我们如何在没有源代码的情况下调试已签名的 apk? [英] How we can debug a signed apk without having source code?
问题描述
我想问一下是否有可能在没有源代码的情况下调试发行版 apk 以及我们如何防止用户执行此操作?
I want to ask if there is a possibility to debug a release apk without having source code and how we can prevent user to do this action ?
我认为我无法在没有源代码的情况下调试 apk(清单默认具有 android:debuggable="false"),直到我将其发送给客户端并且他要求我禁用可调试模式,因为他遇到了这个问题.我尝试重现这个问题,我在想他是否进行了逆向工程.
I thought that I can't debug an apk without a source code ( manifest has by default android:debuggable="false") until I sent it to a client and he asks me to disable debuggable mode because he got this issue . I try to reproduce the problem and I'm thinking if he did a reverse engineering.
推荐答案
您可以使用多种不同的工具调试已签名的 APK.大多数方法将被视为逆向工程的一种形式.在高层次上,一种常见的方法(用于动态实时"调试)是:
You can debug an already signed APK with a number of different tools. Most approaches would be considered a form of reverse engineering. At a high level, a common approach (for dynamic "live" debugging) would be to:
- 使用 APKTool 通过 AndroidManifest.xml 中的属性启用调试.对齐并签署新修改的 APK.
- 使用 ADB 将新的可调试"APK 推送到设备/模拟器.
- 使用调试器,例如 GDB(NDK 包括带有 arm 工具链的 gdbserver).
- Use APKTool to enable debugging via the property in the AndroidManifest.xml. Align and sign the newly modified APK.
- Use ADB to push the new "debuggable" APK to the device/emulator.
- Use a debugger such as GDB (NDK includes a gdbserver with the arm toolchain).
值得一提的是,静态分析也是一种选择,可以将 APK 解包并反编译为 SMALI/Java.
It's worth mentioning that static analysis can be an option too, whereby the APK could be unpacked and decompiled to SMALI/Java.
有许多工具可以帮助逆向和调试 APK.我经常使用的一些是;dex2jar、JDGUI、APK Studio、JEB、IDA Pro、VisualGDB.
There are a number of tools available to help reverse and debug APK's. Some I use frequently are; dex2jar, JDGUI, APK Studio, JEB, IDA Pro, VisualGDB.
这篇关于我们如何在没有源代码的情况下调试已签名的 apk?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!