快键指令详解：help帮助信息d|dis反编译信息d0x地址地址信息meg:mr0mr0smr016(长度)读取寄存器内存mOx指定地址内存w0x写入hex数据bt调用栈信息b断点指令c继续blr返回上一层r删除当前断点exit|quic推出n执行下一条步出步过s步入msp查看栈数据st(hex)搜索栈数据vm当前so加载情况shr(hex)堆类查找vbs查看到断点cc生成汇编及C源码指令：packagecom.github.unidbg.arm;importcom.github.unidbg.Emulator;importcom.github.unidbg.Family;importcom.

若计算的结果和你抓包的不一样，需要自己手动修改main_hmac详细可以看着一篇：https://codeooo.blog.csdn.net/article/details/122988709eg：packagecom.xhs;importcom.github.unidbg.AndroidEmulator;importcom.

frida:functionprintApplication(){Java.perform(function(){varBaseApplication=Java.use("com/izuiyou/common/base/BaseApplication");varapplication=BaseApplication.getAppContext();console.log(application);})}unidbg：packagecom.jniunidbg.part5;importcom.github.unidbg.Emulator;importcom.github.unidbg.arm.co

==========逆向必备：函JNItrace是一个基于Frida框架的Hookjni方法的库。https://github.com/chame1eon/jnitracejnitrace-llibbili.sotv.danmaku.bili--ignore-vm加密函数定位：https://github.com/lasting-yang/frida_hook_libart.gitdump脚本修复加密sohttps://github.com/lasting-yang/frida_dumpfridahook模板：so:https://blog.csdn.net/weixin_38927522/a

packagecom.dta.lesson35;importcom.dta.lesson34.Base64;importcom.github.unidbg.AndroidEmulator;importcom.github.unidbg.Module;importcom.github.unidbg.linux.android.AndroidEmulatorBuilder;importcom.github.unidbg.linux.android.AndroidResolver;importcom.github.unidbg.linux.android.dvm.*;importcom.github

packagecom.dta.lesson27;importcom.github.unidbg.AndroidEmulator;importcom.github.unidbg.Module;importcom.github.unidbg.arm.backend.Backend;importcom.github.unidbg.linux.AndroidElfLoader;importcom.github.unidbg.linux.android.AndroidEmulatorBuilder;importcom.github.unidbg.linux.android.AndroidResolver

//简单的需求可以调用Unicorn对虚拟内存进行修改publicvoidpatchVerify(){intpatchCode=0x4FF00100;//emulator.getMemory().pointer(module.base+0x1E86).setInt(0,patchCode);}//HOOZZpublicvoidHookMDStringold(){//加载HookZzIHookZzhookZz=HookZz.getInstance(emulator);hookZz.wrap(module.base+0x1BD0+1,newWrapCallbackHookZzArm32Regist

packagecom.jniunidbg.part7;importcom.github.unidbg.AndroidEmulator;importcom.github.unidbg.Module;importcom.github.unidbg.linux.android.AndroidEmulatorBuilder;importcom.github.unidbg.linux.android.AndroidResolver;importcom.github.unidbg.linux.android.dvm.*;importcom.github.unidbg.linux.android.dvm.a

eg:话不多说，这个apk如果是用unidbg调用的话，那就很简单，而且so层没有调用java层一些东西，都不用补环境。上图吧：init:decrypt:encrypt:packagecom.sougou;

记录学习笔记~packagecom.dta.lesson2;importcom.github.unidbg.AndroidEmulator;importcom.github.unidbg.Module;importcom.github.unidbg.arm.backend.DynarmicFactory;importcom.github.unidbg.linux.android.AndroidEmulatorBuilder;importcom.github.unidbg.linux.android.AndroidResolver;importcom.github.unidbg.linux.an