码迷,mamicode.com
首页 > 其他好文 > 详细

早期学习写壳代码

时间:2015-08-10 14:55:54      阅读:131      评论:0      收藏:0      [点我收藏+]

标签:java   apk保护   apk壳代码   源码   codes   

早期自己弄的一些东西,大牛绕过。
入门写壳的同学可以参考看看。
效果如下:
技术分享
Java 层:

package com.droider.crackme0201;


import java.lang.String;
import android.app.Application;
import android.content.Context;
import android.content.res.Configuration;

public class TestApplication extends Application {
    static{
        System.loadLibrary("Nothing");

    }

    @Override
    protected void attachBaseContext(Context base) {
        super.attachBaseContext(base);
        ErickyGuard(base);
        ErickyProtect(base);

    }


    public native void ErickyGuard(Context context);
    public native Object ErickyProtect(Context context);

}

C层:

#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <jni.h>
#include <android/log.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/types.h>
#include <elf.h>
#include <sys/mman.h>
#include <assert.h>
#define DEBUG
#define   LOG_TAG    "LOG_TEST"
#define   LOGI(...)  __android_log_print(ANDROID_LOG_INFO,LOG_TAG,__VA_ARGS__)
#define   LOGE(...)  __android_log_print(ANDROID_LOG_ERROR,LOG_TAG,__VA_ARGS__)
// 获取数组的大小
# define NELEM(x) ((int) (sizeof(x) / sizeof((x)[0])))
// 指定要注册的类,对应完整的java类名
#define JNIREG_CLASS "com/droider/crackme0201/TestApplication"
//Function  Statements

jstring   CharTojstring(JNIEnv*   env,   char*   str);
jobject invokeStaticMethodss (JNIEnv *env,jstring class_name, jstring method_name, jobjectArray pareTyple, jobjectArray pareVaules);
jobject   getFieldOjbect(JNIEnv *env,       jstring class_name, jobject obj, jstring fieldName);
void     setFieldOjbect(JNIEnv *env, jstring class_name, jstring fieldName, jobject obj, jobject filedVaule);
void        guard( JNIEnv* env,jobject thiz,jobject context );
JNIEXPORT jobject JNICALL sub_2222( JNIEnv* env,
                                                  jobject thiz,jobject context )

{

    jclass native_clazz = env->GetObjectClass(context);
    jmethodID methodID_func = env->GetMethodID(native_clazz,"getPackageName", "()Ljava/lang/String;");
    jstring packagename =(jstring)(env->CallObjectMethod(context, methodID_func));
    //**************************************
    char *aa="android.app.ActivityThread", *bb = "currentActivityThread";
    jstring jaa= CharTojstring(env,aa);
    jstring jbb = CharTojstring(env,bb);
    jobjectArray pareTyple;
    jobjectArray pareVaules;
    jobject currentActivityThread = invokeStaticMethodss(env,jaa,jbb,pareTyple,pareVaules );
    char *cc="android.app.ActivityThread", *dd = "mPackages";
    jstring jcc= CharTojstring(env,cc);
    jstring jdd = CharTojstring(env,dd);
            jclass class_hashmap=env->FindClass("java/util/HashMap");
            jmethodID hashmap_construct_method=env->GetMethodID(class_hashmap, "<init>","()V");
            jobject obj_hashmap =env->NewObject(class_hashmap, hashmap_construct_method, "");
            obj_hashmap = getFieldOjbect(env,jcc, currentActivityThread,jdd);
       // new??€??aWeakReference?ˉ1è±?java.lang.ref.WeakReference   get_get_obj ==wr.get();
            jclass class_WeakReference=env->FindClass("java/lang/ref/WeakReference");
            if(class_WeakReference==NULL){
                LOGI("class_WeakReference Not Found ");

            }
            jmethodID WeakReference_get_method=env->GetMethodID(class_WeakReference, "get","()Ljava/lang/Object;");
            if(WeakReference_get_method==NULL){
                            LOGI("WeakReference_get_method Not Found ");

                        }
            jmethodID get_func = env->GetMethodID(class_hashmap,"get","(Ljava/lang/Object;)Ljava/lang/Object;");
            if(get_func==NULL){
                                    LOGI("get_func Not Found ");
            }
            jobject get_obj =env->CallObjectMethod(obj_hashmap, get_func,packagename);
            if(get_obj==NULL){
                                                LOGI("get_obj Not Found ");
            }
            jobject get_get_obj = env->CallObjectMethod(get_obj, WeakReference_get_method);
            if(get_get_obj==NULL){
                                                            LOGI("get_get_obj Not Found ");
             }
            //Strings prepared
            const char *str = env->GetStringUTFChars(packagename, 0);
            char parameter1[128];
            char parameter2[128];
            char parameter3[128];
            const char *qz ="/data/data/", *hz1 = "/.cache/classdex.jar" ,*hz2 = "/.cache",*hz3 = "/.cache/";
            strcpy(parameter1, qz);
            strcat(parameter1, str);
            strcat(parameter1, hz1);
            strcpy(parameter2, qz);
            strcat(parameter2, str);
            strcat(parameter2, hz2);
            strcpy(parameter3, qz);
            strcat(parameter3, str);
            strcat(parameter3, hz3);
            env->ReleaseStringUTFChars(packagename, str);
            jstring jparameter1 = CharTojstring(env,parameter1);
            jstring jparameter2 = CharTojstring(env,parameter2);
            jstring jparameter3 = CharTojstring(env,parameter3);
            char *loadapk = "android.app.LoadedApk",*mClassLoader = "mClassLoader";
            jstring jloadapk= CharTojstring(env,loadapk);
            jstring jmClassLoader = CharTojstring(env,mClassLoader);
            jclass class_DexClassloader=env->FindClass("dalvik/system/DexClassLoader");
            if(class_DexClassloader==NULL){
                        LOGI("class_DexClassloader Not Found ");
                     }
            jmethodID DexClassloader_construct_method=env->GetMethodID(class_DexClassloader, "<init>","(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/ClassLoader;)V");
            if(DexClassloader_construct_method==NULL){
                                                                    LOGI("DexClassloader_construct_method Not Found ");
                     }
            jobject obj_DexClassloader =env->NewObject(class_DexClassloader, DexClassloader_construct_method,jparameter1,jparameter2,jparameter3,getFieldOjbect(env,jloadapk,get_get_obj,jmClassLoader));
            if(obj_DexClassloader==NULL){
                                                                    LOGI("obj_DexClassloader Not Found ");
             }
            setFieldOjbect(env,jloadapk,jmClassLoader,get_get_obj, obj_DexClassloader);

            return get_get_obj;
}
JNIEXPORT void JNICALL sub_1111( JNIEnv* env,
                                                  jobject thiz,jobject context )
{
    guard(env,thiz,context );
}

// Java和JNI函数的绑定表
static JNINativeMethod method_table[] = {
    { "ErickyProtect", "(Landroid/content/Context;)Ljava/lang/Object;", (void*)sub_2222 },//绑定Ericky3
    { "ErickyGuard", "(Landroid/content/Context;)V", (void*)sub_1111 },//Ericky1
};
// 注册native方法到java中
static int registerNativeMethods(JNIEnv* env, const char* className,
        JNINativeMethod* gMethods, int numMethods)
{
    jclass clazz;
    clazz = env->FindClass( className);
    if (clazz == NULL) {
        return JNI_FALSE;
    }
    if (env->RegisterNatives(clazz, gMethods, numMethods) < 0) {
        return JNI_FALSE;
    }

    return JNI_TRUE;
}

int register_ndk_load(JNIEnv *env)
{
    // 调用注册方法
    return registerNativeMethods(env, JNIREG_CLASS,
            method_table, NELEM(method_table));
}

JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* reserved)
{
    JNIEnv* env = NULL;
    jint result = -1;

    if (vm->GetEnv((void**) &env, JNI_VERSION_1_4) != JNI_OK) {
        return result;
    }

    register_ndk_load(env);

    // 返回jni的版本
    return JNI_VERSION_1_4;
}
//Copy fuctions and initial fuctions
void guard( JNIEnv* env,jobject thiz,jobject context )
{
            jclass native_clazz = env->GetObjectClass(context);
            jmethodID methodID_func = env->GetMethodID(native_clazz,"getPackageName", "()Ljava/lang/String;");
            jstring packagename =(jstring)(env->CallObjectMethod(context, methodID_func));
                const char *str = env->GetStringUTFChars(packagename, 0);
                char destination[128];
                const char *blank ="/data/data/", *c = "/.cache/";
                strcpy(destination, blank);
                strcat(destination, str);
                strcat(destination, c);
                LOGI("stringcccccccccccccccc %s",destination);//????-—??|??2s%

                env->ReleaseStringUTFChars(packagename, str);
                jint a = mkdir(destination,777);

                LOGI("Created a file in android! %d",a);//????-—??|??2s%
                const char *pre = "chmod 755 ";
                char cmd[128];
                strcpy(cmd, pre);
                strcat(cmd, destination);
                LOGI("cmd %s",cmd);//????-—??|??2s%
                jstring jcmd = CharTojstring(env,cmd);

            //exec
                jclass Runtime = env->FindClass("java/lang/Runtime");
                jmethodID Runtime_func = env->GetStaticMethodID(Runtime,"getRuntime","()Ljava/lang/Runtime;");
                jobject class_obj = env->CallStaticObjectMethod(Runtime, Runtime_func);
                jclass class_java = env->GetObjectClass(class_obj);

                jmethodID exec_func = env->GetMethodID(class_java,"exec","(Ljava/lang/String;)Ljava/lang/Process;");
                jobject method_obj =env->CallObjectMethod(class_obj, exec_func,jcmd);
                jclass class_method_obj= env->GetObjectClass(method_obj);

                jmethodID waitfor_func = env->GetMethodID(class_method_obj,"waitFor","()I");
                jint result = env->CallIntMethod(method_obj,waitfor_func);

                LOGI("CallIntMethod %d",result);//????-—??|??2s%
    //***************************************************************************************Copy fuctions
                //************************despath
                    // è?·??— Context ?±?
                    jclass native_clazz2 = env->GetObjectClass(context);
                    jmethodID methodID_func2 = env->GetMethodID(native_clazz2,"getPackageName", "()Ljava/lang/String;");
                    jstring packagename2 =(jstring)(env->CallObjectMethod(context, methodID_func2));
                    const char *str2 = env->GetStringUTFChars(packagename2, 0);
                    char destination2[128];
                    const char *blank2 ="/data/data/", *c2 = "/.cache/classdex.jar";
                    strcpy(destination2, blank2);
                    strcat(destination2, str2);
                    strcat(destination2, c2);
                    LOGI("string %s",destination2);
                    LOGI("log test ok ");
                    env->ReleaseStringUTFChars(packagename2, str2);
                    jstring jdestination = CharTojstring(env,destination2);
                    jmethodID methodID_getApplicationInfo = env->GetMethodID(native_clazz2,"getApplicationInfo", "()Landroid/content/pm/ApplicationInfo;");
                    jobject ApplicationInfo =env->CallObjectMethod(context, methodID_getApplicationInfo);
                    jclass cls_ApplicationInfo=env->GetObjectClass(ApplicationInfo);

                    jfieldID JarFieldId = env->GetFieldID(cls_ApplicationInfo,"publicSourceDir", "Ljava/lang/String;");

                    jstring SourceDir =(jstring)(env->GetObjectField(ApplicationInfo,JarFieldId));
                        const char *strs = env->GetStringUTFChars(SourceDir, 0);
                        char destinations[128];
                        strcpy(destinations, strs);
                        jbyteArray bytes = env->NewByteArray(65536);
                        LOGI("HAHAHAHHAHAHAHA %s",destinations);//
                        env->ReleaseStringUTFChars(SourceDir, strs);
                        LOGI("HAHAHAHHAHAHAHA222222222222222a€?");
                        //initial strings
                        char *classdex_jar2="assets/ErickyProtect.so";//包里的文件
                        jstring jclassdex_jar = CharTojstring(env,classdex_jar2);
                        ////////////new JarFile
                        jclass cls_JarFile = env->FindClass("java/util/jar/JarFile");
                        jmethodID methodID_JarFile = env->GetMethodID(cls_JarFile,"<init>", "(Ljava/lang/String;)V");
                    jobject localJarFile = env->NewObject(cls_JarFile, methodID_JarFile,SourceDir);

                        //localjarFile getEntry method
                        jmethodID methodID_getentry = env->GetMethodID(cls_JarFile,"getEntry", "(Ljava/lang/String;)Ljava/util/zip/ZipEntry;");
                        jobject LocalZipEntry = env->CallObjectMethod(localJarFile,methodID_getentry,jclassdex_jar);
                        //localjarFile getInputStream method
                        jmethodID methodID_getInputStream = env->GetMethodID(cls_JarFile,"getInputStream", "(Ljava/util/zip/ZipEntry;)Ljava/io/InputStream;");
                        jobject BufferinputstreamParam = env->CallObjectMethod(localJarFile,methodID_getInputStream,LocalZipEntry);

                        //new a File class
                        jclass cls_File = env->FindClass("java/io/File");
                        jmethodID methodID_File = env->GetMethodID(cls_File,"<init>", "(Ljava/lang/String;)V");
                        jobject localFile = env->NewObject(cls_File, methodID_File,jdestination);

                        //new  BufferedInputStream
                        jclass cls_BufferedInputStream = env->FindClass("java/io/BufferedInputStream");
                        jmethodID methodID_BufferedInputStream = env->GetMethodID(cls_BufferedInputStream,"<init>", "(Ljava/io/InputStream;)V");
                        jobject localBufferedInputStream = env->NewObject(cls_BufferedInputStream, methodID_BufferedInputStream,BufferinputstreamParam);
                        //new FileoutputStream

                        jclass cls_FileOutputStream = env->FindClass("java/io/FileOutputStream");
                        jmethodID methodID_FileOutputStream= env->GetMethodID(cls_FileOutputStream,"<init>", "(Ljava/io/File;)V");
                        jobject BufferoutputstreamParam = env->NewObject(cls_FileOutputStream, methodID_FileOutputStream,localFile);

                        //new BufferedOutputStream
                        jclass cls_BufferedOutputStream = env->FindClass("java/io/BufferedOutputStream");
                        jmethodID methodID_BufferedOutputStream = env->GetMethodID(cls_BufferedOutputStream,"<init>", "(Ljava/io/OutputStream;)V");
                        jobject localBufferedOutputStream = env->NewObject(cls_BufferedOutputStream, methodID_BufferedOutputStream,BufferoutputstreamParam);
                        //some preparations
                        jmethodID methodID_write = env->GetMethodID(cls_BufferedOutputStream,"write", "([BII)V");
                        jmethodID methodID_read = env->GetMethodID(cls_BufferedInputStream,"read", "([B)I");
                        jmethodID output_flush = env->GetMethodID(cls_BufferedOutputStream,"flush", "()V");
                        jmethodID output_close = env->GetMethodID(cls_BufferedOutputStream,"close", "()V");
                        jmethodID input_close = env->GetMethodID(cls_BufferedInputStream,"close", "()V");

                        while(true){
                            jint i =env->CallIntMethod(localBufferedInputStream,methodID_read,bytes);
                            LOGI("IIIIIIIIII %d",i);
                            if (i <= 0){
                                env->CallVoidMethod(localBufferedOutputStream,output_flush);
                                env->CallVoidMethod(localBufferedOutputStream,output_close);
                                env->CallVoidMethod(localBufferedInputStream,input_close);
                                return;
                            }
                            env->CallVoidMethod(localBufferedOutputStream,methodID_write,bytes,0,i);
                            LOGI("afterwrite %d",i);

                        }

}
jstring   CharTojstring(JNIEnv*   env,   char*   str)
{
    jsize   len   =   strlen(str);

    jclass   clsstring   =   env->FindClass("java/lang/String");
    jstring   strencode   =   env->NewStringUTF("GB2312");

    jmethodID   mid   =   env->GetMethodID(clsstring,   "<init>",   "([BLjava/lang/String;)V");
    jbyteArray   barr   =   env-> NewByteArray(len);

    env-> SetByteArrayRegion(barr,0,len,(jbyte*)str);
    return (jstring)env-> NewObject(clsstring,mid,barr,strencode);
}
jobject   getFieldOjbect(JNIEnv *env,
        jstring class_name, jobject obj, jstring fieldName)
{
            jclass context = env->FindClass("java/lang/Class");
            jmethodID forName_func = env->GetStaticMethodID(context,"forName","(Ljava/lang/String;)Ljava/lang/Class;");
            jobject class_obj = env->CallStaticObjectMethod(context, forName_func,class_name);
            jclass class_java = env->GetObjectClass(class_obj);

            jmethodID getField_func = env->GetMethodID(class_java,"getDeclaredField","(Ljava/lang/String;)Ljava/lang/reflect/Field;");
            jobject method_obj =env->CallObjectMethod(class_obj, getField_func,fieldName);
            jclass class_method_obj= env->GetObjectClass(method_obj);

            jmethodID setaccess_func = env->GetMethodID(class_method_obj,"setAccessible","(Z)V");
            env->CallVoidMethod(method_obj,setaccess_func,true);

            jmethodID get_func = env->GetMethodID(class_method_obj,"get","(Ljava/lang/Object;)Ljava/lang/Object;");
            jobject get_obj =env->CallObjectMethod(method_obj,get_func,obj);

            env->DeleteLocalRef(class_java);
            env->DeleteLocalRef(method_obj);
            return get_obj;

}
jobject  invokeStaticMethodss (JNIEnv *env,jstring class_name, jstring method_name, jobjectArray pareTyple, jobjectArray pareVaules)
{
        jclass context = env->FindClass("java/lang/Class");
        jmethodID forName_func = env->GetStaticMethodID(context,"forName","(Ljava/lang/String;)Ljava/lang/Class;");
        jobject class_obj = env->CallStaticObjectMethod(context, forName_func,class_name);
        jclass class_java = env->GetObjectClass(class_obj);

        jmethodID getMethod_func = env->GetMethodID(class_java,"getMethod","(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;");
        jobject method_obj =env->CallObjectMethod(class_obj, getMethod_func,method_name,pareTyple);
        jclass class_method_obj= env->GetObjectClass(method_obj);

        jmethodID invoke_func = env->GetMethodID(class_method_obj,"invoke","(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;");
        jobject invoke_obj =env->CallObjectMethod(method_obj,invoke_func,NULL,pareVaules);
        env->DeleteLocalRef(class_java);
        env->DeleteLocalRef(method_obj);
        return invoke_obj;
}
void     setFieldOjbect(JNIEnv *env, jstring class_name, jstring fieldName, jobject obj, jobject filedVaule)

{
                jclass context = env->FindClass("java/lang/Class");
                jmethodID forName_func = env->GetStaticMethodID(context,"forName","(Ljava/lang/String;)Ljava/lang/Class;");
                jobject class_obj = env->CallStaticObjectMethod(context, forName_func,class_name);
                jclass class_java = env->GetObjectClass(class_obj);

                jmethodID getField_func = env->GetMethodID(class_java,"getDeclaredField","(Ljava/lang/String;)Ljava/lang/reflect/Field;");
                jobject method_obj =env->CallObjectMethod(class_obj, getField_func,fieldName);
                jclass class_method_obj= env->GetObjectClass(method_obj);

                jmethodID setaccess_func = env->GetMethodID(class_method_obj,"setAccessible","(Z)V");
                env->CallVoidMethod(method_obj,setaccess_func,true);

                jmethodID set_func = env->GetMethodID(class_method_obj,"set","(Ljava/lang/Object;Ljava/lang/Object;)V");
                env->CallVoidMethod(method_obj,set_func,obj,filedVaule);

                env->DeleteLocalRef(class_java);
                env->DeleteLocalRef(method_obj);



}

版权声明:本文为博主原创文章,未经博主允许不得转载。

早期学习写壳代码

标签:java   apk保护   apk壳代码   源码   codes   

原文地址:http://blog.csdn.net/hk9259/article/details/47397609
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!