Comments (1)
使用nvwa_unpacker脱壳机脱壳后,文件后缀为.j, 看起来像是smali, 但也不是标准的smali, 请问这些文件怎么处理? 能转成.java文件吗?
` .version 50 0
.class public super com/xunmeng/pinduoduo/alive/unify/ability/dynamic/abilities/dataCollect/collectors/XmVoiceAssistantUsageCollector .super java/lang/Object
.implements com/xunmeng/pinduoduo/alive/unify/ability/dynamic/abilities/dataCollect/ability/IDataCollector
.field public static TAG Ljava/lang/String; .field public static CONFIG_KEY_COLLECTOR Ljava/lang/String; .field public static AB_KEY_TRACK Ljava/lang/String; .field public static KEY_LAST_FAILURE_COLLECT_TIME Ljava/lang/String; .field public static KEY_LAST_SUCCESS_COLLECT_TIME Ljava/lang/String; .field public static FILE_PATH Ljava/lang/String; .field public collectRecordKV Lcom/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/intf/IMMKV; .method public : ()V .code stack 3 locals 1
L_0: aload 0 L_1: ldc "LVUA.XmVoiceAssistantUsageCollector" L_2: ldc 0 L_3: invokestatic Method com/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/proxy/MMKVCompat module (Ljava/lang/String;Z)Lcom/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/intf/IMMKV; L_4: putfield Field com/xunmeng/pinduoduo/alive/unify/ability/dynamic/abilities/dataCollect/collectors/XmVoiceAssistantUsageCollector collectRecordKV Lcom/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/intf/IMMKV; L_5: return
.end code
.end method
`
@zhangjg0201
是不是 nvwa_unpack 的 run.py 没有100%执行成功?我踩了以下坑后,能disasm 出 class文件:
1.pwn包 缺失
我在Mac M1下,卡在 pwn包 install失败,包括pip3 install、brew install pwntools都不行。
采用 ubuntu的 multipass 跑 ubuntu实例,解决 pwn包安装问题。
2.krak2 not found
见 run.py#L72 依赖 krak2,是 Krakatau 的 v2,目前只能手动编译,见readme有步骤。
依然报错,原因未知;改用 v1版本:
- git clone Krakatau
- 'python3 /Krakatau/assemble.py' 替换 run.py#L72 的 ‘krak2 asm’
- 执行 run.py,解锁 class 文件
3.用jadx decompile
from pinduoduo_backdoor_unpacker.
Related Issues (20)
- 请教share.pkg_list_for_dynamic_app_id中配置的含义
- 提权动作触发条件 HOT 3
- 方法执行没有报错,但核心代码去哪了? HOT 2
- 怎么利用这个漏洞往system目录写入文件?
- 大佬加油,抵制无良奸商
- 膜拜大神!流氓PDD! 求加邮箱交流([email protected])
- 厉害了
- V6 HOT 3
- mac run python bad HOT 2
- nw0.bin文件从哪来? HOT 1
- 似乎有一些Bug HOT 4
- 大量的函数没法反编译? HOT 1
- 卸载PDD后还有事吗? HOT 3
- mv的v6版本样本 HOT 4
- 请益:StartAnyWhere 和 System-Only API 之间的关系——如何构建一个具有 System 特权的 Context? HOT 3
- Scan
- 配置文件里是啥
- 所以提权的核心代码是啥 HOT 3
- 请问nvwa的脱壳脚本预计什么时候放出?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pinduoduo_backdoor_unpacker.