Android逆向分析之dex2jar异常处理的几种情况
經驗:當apktool失敗時,可以采用dextojar看下具體的情況。
分析某款Android軟件時,dextojar(V0.0.9.15)出錯,總結下:
1.無效語句
錯誤情況:
#unknown opcode: 0xff
com.googlecode.dex2jar.DexException: while accept method:[La/a/a;.bc()Ljava/lang/String;]
??????? at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:694)
解決方法:
刪除掉無效語句
2.p83索引過大,造成的錯誤。
錯誤情況:
if-ltz p83, :cond_1
com.googlecode.dex2jar.DexException: while accept method:[La/a/a;.bc()Ljava/lang/String;]
??????? at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:694)
????? ?
解決方法:
修正語句 if-ltz p0, :cond_1??? ?
3.返回值傳的是.local變量
錯誤情況:????? ?
.local v1, "ba":Z
return-object v1
Error:La/a/a;.bc()Ljava/lang/String;->null?? ?
解決方法:
const-string v1,"ba"
return-object v1 ?
4.未識別的參數說明
錯誤情況:
?? ??? ? .param p0, "context"??? # Landroid/content/Context;
??????? .annotation runtime Ljava/lang/Deprecated;
??????? .end annotation
??? .end param
解決方法:
刪除掉參數說明
?? .annotation runtime Ljava/lang/Deprecated;
??????? .end annotation
??? .end param
轉:http://blog.csdn.net/zhuobattle/article/details/38982891
分析一個APK,發現APK反編譯正常,能得到所有smali代碼和xml文件,
接著使用dex2jar想把dex轉抱成jar包,使逆向分析看起來更加方便,但是卻出現了如下異常:
01.com.googlecode.dex2jar.DexException: while accept method:[La/a/a;.bc()Ljava/lang/String;]
02.??? at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:694)?
03.??? at com.googlecode.dex2jar.reader.DexFileReader.acceptClass(DexFileReader.java:441)?
04.??? at com.googlecode.dex2jar.reader.DexFileReader.accept(DexFileReader.java:323)?
05.??? at com.googlecode.dex2jar.v3.Dex2jar.doTranslate(Dex2jar.java:85)?
06.??? at com.googlecode.dex2jar.v3.Dex2jar.to(Dex2jar.java:261)?
07.??? at com.googlecode.dex2jar.v3.Dex2jar.to(Dex2jar.java:252)?
08.??? at com.googlecode.dex2jar.v3.Main.doData(Main.java:43)?
09.??? at com.googlecode.dex2jar.v3.Main.doData(Main.java:35)?
10.??? at com.googlecode.dex2jar.v3.Main.doFile(Main.java:63)?
11.??? at com.googlecode.dex2jar.v3.Main.main(Main.java:86)?
12.Caused by: com.googlecode.dex2jar.DexException: while accept code in method:[La/a/a;.bc()Ljava/lang/String;]?
13.??? at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:684)?
14.??? ... 9 more?
15.Caused by: java.lang.IllegalArgumentException: Id out of bound?
16.??? at com.googlecode.dex2jar.reader.DexFileReader.getType(DexFileReader.java:556)?
17.??? at com.googlecode.dex2jar.reader.DexOpcodeAdapter.x2c(DexOpcodeAdapter.java:356)?
18.??? at com.googlecode.dex2jar.reader.DexCodeReader.acceptInsn(DexCodeReader.java:656)?
19.??? at com.googlecode.dex2jar.reader.DexCodeReader.accept(DexCodeReader.java:337)?
20.??? at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:682)?
21.??? ... 9 more?
看起來都是google.code.dex2jar工具代碼異常,但是我們仔細看第一行提示信息:
01.com.googlecode.dex2jar.DexException: while accept method:[La/a/a;.bc()Ljava/lang/String;]?
這下大家清楚了,dex2jar在處理a.a.a.bc這個函數時,出錯了,既然smali語言可以看到,那么我們打開smali的a.bc
01.# virtual methods?
02..method public bc()Ljava/lang/String;?
03.??? .locals 6?
04.?
05.??? .prologue?
06.??? .line 5?
07.?? #unknown opcode: 0xff?
08.??? nop?
09.?
10.??? :cond_0?
11.??? if-le v1, v4, :cond_0?
12.?
13.??? .line 6?
14.??? .local v2, "cca":Ljava/lang/String;?
15.??? const/4 v1, 0x1?
16.?
17.??? .line 7?
18.??? .local v1, "ba":Z?
19.??? if-eqz v1, :cond_1?
20.?
21.??? .line 8?
22.??? const/4 v0, 0x0?
23.?
24.??? .line 10?
25.??? .local v0, "ace":[B?
26.??? :try_start_0?
27.??? const-string/jumbo v4, "CaDNmeeag"?
28.?
29.??? invoke-virtual {v4}, Ljava/lang/String;->getBytes()[B?
30.??? :try_end_0?
31.??? .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0?
32.?
33.??? move-result-object v0?
34.?
35.??? .line 15?
發現 第一行:
#unknown opcode: 0xff
哦,看來就是看雪上那個保護APK的方法,http://bbs.pediy.com/showthread.php?t=177114
插入了相應的無效代碼,導致了dex2jar工具解析出錯了,
1.接下來我把這句直接刪除,
2.再把smali回編譯成dex
3.再用dex2jar工具重新嘗試,果然這下出來了正常的jar包,用jd-gui或者luten可以正常查看java代碼了,
逆向分析有了更加直接的參考代碼。大家如果遇到此類解析出錯了,不防嘗試此方法。
apktool為apktool2.0.0rc3版本
apktool.bat d -d "****.apk" -o "outdirpath"
也會出現錯誤,錯誤如下:
Error occurred while disassembling class La.a.a; - skipping class
java.lang.NullPointerException
??????? at org.jf.dexlib2.analysis.MethodAnalyzer.addPredecessorSuccessor(Method
Analyzer.java:502)
??????? at org.jf.dexlib2.analysis.MethodAnalyzer.addPredecessorSuccessor(Method
Analyzer.java:494)
??????? at org.jf.dexlib2.analysis.MethodAnalyzer.buildInstructionList(MethodAna
lyzer.java:484)
??????? at org.jf.dexlib2.analysis.MethodAnalyzer.<init>(MethodAnalyzer.java:133
)
??????? at org.jf.baksmali.Adaptors.MethodDefinition.addAnalyzedInstructionMetho
dItems(MethodDefinition.java:387)
??????? at org.jf.baksmali.Adaptors.MethodDefinition.getMethodItems(MethodDefini
tion.java:296)
??????? at org.jf.baksmali.Adaptors.MethodDefinition.writeTo(MethodDefinition.ja
va:198)
??????? at org.jf.baksmali.Adaptors.ClassDefinition.writeVirtualMethods(ClassDef
inition.java:322)
??????? at org.jf.baksmali.Adaptors.ClassDefinition.writeTo(ClassDefinition.java
:113)
??????? at org.jf.baksmali.baksmali.disassembleClass(baksmali.java:220)
??????? at org.jf.baksmali.baksmali.access$000(baksmali.java:55)
??????? at org.jf.baksmali.baksmali$1.call(baksmali.java:144)
??????? at org.jf.baksmali.baksmali$1.call(baksmali.java:142)
??????? at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
??????? at java.util.concurrent.FutureTask.run(FutureTask.java:166)
??????? at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1145)
??????? at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:615)
??????? at java.lang.Thread.run(Thread.java:722)
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
解決方案同上:
apktool.bat d? "****.apk" -o "outdirpath"
1.刪除無效代碼,
2.再把smali回編譯成dex
3.再用apktool.bat d? -d "****.apk" -o "outdirpath"嘗試。總結
以上是生活随笔為你收集整理的Android逆向分析之dex2jar异常处理的几种情况的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Android之WebView网页滚动截
- 下一篇: vb冒泡排序法流程图_VB算法-冒泡排序