{"id":18524881,"url":"https://github.com/xishandong/android_reverse","last_synced_at":"2025-08-21T00:31:18.064Z","repository":{"id":200337639,"uuid":"705293816","full_name":"xishandong/Android_reverse","owner":"xishandong","description":"此项目分享安卓逆向的实战案例以及学习笔记，适合新手学习，随着作者逐渐变成大神，这个仓库也会适合大神学习~","archived":false,"fork":false,"pushed_at":"2024-07-11T05:53:55.000Z","size":18,"stargazers_count":48,"open_issues_count":0,"forks_count":16,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-07T23:34:03.462Z","etag":null,"topics":["android-application","crawling-python","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xishandong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-15T16:03:51.000Z","updated_at":"2025-02-21T03:35:49.000Z","dependencies_parsed_at":null,"dependency_job_id":"ba9bf9d0-0ea9-43a0-b696-86b67fe28db7","html_url":"https://github.com/xishandong/Android_reverse","commit_stats":null,"previous_names":["xishandong/android_reverse"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/xishandong/Android_reverse","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xishandong%2FAndroid_reverse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xishandong%2FAndroid_reverse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xishandong%2FAndroid_reverse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xishandong%2FAndroid_reverse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xishandong","download_url":"https://codeload.github.com/xishandong/Android_reverse/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xishandong%2FAndroid_reverse/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271409395,"owners_count":24754706,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android-application","crawling-python","reverse-engineering"],"created_at":"2024-11-06T17:43:37.277Z","updated_at":"2025-08-21T00:31:17.751Z","avatar_url":"https://github.com/xishandong.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 安卓逆向合集\n\u003e 此项目为安卓逆向实战合集以及部分笔记\n\u003e\n\u003e 仅作学习分析以及学习记录，__禁止商用__，如遇__侵权__请联系删除\n\u003e\n\u003e 本项目将持续更新\n### 我的个人博客\n[回锅炒辣椒的个人博客](https://www.xsblog.site/)\n## 环境篇\n众所周知，安卓逆向首先需要一个安卓环境，有两种方案，第一是模拟器，第二是真机\n\n### 模拟器\n市面上有很多模拟器可以用，up选择的是夜神模拟器，在官网下载好模拟器后，我们需要改一些配置\n\n第一，抓包配置 --\u003e 配置WIFI的IP以及按照你的抓包工具进行配置。\n\n第二，开root，很简单\n\n\u003e 但是会出现抓包抓不到的情况，这种是由于在java层配置了不走系统代理，所以我们需要别的工具：\n\u003e\n\u003e 1. drony(不推荐)，有时会导致无法上网，不稳定\n\u003e 2. SocksDroid(推荐)，开启工具时记得删除系统代理\n\n\u003e 注: 夜神模拟器默认的端口是62025, 所以我们需要连接这个端口(不一定，我的电脑是这个端口)\n\n### 反编译工具\n\n1. jadx(java层)\n2. jeb(java层)\n3. ida(so层，c语言层)\n\n### 查壳脱壳工具\n\n按照自己的喜好即可，网上有很多\n\n### 获取apk途径\n\n百度搜索即可\n\n## 实战篇\n\n\u003e 更多的笔记见其他文件。\n\n| 项目 | 难度 |\n| ---- | ---- |\n| 豆瓣 | 简单 |\n| 某物 | 中等 |\n\n### 豆瓣\n\n想必大家爬虫梦的开始就是豆瓣250吧，那么我们安卓逆向的开始也从豆瓣开始吧~\n\n分析过程:\n\n1. 首先抓包分析，确认接口，确认加密参数名: _sig\n2. 全局搜索，确认加密位置\n3. hook加密函数，分析加密流程\n4. 用python改写，实现发包\n\n总结算法： 豆瓣的_sig是由请求方式以及url的path和时间戳以\u0026相连，进行一次hmacsha1，然后将结果转化为base64的格式\n\n### 某物\n\n第二个案例首先更新第一部分，newSign的获取。得物前几个版本比较简单，但是新版本有些内容不太一样\n\n第一，newSign放到so层添加，并且是VMP的so文件，在这里我们不分析这个so文件，在全局搜索其他部分，找到加密位置\n\n分析过程:\n1. 首先抓包分析，需要分析参数: newSign\n2. 全局搜索其他关键字\n3. hook函数，然后去so层分析\n4. 用python改写\n\n总结: 这个算法是将params添加四个额外的内容，排序，然后用aes加密之后在加密md5得到newSign\n\n之后更新搜索接口的加密以及解密...\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxishandong%2Fandroid_reverse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxishandong%2Fandroid_reverse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxishandong%2Fandroid_reverse/lists"}