Android Reverse Debugging

Question

Android Reverse Debugging

Suppose I have a malicious application that I received from a device and change it using smali or dedexter or dex2jar in order, but I want to debug it, and not just do a static analysis.

Is it possible? I don’t know how the dalvik VM debugging functions work, since they need to know when one step, which refers to the line of code to which the dalvik line of code applies, I’m not sure where this metadata is located, who has experience? Of course, I can try dex2jar and create an eclipse project, but I'm looking for a way to do this from dalvik, which means that you can go through the lines bylode dalvik.

Could not find any open source project that does this, I'm not sure even Ida Pro allows this.

Anyone got it?

+4

android debugging bytecode dalvik

codeScriber Jan 27 '13 at 8:42

source share

2 answers

Yury · Answer 1 · 2013-03-05T14:45:21+0000

I have not tried the approach, but it is possible. To do this, you need to download the old versions of apktool 1.4.1 and netbeans 6.8. He claimed that the approach does not work in new versions.

You can watch a video here on how to do this, and read also this article , which describes how to debug using smali codes.

I read about approaches on a popular Russian IT page. Here are the links to these articles: the first and its extension , If you know Russian, there are step-by-step instructions on what to do to perform debugging. If you do not use Google Translate, you can catch this idea.

If you have some obscure points, I will try to help you with them.

David A · Answer 2 · 2015-12-14T16:24:39+0000

You can do this and debug the malicious application without any problems. Ida allows you to do this very smoothly and gently, you only need to open classes.dex inside the apk for IDA PRO and configure the Davilk debugger. But you can also do it the same way as if you were writing an application, for example, using eclipse.

Only a limitation, since the application’s manifest does not allow debugging (for example, the worst case scenario and malware), you need to have an engineering device so that you can attach your IDA Pro or debugger, I mean a device in which

$ getprop ro.debuggable 1 $ getprop ro.secure 0

It is also very easy to satisfy these conditions if you can unlock the bootloader of your device and edit the ramdisk settings ro.debuggable = 1 and ro.secure = 0 inside the initfiles. Alternatively, if your device was deployed, you could use setpropex to easily change read properties this way.

 # ./setpropex ro.debuggable 1 # ./setpropex ro.secure 0

github for setpropex https://github.com/poliva/rootadb/blob/master/jni/setpropex.c

Android Reverse Debugging

More articles: