Skip to content

Instantly share code, notes, and snippets.

@TurboTu

TurboTu/用命令行调用android虚拟机里native so文件JNI接口

Forked from diyism/用命令行调用android虚拟机里native so文件JNI接口
Created June 12, 2019 14:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save TurboTu/21b4ff2f3eecf4e73a83c53bbca9928b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save TurboTu/21b4ff2f3eecf4e73a83c53bbca9928b to your computer and use it in GitHub Desktop.
Download ZIP
用命令行调用android虚拟机里native so文件JNI接口
Raw
用命令行调用android虚拟机里native so文件JNI接口
用命令行调用android虚拟机里so库文件JNI接口
可用于破解用native代码签名接口调用的手机应用, 而无需反编译so代码
参考: https://davanum.wordpress.com/2007/12/04/command-line-java-on-dalvikvm/
1.com/app/safe目录下放JNI声明文件sign.java:
package com.app.safe;
public class sign
{
static
{
System.load("/data/libs/sign.so");
}
public static native byte[] getSign();
}
2.命令行执行的java代码get.java:
package mycmd;
import com.app.safe.sign;
public class get
{
public static void main(String[] args)
{
//System.out.println(System.getProperty("java.library.path"));
System.out.println(String.valueOf(sign.getSign()));
}
}
3.编译:
javac -d . -g get.java
4.压缩:
jar -cvf Temp.jar *
5.转换为dex:
/var/lib/android_sdk/build-tools/23.0.1/dx --dex --output=classes.dex Temp.jar
6.再放到jar:
/var/lib/android_sdk/build-tools/23.0.1/aapt add CmdLine.jar classes.dex
7.将jar放到android虚拟机内:
adb connect <android虚拟机ip>:5037
adb push CmdLine.jar /sdcard/
8.将从要破解的手机应用apk内lib文件夹内的so文件复制到android虚拟机的/data目录下(/sdcard下无法load):
adb push sign.so /sdcard/
adb shell
su
mkdir /data/libs
cp /sdcard/sign.so /data/libs/sign.so
exit
9.执行命令行获得接口签名:
adb shell /system/bin/dalvikvm -Xbootclasspath:/system/framework/core.jar -classpath /sdcard/CmdLine.jar mycmd.get
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment