31
[原创]【开源】BlackDex、新版指令回填脱壳,支持修复NOP
source link: https://bbs.pediy.com/thread-268006.htm
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
[原创]【开源】BlackDex、新版指令回填脱壳,支持修复NOP-Android安全-看雪论坛-安全社区|安全招聘|bbs.pediy.com
2021-06-14 19:48:55.921 5343-5357/top.niunaijun.blackdexa32:black W/PackageParser: Ignoring duplicate uses-permissions/uses-permissions-sdk-m: android.permission.VIBRATE in package: com.sup.android.superb at: Binary XML file line #-1
2021-06-14 19:48:55.923 5343-5357/top.niunaijun.blackdexa32:black W/PackageParser: Ignoring duplicate uses-permissions/uses-permissions-sdk-m: android.permission.GET_ACCOUNTS in package: com.sup.android.superb at: Binary XML file line #-1
2021-06-14 19:48:56.047 5343-5357/top.niunaijun.blackdexa32:black I/PackageParser: Parse times for '/data/app/com.sup.android.superb-ivY82FdQKI1BxGK8DXuQZw==/base.apk': parse=171ms, update_cache=0 ms
2021-06-14 19:48:56.076 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CreateUserExecutor exec: 0
2021-06-14 19:48:56.077 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CreatePackageExecutor exec: 0
2021-06-14 19:48:56.470 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CopyExecutor exec: 0
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.file_provider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.pm.PPMP (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.am.PAMP (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.m_push.account.provider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.appbrand (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.ss.android.common.multiprocess.SHARE_PROVIDER_AUTHORITY1319 (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name downloads.com.sup.android.superb (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.ss.android.pushmanager.setting.PushMultiProcessSharedProvider1319 (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.umeng.message (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.applog.ipc (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.livedetector.fileprovider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p0.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p1.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p2.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.wakeup.provider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.lifecycle-trojan (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.newmedia.downloads (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.Interstellar (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.monitor (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.687 5343-5357/top.niunaijun.blackdexa32:black D/Settings: loaded Package: com.sup.android.superb
2021-06-14 19:48:56.688 5343-5357/top.niunaijun.blackdexa32:black D/BPackageManagerService: onPackageInstalled: com.sup.android.superb, userId: 0
2021-06-14 19:48:56.741 5343-5356/top.niunaijun.blackdexa32:black D/TestActivity: startActivityLocked : ComponentInfo{com.sup.android.superb/com.sup.android.superb.SplashActivity}
2021-06-14 19:48:56.750 5343-5356/top.niunaijun.blackdexa32:black D/BProcessManager: init bUid = 10012, bPid = 0
2021-06-14 19:48:56.751 5343-5356/top.niunaijun.blackdexa32:black D/BProcessManager: initProcess: com.sup.android.superb
2021-06-14 19:48:57.203 5343-5356/top.niunaijun.blackdexa32:black I/Timeline: Timeline: Activity_launch_request time:260222 intent:Intent { flg=0x18080000 cmp=top.niunaijun.blackdexa32/top.niunaijun.blackbox.proxy.ProxyActivity$P0 (has extras) }
2021-06-14 19:49:00.898 5343-5356/top.niunaijun.blackdexa32:black I/Process: Sending signal. PID: 6642 SIG: 9
2021-06-14 19:49:00.932 5343-5356/top.niunaijun.blackdexa32:black D/BPackageInstallerService: uninstallPackageAsUser: RemoveAppExecutor exec: 0
2021-06-14 19:49:00.955 5343-6619/top.niunaijun.blackdexa32:black D/BProcessManager: App Died: com.sup.android.superb
2021-06-14 19:49:00.957 5343-6619/top.niunaijun.blackdexa32:black I/Process: Sending signal. PID: 6642 SIG: 9
2021-06-14 19:49:00.984 5343-5356/top.niunaijun.blackdexa32:black D/BPackageInstallerService: uninstallPackageAsUser: RemoveUserExecutor exec: 0
2021-06-14 19:49:00.994 5343-5356/top.niunaijun.blackdexa32:black D/BPackageManagerService: onPackageUninstalled: com.sup.android.superb, userId: 0
如果不知道BlackDex的请看
https://bbs.pediy.com/thread-267804-1.htm#1690883
新版本变动
深度脱壳 模式下会自主修复被抽取的方法指令,将指向其他内存块的指令回填至DEX内,解决nop问题,但是不会确保一定会有用,例如:指令需要主动调用才解密等则无法回填或者说是无效回填。深度脱壳并不包含任何解密、主动调用等操作。本功能仍然在测试阶段,可能会出现以下情况,请悉知
脱壳前后对比:
仍是所有代码已开源、开源地址
https://github.com/CodingGay/BlackDex成品见Releases
愿世上再无NOP
最后于 2021-6-8 15:37
被SuMilk编辑
,原因:
收藏
・16
状态栏好眼熟啊!哈哈
群友的图状态栏好眼熟啊!哈哈
昨天还在用旧版本,遇到几个壳都直接报错无法找到dex,晚点试试新版本,希望作者能把这个软件越做越好
最好提供一下logcat日志昨天还在用旧版本,遇到几个壳都直接报错无法找到dex,晚点试试新版本,希望作者能把这个软件越做越好
大佬,有QQ群么
怎么查看日志?最好提供一下logcat日志
666666
牛xxxxx
没有。大佬,有QQ群么
哈哈,无条件支持
最好提供一下logcat日志
不会是查看安卓的logcat?软件本身不带日志吗
最后于 2021-6-11 16:19
被tDasm编辑
,原因:
github上issues有模版,跟着走提供信息就可以了SuMilk
最好提供一下logcat日志 不会是查看安卓的logcat?软件本身不带日志吗
np管理器的 控制流 字符串 之类可以还原吗
辛苦了 必须支持一下
控制流不属于壳类型。所以是无法还原的。np管理器的 控制流 字符串 之类可以还原吗
支持一下!
2021-06-14 19:48:55.895 5343-5357/top.niunaijun.blackdexa32:black E/ackdexa32:blac: Invalid ID 0x00000000.最好提供一下logcat日志
2021-06-14 19:48:55.921 5343-5357/top.niunaijun.blackdexa32:black W/PackageParser: Ignoring duplicate uses-permissions/uses-permissions-sdk-m: android.permission.VIBRATE in package: com.sup.android.superb at: Binary XML file line #-1
2021-06-14 19:48:55.923 5343-5357/top.niunaijun.blackdexa32:black W/PackageParser: Ignoring duplicate uses-permissions/uses-permissions-sdk-m: android.permission.GET_ACCOUNTS in package: com.sup.android.superb at: Binary XML file line #-1
2021-06-14 19:48:56.047 5343-5357/top.niunaijun.blackdexa32:black I/PackageParser: Parse times for '/data/app/com.sup.android.superb-ivY82FdQKI1BxGK8DXuQZw==/base.apk': parse=171ms, update_cache=0 ms
2021-06-14 19:48:56.076 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CreateUserExecutor exec: 0
2021-06-14 19:48:56.077 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CreatePackageExecutor exec: 0
2021-06-14 19:48:56.470 5343-5357/top.niunaijun.blackdexa32:black D/BPackageInstallerService: installPackageAsUser: CopyExecutor exec: 0
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.file_provider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.pm.PPMP (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.am.PAMP (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.m_push.account.provider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.appbrand (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.547 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.ss.android.common.multiprocess.SHARE_PROVIDER_AUTHORITY1319 (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name downloads.com.sup.android.superb (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.ss.android.pushmanager.setting.PushMultiProcessSharedProvider1319 (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.umeng.message (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.applog.ipc (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.livedetector.fileprovider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p0.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p1.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.stub.p2.STUB_AUTHORITY (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.wakeup.provider (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.lifecycle-trojan (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.newmedia.downloads (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.Interstellar (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.548 5343-5357/top.niunaijun.blackdexa32:black W/ComponentResolver: Skipping provider name com.sup.android.superb.monitor (in package com.sup.android.superb): name already used by com.sup.android.superb
2021-06-14 19:48:56.687 5343-5357/top.niunaijun.blackdexa32:black D/Settings: loaded Package: com.sup.android.superb
2021-06-14 19:48:56.688 5343-5357/top.niunaijun.blackdexa32:black D/BPackageManagerService: onPackageInstalled: com.sup.android.superb, userId: 0
2021-06-14 19:48:56.741 5343-5356/top.niunaijun.blackdexa32:black D/TestActivity: startActivityLocked : ComponentInfo{com.sup.android.superb/com.sup.android.superb.SplashActivity}
2021-06-14 19:48:56.750 5343-5356/top.niunaijun.blackdexa32:black D/BProcessManager: init bUid = 10012, bPid = 0
2021-06-14 19:48:56.751 5343-5356/top.niunaijun.blackdexa32:black D/BProcessManager: initProcess: com.sup.android.superb
2021-06-14 19:48:57.203 5343-5356/top.niunaijun.blackdexa32:black I/Timeline: Timeline: Activity_launch_request time:260222 intent:Intent { flg=0x18080000 cmp=top.niunaijun.blackdexa32/top.niunaijun.blackbox.proxy.ProxyActivity$P0 (has extras) }
2021-06-14 19:49:00.898 5343-5356/top.niunaijun.blackdexa32:black I/Process: Sending signal. PID: 6642 SIG: 9
2021-06-14 19:49:00.932 5343-5356/top.niunaijun.blackdexa32:black D/BPackageInstallerService: uninstallPackageAsUser: RemoveAppExecutor exec: 0
2021-06-14 19:49:00.955 5343-6619/top.niunaijun.blackdexa32:black D/BProcessManager: App Died: com.sup.android.superb
2021-06-14 19:49:00.957 5343-6619/top.niunaijun.blackdexa32:black I/Process: Sending signal. PID: 6642 SIG: 9
2021-06-14 19:49:00.984 5343-5356/top.niunaijun.blackdexa32:black D/BPackageInstallerService: uninstallPackageAsUser: RemoveUserExecutor exec: 0
2021-06-14 19:49:00.994 5343-5356/top.niunaijun.blackdexa32:black D/BPackageManagerService: onPackageUninstalled: com.sup.android.superb, userId: 0
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK