OnLoad函数的地址并下断,然后按F9 会中断下来。然后便可以继续动态跟踪调试分析。
0x04 主要参考资料
1、《Andoroid 软件安全与逆向分析》
2、看雪论坛安卓安全版
3、吾爱破解论坛安卓版
感谢看雪论坛好友:我是小三、QEver、非虫等的热心指教!
jpg 改 rar
阅读(...) 评论()loganyang123的专栏
https://blog.csdn.net/
https://static-blog.csdn.net/images/logo.gif
https://blog.csdn.net/loganyang123
https://blog.csdn.net/
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
本文主要介绍了网络安全通讯协议 SSL/TLS 和 Java 中关于安全通讯的实现部分。并通过一个简单的样例程序实现,来展示如何在 Java 平台上正确建立安全通讯。
人类建立了通信系统之后,如何保证通信的安全始终是一个重要的问题。伴随着现代化通信系统的建立,人们利用数学 理论找到了一些行之有效的方法来保证数字通信的安全。简单来说就是把两方通信的过程进行保密处理,比如对双方通信的内容进行加密,这样就可以有效防止偷听者轻易截获通信的内容。目前
SSL(Secure Sockets Layer) 及其后续版本 TLS(Transport Layer Security)是比较成熟的通信加密协议,它们常被用于在客户端和服务器之间建立加密通信通道。各种开发语言都给出 SSL/TLS 协议的具体实现,Java 也不例外。在 JDK 中有一个 JSSE(javax.net.ssl)包,提供了对 SSL 和 TLS 的支持。通过其所提供的一系列 API,开发者可以像使用普通 Socket 一样使用基于 SSL 或 TLS 的安全套接字,而不用关心 SSL 和
TLS 协议的细节,例如握手的流程等等。这使得利用 Java 开发安全的 SSL/TLS 服务器或客户端非常容易,本文将通过具体的例子来说明如何用 Java 语言来开发 SSL/TLS 应用。
SSL/TLS 协议的介绍
SSL/TLS 协议(RFC2246 RFC4346)处于 TCP/IP 协议与各种应用层协议之间,为数据通讯提供安全支持。
从协议内部的功能层面上来看,SSL/TLS 协议可分为两层:
1. SSL/TLS 记录协议(SSL/TLS Record Protocol),它建立在可靠的传输层协议(如 TCP)之上,为上层协议提供数据封装、压缩、加密等基本功能。
2. SSL/TLS 握手协议(SSL/TLS Handshake Protocol),它建立在 SSL/TLS 记录协议之上,用于在实际的数据传输开始前,通讯双方进行身份认证、协商加密算法、交换加密密钥等初始化协商功能。
从协议使用方式来看,又可以分成两种类型:
1. SSL/TLS 单向认证,就是用户到服务器之间只存在单方面的认证,即客户端会认证服务器端身份,而服务器端不会去对客户端身份进行验证。首先,客户端发起握手请求,服务器收到握手请求后,会选择适合双方的协议版本和加密方式。然后,再将协商的结果和服务器端的公钥一起发送给客户端。客户端利用服务器端的公钥,对要发送的数据进行加密,并发送给服务器端。服务器端收到后,会用本地私钥对收到的客户端加密数据进行解密。然后,通讯双方都会使用这些数据来产生双方之间通讯的加密密钥。接下来,双方就可以开始安全通讯过程了。
2.SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书。基本的过程和单向认证完全一样,只是在协商阶段多了几个步骤。在服务器端将协商的结果和服务器端的公钥一起发送给客户端后,会请求客户端的证书,客户端则会将证书发送给服务器端。然后,在客户端给服务器端发送加密数据后,客户端会将私钥生成的数字签名发送给服务器端。而服务器端则会用客户端证书中的公钥来验证数字签名的合法性。建立握手之后过程则和单向通讯完全保持一致。
SSL/TLS 协议建立通讯的基本流程如图 1 所示,
图 1. SSL/TLS 基本流程图
步骤 1. ClientHello – 客户端发送所支持的 SSL/TLS 最高协议版本号和所支持的加密算法集合及压缩方法集合等信息给服务器端。
步骤 2. ServerHello – 服务器端收到客户端信息后,选定双方都能够支持的 SSL/TLS 协议版本和加密方法及压缩方法,返回给客户端。
(可选)步骤 3. SendCertificate – 服务器端发送服务端证书给客户端。
(可选)步骤 4. RequestCertificate – 如果选择双向验证,服务器端向客户端请求客户端证书。
步骤 5. ServerHelloDone – 服务器端通知客户端初始协商结束。
(可选)步骤 6. ResponseCertificate – 如果选择双向验证,客户端向服务器端发送客户端证书。
步骤 7. ClientKeyExchange – 客户端使用服务器端的公钥,对客户端公钥和密钥种子进行加密,再发送给服务器端。
(可选)步骤 8. CertificateVerify – 如果选择双向验证,客户端用本地私钥生成数字签名,并发送给服务器端,让其通过收到的客户端公钥进行身份验证。
步骤 9. CreateSecretKey – 通讯双方基于密钥种子等信息生成通讯密钥。
步骤 10. ChangeCipherSpec – 客户端通知服务器端已将通讯方式切换到加密模式。
步骤 11. Finished – 客户端做好加密通讯的准备。
步骤 12. ChangeCipherSpec – 服务器端通知客户端已将通讯方式切换到加密模式。
步骤 13. Finished – 服务器做好加密通讯的准备。
步骤 14. Encrypted/DecryptedData – 双方使用客户端密钥,通过对称加密算法对通讯内容进行加密。
步骤 15. ClosedConnection – 通讯结束后,任何一方发出断开 SSL 连接的消息。
除了以上的基本流程,SSL/TLS 协议本身还有一些概念需要在此解释说明一下。
Key:Key 是一个比特(bit)字符串,用来加密解密数据的,就像是一把开锁的钥匙。
对称算法(symmetric cryptography):就是需要双方使用一样的
key 来加密解密消息算法,常用密钥算法有 Data Encryption Standard(DES)、triple-strength DES(3DES)、Rivest Cipher 2 (RC2)和 Rivest Cipher 4(RC4)。因为对称算法效率相对较高,因此 SSL 会话中的敏感数据都用通过密钥算法加密。
非对称算法(asymmetric cryptography):就是
key 的组成是公钥私钥对 (key-pair),公钥传递给对方私钥自己保留。公钥私钥算法是互逆的,一个用来加密,另一个可以解密。常用的算法有 Rivest Shamir Adleman(RSA)、Diffie-Hellman(DH)。非对称算法计算量大比较慢,因此仅适用于少量数据加密,如对密钥加密,而不适合大量数据的通讯加密。
公钥证书(public key certificate):公钥证书类似数字护照,由受信机构颁发。受信组织的公钥证书就是
certificate authority(CA)。多证书可以连接成证书串,第一个是发送人,下一个是给其颁发证书实体,往上到根证书是世界范围受信组织,包括 VeriSign, Entrust, 和 GTE CyberTrust。公钥证书让非对称算法的公钥传递更安全,可以避免身份伪造,比如 C 创建了公钥私钥,对并冒充 A 将公钥传递给 B,这样 C 与 B 之间进行的通讯会让 B 误认是 A 与 B 之间通讯。
加密哈希功能(Cryptographic Hash Functions): 加密哈希功能与
checksum 功能相似。不同之处在于,checksum 用来侦测意外的数据变化而前者用来侦测故意的数据篡改。数据被哈希后产生一小串比特字符串,微小的数据改变将导致哈希串的变化。发送加密数据时,SSL 会使用加密哈希功能来确保数据一致性,用来阻止第三方破坏通讯数据完整性。SSL 常用的哈希算法有 Message Digest 5(MD5)和 Secure Hash Algorithm(SHA)。
消息认证码(Message Authentication Code): 消息认证码与加密哈希功能相似,除了它需要基于密钥。密钥信息与加密哈希功能产生的数据结合就是哈希消息认证码(HMAC)。如果
A 要确保给 B 发的消息不被 C 篡改,他要按如下步骤做 --A 首先要计算出一个 HMAC 值,将其添加到原始消息后面。用 A 与 B 之间通讯的密钥加密消息体,然后发送给 B。B 收到消息后用密钥解密,然后重新计算出一个 HMAC,来判断消息是否在传输中被篡改。SSL 用 HMAC 来保证数据传输的安全。
数字签名(Digital Signature):一个消息的加密哈希被创建后,哈希值用发送者的私钥加密,加密的结果就是叫做数字签名。
JSSE(Java Secure Socket Extension)使用介绍
在 Java SDK 中有一个叫 JSSE(javax.net.ssl)包,这个包中提供了一些类来建立 SSL/TLS 连接。通过这些类,开发者就可以忽略复杂的协议建立流程,较为简单地在网络上建成安全的通讯通道。JSSE 包中主要包括以下一些部分:
安全套接字(secure socket)和安全服务器端套接字
非阻塞式 SSL/TLS 数据处理引擎(SSLEngine)
套接字创建工厂 , 用来产生 SSL 套接字和服务器端套接字
套接字上下文 , 用来保存用于创建和数据引擎处理过程中的信息
符合 X.509 规范密码匙和安全管理接口
下面将通过一个简单的例子来展示如何通过 JSSE,在客户端和服务器端建立一个 SSL/TLS 连接。设计两个类 SSLClient 和 SSLServer,分别来表示客户端和服务器端。客户端将会向服务器端发起连接请求,在通过服务器端验证建立 SSL 连接后,服务器端将会向客户端发送一串内容,客户端将会把收到的内容打印出来。样例代码如下,
SSLClient Source code:
package example.ssl.
import java.io.*;
import javax.net.ssl.SSLS
import javax.net.ssl.SSLSocketF
class SSLClient {
private SSLSocket socket =
public SSLClient() throws IOException {
// 通过套接字工厂,获取一个客户端套接字
SSLSocketFactory socketFactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
socket = (SSLSocket) socketFactory.createSocket("localhost", 7070);
public void connect() {
// 获取客户端套接字输出流
PrintWriter output = new PrintWriter(
new OutputStreamWriter(socket.getOutputStream()));
// 将用户名和密码通过输出流发送到服务器端
String userName = "principal";
output.println(userName);
String password = "credential";
output.println(password);
output.flush();
// 获取客户端套接字输入流
BufferedReader input = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
// 从输入流中读取服务器端传送的数据内容,并打印出来
String response = input.readLine();
response += "\n " + input.readLine();
System.out.println(response);
// 关闭流资源和套接字资源
output.close();
input.close();
socket.close();
} catch (IOException ioException) {
ioException.printStackTrace();
} finally {
System.exit(0);
public static void main(String args[]) throws IOException {
new SSLClient().connect();
SSLServer Source code:
package example.ssl.
import java.io.*;
import javax.net.ssl.SSLServerS
import javax.net.ssl.SSLServerSocketF
import javax.net.ssl.SSLS
class SSLServer {
// 服务器端授权的用户名和密码
private static final String USER_NAME = "principal";
private static final String PASSWORD = "credential";
// 服务器端保密内容
private static final String SECRET_CONTENT =
"This is confidential content from server X, for your eye!";
private SSLServerSocket serverSocket =
public SSLServer() throws Exception {
// 通过套接字工厂,获取一个服务器端套接字
SSLServerSocketFactory socketFactory = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket)socketFactory.createServerSocket(7070);
private void runServer() {
while (true) {
System.out.println("Waiting for connection...");
// 服务器端套接字进入阻塞状态,等待来自客户端的连接请求
SSLSocket socket = (SSLSocket) serverSocket.accept();
// 获取服务器端套接字输入流
BufferedReader input = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
// 从输入流中读取客户端用户名和密码
String userName = input.readLine();
String password = input.readLine();
// 获取服务器端套接字输出流
PrintWriter output = new PrintWriter(
new OutputStreamWriter(socket.getOutputStream()));
// 对请求进行认证,如果通过则将保密内容发送给客户端
if (userName.equals(USER_NAME) && password.equals(PASSWORD)) {
output.println("Welcome, " + userName);
output.println(SECRET_CONTENT);
output.println("Authentication failed, you have no
access to server X...");
// 关闭流资源和套接字资源
output.close();
input.close();
socket.close();
} catch (IOException ioException) {
ioException.printStackTrace();
public static void main(String args[]) throws Exception {
SSLServer server = new SSLServer();
server.runServer();
SSL 样例程序:
java -cp ./build/classes example.ssl.codes.SSLServer
java -cp ./build/classes example.ssl.codes.SSLClient
执行结果如下:
服务器端输出:
Waiting for connection...
javax.net.ssl.SSLHandshakeException: no cipher suites in common
Waiting for connection...
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1836)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
客户端输出:
javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1426)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:154)
at java.io.BufferedReader.readLine(BufferedReader.java:317)
at java.io.BufferedReader.readLine(BufferedReader.java:382)
at example.ssl.codes.SSLClient.connect(SSLClient.java:29)
at example.ssl.codes.SSLClient.main(SSLClient.java:44)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1911)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1027)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake
(SSLSocketImpl.java:1262)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:680)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:85)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.PrintWriter.flush(PrintWriter.java:320)
at example.ssl.codes.SSLClient.connect(SSLClient.java:25)
... 1 more
通过程序的错误输出,我们能够发现 SSL 建立失败了,在握手阶段双方没有能够协商出加密方法等信息。这是因为默认情况下,java 虚拟机没有与 SSL 相关的配置,需要开发者自己按照文档进行一些配置。在 JDK 中提供了一个安全钥匙与证书的管理工具 Keytool。Keytool 把钥匙,证书以及和与它们相关联的证书链储存到一个 keystore 中,默任的实现 keystore 的是一个文件,它本身有一个访问密码来保护存储在其中的内容。就本样例程序而言,只需要配置客户端和服务器端双方信任就可以了。可以按照如下几步来完成:
1. 进入本地的 java 安装位置的 bin 目录中 cd /java/bin
2. 创建一个客户端 keystore 文件,如图 2 所示
keytool -genkey -alias sslclient -keystore sslclientkeys
图 2. 创建 keystore 文件
3. 将客户端 keystore 文件导出成证书格式
keytool -export -alias sslclient -keystore sslclientkeys -file sslclient.cer
4. 创建一个服务器端 keystore 文件
keytool -genkey -alias sslserver -keystore sslserverkeys
5. 将服务器端 keystore 文件导出成证书格式
keytool -export -alias sslserver -keystore sslserverkeys -file sslserver.cer
6. 将客户端证书导入到服务器端受信任的 keystore 中
keytool -import -alias sslclient -keystore sslservertrust -file sslclient.cer
7. 将服务器端证书导入到客户端受信任的 keystore 中
keytool -import -alias sslserver -keystore sslclienttrust -file sslserver.cer
以上所有步骤都完成后,还可以通过命令来查看 keystore 文件基本信息,如图 3 所示
keytool -list -keystore sslclienttrust
图 3. 查看 keystore 文件
将前面创建的所有 keystore 文件从 java 的 bin 目录中剪切出来,移动到样例程序的执行目录中,通过运行程序时候的系统属性来指定这些文件,重新执行一遍样例程序。
java -cp ./build/classes
-Djavax.net.ssl.keyStore=sslserverkeys
-Djavax.net.ssl.keyStorePassword=123456
-Djavax.net.ssl.trustStore=sslservertrust
-Djavax.net.ssl.trustStorePassword=123456
example.ssl.codes.SSLServer
java -cp ./build/classes
-Djavax.net.ssl.keyStore=sslclientkeys
-Djavax.net.ssl.keyStorePassword=123456
-Djavax.net.ssl.trustStore=sslclienttrust
-Djavax.net.ssl.trustStorePassword=123456
example.ssl.codes.SSLClient
执行结果如下:
客户端输出
Welcome, principal
This is confidential content from server X, for your eye!
客户端与服务器端成功建立起 SSL 的连接,然后服务器端成功将字符串发送给客户端,客户端将其打印出来。
作者:loganyang123 发表于
https://blog.csdn.net/loganyang123/article/details/
阅读:4938 评论:1
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
作者:loganyang123 发表于
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
handy recovery
.input_btn_1{width: height:30 padding:0 15 border: background:url() repeat-x 0; color:# font:bold 12px/30px Arial, Helvetica, sans- text-align: cursor:}
作者:loganyang123 发表于
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
https://blog.csdn.net/loganyang123/article/details/
loganyang123
Dalvik opcodes
Vx values in the table denote a Dalvik register. Depending on the instruction, 16, 256 or 64k registers can be accessed. Operations on long and double values use two registers, e.g. a double value addressed in
the V0 register occupies the V0 and V1 registers.
Boolean values are stored as 1 for true and 0 for false. Operations on booleans are translated into integer operations.
All the examples are in hig-endian format, e.g. 0F00 0A00 is coded as 0F, 00, 0A, 00 sequence.
Note there are no explanation/example at some instructions. This means that I have not seen that instruction "in the wild" and its presence/name is only known from .Opcode (hex)
Opcode name
Explanation
No operation
0000 - nop
move vx,vy
Moves the content of vy into vx. Both registers must be in the first 256 register range.
0110 - move v0, v1
Moves v1 into v0.
move/from16 vx,vy
Moves the content of vy into vx. vy may be in the 64k register range while vx is one of the first 256 registers.
- move/from16 v0, v25
Moves v25 into v0.
move-wide/from16 vx,vy
Moves a long/double value from vy to vx. vy may be in the 64k register range while wx is one of the first 256 registers.
- move-wide/from16 v22, v0
Moves v0 into v22.
move-wide/16
move-object vx,vy
Moves the object reference from vy to vx.
0781 - move-object v1, v8
Moves the object reference in v8 to v1.
move-object/from16 vx,vy
Moves the object reference from vy to vx, vy can address 64k registers and vx can address 256 registers.
- move-object/from16 v1, v21
Move the object reference in v21 to v1.
move-object/16
move-result vx
Move the result value of the previous method invocation into vx.
0A00 - move-result v0
Move the return value of a previous method invocation into v0.
move-result-wide vx
Move the long/double result value of the previous method invocation into vx,vx+1.
0B02 - move-result-wide v2
Move the long/double result value of the previous method invocation into v2,v3.
move-result-object vx
Move the result object reference of the previous method invocation into vx.
0C00 - move-result-object v0
move-exception vx
Move the exception object reference thrown during a method invocation into vx.
0D19 - move-exception v25
return-void
Return without a return value
0E00 - return-void
Return with vx return value
0F00 - return v0
Returns with return value in v0.
return-wide vx
Return with double/long result in vx,vx+1.
1000 - return-wide v0
Returns with a double/long value in v0,v1.
return-object vx
Return with vx object reference value.
1100 - return-object v0
Returns with object reference value in v0
const/4 vx,lit4
Puts the 4 bit constant into vx
1221 - const/4 v1, #int2
Moves literal 2 into v1. The destination register is in the lower 4 bit in the second byte, the literal 2 is in the higher 4 bit.
const/16 vx,lit16
Puts the 16 bit constant into vx
- const/16 v0, #int 10
Puts the literal constant of 10 into v0.
const vx, lit32
Puts the integer constant into vx
BC00 - const v0, # // #00BC614E
Moves literal
const/high16 v0, lit16
Puts the 16 bit constant into the topmost bits of the register. Used to initialize float values.
- const/high16 v0, #float 10.0 // #
Moves the floating literal of 10.0 into v0. The 16 bit literal in the instruction carries the top 16 bits of the floating point number.
const-wide/16 vx, lit16
Puts the integer constant into vx and vx+1 registers, expanding the integer constant into a long constant..
- const-wide/16 v0, #long 10
Moves literal 10 into v0 and v1 registers.
const-wide/32 vx, lit32
Puts the 32 bit constant into vx and vx+1 registers, expanding the integer constant into a long constant.
bc00 - const-wide/32 v2, #long
// #00bc614e
Puts # into v2 and v3 registers.
const-wide vx, lit64
Puts the 64 bit constant into vx and vx+1 registers.
b5d 54dc 2b00- const-wide v2, #long 34567 // #002bdc545d6b4b87
Puts #34567 into v2 and v3 registers.
const-wide/high16 vx,lit16
Puts the 16 bit constant into the highest 16 bit of vx and vx+1 registers. Used to initialize double values.
- const-wide/high16 v0, #double 10.0 // #
Puts the double constant of 10.0 into v0 register.
const-string vx,string_id
Puts reference to a string constant identified by string_id into vx.
1A08 0000 - const-string v8, "" // string@0000
Puts reference to string@0000 (entry #0 in the string table) into v8.
const-string-jumbo
const-class vx,type_id
Moves the class object of a class identified by type_id (e.g. Object.class) into vx.
1C00 0100 - const-class v0, Test3 // type@0001
Moves reference to Test3.class (entry#1 in the type id table) into
monitor-enter vx
Obtains the monitor of the object referenced by vx.
1D03 - monitor-enter v3
Obtains the monitor of the object referenced by v3.
monitor-exit
Releases the monitor of the object referenced by vx.
1E03 - monitor-exit v3
Releases the monitor of the object referenced by v3.
check-cast vx, type_id
Checks whether the object reference in vx can be cast to an instance of a class referenced by type_id. Throws ClassCastException if the cast is not possible, continues execution otherwise.
1F04 0100 - check-cast v4, Test3 // type@0001
Checks whether the object reference in v4 can be cast to type@0001 (entry #1 in the type id table)
instance-of vx,vy,type_id
Checks whether vy is instance of a class identified by type_id. Sets vx non-zero if it is, 0 otherwise.
- instance-of v0, v4, Test3 // type@0001
Checks whether the object reference in v4 is an instance of type@0001 (entry #1 in the type id table). Sets v0 to non-zero if v4 is instance of Test3, 0 otherwise.
array-length vx,vy
Calculates the number of elements of the array referenced by vy and puts the length value into vx.
2111 - array-length v1, v1
Calculates the number of elements of the array referenced by v1 and puts the result into v1.
new-instance vx,type
Instantiates an object type and puts the reference of the newly created instance into vx.
- new-instance v0, java.io.FileInputStream // type@0015
Instantiates type@0015 (entry #15H in the type table) and puts its reference into v0.
new-array vx,vy,type_id
Generates a new array of type_id type and vy element size and puts the reference to the array into vx.
- new-array v2, v1, char[] // type@0025
Generates a new array of type@0025 type and v1 size and puts the reference to the new array into v2.
filled-new-array {parameters},type_id
Generates a new array of type_id and fills it with the parameters5. Reference to the newly generated array can be obtained by a move-result-object instruction, immediately following the filled-new-array instruction.
00 - filled-new-array {v0,v0},[I // type@0D53
Generates a new array of type@0D53. The array's size will be 2 and both elements will be filled with the contents of v0 register.
filled-new-array-range {vx..vy},type_id
Generates a new array of type_id and fills it with a range of parameters. Reference to the newly generated array can be obtained by a move-result-object instruction, immediately following the filled-new-array instruction.
00 - filled-new-array/range {v19..v21}, [B // type@0006
Generates a new array of type@0D53. The array's size will be 3 and the elements will be filled using the v19,v20 and v21 registers4.
fill-array-data vx,array_data_offset
Fills the array referenced by vx with the static data. The location of the static data is the sum of
the position of the current instruction and the offset
00 - fill-array-data v6, 00e6 // +0025
Fills the array referenced by v0 with the static data at current instruction+25H words location. The offset is expressed as a 32-bit number. The static data is stored in the following format:
0003 // Table type: static array data
0400 // Byte per array element (in this case, 4 byte integers)
// Number of elements in the table
// Element #0: integer 1
// Element #1: integer 2
// Element #2: integer3
Throws an exception object. The reference of the exception object is in vx.
2700 - throw v0
Throws an exception. The exception object reference is in v0.
goto target
Unconditional jump by short offset2.
28F0 - goto 0005 // -0010
Jumps to current position-16 words (hex 10). 0005 is the label of the target instruction.
goto/16 target
Unconditional jump by 16 bit offset2.
2900 0FFE - goto/16 002f // -01f1
Jumps to the current position-1F1H words. 002F is the label of the target instruction.
goto/32 target
packed-switch vx,table
Implements a switch statement where the case constants are close to each other. The instruction uses an index table. vx indexes into this table to find the offset of the instruction for a particular case. If vx falls out of the
index table, the execution continues on the next instruction (default case).
2B02 0C00 0000 - packed-switch v2, 000c // +000c
Execute a packed switch according to the switch argument in v2. The position of the index table is at current instruction+0CH words. The table looks like the following:
0001 // Table type: packed switch table
0300 // number of elements
// element base
// case 0: +
// case 1: +
// case 2: +
sparse-switch vx,table
Implements a switch statement with sparse case table. The instruction uses a lookup table with case constants and offsets for each case constant. If there is no match in the table, execution continues on the next instruction (default
2C02 0c00 0000 - sparse-switch v2, 000c // +000c
Execute a sparse switch according to the switch argument in v2. The position of the lookup table is at current instruction+0CH words. The table looks like the following.
0002 // Table type: sparse switch table
0300 // number of elements
9cff ffff // first case: -100
fa00 0000 // second case constant: 250
e803 0000 // third case constant: 1000
// offset for the first case constant: +5
// offset for the second case constant: +7
// offset for the third case constant: +9
cmpl-float
Compares the float values in vy and vz and sets the integer value in vx accordingly3
2D00 0607 - cmpl-float v0, v6, v7
Compares the float values in v6 and v7 then sets v0 accordingly. NaN bias is less-than, the instruction will return -1 if any of the parameters is NaN.
cmpg-float vx, vy, vz
Compares the float values in vy and vz and sets the integer value in vx accordingly3.
2E00 0607 - cmpg-float v0, v6, v7
Compares the float values in v6 and v7 then sets v0 accordingly. NaN bias is greater-than, the instruction will return 1 if any of the parameters is NaN.
cmpl-double vx,vy,vz
Compares the double values in vy and vz2 and sets the integer value in vx accordingly3.
2F19 0608 - cmpl-double v25, v6, v8
Compares the double values in v6,v7 and v8,v9 and sets v25 accordingly. NaN bias is less-than, the instruction will return -1 if any of the parameters is NaN.
cmpg-double vx, vy, vz
Compares the double values in vy and vz2 and sets the integer value in vx accordingly3.
A - cmpg-double v0, v8, v10
Compares the double values in v8,v9 and v10,v11 then sets v0 accordingly. NaN bias is greater-than, the instruction will return 1 if any of the parameters is NaN.
cmp-long vx, vy, vz
Compares the long values in vy and vz and sets the integer value in vx accordingly3.
- cmp-long v0, v2, v4
Compares the long values in v2 and v4 then sets v0 accordingly.
if-eq vx,vy,target
Jumps to target if vx==vy2. vx and vy are integer values.
32b3 6600 - if-eq v3, v11, 0080 // +0066
Jumps to the current position+66H words if v3==v11. 0080 is the label of the target instruction.
if-ne vx,vy,target
Jumps to target if vx!=vy2. vx and vy are integer values.
33A3 1000 - if-ne v3, v10, 002c // +0010
Jumps to the current position+10H words if v3!=v10. 002c is the label of the target instruction.
if-lt vx,vy,target
Jumps to target is vx&vy2. vx and vy are integer values.
3432 CBFF - if-lt v2, v3, 0023 // -0035
Jumps to the current position-35H words if v2&v3. 0023 is the label of the target instruction.
if-ge vx, vy,target
Jumps to target if vx&=vy2. vx and vy are integer values.
- if-ge v0, v1, 002b // +001b
Jumps to the current position+1BH words if v0&=v1. 002b is the label of the target instruction.
if-gt vx,vy,target
Jumps to target if vx&vy2. vx and vy are integer values.
- if-ge v0, v1, 002b // +001b
Jumps to the current position+1BH words if v0&v1. 002b is the label of the target instruction.
if-le vx,vy,target
Jumps to target if vx&=vy2. vx and vy are integer values.
- if-le v6, v5, 0144 // +000b
Jumps to the current position+0BH words if v6&=v5. 0144 is the label of the target instruction.
if-eqz vx,target
Jumps to target if vx==02. vx is an integer value.
- if-eqz v2, 0038 // +0019
Jumps to the current position+19H words if v2==0. 0038 is the label of the target instruction.
if-nez vx,target
Checks vx and jumps if vx is nonzero2.
- if-nez v2, 0014 // +0012
Jumps to current position+18 words (hex 12) if v2 is nonzero. 0014 is the label of the target instruction.
if-ltz vx,target
Checks vx and jumps if vx&02.
3A00 1600 - if-ltz v0, 002d // +0016
Jumps to the current position+16H words if v0&0. 002d is the label of the target instruction.
if-gez vx,target
Checks vx and jumps if vx&=02.
3B00 1600 - if-gez v0, 002d // +0016
Jumps to the current position+16H words if v0 &=0. 002d is the label of the target instruction.
if-gtz vx,target
Checks vx and jumps if vx&02.
3C00 1D00 - if-gtz v0, 004a // +001d
Jumps to the current position+1DH words if v0&0. 004A is the label of the target instruction.
if-lez vx,target
Checks vx and jumps if vx&=02.
3D00 1D00 - if-lez v0, 004a // +001d
Jumps to the current position+1DH words if v0&=0. 004A is the label of the target instruction.
aget vx,vy,vz
Gets an integer value of an object reference array into vx. The array is referenced by vy and is indexed by vz.
- aget v7, v3, v6
Gets an integer array element. The array is referenced by v3 and the element is indexed by v6. The element will be put into v7.
aget-wide vx,vy,vz
Gets a long/double value of long/double array into vx,vx+1. The array is referenced by vy and is indexed by vz.
- aget-wide v5, v1, v4
Gets a long/double array element. The array is referenced by v1 and the element is indexed by v4. The element will be put into v5,v6.
aget-object vx,vy,vz
Gets an object reference value of an object reference array into vx. The array is referenced by vy and is indexed by vz.
- aget-object v2, v2, v0
Gets an object reference array element. The array is referenced by v2 and the element is indexed by v0. The element will be put into v2.
aget-boolean vx,vy,vz
Gets a boolean value of a boolean array into vx. The array is referenced by vy and is indexed by vz.
- aget-boolean v0, v0, v1
Gets a boolean array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0.
aget-byte vx,vy,vz
Gets a byte value of a byte array into vx. The array is referenced by vy and is indexed by vz.
- aget-byte v0, v0, v1
Gets a byte array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0.
aget-char vx, vy,vz
Gets a char value
of a character array into vx. The element is indexed by vz, the array object is referenced by vy
- aget-char v5, v0, v3
Gets a character array element. The array is referenced by v0 and the element is indexed by v3. The element will be put into v5.
aget-short vx,vy,vz
Gets a short value
of a short array into vx. The element is indexed by vz, the array object is referenced by vy.
4A00 0001 - aget-short v0, v0, v1
Gets a short array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0.
aput vx,vy,vz
Puts the integer value in vx into an element of an integer array. The element is indexed by vz, the array object is referenced by vy.
4B00 0305 - aput v0, v3, v5
Puts the integer value in v2 into an integer array referenced by v0. The target array element is indexed by v1.
aput-wide vx,vy,vz
Puts the double/long value in vx,vx+1 into a double/long array. The array is referenced by vy, the element is indexed by vz.
4C05 0104 - aput-wide v5, v1, v4
Puts the double/long value in v5,v6 into a double/long array referenced by v1. The target array element is indexed by v4.
aput-object vx,vy,vz
Puts the object reference value in vx into an element of an object reference array. The element is indexed by vz, the array object is referenced by vy.
4D02 0100 - aput-object v2, v1, v0
Puts the object reference value in v2 into an object reference array referenced by v0. The target array element is indexed by v1.
aput-boolean vx,vy,vz
Puts the boolean value in vx into an element of a boolean array. The element is indexed by vz, the array object is referenced by vy.
4E01 0002 - aput-boolean v1, v0, v2
Puts the boolean value in v1 into an object reference array referenced by v0. The target array element is indexed by v2.
aput-byte vx,vy,vz
Puts the byte value in vx into an element of a byte array. The element is indexed by vz, the array object is referenced by vy.
4F02 0001 - aput-byte v2, v0, v1
Puts the boolean value in v2 into a byte array referenced by v0. The target array element is indexed by v1.
aput-char vx,vy,vz
Puts the char value in vx into an element of a character array. The element is indexed by vz, the array object is referenced by vy.
- aput-char v3, v0, v1
Puts the character value in v3 into a character array referenced by v0. The target array element is indexed by v1.
aput-short vx,vy,vz
Puts the short value in vx into an element of a short array. The element is indexed by vz, the array object is referenced by vy.
- aput-short v2, v0, v1
Puts the short value in v2 into a character array referenced by v0. The target array element is indexed by v1.
iget vx, vy, field_id
Reads an instance field into vx. The instance is referenced by vy.
- iget v0, v1, Test2.i6:I // field@0003
Reads field@0003 into v0 (entry #3 in the field id table). The instance is referenced by v1.
iget-wide vx,vy,field_id
Reads an instance field into vx1. The instance is referenced by vy.
- iget-wide v0, v2, Test2.l0:J // field@0004
Reads field@0004 into v0 and v1 registers (entry #4 in the field id table). The instance is referenced by v2.
iget-object vx,vy,field_id
Reads an object reference instance field into vx. The instance is referenced by vy.
iget-object v1, v2, LineReader.fis:Ljava/io/FileInputS // field@0002
Reads field@0002 into v1
(entry #2 in the field id table). The instance is referenced by v2.
iget-boolean vx,vy,field_id
Reads a boolean instance field into vx. The instance is referenced by vy.
55FC 0000 - iget-boolean v12, v15, Test2.b0:Z // field@0000
Reads the boolean field@0000 into v12 register (entry #0 in the field id table). The instance is referenced by v15.
iget-byte vx,vy,field_id
Reads a byte instance field into vx. The instance is referenced by vy.
- iget-byte v2, v3, Test3.bi1:B // field@0001
Reads the char field@0001 into v2 register (entry #1 in the field id table). The instance is referenced by v3.
iget-char vx,vy,field_id
Reads a char instance field into vx. The instance is referenced by vy.
- iget-char v0, v2, Test3.ci1:C // field@0003
Reads the char field@0003 into v0 register (entry #3 in the field id table). The instance is referenced by v2.
iget-short vx,vy,field_id
Reads a short instance field into vx. The instance is referenced by vy.
- iget-short v0, v3, Test3.si1:S // field@0008
Reads the short field@0008 into v0 register (entry #8 in the field id table). The instance is referenced by v3.
iput vx,vy, field_id
Puts vx into an instance field. The instance is referenced by vy.
- iput v0,v2, Test2.i6:I // field@0002
Stores v0 into field@0002 (entry #2 in the field id table). The instance is referenced by v2.
iput-wide vx,vy, field_id
Puts the wide value located in vx and vx+1 registers into an instance field. The instance is referenced by vy.
5A20 0000 - iput-wide v0,v2, Test2.d0:D // field@0000
Stores the wide value in v0, v1 registers into field@0000 (entry #0 in the field id table). The instance is referenced by v2.
iput-object vx,vy,field_id
Puts the object reference in vx into an instance field. The instance is referenced by vy.
5B20 0000 - iput-object v0, v2, LineReader.bis:Ljava/io/BufferedInputS // field@0000
Stores the object reference in v0 into field@0000 (entry #0 in the field table). The instance is referenced by v2.
iput-boolean vx,vy, field_id
Puts the boolean value located in vx into an instance field. The instance is referenced by vy.
5C30 0000 - iput-boolean v0, v3, Test2.b0:Z // field@0000
Puts the boolean value in v0 into field@0000 (entry #0 in the field id table). The instance is referenced by v3.
iput-byte vx,vy,field_id
Puts the byte value located in vx into an instance field. The instance is referenced by vy.
5D20 0100 - iput-byte v0, v2, Test3.bi1:B // field@0001
Puts the boolean value in v0 into field@0001 (entry #1 in the field id table). The instance is referenced by v2.
iput-char vx,vy,field_id
Puts the char value located in vx into an instance field. The instance is referenced by vy.
5E20 0300 - iput-char v0, v2, Test3.ci1:C // field@0003
Puts the char value in v0 into field@0003 (entry #3 in the field id table). The instance is referenced by v2.
iput-short vx,vy,field_id
Puts the short value located in vx into an instance field. The instance is referenced by vy.
5F21 0800 - iput-short v1, v2, Test3.si1:S // field@0008
Puts the short value in v1 into field@0008 (entry #8 in the field id table). The instance is referenced by v2.
sget vx,field_id
Reads the integer field identified by the field_id into vx.
- sget v0, Test3.is1:I // field@0007
Reads field@0007 (entry #7 in the field id table) into v0.
sget-wide vx, field_id
Reads the static field identified by the field_id into vx and vx+1 registers.
- sget-wide v0, Test2.l1:J // field@0005
Reads field@0005 (entry #5 in the field id table) into v0 and v1 registers.
sget-object vx,field_id
Reads the object reference field identified by the field_id into vx.
- sget-object v1, Test3.os1:Ljava/lang/O // field@000c
Reads field@000c (entry #CH in the field id table) into v1.
sget-boolean vx,field_id
Reads the boolean static field identified by the field_id into vx.
- sget-boolean v0, Test2.sb:Z // field@000c
Reads boolean field@000c (entry #12 in the field id table) into v0.
sget-byte vx,field_id
Reads the byte static field identified by the field_id into vx.
- sget-byte v0, Test3.bs1:B // field@0002
Reads byte field@0002 (entry #2 in the field id table) into v0.
sget-char vx,field_id
Reads the char static field identified by the field_id into vx.
- sget-char v0, Test3.cs1:C // field@0007
Reads byte field@0007 (entry #7 in the field id table) into v0.
sget-short vx,field_id
Reads the short static field identified by the field_id into vx.
- sget-short v0, Test3.ss1:S // field@000b
Reads short field@000b (entry #BH in the field id table) into v0.
sput vx, field_id
Puts vx into a static field.
- sput v0, Test2.i5:I // field@0001
Stores v0 into field@0001 (entry #1 in the field id table).
sput-wide vx, field_id
Puts vx and vx+1 into a static field.
- sput-wide v0, Test2.l1:J // field@0005
Puts the long value in v0 and v1 into the field@0005 static field (entry #5 in the field id table).
sput-object vx,field_id
Puts object reference in vx into a static field.
- sput-object v0, Test3.os1:Ljava/lang/O // field@000c
Puts the object reference value in v0 into the field@000c static field (entry #CH in the field id table).
sput-boolean vx,field_id
Puts boolean value in vx into a static field.
6A00 0300 - sput-boolean v0, Test3.bls1:Z // field@0003
Puts the byte value in v0 into the field@0003 static field (entry #3 in the field id table).
sput-byte vx,field_id
Puts byte value in vx into a static field.
6B00 0200 - sput-byte v0, Test3.bs1:B // field@0002
Puts the byte value in v0 into the field@0002 static field (entry #2 in the field id table).
sput-char vx,field_id
Puts char value in vx into a static field.
6C01 0700 - sput-char v1, Test3.cs1:C // field@0007
Puts the char value in v1 into the field@0007 static field (entry #7 in the field id table).
sput-short vx,field_id
Puts short value in vx into a static field.
6D00 0B00 - sput-short v0, Test3.ss1:S // field@000b
Puts the short value in v0 into the field@000b static field (entry #BH in the field id table).
invoke-virtual { parameters }, methodtocall
Invokes a virtual method with parameters.
- invoke-virtual { v4, v0, v1, v2, v3}, Test2.method5:(IIII)V // method@0006
Invokes the 6th method in the method table with the following arguments: v4 is the "this" instance, v0, v1, v2, and v3 are the method parameters. The method has 5 arguments (4 MSB bits of the second byte)5.
invoke-super {parameter},methodtocall
Invokes the virtual method of the immediate parent class.
6F10 A601 0100 invoke-super {v1},java.io.FilterOutputStream.close:()V // method@01a6
Invokes method@01a6 with one parameter, v1.
invoke-direct { parameters }, methodtocall
Invokes a method with parameters without the virtual method resolution.
00 - invoke-direct {v1}, java.lang.Object.&init&:()V // method@0008
Invokes the 8th method in the method table with just one parameter, v1 is the "this" instance5.
invoke-static {parameters}, methodtocall
Invokes a static method with parameters.
00 - invoke-static {v4}, java.lang.Integer.parseInt:( Ljava/lang/S)I // method@0034
Invokes method@34 static method. The method is called with one parameter, v45.
invoke-interface {parameters},methodtocall
Invokes an interface method.
54 invoke-interface {v1, v3, v4, v5}, mwfw.IReceivingProtocolAdapter.receivePackage:(
ILjava/lang/SLjava/io/InputS)Z // method@0221
Invokes method@221 interface method using parameters in v1,v3,v4 and v55.
invoke-virtual/range {vx..vy},methodtocall
Invokes virtual method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
00 - invoke-virtual {v19..v21}, Test2.method5:(IIII)V // method@0006
Invokes the 6th method in the method table with the following arguments: v19 is the "this" instance, v20 and v21 are the method parameters.
invoke-super/range
the virtual method of the immediate parent class. The instruction specifies the first register and the number of registers to be passed to the method.
00 invoke-super {v1},java.io.FilterOutputStream.close:()V // method@01a6
Invokes method@01a6 with one parameter, v1.
invoke-direct/range {vx..vy},methodtocall
Invokes direct method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
1300 - invoke-direct/range {v19..21},java.lang.Object.&init&:()V // method@003a
Invokes method@3A with 1 parameters (second byte of the instruction=03). The parameter is stored in v19 (5th,6th bytes of the instruction).
invoke-static/range {vx..vy},methodtocall
Invokes static method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
1300 - invoke-static/range {v19..21},java.lang.Integer.parseInt:( Ljava/lang/S)I // method@0034
Invokes method@3A with 1 parameters (second byte of the instruction=03). The parameter is stored in v19 (5th,6th bytes of the instruction).
invoke-interface-range
Invokes an interface method with a range of registers. The instruction specifies the first register and the number of registers to be passed to the method.
00 invoke-interface {v1..v4}, mwfw.IReceivingProtocolAdapter.receivePackage:(
ILjava/lang/SLjava/io/InputS)Z // method@0221
Invokes method@221 interface method using parameters in v1..v4.
neg-int vx,vy
Calculates vx=-vy.
7B01 - neg-int v1,v0
Calculates -v0 and stores the result in v1.
not-int vx,vy
neg-long vx,vy
Calculates vx,vx+1=-(vy,vy+1)
7D02 - neg-long v2,v0
Calculates -(v0,v1) and stores the result into (v2,v3)
not-long vx,vy
neg-float vx,vy
Calculates vx=-vy
7F01 - neg-float v1,v0
Calculates -v0 and stores the result into v1.
neg-double vx,vy
Calculates vx,vx+1=-(vy,vy+1)
8002 - neg-double v2,v0
Calculates -(v0,v1) and stores the result into (v2,v3)
int-to-long vx, vy
Converts the integer in vy into a long in vx,vx+1.
8106 - int-to-long v6, v0
Converts an integer in v0 into a long in v6,v7.
int-to-float vx, vy
Converts the integer in vx into a float in vx.
8206 - int-to-float v6, v0
Converts the integer in v0 into a float in v6.
int-to-double vx, vy
Converts the integer in vy into the double in vx,vx+1.
8306 - int-to-double v6, v0
Converts the integer in v0 into a double in v6,v7
long-to-int vx,vy
Converts the long value in vy,vy+1 into an integer in vx.
8424 - long-to-int v4, v2
Converts the long value in v2,v3 into an integer value in v4.
long-to-float vx, vy
Converts the long value in vy,vy+1 into a float in vx.
8510 - long-to-float v0, v1
Convcerts the long value in v1,v2 into a float value in v0.
long-to-double vx, vy
Converts the long value in vy,vy+1 into a double value in vx,vx+1.
8610 - long-to-double v0, v1
Converts the long value in v1,v2 into a double value in v0,v1.
float-to-int vx, vy
Converts the float value in vy into an integer value in vx.
8730 - float-to-int v0, v3
Converts the float value in v3 into an integer value in v0.
float-to-long vx,vy
Converts the float value in vy into a long value in vx.
8830 - float-to-long v0, v3
Converts the float value in v3 into a long value in v0,v1.
float-to-double vx, vy
Converts the float value in vy into a double value in vx,vx+1.
8930 - float-to-double v0, v3
Converts the float value in v3 into a double value in v0,v1.
double-to-int vx, vy
Converts the double value in vy,vy+1 into an integer value in vx.
- double-to-int v0, v4
Converts the double value in v4,v5 into an integer value in v0.
double-to-long vx, vy
Converts the double value in vy,vy+1 into a long value in vx,vx+1.
8B40 - double-to-long v0, v4
Converts the double value in v4,v5 into a long value in v0,v1.
double-to-float vx, vy
Converts the double value in vy,vy+1 into a float value in vx.
8C40 - double-to-float v0, v4
Converts the double value in v4,v5 into a float value in v0,v1.
int-to-byte vx,vy
Converts the int value in vy to a byte value and stores it in vx.
8D00 - int-to-byte v0, v0
Converts the integer in v0 into a byte and puts the byte value into v0.
int-to-char vx,vy
Converts the int value in vy to a char value and stores it in vx.
- int-to-char v3, v3
Converts the integer in v3 into a char and puts the char value into v3.
int-to-short vx,vy
Converts the int value in vy to a short value and stores it in vx.
8F00 - int-to-short v0, v0
Converts the integer in v0 into a short and puts the short value into v3.
add-int vx,vy,vz
Calculates vy+vz and puts the result into vx.
- add-int v0, v2, v3
Adds v3 to v2 and puts the result into v04.
sub-int vx,vy,vz
Calculates vy-vz and puts the result into vx.
- sub-int v0, v2, v3
Subtracts v3 from v2 and puts the result into v0.
mul-int vx, vy, vz
Multiplies vz with wy and puts the result int vx.
- mul-int v0,v2,v3
Multiplies v2 with w3 and puts the result into v0
div-int vx,vy,vz
Divides vy with vz and puts the result into vx.
- div-int v3, v0, v1
Divides v0 with v1 and puts the result into v3.
rem-int vx,vy,vz
Calculates vy % vz and puts the result into vx.
- rem-int v0, v2, v3
Calculates v3 % v2 and puts the result into v0.
and-int vx, vy, vz
Calculates vy AND vz and puts the result into vx.
- and-int v3, v0, v1
Calculates v0 AND v1 and puts the result into v3.
or-int vx, vy, vz
Calculates vy OR vz and puts the result into vx.
- or-int v3, v0, v1
Calculates v0 OR v1 and puts the result into v3.
xor-int vx, vy, vz
Calculates vy XOR vz and puts the result into vx.
- xor-int v3, v0, v1
Calculates v0 XOR v1 and puts the result into v3.
shl-int vx, vy, vz
Shift vy left by the positions specified by vz and store the result into vx.
- shl-int v2, v0, v1
Shift v0 left by the positions specified by v1 and store the result in v2.
shr-int vx, vy, vz
Shift vy right by the positions specified by vz and store the result into vx.
- shr-int v2, v0, v1
Shift v0 right by the positions specified by v1 and store the result in v2.
ushr-int vx, vy, vz
Unsigned shift right (&&&) vy by the positions specified by vz and store the result into vx.
9A02 0001 - ushr-int v2, v0, v1
Unsigned shift v0 right by the positions specified by v1 and store the result in v2.
add-long vx, vy, vz
Adds vy to vz and puts the result into vx1.
9B00 0305 - add-long v0, v3, v5
The long value in v3,v4 is added to the value in v5,v6 and the result is stored in v0,v1.
sub-long vx,vy,vz
Calculates vy-vz and puts the result into vx1.
9C00 0305 - sub-long v0, v3, v5
Subtracts the long value in v5,v6 from the long value in v3,v4 and puts the result into v0,v1.
mul-long vx,vy,vz
Calculates vy*vz and puts the result into vx1.
9D00 0305 - mul-long v0, v3, v5
Multiplies the long value in v5,v6 with the long value in v3,v4 and puts the result into v0,v1.
div-long vx, vy, vz
Calculates vy/vz and puts the result into vx1.
9E06 0002 - div-long v6, v0, v2
Divides the long value in v0,v1 with the long value in v2,v3 and pust the result into v6,v7.
rem-long vx,vy,vz
Calculates vy % vz and puts the result into vx1.
9F06 0002 - rem-long v6, v0, v2
Calculates v0,v1 %
v2,v3 and puts the result into v6,v7.
and-long vx, vy, vz
Calculates the vy AND vz and puts the result into vx1.
A006 0002 - and-long v6, v0, v2
Calculates v0,v1 AND v2,v3 and puts the result into v6,v7.
or-long vx, vy, vz
Calculates the vy OR vz and puts the result into vx1.
A106 0002 - or-long v6, v0, v2
Calculates v0,v1 OR v2,v3 and puts the result into v6,v7.
xor-long vx, vy, vz
Calculates the vy XOR vz and puts the result into vx1.
A206 0002 - xor-long v6, v0, v2
Calculates v0,v1 XOR v2,v3 and puts the result into v6,v7.
shl-long vx, vy, vz
Shifts left vy by vz positions and stores the result in vx1.
A302 0004 - shl-long v2, v0, v4
Shift v0,v1 by postions specified by v4 and puts the result into v2,v3.
shr-long vx,vy,vz
Shifts right vy by vz positions and stores the result in vx1.
A402 0004 - shr-long v2, v0, v4
Shift v0,v1 by postions specified by v4 and puts the result into v2,v3.
ushr-long vx, vy, vz
Unsigned shifts right vy by vz positions and stores the result in vx1.
A502 0004 - ushr-long v2, v0, v4
Unsigned shift v0,v1 by postions specified by v4 and puts the result into v2,v3.
add-float vx,vy,vz
Adds vy to vz and puts the result into vx.
A600 0203 - add-float v0, v2, v3
Adds the floating point numbers in v2 and v3 and puts the result into v0.
sub-float vx,vy,vz
Calculates vy-vz and puts the result into vx.
A700 0203 - sub-float v0, v2, v3
Calculates v2-v3 and puts the result into v0.
mul-float vx, vy, vz
Multiplies vy with vz and puts the result into vx.
A803 0001 - mul-float v3, v0, v1
Multiplies v0 with v1 and puts the result into v3.
div-float vx, vy, vz
Calculates vy/vz and puts the result into vx.
A903 0001 - div-float v3, v0, v1
Divides v0 with v1 and puts the result into v3.
rem-float vx,vy,vz
Calculates vy % vz and puts the result into vx.
AA03 0001 - rem-float v3, v0, v1
Calculates v0 %
v1 and puts the result into v3.
add-double vx,vy,vz
Adds vy to vz and puts the result into vx1.
AB00 0305 - add-double v0, v3, v5
Adds the double value in v5,v6 registers to the double value in v3,v4 registers and places the result
in v0,v1 registers.
sub-double vx,vy,vz
Calculates vy-vz and puts the result into vx1.
AC00 0305 - sub-double v0, v3, v5
Subtracts the value in v5,v6 from the value in v3,v4 and puts the result into v0,v1.
mul-double vx, vy, vz
Multiplies vy with vz and puts the result into vx1.
AD06 0002 - mul-double v6, v0, v2
Multiplies the double value in v0,v1 with the double value in v2,v3 and puts the result into v6,v7.
div-double vx, vy, vz
Calculates vy/vz and puts the result into vx1.
AE06 0002 - div-double v6, v0, v2
Divides the double value in v0,v1 with the double value in v2,v3 and puts the result into v6,v7.
rem-double vx,vy,vz
Calculates vy % vz and puts the result into vx1.
AF06 0002 - rem-double v6, v0, v2
Calculates v0,v1 % v2,v3 and puts the result into v6,v7.
add-int/2addr vx,vy
Adds vy to vx.
B010 - add-int/2addr v0,v1
Adds v1 to v0}
我要回帖
更多关于 smali 反编译 的文章
更多推荐
- ·台风登陆最多的是哪个城市为何只能在沿海城市登录?为何很少去四川,甘肃,宁夏,新疆这些地方...
- ·求解高考空间向量典型例题解析几何与向量代数的一道题目
- ·WeGame里可以用电脑玩手游鼠标怎么设置玩的游戏?
- ·你好我买了柏氏护肤品哪个系列最好砰砰水2代7件套顺序要怎么用?
- ·拉黑和删除哪个更绝情我几个小号最后一个为啥不拉?
- ·新手上路,前两天再圈圈礼包领了一个《热血三国2开服表》开年礼包,求问大神们要怎么用才能发挥最大效果?
- ·神武游戏怎么美版sprint自动解锁器器
- ·刀塔传奇远征通关奖励我59远征第十关都过不了
- ·侍魂还有互联网 下一步发展展
- ·金石麦乐购母婴商城都买那些物品
- ·梦幻69封妖妖开启石阵需要全队员都达标吗
- ·qq炫舞寻宝之路2游戏送花一百朵要求什么花
- ·逆战星星兑换逆战什么时候更新新
- ·混沌战域橙色装备装备+ 6到+9 需要多少强化石
- ·新飞飞藏宝阁鸿加湿器不出雾气
- ·我的世界1.72工业整合.2整合怎么用
- ·英雄联盟S5定位赛打完了为s4白金s5是什么段位显示的还是S4的段位?s4白金s5是什么段位时候更新出S5的段位呀?
- ·9173扣扣飞车租号买号码
- ·炫舞角色创建后的炫舞新手上路称号在哪里?刚创建了号然后一下子游戏闪退了,现在进去就没有炫舞新手上路称号了
- ·LIFlifestyle是什么意思品牌
- ·3 smali to javakeys 游戏攻略
- ·有个关于编程的手机游戏戏的一关老是过不了,解锁不了下个光卡,有什么办法没
- ·战争霸业橙色将领之箭 有必要合成 橙色 吗
- ·龙岭传说完整版攻略2 怎么把巨魔旁边的桥放下来
- ·2015年qq炫舞点券自助查询如何在4天弄到四千点券
- ·请问怪物猎人2g存档P3 存档ULJM05800这个文件夹 和 ULJM05800QST 文件夹分别是什么意思呢?区别是什么呢?
- ·挎包神器减肥神器瘦身神器纤体神器bes博爱思植物能量止饿仪是真的有效果吗
- ·巨神战击队2部全集二鲁香怡QQ号吗?
- ·无双鬼魅击杀英雄无双后地上留的刀子说明怎么修改
- ·全民暗黑破坏神1重置符文重置,符文会怎样,问的是符文,不是符文点,。
- ·gtx650配合什么配置,才可以lolgtx1060特效全开开fps一百以上,cf超流畅运行
- ·谁有天天爱消除2017辅助辅助啊 iOS的
- ·欧普斯opus1评测哪里可以玩?
- ·被尘封的故事钻石世界手机版怎么收集毒药?(需要收集3个)怎么刷?钻石怎么刷?
- ·阿拉德大陆大转移移后地下城大后现在那个图爆裂创
