unidbg直接调用so文件内方法

参考文档https://blog.csdn.net/weixin_43582101/article/details/108012579

1.环境安装

Maven https://www.jianshu.com/p/eddcc16dd9af

Jdk

2.unidbg的安装

unidbg下载链接： https://github.com/zhkl0228/unidbg

3.调用模板以及介绍

package com.bytedance.frameworks.core.encrypt;

import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.DalvikModule;
import com.github.unidbg.linux.android.dvm.DvmClass;
import com.github.unidbg.linux.android.dvm.VM;
import com.github.unidbg.linux.android.dvm.array.ByteArray;
import com.github.unidbg.memory.Memory;
import com.github.unidbg.linux.android.dvm.DvmClass;
import java.util.Arrays;
import java.io.File;

public class test {
    public static void main(String[] args) {
        AndroidEmulator emulator = AndroidEmulatorBuilder.for32Bit().setProcessName("com.fuck.you").build(); // 创建模拟器实例，要模拟32位或者64位，在这里区分
        final Memory memory = emulator.getMemory(); // 模拟器的内存操作接口
        memory.setLibraryResolver(new AndroidResolver(23)); // 设置系统类库解析
        VM vm = emulator.createDalvikVM(); // 创建Android虚拟机
        vm.setVerbose(true); // 设置是否打印Jni调用细节
        DalvikModule dm = vm.loadLibrary(new File("/Users/a3530/Desktop/unidbg-master/unidbg-android/target/test-classes/example_binaries/libttEncrypt_2.so"), false); // 加载libttEncrypt.so到unicorn虚拟内存，加载成功以后会默认调用init_array等函数
        dm.callJNI_OnLoad(emulator); // 手动执行JNI_OnLoad函数
        Module module = dm.getModule(); // 加载好的libttEncrypt.so对应为一个模块
        DvmClass TTEncryptUtils = vm.resolveClass("com/bytedance/frameworks/core/encrypt/TTEncryptUtils");  //java中方法
        System.out.println("开始");
        byte[] data = {31, -117, 8, 0, 40, 38, 55, 97, 2, -1, 21, -54, 77, 10, -128, 32, 16, 64, -31, -85, -60, -84, 91, 56, 26, 17, 93, 102, -112, 28, 76, -56, -97, -46, 32, 18, -17, -98, 109, -33, -5, 42, 120, 109, -35, 70, 69, 91, 88, 7, -56, -103, 116, 74, 116, 68, 11, -29, 0, 59, 107, -61, 87, -17, 21, 98, -30, 112, 27, 103, 126, -12, -68, -26, -108, 10, -95, 117, 66, -106, 3, 21, -25, -71, 15, -100, 21, 10, 49, 73, 33, 22, -60, -10, 1, -18, -112, -23, 113, 90, 0, 0, 0};
        System.out.println(convertByteToHexString(data));
        ByteArray result_list =TTEncryptUtils.callStaticJniMethodObject(emulator,"handleData([BI)[B",data,data.length);  //其中handleData([BI)[B是smail语法,方法名(入参数据类型1入参数据类型2)出参 [B数组 I数字
        System.out.println(result_list.getValue());  //看情况
    }
}