过签名验证求助

曾经流过的泪 发表于 2016-1-3 11:54:38

本帖最后由曾经流过的泪于 2016-1-3 11:59 编辑

            今天下的这个软件，确定是属于签名验证的，而且找到签名验证就在so文件里，libhello-jni1.so这个文件里，可是自己ida汇编这块不懂，只会改改跳转，改了半天，死活过不了这个验证，希望有个好心人帮帮我，感激不尽！不太会排版，大家见谅！
text:00001030             EXPORT Java_com_soft_apk008_LoadActivity_stringFromJNI
.text:00001030 Java_com_soft_apk008_LoadActivity_stringFromJNI
.text:00001030             PUSH {R4-R7,LR}
.text:00001032             MOV R7, R11
.text:00001034             MOV R6, R10
.text:00001036             MOV R5, R9
.text:00001038             MOV R4, R8
.text:0000103A             PUSH {R4-R7}
.text:0000103C             LDR R5, =(__stack_chk_guard_ptr - 0x1046)
.text:0000103E             MOV R10, R3
.text:00001040             MOVS R4, R0
.text:00001042             ADD R5, PC ; __stack_chk_guard_ptr
.text:00001044             LDR R5, ; __stack_chk_guard
.text:00001046             SUB SP, SP, #0x64
.text:00001048             LDR R0,
.text:0000104A             LDR R3,
.text:0000104C             MOV R8, R1
.text:0000104E             MOV R11, R0
.text:00001050             STR R3,
.text:00001052             LDR R3,
.text:00001054             MOVS R1, R2
.text:00001056             MOVS R0, R4
.text:00001058             LDR R3,
.text:0000105A             BLX R3
.text:0000105C             LDR R2, =(aGetpackagemana - 0x106A)
.text:0000105E             MOVS R1, R0
.text:00001060             LDR R3, =(aLandroidConten - 0x106E)
.text:00001062             LDR R0,
.text:00001064             MOVS R6, #0x84
.text:00001066             ADD R2, PC       ; "getPackageManager"
.text:00001068             LDR R7,
.text:0000106A             ADD R3, PC       ; "()Landroid/content/pm/PackageManager;"
.text:0000106C             MOVS R0, R4
.text:0000106E             BLX R7
.text:00001070             LDR R3,
.text:00001072             MOVS R7, #0x88
.text:00001074             MOVS R2, R0
.text:00001076             LDR R3,
.text:00001078             MOV R1, R8
.text:0000107A             MOVS R0, R4
.text:0000107C             BLX R3
.text:0000107E             LDR R3,
.text:00001080             MOV R8, R0
.text:00001082             MOV R1, R8
.text:00001084             LDR R3,
.text:00001086             MOVS R0, R4
.text:00001088             BLX R3
.text:0000108A             LDR R1,
.text:0000108C             LDR R2, =(aGetpackageinfo - 0x1098)
.text:0000108E             LDR R3, =(aLjavaLangStrin - 0x109C)
.text:00001090             LDR R1,
.text:00001092             MOV R9, R0
.text:00001094             ADD R2, PC       ; "getPackageInfo"
.text:00001096             MOV R12, R1
.text:00001098             ADD R3, PC       ; "(Ljava/lang/String;I)Landroid/content/p"...
.text:0000109A             MOV R1, R9
.text:0000109C             MOVS R0, R4
.text:0000109E             BLX R12
.text:000010A0             LDR R3,
.text:000010A2             LDR R1, =(aCom_soft_apk00 - 0x10B2)
.text:000010A4             MOVS R2, #0x29C
.text:000010A8             LDR R7,
.text:000010AA             MOV R9, R0
.text:000010AC             LDR R3,
.text:000010AE             ADD R1, PC       ; "com.soft.apk008v"
.text:000010B0             MOVS R0, R4
.text:000010B2             BLX R3
.text:000010B4             MOVS R2, #0x40
.text:000010B6             MOVS R3, R0
.text:000010B8             MOV R1, R8
.text:000010BA             STR R2,
.text:000010BC             MOVS R0, R4
.text:000010BE             MOV R2, R9
.text:000010C0             BLX R7
.text:000010C2             LDR R3,
.text:000010C4             MOVS R7, R0
.text:000010C6             MOVS R1, R7
.text:000010C8             LDR R3,
.text:000010CA             MOVS R0, R4
.text:000010CC             BLX R3
.text:000010CE             LDR R3,
.text:000010D0             MOV R8, R0
.text:000010D2             MOVS R0, #0xBC
.text:000010D4             MOV R12, R3
.text:000010D6             LSLS R0, R0, #1
.text:000010D8             MOV R9, R0
.text:000010DA             MOV R1, R12
.text:000010DC             ADD R1, R9
.text:000010DE             LDR R0,
.text:000010E0             LDR R2, =(aSignatures - 0x10EA)
.text:000010E2             LDR R3, =(aLandroidCont_0 - 0x10EC)
.text:000010E4             MOV R12, R0
.text:000010E6             ADD R2, PC       ; "signatures"
.text:000010E8             ADD R3, PC       ; "[Landroid/content/pm/Signature;"
.text:000010EA             MOV R1, R8
.text:000010EC             MOVS R0, R4
.text:000010EE             BLX R12
.text:000010F0             LDR R1,
.text:000010F2             MOVS R3, #0x17C
.text:000010F6             MOVS R2, R0
.text:000010F8             LDR R3,
.text:000010FA             MOVS R0, R4
.text:000010FC             MOVS R1, R7
.text:000010FE             BLX R3
.text:00001100             LDR R2,
.text:00001102             MOVS R3, #0x2B4
.text:00001106             MOVS R1, R0
.text:00001108             LDR R3,
.text:0000110A             MOVS R0, R4
.text:0000110C             MOVS R2, #0
.text:0000110E             BLX R3
.text:00001110             LDR R3,
.text:00001112             MOVS R7, R0
.text:00001114             MOVS R1, R7
.text:00001116             LDR R3,
.text:00001118             MOVS R0, R4
.text:0000111A             BLX R3
.text:0000111C             LDR R2, =(aHashcode - 0x1128)
.text:0000111E             MOVS R1, R0
.text:00001120             LDR R3, =(aI - 0x112A)
.text:00001122             LDR R0,
.text:00001124             ADD R2, PC       ; "hashCode"
.text:00001126             ADD R3, PC       ; "()I"
.text:00001128             LDR R6,
.text:0000112A             MOVS R0, R4
.text:0000112C             BLX R6
.text:0000112E             LDR R1,
.text:00001130             MOVS R3, #0xC4
.text:00001132             MOVS R2, R0
.text:00001134             LDR R3,
.text:00001136             MOVS R0, R4
.text:00001138             MOVS R1, R7
.text:0000113A             BLX R3
.text:0000113C             MOV R3, R10
.text:0000113E             ADDS R3, #0xA
.text:00001140             LSRS R6, R3, #0x1F
.text:00001142             ADDS R6, R6, R3
.text:00001144             MOV R3, R11
.text:00001146             LSLS R1, R3, #1
.text:00001148             ASRS R6, R6, #1
.text:0000114A             ADDS R6, R6, R1
.text:0000114C             LDR R1, =(aHash_codeUDD - 0x1156)
.text:0000114E             MOVS R2, R0
.text:00001150             MOVS R3, #0x9A
.text:00001152             ADD R1, PC       ; "hash_code : %u%d%d"
.text:00001154             SUBS R6, #7
.text:00001156             ADD R0, SP, #0xC
.text:00001158             STR R6,
.text:0000115A             BLX sprintf
.text:0000115E             MOV R1, R10
.text:00001160             LSLS R0, R1, #1
.text:00001162             SUBS R0, #5
.text:00001164             BLX __floatsidf
.text:00001168             LDR R3, =0x40193333
.text:0000116A             LDR R2, =0x33333333
.text:0000116C             BLX __muldf3
.text:00001170             LDR R2, =0
.text:00001172             LDR R3, =0x402A0000
.text:00001174             BLX __subdf3
.text:00001178             BLX __fixdfsi
.text:0000117C             CMP R11, R0
.text:0000117E             BEQ loc_1210
.text:00001180
.text:00001180 loc_1180                            ; CODE XREF: .text:00001222j
.text:00001180             LDR R1, =(aHash_codeSDD - 0x118A)
.text:00001182             LDR R2, =(a2679523376 - 0x118C)
.text:00001184             ADD R0, SP, #0x34
.text:00001186             ADD R1, PC       ; "hash_code : %s%d%d"
.text:00001188             ADD R2, PC       ; "2679523376"
.text:0000118A             MOVS R3, #0x9A
.text:0000118C             STR R6,
.text:0000118E             BLX sprintf
.text:00001192             ADD R0, SP, #0xC
.text:00001194             ADD R1, SP, #0x34
.text:00001196             BLX strcmp
.text:0000119A             CMP R0, #0
.text:0000119C             BNE loc_11C2
.text:0000119E
.text:0000119E loc_119E                            ; CODE XREF: .text:0000120Ej
.text:0000119E             LDR R2,
.text:000011A0             MOVS R3, #0x29C
.text:000011A4             LDR R3,
.text:000011A6             MOVS R0, R4
.text:000011A8             ADD R1, SP, #0xC
.text:000011AA             BLX R3
.text:000011AC             LDR R2,
.text:000011AE             LDR R3,
.text:000011B0             CMP R2, R3
.text:000011B2             BNE loc_122E
.text:000011B4             ADD SP, SP, #0x64
.text:000011B6             POP {R2-R5}
.text:000011B8             MOV R8, R2
.text:000011BA             MOV R9, R3
.text:000011BC             MOV R10, R4
.text:000011BE             MOV R11, R5
.text:000011C0             POP {R4-R7,PC}
.text:000011C2 ; ---------------------------------------------------------------------------
.text:000011C2
.text:000011C2 loc_11C2                            ; CODE XREF: .text:0000119Cj
.text:000011C2             LDR R3,
.text:000011C4             LDR R1, =(aJavaLangSystem - 0x11CE)
.text:000011C6             MOVS R0, R4
.text:000011C8             LDR R3,
.text:000011CA             ADD R1, PC       ; "java/lang/System"
.text:000011CC             BLX R3
.text:000011CE             LDR R2, =(aExit - 0x11E0)
.text:000011D0             MOVS R6, R0
.text:000011D2             LDR R3, =(aIV - 0x11E2)
.text:000011D4             LDR R0,
.text:000011D6             MOVS R1, #0x1C4
.text:000011DA             LDR R7,
.text:000011DC             ADD R2, PC       ; "exit"
.text:000011DE             ADD R3, PC       ; "(I)V"
.text:000011E0             MOVS R0, R4
.text:000011E2             MOVS R1, R6
.text:000011E4             BLX R7
.text:000011E6             SUBS R7, R0, #0
.text:000011E8             BEQ loc_1224
.text:000011EA             LDR R0, =(aFindTheMethod - 0x11F0)
.text:000011EC             ADD R0, PC       ; "find the method"
.text:000011EE             BLX printf
.text:000011F2
.text:000011F2 loc_11F2                            ; CODE XREF: .text:0000122Cj
.text:000011F2             LDR R2,
.text:000011F4             MOVS R3, #0x234
.text:000011F8             LDR R0,
.text:000011FA             MOVS R1, R6
.text:000011FC             MOVS R2, R7
.text:000011FE             MOV R12, R0
.text:00001200             MOVS R3, #0
.text:00001202             MOVS R0, R4
.text:00001204             BLX R12
.text:00001206             LDR R0, =(aExit - 0x120C)
.text:00001208             ADD R0, PC       ; "exit"
.text:0000120A             BLX printf
.text:0000120E             B    loc_119E
.text:00001210 ; ---------------------------------------------------------------------------
.text:00001210
.text:00001210 loc_1210                            ; CODE XREF: .text:0000117Ej
.text:00001210             LDR R1, =(aHash_codeSDD - 0x121A)
.text:00001212             LDR R2, =(a2679523376 - 0x121C)
.text:00001214             ADD R0, SP, #0xC
.text:00001216             ADD R1, PC       ; "hash_code : %s%d%d"
.text:00001218             ADD R2, PC       ; "2679523376"
.text:0000121A             MOVS R3, #0x9A
.text:0000121C             STR R6,
.text:0000121E             BLX sprintf
.text:00001222             B    loc_1180
.text:00001224 ; ---------------------------------------------------------------------------
.text:00001224
.text:00001224 loc_1224                            ; CODE XREF: .text:000011E8j
.text:00001224             LDR R0, =(unk_3074 - 0x122A)
.text:00001226             ADD R0, PC ; unk_3074
.text:00001228             BLX printf
.text:0000122C             B    loc_11F2

软件下载地址：http://pan.baidu.com/s/1dEixbwt

页: [1]

逆向未来技术社区's Archiver

过签名验证求助