问题描述
我想问问是否有可能在没有源代码的情况下调试发行版apk,以及如何防止用户执行此操作?
I want to ask if there is a possibility to debug a release apk without having source code and how we can prevent user to do this action ?
我认为没有源代码(清单默认为 android:debuggable ="false" ),我无法调试apk,直到我将其发送给客户端并且他要求我禁用可调试模式,因为他遇到了这个问题.我试图重现问题,我在想他是否进行了逆向工程.
I thought that I can't debug an apk without a source code ( manifest has by default android:debuggable="false") until I sent it to a client and he asks me to disable debuggable mode because he got this issue . I try to reproduce the problem and I'm thinking if he did a reverse engineering.
推荐答案
您可以使用许多不同的工具调试已签名的APK.大多数方法将被视为逆向工程的一种形式.在较高的层次上,一种常见的方法(用于动态实时"调试)是:
You can debug an already signed APK with a number of different tools. Most approaches would be considered a form of reverse engineering. At a high level, a common approach (for dynamic "live" debugging) would be to:
- 使用 APKTool 通过AndroidManifest.xml中的属性启用调试.对齐并签名新修改的APK.
- 使用 ADB 将新的可调试" APK推送到设备/仿真器.
- 使用调试器,例如 GDB (NDK包括带有arm工具链的gdbserver).
- Use APKTool to enable debugging via the property in the AndroidManifest.xml. Align and sign the newly modified APK.
- Use ADB to push the new "debuggable" APK to the device/emulator.
- Use a debugger such as GDB (NDK includes a gdbserver with the arm toolchain).
值得一提的是,静态分析也可以作为一种选择,从而可以将APK解压缩并反编译为SMALI/Java.
It's worth mentioning that static analysis can be an option too, whereby the APK could be unpacked and decompiled to SMALI/Java.
有许多工具可以帮助您反向和调试APK.我经常使用的是: dex2jar,JDGUI,APK Studio,JEB,IDA Pro,VisualGDB.
There are a number of tools available to help reverse and debug APK's. Some I use frequently are; dex2jar, JDGUI, APK Studio, JEB, IDA Pro, VisualGDB.
这篇关于我们如何在没有源代码的情况下调试签名的apk?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!