duangsuse::Echo

rt com.drakeet.purewriter.Ww.ww

20 viewsedited 09:29

duangsuse::Echo

这些也是

20 views09:30

duangsuse::Echo

我会 class-trace Android 应用进行自省的类 android.content.PackageManager
现在部分类还没被虚拟机加载

20 views09:31

duangsuse::Echo

20 views09:34

duangsuse::Echo

这个类已经被加载了( 不知道是只在启动时验证还是按时验证

18 views09:34

duangsuse::Echo

>> ct android.content.pm.PackageManager
## Setting Hooks
   -- Hooked android.content.pm.PackageManager
>> ct android.widget.Toast
## Setting Hooks
   -- Hooked android.widget.Toast

18 viewsedited 09:35

duangsuse::Echo

19 views09:37

duangsuse::Echo

我点击了纯纯打码标签，然后它带我去了宽市场下载
回来之后就出现了这个
🌚 我无限回滚的虚拟终端已经把发生的所有事情都记录下来了

19 views09:39

duangsuse::Echo

19 views09:40

duangsuse::Echo

所以说面对调试器混淆还是很苍白无力的 🌑

## trace thread <1> main        (running suspended)
   --
      android.app.ApplicationPackageManager.getCachedString(Landroid/app/ApplicationPackageManager$ResourceName;)Ljava/lang/CharSeque
      nce;:0
      -- this=Landroid/app/ApplicationPackageManager; <830057170080>
      -- name=Landroid/app/ApplicationPackageManager$ResourceName; <830057179696>

到这里都没什么

## trace thread <1> main        (running suspended)
   -- android.app.ApplicationPackageManager.getPackageInfo(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;:0
      -- this=Landroid/app/ApplicationPackageManager; <830057170080>
      -- packageName=me.drakeet.puremosaic
      -- flags=1
   -- com.drakeet.purewriter.vk.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Landroid/content/Context;Ljava/lang/String;)Z:5
   -- com.drakeet.purewriter.TimeMachineService.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww()V:55
      -- this=Lcom/drakeet/purewriter/TimeMachineService; <830057085360>
   --
      com.drakeet.purewriter.TimeMachineService.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Lcom/drakeet/purewriter/Wwwwwwwwwwwwwwwwwwwwwwww;)
      V:5

也没什么，实际上我 Hook android.content.pm.PackageInfo.getPackageInfo 会更简洁

19 views09:45

duangsuse::Echo

不过虽然弹了框，我还是没在记录里找到 Toast 类的访问记录（

18 views09:46

duangsuse::Echo

现在我能看到应用的类了

18 views09:48

duangsuse::Echo

>> classes com.drakeet
## Loaded Classes
   -- com.drakeet.purewriter.ahp
   -- com.drakeet.purewriter.Repositories$2
   -- com.drakeet.purewriter.ayr
   -- com.drakeet.purewriter.es$Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
   -- com.drakeet.purewriter.ahq
   -- com.drakeet.purewriter.Repositories$3
   -- com.drakeet.purewriter.Kkkkkkkkkkkkkkkk
   -- com.drakeet.purewriter.ahr
   -- com.drakeet.purewriter.Repositories$4
   -- com.drakeet.purewriter.ahs
   -- com.drakeet.purewriter.Repositories$5
   -- com.drakeet.purewriter.aig$Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
   -- com.drakeet.purewriter.aht
   -- com.drakeet.purewriter.widget.ShortcutLayout$Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww

18 views09:49

duangsuse::Echo

19 views09:51

duangsuse::Echo

This media is not supported in your browser

VIEW IN TELEGRAM

19 views09:52

duangsuse::Echo

不过现在打几乎是没有用的

20 views09:52

duangsuse::Echo

因为可能只是启动时检查一次

20 views09:52

duangsuse::Echo

这是 JaDX 反编译出的结果, 比 smali 好看多了

20 views09:53

duangsuse::Echo

重启再看看

21 views09:56

duangsuse::Echo

>> class-trace com.drakeet.purewriter.Ww
## Setting Hooks
   -- Hooked com.drakeet.purewriter.Ww
>> class-trace android.widget.Toast
## Setting Hooks
   -- Hooked android.widget.Toast
>> resume
## Process Resumed
>> ## trace thread <1> main        (running suspended)
   -- com.drakeet.purewriter.Ww.WwWw()V:0
   -- com.drakeet.purewriter.AboutActivity.onCreate(Landroid/os/Bundle;)V:9
      -- this=Lcom/drakeet/purewriter/AboutActivity; <830058757392>
   -- android.app.Activity.performCreate(Landroid/os/Bundle;)V:1
      -- this=Lcom/drakeet/purewriter/AboutActivity; <830058757392>
      -- icicle=None

就是这个类！抓住现行一次 🙈

22 views09:59

duangsuse::Echo

在 AboutActivity 被创建时唤起一次

22 views10:00

About

Blog

Apps

Platform