过签名验证求助
本帖最后由 曾经流过的泪 于 2016-1-3 11:59 编辑今天下的这个软件,确定是属于签名验证的,而且找到签名验证就在so文件里,libhello-jni1.so这个文件里,可是自己ida汇编这块不懂,只会改改跳转,改了半天,死活过不了这个验证,希望有个好心人帮帮我,感激不尽!不太会排版,大家见谅!
text:00001030 EXPORT Java_com_soft_apk008_LoadActivity_stringFromJNI
.text:00001030 Java_com_soft_apk008_LoadActivity_stringFromJNI
.text:00001030 PUSH {R4-R7,LR}
.text:00001032 MOV R7, R11
.text:00001034 MOV R6, R10
.text:00001036 MOV R5, R9
.text:00001038 MOV R4, R8
.text:0000103A PUSH {R4-R7}
.text:0000103C LDR R5, =(__stack_chk_guard_ptr - 0x1046)
.text:0000103E MOV R10, R3
.text:00001040 MOVS R4, R0
.text:00001042 ADD R5, PC ; __stack_chk_guard_ptr
.text:00001044 LDR R5, ; __stack_chk_guard
.text:00001046 SUB SP, SP, #0x64
.text:00001048 LDR R0,
.text:0000104A LDR R3,
.text:0000104C MOV R8, R1
.text:0000104E MOV R11, R0
.text:00001050 STR R3,
.text:00001052 LDR R3,
.text:00001054 MOVS R1, R2
.text:00001056 MOVS R0, R4
.text:00001058 LDR R3,
.text:0000105A BLX R3
.text:0000105C LDR R2, =(aGetpackagemana - 0x106A)
.text:0000105E MOVS R1, R0
.text:00001060 LDR R3, =(aLandroidConten - 0x106E)
.text:00001062 LDR R0,
.text:00001064 MOVS R6, #0x84
.text:00001066 ADD R2, PC ; "getPackageManager"
.text:00001068 LDR R7,
.text:0000106A ADD R3, PC ; "()Landroid/content/pm/PackageManager;"
.text:0000106C MOVS R0, R4
.text:0000106E BLX R7
.text:00001070 LDR R3,
.text:00001072 MOVS R7, #0x88
.text:00001074 MOVS R2, R0
.text:00001076 LDR R3,
.text:00001078 MOV R1, R8
.text:0000107A MOVS R0, R4
.text:0000107C BLX R3
.text:0000107E LDR R3,
.text:00001080 MOV R8, R0
.text:00001082 MOV R1, R8
.text:00001084 LDR R3,
.text:00001086 MOVS R0, R4
.text:00001088 BLX R3
.text:0000108A LDR R1,
.text:0000108C LDR R2, =(aGetpackageinfo - 0x1098)
.text:0000108E LDR R3, =(aLjavaLangStrin - 0x109C)
.text:00001090 LDR R1,
.text:00001092 MOV R9, R0
.text:00001094 ADD R2, PC ; "getPackageInfo"
.text:00001096 MOV R12, R1
.text:00001098 ADD R3, PC ; "(Ljava/lang/String;I)Landroid/content/p"...
.text:0000109A MOV R1, R9
.text:0000109C MOVS R0, R4
.text:0000109E BLX R12
.text:000010A0 LDR R3,
.text:000010A2 LDR R1, =(aCom_soft_apk00 - 0x10B2)
.text:000010A4 MOVS R2, #0x29C
.text:000010A8 LDR R7,
.text:000010AA MOV R9, R0
.text:000010AC LDR R3,
.text:000010AE ADD R1, PC ; "com.soft.apk008v"
.text:000010B0 MOVS R0, R4
.text:000010B2 BLX R3
.text:000010B4 MOVS R2, #0x40
.text:000010B6 MOVS R3, R0
.text:000010B8 MOV R1, R8
.text:000010BA STR R2,
.text:000010BC MOVS R0, R4
.text:000010BE MOV R2, R9
.text:000010C0 BLX R7
.text:000010C2 LDR R3,
.text:000010C4 MOVS R7, R0
.text:000010C6 MOVS R1, R7
.text:000010C8 LDR R3,
.text:000010CA MOVS R0, R4
.text:000010CC BLX R3
.text:000010CE LDR R3,
.text:000010D0 MOV R8, R0
.text:000010D2 MOVS R0, #0xBC
.text:000010D4 MOV R12, R3
.text:000010D6 LSLS R0, R0, #1
.text:000010D8 MOV R9, R0
.text:000010DA MOV R1, R12
.text:000010DC ADD R1, R9
.text:000010DE LDR R0,
.text:000010E0 LDR R2, =(aSignatures - 0x10EA)
.text:000010E2 LDR R3, =(aLandroidCont_0 - 0x10EC)
.text:000010E4 MOV R12, R0
.text:000010E6 ADD R2, PC ; "signatures"
.text:000010E8 ADD R3, PC ; "[Landroid/content/pm/Signature;"
.text:000010EA MOV R1, R8
.text:000010EC MOVS R0, R4
.text:000010EE BLX R12
.text:000010F0 LDR R1,
.text:000010F2 MOVS R3, #0x17C
.text:000010F6 MOVS R2, R0
.text:000010F8 LDR R3,
.text:000010FA MOVS R0, R4
.text:000010FC MOVS R1, R7
.text:000010FE BLX R3
.text:00001100 LDR R2,
.text:00001102 MOVS R3, #0x2B4
.text:00001106 MOVS R1, R0
.text:00001108 LDR R3,
.text:0000110A MOVS R0, R4
.text:0000110C MOVS R2, #0
.text:0000110E BLX R3
.text:00001110 LDR R3,
.text:00001112 MOVS R7, R0
.text:00001114 MOVS R1, R7
.text:00001116 LDR R3,
.text:00001118 MOVS R0, R4
.text:0000111A BLX R3
.text:0000111C LDR R2, =(aHashcode - 0x1128)
.text:0000111E MOVS R1, R0
.text:00001120 LDR R3, =(aI - 0x112A)
.text:00001122 LDR R0,
.text:00001124 ADD R2, PC ; "hashCode"
.text:00001126 ADD R3, PC ; "()I"
.text:00001128 LDR R6,
.text:0000112A MOVS R0, R4
.text:0000112C BLX R6
.text:0000112E LDR R1,
.text:00001130 MOVS R3, #0xC4
.text:00001132 MOVS R2, R0
.text:00001134 LDR R3,
.text:00001136 MOVS R0, R4
.text:00001138 MOVS R1, R7
.text:0000113A BLX R3
.text:0000113C MOV R3, R10
.text:0000113E ADDS R3, #0xA
.text:00001140 LSRS R6, R3, #0x1F
.text:00001142 ADDS R6, R6, R3
.text:00001144 MOV R3, R11
.text:00001146 LSLS R1, R3, #1
.text:00001148 ASRS R6, R6, #1
.text:0000114A ADDS R6, R6, R1
.text:0000114C LDR R1, =(aHash_codeUDD - 0x1156)
.text:0000114E MOVS R2, R0
.text:00001150 MOVS R3, #0x9A
.text:00001152 ADD R1, PC ; "hash_code : %u%d%d"
.text:00001154 SUBS R6, #7
.text:00001156 ADD R0, SP, #0xC
.text:00001158 STR R6,
.text:0000115A BLX sprintf
.text:0000115E MOV R1, R10
.text:00001160 LSLS R0, R1, #1
.text:00001162 SUBS R0, #5
.text:00001164 BLX __floatsidf
.text:00001168 LDR R3, =0x40193333
.text:0000116A LDR R2, =0x33333333
.text:0000116C BLX __muldf3
.text:00001170 LDR R2, =0
.text:00001172 LDR R3, =0x402A0000
.text:00001174 BLX __subdf3
.text:00001178 BLX __fixdfsi
.text:0000117C CMP R11, R0
.text:0000117E BEQ loc_1210
.text:00001180
.text:00001180 loc_1180 ; CODE XREF: .text:00001222j
.text:00001180 LDR R1, =(aHash_codeSDD - 0x118A)
.text:00001182 LDR R2, =(a2679523376 - 0x118C)
.text:00001184 ADD R0, SP, #0x34
.text:00001186 ADD R1, PC ; "hash_code : %s%d%d"
.text:00001188 ADD R2, PC ; "2679523376"
.text:0000118A MOVS R3, #0x9A
.text:0000118C STR R6,
.text:0000118E BLX sprintf
.text:00001192 ADD R0, SP, #0xC
.text:00001194 ADD R1, SP, #0x34
.text:00001196 BLX strcmp
.text:0000119A CMP R0, #0
.text:0000119C BNE loc_11C2
.text:0000119E
.text:0000119E loc_119E ; CODE XREF: .text:0000120Ej
.text:0000119E LDR R2,
.text:000011A0 MOVS R3, #0x29C
.text:000011A4 LDR R3,
.text:000011A6 MOVS R0, R4
.text:000011A8 ADD R1, SP, #0xC
.text:000011AA BLX R3
.text:000011AC LDR R2,
.text:000011AE LDR R3,
.text:000011B0 CMP R2, R3
.text:000011B2 BNE loc_122E
.text:000011B4 ADD SP, SP, #0x64
.text:000011B6 POP {R2-R5}
.text:000011B8 MOV R8, R2
.text:000011BA MOV R9, R3
.text:000011BC MOV R10, R4
.text:000011BE MOV R11, R5
.text:000011C0 POP {R4-R7,PC}
.text:000011C2 ; ---------------------------------------------------------------------------
.text:000011C2
.text:000011C2 loc_11C2 ; CODE XREF: .text:0000119Cj
.text:000011C2 LDR R3,
.text:000011C4 LDR R1, =(aJavaLangSystem - 0x11CE)
.text:000011C6 MOVS R0, R4
.text:000011C8 LDR R3,
.text:000011CA ADD R1, PC ; "java/lang/System"
.text:000011CC BLX R3
.text:000011CE LDR R2, =(aExit - 0x11E0)
.text:000011D0 MOVS R6, R0
.text:000011D2 LDR R3, =(aIV - 0x11E2)
.text:000011D4 LDR R0,
.text:000011D6 MOVS R1, #0x1C4
.text:000011DA LDR R7,
.text:000011DC ADD R2, PC ; "exit"
.text:000011DE ADD R3, PC ; "(I)V"
.text:000011E0 MOVS R0, R4
.text:000011E2 MOVS R1, R6
.text:000011E4 BLX R7
.text:000011E6 SUBS R7, R0, #0
.text:000011E8 BEQ loc_1224
.text:000011EA LDR R0, =(aFindTheMethod - 0x11F0)
.text:000011EC ADD R0, PC ; "find the method"
.text:000011EE BLX printf
.text:000011F2
.text:000011F2 loc_11F2 ; CODE XREF: .text:0000122Cj
.text:000011F2 LDR R2,
.text:000011F4 MOVS R3, #0x234
.text:000011F8 LDR R0,
.text:000011FA MOVS R1, R6
.text:000011FC MOVS R2, R7
.text:000011FE MOV R12, R0
.text:00001200 MOVS R3, #0
.text:00001202 MOVS R0, R4
.text:00001204 BLX R12
.text:00001206 LDR R0, =(aExit - 0x120C)
.text:00001208 ADD R0, PC ; "exit"
.text:0000120A BLX printf
.text:0000120E B loc_119E
.text:00001210 ; ---------------------------------------------------------------------------
.text:00001210
.text:00001210 loc_1210 ; CODE XREF: .text:0000117Ej
.text:00001210 LDR R1, =(aHash_codeSDD - 0x121A)
.text:00001212 LDR R2, =(a2679523376 - 0x121C)
.text:00001214 ADD R0, SP, #0xC
.text:00001216 ADD R1, PC ; "hash_code : %s%d%d"
.text:00001218 ADD R2, PC ; "2679523376"
.text:0000121A MOVS R3, #0x9A
.text:0000121C STR R6,
.text:0000121E BLX sprintf
.text:00001222 B loc_1180
.text:00001224 ; ---------------------------------------------------------------------------
.text:00001224
.text:00001224 loc_1224 ; CODE XREF: .text:000011E8j
.text:00001224 LDR R0, =(unk_3074 - 0x122A)
.text:00001226 ADD R0, PC ; unk_3074
.text:00001228 BLX printf
.text:0000122C B loc_11F2
软件下载地址:http://pan.baidu.com/s/1dEixbwt
页:
[1]