我们如何在没有源代码的情况下调试签名的apk? [英] How we can debug a signed apk without having source code?

问题描述

我想问问是否有可能在没有源代码的情况下调试发行版apk，以及如何防止用户执行此操作?

I want to ask if there is a possibility to debug a release apk without having source code and how we can prevent user to do this action ?

我认为没有源代码(清单默认为 android:debuggable ="false" )，我无法调试apk，直到我将其发送给客户端并且他要求我禁用可调试模式，因为他遇到了这个问题.我试图重现问题，我在想他是否进行了逆向工程.

I thought that I can't debug an apk without a source code ( manifest has by default android:debuggable="false") until I sent it to a client and he asks me to disable debuggable mode because he got this issue . I try to reproduce the problem and I'm thinking if he did a reverse engineering.

推荐答案

您可以使用许多不同的工具调试已签名的APK.大多数方法将被视为逆向工程的一种形式.在较高的层次上，一种常见的方法(用于动态实时"调试)是:

You can debug an already signed APK with a number of different tools. Most approaches would be considered a form of reverse engineering. At a high level, a common approach (for dynamic "live" debugging) would be to:

1. 使用 APKTool 通过AndroidManifest.xml中的属性启用调试.对齐并签名新修改的APK.
2. 使用 ADB 将新的可调试" APK推送到设备/仿真器.
3. 使用调试器，例如 GDB (NDK包括带有arm工具链的gdbserver).

1. Use APKTool to enable debugging via the property in the AndroidManifest.xml. Align and sign the newly modified APK.
2. Use ADB to push the new "debuggable" APK to the device/emulator.
3. Use a debugger such as GDB (NDK includes a gdbserver with the arm toolchain).

值得一提的是，静态分析也可以作为一种选择，从而可以将APK解压缩并反编译为SMALI/Java.

It's worth mentioning that static analysis can be an option too, whereby the APK could be unpacked and decompiled to SMALI/Java.

有许多工具可以帮助您反向和调试APK.我经常使用的是: dex2jar，JDGUI，APK Studio，JEB，IDA Pro，VisualGDB.

There are a number of tools available to help reverse and debug APK's. Some I use frequently are; dex2jar, JDGUI, APK Studio, JEB, IDA Pro, VisualGDB.

这篇关于我们如何在没有源代码的情况下调试签名的apk?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！