caught
Charles
www.charlesproxy.com/
MAC end is very comfortable easy floret vase, grab application layer Http(S) requests, is paid, can find cracked version
Fiddler
Charles on Windows captures Http(S) requests at the application layer. However, it is not recommended because Client Certificates (such as P12 and Client SSL Certificates) cannot be imported. When the server verifies the Client certificate, Bypass cannot be used
WireShark
www.wireshark.org/
The session layer is very convenient to capture packets, and usually needs to cooperate with decompilation to find the composition of the protocol. Recommended usage: Enable the hotspot on the computer, specify a virtual network adapter for creating the hotspot, and then connect the mobile phone to the hotspot to start packet capture
TcpDump
Tcpdump is applicable to capturing packets at the session layer. If you use a computer without a wireless network card or cannot open a hotspot, you can run Tcpdump on the mobile phone, export files, and open the files in the WireShark on the computer. The effect is the same as that of using the WireShark to capture packets
Postern
A very popular proxy/virtual private network manager on Android, is a global proxy tool. The supported proxy protocols include HTTPS/HTTP, SSH tunnel, and SOCKS5 proxy
Jnettop
You can view the traffic trend and peer IP address in real time
ProxyDroid
Enforce global broker tools for situations where regular Charles and other tools cannot capture packages. The principle is to use iptables to redirect all TCP connections to the proxy server, forcing the APP’s HTTP requests through the proxy.
PacketCapture
VPN packet capture is a tool that creates a local VPN so that all requests flow through the VPN. In this way, proxy packet capture is not applicable
HTTPCanary
VPN packet capture is a tool that creates a local VPN so that all requests flow through the VPN. In this way, proxy packet capture is not applicable
BrupSuite
A more professional packet capture tool
Hping
Command line oriented open source tool for generating and parsing TCP/IP protocol data package assembly/analysis. It supports TCP, UDP, ICMP and RAW-IP protocols and has a traceable routing mode
decompiling
AndroidCrackTool For Mac
Github.com/Jermic/Andr…
Android Reverse artifact for MAC, set of utilities
AndroidCrackTool integrates some common compilation/decompilation tools in Android development to facilitate the reverse analysis of Apk and provide the function of viewing Apk information. At present, the main functions include (see the instructions for detailed usage):
-
Decompiling APK
-
Rebuild APK
-
Signature APK
-
Optimize the APK
-
DEX2JAR (APK2JAR)
-
JDGUI
-
Extract the DEX
-
Extract the XML
-
Class to smail
-
View Apk information
-
Unicode transformation
apktool
Github.com/iBotPeaches…
A powerful and easy to operate APK decompile tool. It can save the decompiled APK files to the directory with the same name, and help users recompile the decompiled DEX and odex into dex files
JEB
JEB is a powerful Android application decompiler designed for security professionals to reverse engineer or audit APK files
dex2jar
Github.com/pxb1988/dex…
Example Convert dex into a JAR package
jd-gui
Github.com/java-decomp…
Dex can be converted into JAR package, and provide visual code reading ability
Jadx/Jadx-gui
github.com/skylot/jadx
Very convenient Java decompile tool, generally used function is mainly search, anti-obconfusion, find method calls these several, performance and decompiled code results are better than using dex2Jar + JD-GUI and so on.
wxUnpacker
Github’s small program decompiler is now blocked, but there are other fork versions
Github.com/geilige/wxa…
ByteViewer
Github.com/Konloch/byt…
Supports decompilation of various file formats, such as APK and DEX
Hook
Xposed
Github.com/rovo89/Xpos…
A very powerful Hook framework, many reverse tools are written based on it, and you can also write a module to use when you have special needs
JustTrustMe
Github.com/Fuzion24/Ju…
Xposed based writing tools that can bypass SSL Pinning checks
Inspeckage
Github.com/ac-pm/Inspe…
Xposed write dynamic analysis tool, Hook a large number of reverse common methods, such as Crypto, Hash, these two types in the crack most of the APP encryption parameters can be said to be dimensionless strike, because most of the APP encryption parameters can not escape MD5, SHA1, AES, DES these four kinds, And they all got hooked (not just these four). Basically, open Inspeckage and open its Web side, and then open the specified APP to perform a search, and the encryption parameters are revealed
Frida
github.com/frida/frida
As a Hook tool, relative to Xposed for Frida’s popularity is rising, its functions in some aspects than Xposed is much stronger. It is a dynamic pile-in tool, which can insert some code into the memory space of the native app to dynamically monitor and modify its behavior. It can monitor, modify and even replace the object methods in the memory space
VirtualAPP
It adds a layer of virtual space between the system service layer and the application layer by proxy common system services, allowing applications to run without installing them. Note that VirtualApp itself does not require root permissions. There are many things you can do with the virtual space provided by VirtualApp. For example, when the Application is started, the Application is initialized, and bindApplication() is called in the Application process. VirtualApp rewrites the code so that we can place the window for the injected code here, so that the external hook code can be loaded when the application starts.
Objection
Github.com/sensepost/o…
Frida’s integrated tools are simple to use
shell
Frida
As mentioned in the introduction
dexDump
Known as “gourd baby”, Frida integrated tool to achieve a key shell
Fart
Github.com/hanbingleng…
The dump of the complete dex of the DexFile structure in memory is unhulled
DeveloperHelper
Xposed write based on auxiliary tools, often used to view the Activity name, view the reinforcement type, view the Activity structure, automatic shell.
UCrack
Xposed write auxiliary tools, integrated automatic network capture, network stack explosion, file log, WebView debugging environment, automatic shell, Native function registration monitoring, recording procedures such as suicide stack functions
debugging
Postman
www.postman.com/
Supports cURL import
adb
Developer.android.com/studio/?gcl…
Android debugging, reverse for software installation, service startup, dynamic debugging, etc., the use of the Linux shell
IDA Pro
Powerful debugging tool, often used in so static and dynamic analysis in reverse, to help crack Native encryption logic
DDMS
Dalvik Debug Monitor Service is a Dalvik VIRTUAL machine debugging monitoring Service in the Android development environment. It provides functions such as viewing thread and heap information, logCAT, process, broadcast status information, etc
AndBug
Scripted Android dynamic debugger, but does not support single-step Android programs, and cannot set breakpoints for custom methods, so it may be inconvenient to use. Use it according to actual needs
APPium
Automate native, mobile Web, and hybrid applications on iOS phones, Android phones, and Windows desktop platforms. The core is a WEB server that exposes the REST API. It accepts the connection from the client, listens for the command and executes it on the mobile device, and replies with an HTTP response describing the result
library
xpath
Easy to use HTML parsing library
fake_useragent
User-agent dynamic generation, pooling technology, can effectively avoid detection UA anticrawler strategy
Linux
cURL
A file transfer tool that uses URL syntax to work from the command line
openssl
SSL command line tool, used in reverse to generate hashcode in Android7.0 certificate files. The certificate is renamed hashcode and installed in the system directory. openssl x509 -subject_hash_old -in <Certificate_File>
mprop
You can modify the installation system property ro.debuggable to make the app debuggable /data/local/ TMP /mprop setprop ro.debuggable 1
Write in the last
The above is the author’s current collection and use of reverse tools, there are better artifacts and tools please add in the message area ~
Learn from each other and make progress together. Thank you for your love of technology