@oro-oro
2015-08-18T03:16:39.000000Z
字数 2586
阅读 2016
JebAPI
JebInstance可以通过getUI()方法来获得jeb.api.ui.JebUI。
JebUI 下面有很多View,如AssemblyView, JavaView等等。
JebUI可以通过getView(View.Type viewtype)方法获得对应的View。
具体类型在jeb.api.ui.View.Type中:
| 类型 | 说明 |
|---|---|
| ASSEMBLY | 反汇编界面 |
| CLASS_HIERARCHY | 类层级界面(左) |
| CONSOLE | 控制台(下) |
| JAVA | Java代码界面 |
| MANIFEST | 清单界面 |
| NOTES | 全局评论界面 |
在第3章解密的基础上,让JavaView界面自动刷新,显示解密字符串:
import jeb.api.IScript;import jeb.api.JebInstance;import jeb.api.ast.*;import jeb.api.dex.Dex;import jeb.api.dex.DexMethod;import jeb.api.ui.JavaView;import jeb.api.ui.JebUI;import jeb.api.ui.View;import java.util.ArrayList;import java.util.List;public class TestASTDecode implements IScript {public static final byte[] bytes = new byte[]{'H', 'e', 'l', 'l', 'o', ' ', 'W', 'o', 'r', 'l', 'd', '!'};@Overridepublic void run(JebInstance jebInstance) {JebUI ui = jebInstance.getUI();JavaView javaView = (JavaView) ui.getView(View.Type.JAVA);Dex dex = jebInstance.getDex();List<String> classSignatures = dex.getClassSignatures(true);Constant.Builder cstBuilder = new Constant.Builder(jebInstance);// 获得decode方法的sigint methodCount = dex.getMethodCount();String decodeMtdSig;for (int i = 0; i < methodCount; i++) {DexMethod dexMethod = dex.getMethod(i);int index = dexMethod.getIndex();decodeMtdSig = dex.getMethod(i).getSignature(true);if (decodeMtdSig.contains("Lcom/test/helloworld/MainActivity;->decode")) {// 找出所有使用了该方法的地方List<Integer> methodReferences = dex.getMethodReferences(index);for (Integer refIdx : methodReferences) {DexMethod refDexMethod = dex.getMethod(refIdx);// 找到AST中对应的MethodMethod decompiledMethodTree = jebInstance.getDecompiledMethodTree(refDexMethod.getSignature(true));// 拿到语句块,遍历所有语句Block block = decompiledMethodTree.getBody();int size = block.size();for (int j = 0; j < size; j++) {Statement statement = block.get(j);jebInstance.print(statement.toString());if (statement instanceof Call) {Call call = (Call) statement;Method method = call.getMethod();jebInstance.print("Call : " + method.getSignature());List<IElement> subElements = call.getSubElements();for (IElement element : subElements) {jebInstance.print("Sub Element : " + element.toString());if (element instanceof Call) {Call c = (Call) element;Method m = c.getMethod();if (m.getSignature().equals(decodeMtdSig)) {jebInstance.print(">>> " + decodeMtdSig);List<IExpression> arguments = c.getArguments();ArrayList<Integer> arrayList = new ArrayList<Integer>();for (IExpression expression : arguments) {if (expression instanceof Constant) {arrayList.add(((Constant) expression).getInt());}}String str = decode(arrayList.get(0), arrayList.get(1));jebInstance.print("解密后的字符串 : " + str);// 将当前语句Call的子元素,替换为解密后的字符串call.replaceSubElement(element, cstBuilder.buildString(str));}}}}}}}}javaView.refresh();}String decode(int a, int b) {byte[] ab = new byte[]{bytes[a], bytes[b]};return new String(ab);}}