【Android逆向】滚动的天空中插入smali日志

1. 编写一个MyLog.java 放到一个android工程下，编译打包，然后反编译拿到MyLog的smali代码

package com.example.logapplication;

import android.util.Log;

public class MyLog {
    public static final String TAG = "JIA";

    public static void logd(Object obj) {
        Log.d(TAG, "logd: " + obj);
    }

    public static void logi(Object obj) {
        Log.i(TAG, "logi: " + obj);
    }

    public static void loge(Object obj) {
        Log.e(TAG, "logde: " + obj);
    }

    public static void print() {
        Log.e(TAG, "logde print: =====" );
    }
}

拿到MyLog.smali后，第一件事是抹去他的包信息，得到

.class public LMyLog;
.super Ljava/lang/Object;
.source "MyLog.java"


# static fields
.field public static final TAG:Ljava/lang/String; = "JIA"


# direct methods
.method public constructor <init>()V
    .locals 0

    .line 5
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void
.end method

.method public static logd(Ljava/lang/Object;)V
    .locals 2
    .param p0, "obj"    # Ljava/lang/Object;

    .line 9
    new-instance v0, Ljava/lang/StringBuilder;

    invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V

    const-string v1, "logd: "

    invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v0

    invoke-virtual {v0, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

    move-result-object v0

    invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v0

    const-string v1, "JIA"

    invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I

    .line 10
    return-void
.end method

.method public static loge(Ljava/lang/Object;)V
    .locals 2
    .param p0, "obj"    # Ljava/lang/Object;

    .line 17
    new-instance v0, Ljava/lang/StringBuilder;

    invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V

    const-string v1, "logde: "

    invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v0

    invoke-virtual {v0, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

    move-result-object v0

    invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v0

    const-string v1, "JIA"

    invoke-static {v1, v0}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I

    .line 18
    return-void
.end method

.method public static logi(Ljava/lang/Object;)V
    .locals 2
    .param p0, "obj"    # Ljava/lang/Object;

    .line 13
    new-instance v0, Ljava/lang/StringBuilder;

    invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V

    const-string v1, "logi: "

    invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v0

    invoke-virtual {v0, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

    move-result-object v0

    invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v0

    const-string v1, "JIA"

    invoke-static {v1, v0}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I

    .line 14
    return-void
.end method

.method public static print()V
    .locals 2

    .line 21
    const-string v0, "JIA"

    const-string v1, "logde print: ====="

    invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I

    .line 22
    return-void
.end method

3. 将滚动天空拖入到AndroidKiller 中进行反编译，打开smali目录的位置，将MyLog.smali放到目录下，等于是是在源代码的根目录下（这也是要抹除包信息的原因），在目标文件`a.smali`的`onPayCancel`插入自己的代码


# virtual methods
.method public varargs onPayCancel(Lcom/turbochilli/rollingsky/pay/IProduct;I[Ljava/lang/String;)V
    .locals 3

    .prologue
    const/4 v2, 0x4

    .line 57
    iget-object v0, p0, Lcom/turbochilli/rollingsky/b/a;->a:Ljava/lang/String;

    const-string v1, "ball_50"
    
	# my code begin
    invoke-static {}, LMyLog;->print()V
    invoke-static {v0}, LMyLog;->loge(Ljava/lang/Object;)V
	# my code end


    invoke-static {v0, v1}, Landroid/text/TextUtils;->equals(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Z

    move-result v0           

    if-eqz v0, :cond_1

    .line 77
    :cond_0
    :goto_0
    invoke-static {}, Lcom/turbochilli/rollingsky/util/NativeUtil;->getInstance()Lcom/turbochilli/rollingsky/util/NativeUtil;

    move-result-object v0

 ......
.end method

4. 通过AndroidKiller 重打包，并安装（手动打也可以，就是有些繁琐，借助工具更香）

5. 看到了自己的日志

JIA                     com...llingsky_cn.nearme.gamecenter  E  logde print: =====
JIA                     com...llingsky_cn.nearme.gamecenter  E  logde: ball_500

posted @ 2023-02-17 18:55 明月照江江阅读(71) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

明月照江江的技术博客

【Android逆向】滚动的天空中插入smali日志

1. 编写一个MyLog.java 放到一个android工程下，编译打包，然后反编译拿到MyLog的smali代码

3. 将滚动天空拖入到AndroidKiller 中进行反编译，打开smali目录的位置，将MyLog.smali放到目录下，等于是是在源代码的根目录下（这也是要抹除包信息的原因），在目标文件`a.smali`的`onPayCancel`插入自己的代码

4. 通过AndroidKiller 重打包，并安装（手动打也可以，就是有些繁琐，借助工具更香）

5. 看到了自己的日志

公告

明月照江江的技术博客

【Android逆向】滚动的天空中插入smali日志

1. 编写一个MyLog.java 放到一个android工程下，编译打包，然后反编译拿到MyLog的smali代码

3. 将滚动天空拖入到AndroidKiller 中进行反编译，打开smali目录的位置，将MyLog.smali放到目录下，等于是是在源代码的根目录下（这也是要抹除包信息的原因），在目标文件a.smali的onPayCancel插入自己的代码

4. 通过AndroidKiller 重打包，并安装（手动打也可以，就是有些繁琐，借助工具更香）

5. 看到了自己的日志

公告

3. 将滚动天空拖入到AndroidKiller 中进行反编译，打开smali目录的位置，将MyLog.smali放到目录下，等于是是在源代码的根目录下（这也是要抹除包信息的原因），在目标文件`a.smali`的`onPayCancel`插入自己的代码