📌易开发是一款帮助开发人员快速开发的工具,功能包括界面分析,页面信息,加固脱壳,支持Android9.0
License: MIT License
欧科云链大量校招、社招客户端hc,全国分布式办公,更多岗位查看,欢迎投递简历,
wechat:iwrbug
| 网址 | 简介 |
|---|---|
| https://www.gpt.hn | 免费ChatGPT |
| https://www.charles.ren | charles授权码生成 |
| https://github.com/WrBug/kv | 基于注解的0反射的持久化存储封装 |
| https://github.com/WrBug/DeveloperHelper | 易开发 |
| https://github.com/WrBug/dumpDex | dumpDex脱壳 |
允许应用在后台弹出界面,不给这个权限,它一直显示正在获取应用信息,弹不出来分析界面。
给了这个权限它把自己弹出来了,变成栈顶了。
显示无数据
我发现目前从悬浮窗的窗口类型在8.0系统以上为TYPE_APPLICATION_OVERLAY,实际上对于AccessiblityService的场景,Android系统在8.0以上提供了一种专属的悬浮窗类型TYPE_ACCESSIBILITY_OVERLAY,该类型无需额外开启悬浮窗权限,只需要开启无障碍权限即可,使用更为方便
改动步骤:
1、在com.yhao.floatwindow.FloatPhone#req()方法内把8.0以上窗口类型改为TYPE_ACCESSIBILITY_OVERLAY
2、删去悬浮窗权限相关逻辑
MIX2 点击浮窗没有反应,并没有弹出窗口
脱壳后用jadx打开,全部方法里面的代码都是这样的。查了一圈没找明白,大佬知道这是什么原因吗?
1.0.4 偶尔会使屏幕触摸失效
MIUI10,Android P
MIUI的崩溃日志:
Build fingerprint: 'Xiaomi/dipper/dipper:9/PKQ1.180729.001/9.7.11:user/release-keys'
Revision: '0'
ABI: 'arm64'
pid: 10432, tid: 10432, name: com.dd.antss >>> com.dd.antss <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x91
Cause: null pointer dereference
x0 0000000000000000 x1 000000788fcbb5c0 x2 000000788fc00000 x3 0000000000000004
x4 00000000000000bb x5 0000007ff2d0b908 x6 70612f617461642f x7 64642e6d6f632f70
x8 ab26a88b5a50dcdf x9 ab26a88b5a50dcdf x10 00000000000000bb x11 0101010101010101
x12 00000000002f6b72 x13 6b70612e65736162 x14 0000000000000040 x15 aaaaaaaaaaaaaaab
x16 0000007930272be0 x17 000000793020556c x18 0000000000000001 x19 0000007ff2d0bd50
x20 0000007ff2d0bf40 x21 0000000000000051 x22 000000788fcbb280 x23 00000078a3cf2740
x24 000000788fcbc600 x25 0000007930cb35e0 x26 00000000a11cc000 x27 0000007ff2d0bf40
x28 0000007ff2d0c128 x29 0000007ff2d0bca0
sp 0000007ff2d0bc20 lr 00000078aa3c9e84 pc 00000078aa3c9e8c
backtrace:
#00 pc 0000000000117e8c /system/lib64/libart.so (offset 0xe6000) (art::OpenOatDexFile(art::OatFile const*, char const*, std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator>)+112)
#1 pc 0000000000115a28 /system/lib64/libart.so (offset 0xe6000) (art::ClassLinker::AddImageSpace(art::gc::space::ImageSpace, art::Handleart::mirror::ClassLoader, _jobjectArray*, char const*, std::__1::vector<std::__1::unique_ptr<art::DexFile const, std::__1::default_delete<art::DexFile const>>, std::__1::allocator<std::__1::unique_ptr<art::DexFile const, std::__1::default_delete<art::DexFile const>>>>, std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator>)+1804)
#2 pc 000000000040bb74 /system/lib64/libart.so (offset 0x375000) (art::OatFileManager::OpenDexFilesFromOat(char const*, _jobject*, _jobjectArray*, art::OatFile const**, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator>>>)+2256)
#3 pc 00000000003c6aec /system/lib64/libart.so (offset 0x375000) (art::DexFile_openDexFileNative(_JNIEnv, _jclass*, _jstring*, _jstring*, int, _jobject*, _jobjectArray*)+156)
#4 pc 000000000037bde8 /system/framework/arm64/boot-core-libart.oat (offset 0x187000) (dalvik.system.DexFile.openDexFileNative+264)
#5 pc 000000000037bc94 /system/framework/arm64/boot-core-libart.oat (offset 0x187000) (dalvik.system.DexFile.openDexFile+244)
#6 pc 000000000037f038 /system/framework/arm64/boot-core-libart.oat (offset 0x187000) (dalvik.system.DexPathList.makeDexElements+824)
#7 pc 000000000037e358 /system/framework/arm64/boot-core-libart.oat (offset 0x187000) (dalvik.system.DexPathList.+664)
#8 pc 000000000037e074 /system/framework/arm64/boot-core-libart.oat (offset 0x187000) (dalvik.system.DexPathList.+68)
#9 pc 000000000055cd88 /system/lib64/libart.so (offset 0x441000) (art_quick_invoke_stub+584)
#10 pc 00000000000d0720 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
#11 pc 000000000045f5a8 /system/lib64/libart.so (offset 0x375000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#12 pc 0000000000460ffc /system/lib64/libart.so (offset 0x375000) (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1440)
#13 pc 00000000003e5140 /system/lib64/libart.so (offset 0x375000) (art::Constructor_newInstance0(_JNIEnv*, _jobject*, _jobjectArray*)+496)
#14 pc 000000000054f4e8 /system/framework/arm64/boot-core-oj.oat (offset 0x2dc000) (java.lang.String.concat [DEDUPED]+152)
#15 pc 00000000009b5404 /system/framework/arm64/boot-core-oj.oat (offset 0x2dc000) (java.lang.reflect.Constructor.newInstance+68)
#16 pc 0000000000021bdc /data/app/com.dd.antss-ZUpAeH12WZm-RjR5frph3w==/oat/arm64/base.odex (offset 0x1b000) (com.tencent.StubShell.a.a+1660)
#17 pc 00000000000213e4 /data/app/com.dd.antss-ZUpAeH12WZm-RjR5frph3w==/oat/arm64/base.odex (offset 0x1b000) (com.tencent.StubShell.a.a+228)
#18 pc 0000000000021218 /data/app/com.dd.antss-ZUpAeH12WZm-RjR5frph3w==/oat/arm64/base.odex (offset 0x1b000) (com.tencent.StubShell.a.a+72)
#19 pc 000000000001bdbc /data/app/com.dd.antss-ZUpAeH12WZm-RjR5frph3w==/oat/arm64/base.odex (offset 0x1b000) (com.tencent.StubShell.SystemClassLoaderInjector.fixAndroid+524)
#20 pc 0000000000020898 /data/app/com.dd.antss-ZUpAeH12WZm-RjR5frph3w==/oat/arm64/base.odex (offset 0x1b000) (com.tencent.StubShell.TxAppEntry.attachBaseContext+72)
#21 pc 000000000130b014 /system/framework/arm64/boot-framework.oat (offset 0xa3c000) (android.app.Application.attach+52)
#22 pc 000000000055cd88 /system/lib64/libart.so (offset 0x441000) (art_quick_invoke_stub+584)
#23 pc 00000000000d0720 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
#24 pc 000000000045f5a8 /system/lib64/libart.so (offset 0x375000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
#25 pc 0000000000460ffc /system/lib64/libart.so (offset 0x375000) (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1440)
#26 pc 00000000003f0a1c /system/lib64/libart.so (offset 0x375000) (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52)
#27 pc 000000000078eed4 /system/framework/arm64/boot-core-oj.oat (offset 0x2dc000) (java.lang.Class.getDeclaredMethodInternal [DEDUPED]+180)
#28 pc 000000000055cd88 /system/lib64/libart.so (offset 0x441000) (art_quick_invoke_stub+584)
#29 pc 00000000000d0720 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
#30 pc 0000000000280d90 /system/lib64/libart.so (offset 0x20d000) (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
#31 pc 000000000027ada4 /system/lib64/libart.so (offset 0x20d000) (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
#32 pc 000000000052f674 /system/lib64/libart.so (offset 0x441000) (MterpInvokeVirtualQuick+584)
#33 pc 0000000000553114 /system/lib64/libart.so (offset 0x441000) (ExecuteMterpImpl+29972)
#34 pc 0000000000012efe /data/dalvik-cache/arm64/system@framework@[email protected] (com.swift.sandhook.SandHook.callOriginMethod+86)
#35 pc 0000000000254aa8 /system/lib64/libart.so (offset 0x20d000) (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
#36 pc 000000000025a59c /system/lib64/libart.so (offset 0x20d000) (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
#37 pc 000000000027ad88 /system/lib64/libart.so (offset 0x20d000) (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
#38 pc 000000000052db34 /system/lib64/libart.so (offset 0x441000) (MterpInvokeStatic+204)
#39 pc 000000000054f514 /system/lib64/libart.so (offset 0x441000) (ExecuteMterpImpl+14612)
#40 pc 0000000000012f7c /data/dalvik-cache/arm64/system@framework@[email protected] (com.swift.sandhook.SandHook.callOriginMethod+2)
#41 pc 0000000000254aa8 /system/lib64/libart.so (offset 0x20d000) (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
#42 pc 000000000025a59c /system/lib64/libart.so (offset 0x20d000) (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
#43 pc 000000000027ad88 /system/lib64/libart.so (offset 0x20d000) (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
#44 pc 000000000052db34 /system/lib64/libart.so (offset 0x441000) (MterpInvokeStatic+204)
#45 pc 000000000054f514 /system/lib64/libart.so (offset 0x441000) (ExecuteMterpImpl+14612)
#46 pc 0000000000015d9c /data/dalvik-cache/arm64/system@framework@[email protected] (com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge+266)
#47 pc 0000000000254aa8 /system/lib64/libart.so (offset 0x20d000) (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
#48 pc 000000000051cee4 /system/lib64/libart.so (offset 0x441000) (artQuickToInterpreterBridge+1020)
#49 pc 0000000000565efc /system/lib64/libart.so (offset 0x441000) (art_quick_to_interpreter_bridge+92)
#50 pc 0000000000000b64 /dev/ashmem/dalvik-jit-code-cache (deleted)
Caused by: java.lang.NullPointerException: Attempt to invoke interface method 'void com.yhao.floatwindow.PermissionListener.onSuccess()' on a null object reference
at com.yhao.floatwindow.FloatActivity.onActivityResult(FloatActivity.java:47)
at android.app.Activity.dispatchActivityResult(Activity.java:6935)
at android.app.ActivityThread.deliverResults(ActivityThread.java:4086)
at android.app.ActivityThread.handleSendResult(ActivityThread.java:4133)
at android.app.ActivityThread.-wrap20(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1534)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:154)
at android.app.ActivityThread.main(ActivityThread.java:6121)
at java.lang.reflect.Method.invoke(Native Method)
nexus 5x
Android 7.1.2
程序异常退出后手机的物理返回和桌面键无法使用,需要重启手机才能恢复使用。
特来感谢一下,一开始一直不成功,后面发现开启root权限后就脱壳成功了。
E/art: No implementation found for void com.wrbug.developerhelper.xposed.dumpdex.Native.dump(java.lang.String) (tried Java_com_wrbug_developerhelper_xposed_dumpdex_Native_dump and Java_com_wrbug_developerhelper_xposed_dumpdex_Native_dump__Ljava_lang_String_2)
E/Xposed: java.lang.UnsatisfiedLinkError: No implementation found for void com.wrbug.developerhelper.xposed.dumpdex.Native.dump(java.lang.String) (tried Java_com_wrbug_developerhelper_xposed_dumpdex_Native_dump and Java_com_wrbug_developerhelper_xposed_dumpdex_Native_dump__Ljava_lang_String_2)
at com.wrbug.developerhelper.xposed.dumpdex.Native.dump(Native Method)
at com.wrbug.developerhelper.xposed.dumpdex.LowSdkDump.init(LowSdkDump.kt:37)
at com.wrbug.developerhelper.xposed.dumpdex.Dump.init(Dump.kt:40)
at com.wrbug.developerhelper.xposed.XposedInit.handleLoadPackage(XposedInit.kt:36)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:34)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:61)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:106)
at de.robv.android.xposed.XposedInit$2.beforeHookedMethod(XposedInit.java:153)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:340)
at android.app.ActivityThread.handleBindApplication()
at android.app.ActivityThread.-wrap1(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1426)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5495)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
首先,不一定一定需要root,你这应用的开关设置的不合理,
我现在已经用你那个脱壳的弄到免root脱壳xposed里面了,类似太极。
每次关闭易开发都要去设置里强行停止。不如在菜单里加入关闭程序的功能?
用的太极,在太极里勾上了模块,切到其他应用,点击获取应用信息都会没有反应,只有在易开发上点击悬浮穿才会出现应用信息
在nexus 5 上adb install ,报错
Performing Push Install
/Users/xxy/apk/tools/v1.0.4.apk: 1 file pushed. 7.1 MB/s (4676331 bytes in 0.625s)
WARNING: linker: app_process has text relocations. This is wasting memory and is a security risk. Please fix.
WARNING: linker: app_process has text relocations. This is wasting memory and is a security risk. Please fix.
pkg: /data/local/tmp/v1.0.4.apk
Failure [INSTALL_FAILED_OLDER_SDK]
现在横屏显示的界面, 基本没法使用
Hey there!
I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
java.lang.RuntimeException: Unable to stop service com.wrbug.developerhelper.service.FloatWindowService@54e0c28: java.lang.IllegalArgumentException: View=android.widget.ImageView{3f4beed V.ED..C.. ......ID 0,0-0,0} not attached to window manager
at android.app.ActivityThread.handleStopService(ActivityThread.java:3374)
at android.app.ActivityThread.-wrap27(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1588)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:154)
at android.app.ActivityThread.main(ActivityThread.java:6121)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:889)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:779)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
Caused by: java.lang.IllegalArgumentException: View=android.widget.ImageView{3f4beed V.ED..C.. ......ID 0,0-0,0} not attached to window manager
at android.view.WindowManagerGlobal.findViewLocked(WindowManagerGlobal.java:473)
at android.view.WindowManagerGlobal.removeView(WindowManagerGlobal.java:382)
at android.view.WindowManagerImpl.removeView(WindowManagerImpl.java:119)
at com.yhao.floatwindow.FloatPhone.dismiss(FloatPhone.java:121)
at com.yhao.floatwindow.IFloatWindowImpl.dismiss(IFloatWindowImpl.java:118)
at com.yhao.floatwindow.FloatWindow.destroy(FloatWindow.java:53)
at com.wrbug.developerhelper.service.FloatWindowService.onDestroy(FloatWindowService.kt:118)
at android.app.ActivityThread.handleStopService(ActivityThread.java:3357)
at android.app.ActivityThread.-wrap27(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1588)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:154)
at android.app.ActivityThread.main(ActivityThread.java:6121)
at java.lang.reflect.Method.invoke(Native Method)
问题:
在旧版手机(Android 5.1.1)和旧版xposed(version 80)上无法正常执行,提示"java.lang.NoSuchMethodError: No static method findClassIfExists(Ljava/lang/String;Ljava/lang/ClassLoader;)"
分析:
在旧版XposedBridge的XposedHelpers类中,没有findClassIfExists这个方法,而findClassIfExists这个方法实际上只是对findClass多了一层try catch而已
建议:
在xposedmodule的PackerInfo.kt#L83建议直接使用findClass,代码里面加上try catch即可
BR
360加固 无法脱壳
下载网站:https://www.sinopecsales.com/ -> 掌上营业厅下载
大bug,悬浮窗点击没反应
夜神6.3.0版本点击脱壳,应用启动后闪退了
1.0.2版本会把包括framework中的所有类全导出来
脱壳后用jadx打开,全部方法里面的代码都是这样的。查了一圈没找明白,大佬知道这是什么原因吗?
虚拟大师APP里无法重启需要脱壳的APP
如题,遇到一个很尴尬的问题,在尝试脱壳的时候,一个某数字加固的app没有图标也没有入口页面,查看了一下它的清单文件,只有一个接收开机的广播入口 "android.permission.RECEIVE_BOOT_COMPLETED" ,而易开发又必须打开app才能脱壳,请问这种情况有什么思路么,谢谢。
点了脱壳显示需要目标应用重启,然后目标应用就闪退了
Proxy.newProxyInstance(
clazz.classLoader, arrayOf(clazz),
ProcessDataInvocationHandler(clazz)
)
这个方法返回null,导致接下来没有数据展示,请问怎么解决...
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.