{"id":16,"date":"2017-03-28T13:46:56","date_gmt":"2017-03-28T11:46:56","guid":{"rendered":"http:\/\/barebit.com\/cz\/?p=16"},"modified":"2017-03-28T15:33:56","modified_gmt":"2017-03-28T13:33:56","slug":"reverzovani-android-aplikaci-uvod","status":"publish","type":"post","link":"https:\/\/barebit.com\/cz\/reverzovani-android-aplikaci-uvod\/","title":{"rendered":"Reverzov\u00e1n\u00ed Android aplikac\u00ed: \u00favod"},"content":{"rendered":"<p>Android v posledn\u00edch letech p\u0159edstihl iOS a ovl\u00e1dnul mobiln\u00ed telefony a tablety. T\u00edm se se nevyhnuteln\u011b dostal do z\u00e1jmu v\u00fdzkumn\u00edk\u016f, cracker\u016f a hern\u00edch cheater\u016f. Pokud chcete teprve za\u010d\u00edt s reverzov\u00e1n\u00edm aplikac\u00ed pro Android, n\u00e1sleduj\u00edc\u00ed text se sna\u017e\u00ed vysv\u011btlit nezbytnou p\u0159\u00edpravu. \u010cl\u00e1nky, kter\u00e9 by m\u011bly n\u00e1sledovat, se u\u017e budou v\u00edc v\u011bnovat jednotliv\u00fdm t\u00e9mat\u016fm a reverzov\u00e1n\u00ed aplikac\u00ed.<\/p>\n<h2><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-25 aligncenter\" src=\"http:\/\/barebit.com\/cz\/wp-content\/uploads\/sites\/3\/2017\/02\/android_crack-300x300.png\" alt=\"\" width=\"300\" height=\"300\" srcset=\"https:\/\/barebit.com\/cz\/wp-content\/uploads\/sites\/3\/2017\/02\/android_crack-300x300.png 300w, https:\/\/barebit.com\/cz\/wp-content\/uploads\/sites\/3\/2017\/02\/android_crack-150x150.png 150w, https:\/\/barebit.com\/cz\/wp-content\/uploads\/sites\/3\/2017\/02\/android_crack-100x100.png 100w, https:\/\/barebit.com\/cz\/wp-content\/uploads\/sites\/3\/2017\/02\/android_crack.png 600w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Motivace<\/h2>\n<p>Um\u011bn\u00ed reverzov\u00e1n\u00ed na Androidu nemus\u00ed b\u00fdt dobr\u00e9 jenom kv\u016fli crackov\u00e1n\u00ed aplikac\u00ed a her. Existuje n\u011bkolik leg\u00e1ln\u00edch d\u016fvod\u016f, kdy se m\u016f\u017ee hodit:<\/p>\n<ul>\n<li>B\u011bhem klasick\u00fdch penetra\u010dn\u00edch test\u016f m\u016f\u017ee prob\u00edhat tak\u00e9 anal\u00fdza klientsk\u00e9 aplikace. Na mobilech to je typicky bankovn\u00ed aplikace pro Android a iOS. V r\u00e1mci OWASP se tomu v\u011bnuje <a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Mobile_Security_Project\">zvl\u00e1\u0161tn\u00ed projekt<\/a>. T\u0159eba k zabezpe\u010den\u00ed mobiln\u00edho bankovnictv\u00ed Raiffeisenbank napsal p\u00e1r slov <a href=\"http:\/\/www.mesec.cz\/clanky\/bezpecnost-mobilniho-ekonta-raiffeisenbank-podrobne\/\">jeden z jeho autor\u016f<\/a>. Zaj\u00edmav\u011b tak\u00e9 vypad\u00e1 projekt <a href=\"https:\/\/github.com\/dineshshetty\/Android-InsecureBankv2\">Android InsecureBankv2<\/a> nebo <a href=\"http:\/\/payatu.com\/damn-insecure-and-vulnerable-app\/\">Damn insecure and vulnerable App<\/a>.<\/li>\n<li>Anal\u00fdza malware, kter\u00e9ho existuje pro Android obrovsk\u00e9 mno\u017estv\u00ed. V \u010cesku existuje n\u011bkolik firem, kter\u00e9 se mobiln\u00edm malwarem zab\u00fdvaj\u00ed (krom\u011b Avastu a ESETu).<\/li>\n<li>V hern\u00edm pr\u016fmyslu anal\u00fdza crack\u016f a cheat\u016f. Cheatov\u00e1n\u00ed se sice \u010dasto d\u00e1 zachytit na serveru sledov\u00e1n\u00edm chov\u00e1n\u00ed hr\u00e1\u010de, d\u00e1v\u00e1 ale smysl sna\u017eit se o protiakci i na stran\u011b klienta zt\u00ed\u017een\u00edm \u00faprav k\u00f3du a dat hry. V\u011bt\u0161\u00ed firmy v oboru, t\u0159eba \u010desk\u00e1 Bohemia Interactive, maj\u00ed na boj s cheatery vytvo\u0159en\u00e9 t\u00fdmy. Zaj\u00edmavou p\u0159edn\u00e1\u0161ku na tohle t\u00e9ma m\u011bl jejich <a href=\"https:\/\/www.youtube.com\/watch?v=1X3-Xzw-z5Q\">lead producer Eugen Harton<\/a>.<\/li>\n<\/ul>\n<h2>Z\u00edsk\u00e1n\u00ed soubor\u016f aplikace pro Android<\/h2>\n<p>I kdy\u017e je Android postaven\u00fd na Linuxu, nepou\u017e\u00edv\u00e1 tradi\u010dn\u00ed bal\u00ed\u010dkovac\u00ed syst\u00e9m. Nam\u00edsto toho jsou aplikace distribuov\u00e1ny ve form\u011b soubor\u016f APK (inspirace soubory IPA z iOS je z\u0159ejm\u00e1), kter\u00fd pou\u017e\u00edv\u00e1 tradi\u010dn\u00ed ZIP form\u00e1t. Ka\u017ed\u00e1 aplikace m\u00e1 jedine\u010dn\u00fdm identifik\u00e1tor ve form\u011b <em>com.example.name<\/em>.<\/p>\n<p>Hlavn\u00edm distribu\u010dn\u00edm kan\u00e1lem je obchod Google Play, z kter\u00e9ho ale nejde soubory APK z\u00edsk\u00e1vat p\u0159\u00edmo. M\u00edsto toho stahov\u00e1n\u00ed a instalaci prov\u00e1d\u00ed na pozad\u00ed <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.gms\">Google Play services<\/a>. Soubor APK jde potom z\u00edskat p\u0159\u00edmo ze za\u0159\u00edzen\u00ed &#8211; po instalaci nedojde k jeho smaz\u00e1n\u00ed. Nejrychleji se d\u00e1 APK aplikace z Google Play z\u00edskat sta\u017een\u00edm z webu apkpure.com, kter\u00fd s minim\u00e1ln\u00edm zpozd\u011bn\u00edm nab\u00edz\u00ed ke sta\u017een\u00ed snad v\u0161echny neplacen\u00e9 aplikace.<\/p>\n<p>Pro za\u010d\u00e1tek si se\u017ee\u0148te APK aplikace <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.barebit.cme.on_coffee\">com.barebit.cme.on_coffee<\/a>, s kterou budeme pracovat v n\u00e1sleduj\u00edc\u00edch kapitol\u00e1ch.<\/p>\n<p>Vedle toho existuje spousta neofici\u00e1ln\u00edch distributor\u016f, pro bezplatn\u00e9 aplikace nap\u0159. <a href=\"https:\/\/f-droid.org\/\">F-Droid<\/a>. Ten vedle vlastn\u00edho instal\u00e1toru nab\u00edz\u00ed ke sta\u017een\u00ed i APK ka\u017ed\u00e9 aplikace p\u0159\u00edmo na webu.<\/p>\n<p>Pro komer\u010dn\u00ed aplikace plat\u00ed, \u017ee pokud nejsou na Google Play, tak jako by nebyly. I kdy\u017e Google Play nen\u00ed tak p\u0159\u00edsn\u00fd jako iTunes, aplikace mus\u00ed spl\u0148ovat <a href=\"https:\/\/play.google.com\/about\/developer-content-policy\/\">spoustu pravidel<\/a>, t\u00fdkaj\u00edc\u00edch se obsahu, soukrom\u00ed nebo zobrazov\u00e1n\u00ed reklamy.<\/p>\n<h2>Jak na v\u00fdb\u011br za\u0159\u00edzen\u00ed<\/h2>\n<p>Pro v\u00e1\u017en\u011bj\u0161\u00ed pr\u00e1ci s Androidem se vyplat\u00ed po\u0159\u00eddit si fyzick\u00e9 za\u0159\u00edzen\u00ed. V n\u00e1sleduj\u00edc\u00edch \u010dl\u00e1nc\u00edch si \u0159ekneme, pro\u010d nen\u00ed emul\u00e1tor optim\u00e1ln\u00ed volba.<\/p>\n<p>Aktu\u00e1ln\u00ed roz\u0161\u00ed\u0159en\u00ed r\u016fzn\u00fdch verz\u00ed Androidu je vid\u011bt t\u0159eba na <a href=\"https:\/\/en.wikipedia.org\/wiki\/Android_version_history\">Wikipedii<\/a>. V dob\u011b psan\u00ed \u010dl\u00e1nku je nejnov\u011bj\u0161\u00ed Nougat (verze 7), ale nejroz\u0161\u00ed\u0159en\u011bj\u0161\u00ed je <a href=\"https:\/\/en.wikipedia.org\/wiki\/Android_Lollipop\">Lollipop<\/a>, to znamen\u00e1 verze 5. Je to i nejroz\u0161\u00ed\u0159en\u011bj\u0161\u00ed verze v \u010desk\u00fdch obchodech, aspo\u0148 v oblasti b\u011b\u017en\u00fdch levn\u00fdch tablet\u016f v cen\u011b okolo 2.500 K\u010d, kter\u00e9 pro za\u010d\u00e1tek \u00fapln\u011b posta\u010d\u00ed. Prakticky sta\u010d\u00ed je\u0161t\u011b levn\u011bj\u0161\u00ed Android 4 (KitKat), kter\u00fd vy\u0161el o rok d\u0159\u00edv. V nejhor\u0161\u00edm se d\u00e1 po\u0159\u00eddit i hodn\u011b star\u00fd mobil nebo tablet, ale nem\u011bl by na n\u011bm b\u00fdt Android star\u0161\u00ed ne\u017e verze 2.3 <a title=\"Android Gingerbread\" href=\"https:\/\/en.wikipedia.org\/wiki\/Android_Gingerbread\">Gingerbread<\/a>. Intern\u00ed pam\u011b\u0165 by m\u011bla m\u00edt voln\u00fdch minim\u00e1ln\u011b 100 MB, aby tam \u0161lo n\u011bco instalovat.<\/p>\n<p>Nov\u00e1 verze Androidu vych\u00e1z\u00ed ka\u017ed\u00fd rok, tak\u017ee po\u010d\u00edtejte s rychl\u00fdm zastar\u00e1v\u00e1n\u00edm za\u0159\u00edzen\u00ed. U takto levn\u00fdch za\u0159\u00edzen\u00ed v\u00fdrobce nenab\u00edz\u00ed v\u016fbec \u017e\u00e1dnou aktualizaci syst\u00e9mu. Ta prob\u00edh\u00e1 a\u017e n\u011bkde u mid-range za\u0159\u00edzen\u00ed, ale i tak je podpora pro aktualizace omezen\u00e1. Teprve u nejdra\u017e\u0161\u00edch tablet\u016f a telefon\u016f, jako je Google Nexus a Pixel, m\u016f\u017eete o\u010dek\u00e1vat podporu trvaj\u00edc\u00ed n\u011bkolik let.<\/p>\n<h3>Architektura<\/h3>\n<p>I kdy\u017e Android ofici\u00e1ln\u011b podporuje architektury ARM, x86 a MIPS (v\u0161e jak 32bitov\u00e9, tak 64bitov\u00e9), naprost\u00e1 v\u011bt\u0161ina za\u0159\u00edzen\u00ed na trhu b\u011b\u017e\u00ed na ARMv7 (pozor, nepl\u00e9st s <a href=\"https:\/\/en.wikipedia.org\/wiki\/ARM7\">ARM7<\/a>). Teprve v posledn\u00edch letech se roz\u0161i\u0159uje x86 (v prodejn\u00e1ch nep\u0159esn\u011b uv\u00e1d\u011bn\u00e1 jako &#8222;Intel&#8220;). Z toho d\u016fvodu se dodnes setk\u00e1te s aplikacemi, kter\u00e9 spou\u0161t\u011bj\u00ed nativn\u00ed k\u00f3d, ale jenom pro architekturu ARM, p\u0159esto\u017ee aplikace m\u016f\u017ee obsahovat jak nativn\u00ed ARM k\u00f3d, tak x86. Bude to t\u00e9matem n\u00e1sleduj\u00edc\u00edch kapitol.<\/p>\n<p>Co se t\u00fd\u010de 64bitov\u00fdch architektur ARM64 a x86-64, ty jsou na trhu jenom kr\u00e1tce v kategorii high-end\u016f.<\/p>\n<p>Za\u0159\u00edzen\u00ed b\u011b\u017e\u00edc\u00ed na x86 sice dok\u00e1\u017eou spou\u0161t\u011bt nativn\u00ed ARM k\u00f3d d\u00edky knihovn\u011b <a href=\"https:\/\/commonsware.com\/blog\/2013\/11\/21\/libhoudini-what-it-means-for-developers.html\">houdini<\/a>, ale p\u0159eklad nefunguje v\u017edy na 100%. Z toho d\u016fvodu se d\u00e1 doporu\u010dit, aby va\u0161e prvn\u00ed za\u0159\u00edzen\u00ed b\u011b\u017eelo na ARMv7.<\/p>\n<h3>Root<\/h3>\n<p>Pro reverzov\u00e1n\u00ed na Androidu se hod\u00ed za\u0159\u00edzen\u00ed &#8222;rootnout&#8220;, to znamen\u00e1 odstranit omezen\u00ed \u00fa\u010dtu, na kter\u00e9m Android standardn\u011b b\u011b\u017e\u00ed. Podobn\u011b jako jailbreak na iOS nen\u00ed rootnut\u00ed Androidu ofici\u00e1ln\u011b podporov\u00e1no. Proces rootnut\u00ed se \u010dasto li\u0161\u00ed podle v\u00fdrobce.<\/p>\n<p>Je\u0161t\u011b p\u0159ed zakoupen\u00edm konkr\u00e9tn\u00edho tabletu nebo telefonu je dobr\u00e9 zjistit, jestli jde v\u016fbec rootnout. U n\u011bkter\u00fdch z nich to m\u016f\u017ee b\u00fdt z\u00e1sadn\u00ed probl\u00e9m. Samoz\u0159ejm\u011b \u010d\u00edm roz\u0161\u00ed\u0159en\u011bj\u0161\u00ed ur\u010dit\u00fd model je, t\u00edm v\u00edc se na n\u011bm komunita sna\u017e\u00ed pracovat. Jedn\u00edm z dobr\u00fdch zdroj\u016f na toto t\u00e9ma je <a href=\"https:\/\/forum.xda-developers.com\/\">XDA-Developers forum<\/a>, kam sta\u010d\u00ed zadat n\u011bco jako &#8222;root Acer B1 710&#8220;. V diskuz\u00edch je trochu chaos, ale pokud je rootnut\u00ed dostupn\u00e9, n\u00e1vod tam n\u011bkde je.<\/p>\n<h2>Programov\u00e1n\u00ed pro Android<\/h2>\n<p>Pokud m\u00e1te hlub\u0161\u00ed z\u00e1jem o Android, nau\u010dte se z\u00e1klady programov\u00e1n\u00ed aplikac\u00ed. Typick\u00e1 aplikace pro Android je napsan\u00e1 v Jav\u011b. Aplika\u010dn\u00ed programov\u00e1n\u00ed ale nebude t\u00e9ma n\u00e1sleduj\u00edc\u00edch \u010dl\u00e1nk\u016f.<\/p>\n<p>K dispozici je p\u0159\u00edmo od Google zadarmo <a href=\"https:\/\/developer.android.com\/studio\/\">Android Studio IDE<\/a>, b\u011b\u017e\u00edc\u00ed na Jav\u011b (IntelliJ IDEA), prost\u0159ed\u00ed p\u0159ipom\u00edn\u00e1 Eclipse IDE. Vedle toho historicky existuje i plugin do Eclipse, kter\u00fd u\u017e Google nepodporuje.<\/p>\n<p>Portabiln\u00ed aplikace (Android a iOS) jde vytv\u00e1\u0159et v <a href=\"https:\/\/www.xamarin.com\/studio\">Xamarin Studio<\/a>, na Windows p\u0159\u00edmo ve <a href=\"https:\/\/www.visualstudio.com\/vs\/android\/\">Visual Studio<\/a>. Tady jde o programov\u00e1n\u00ed v C#, aplikace b\u011b\u017e\u00ed na Androidu na <a href=\"http:\/\/www.mono-project.com\/\">Mono frameworku<\/a>, kter\u00fd u\u017e dnes kontroluje Microsoft.<\/p>\n<p>Co se t\u00fd\u010de her pro mobiln\u00ed za\u0159\u00edzen\u00ed, hodn\u011b popul\u00e1rn\u00ed je <a href=\"https:\/\/unity3d.com\/\">Unity3D<\/a>. Hry pro Android d\u0159\u00edv b\u011b\u017eely na Mono runtime, v sou\u010dasn\u00e9 dob\u011b jde o propriet\u00e1rn\u00ed backend <a href=\"https:\/\/docs.unity3d.com\/Manual\/IL2CPP.html\">IL2CPP<\/a>, kter\u00fd kompiluje IL bytek\u00f3d do C++ zdroj\u00e1k\u016f a odsud do nativn\u00edho k\u00f3du (je to zvl\u00e1\u0161tn\u00ed, ale funguje to).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Android v posledn\u00edch letech p\u0159edstihl iOS a ovl\u00e1dnul mobiln\u00ed telefony a tablety. T\u00edm se se nevyhnuteln\u011b dostal do z\u00e1jmu v\u00fdzkumn\u00edk\u016f, cracker\u016f a hern\u00edch cheater\u016f. Pokud chcete teprve za\u010d\u00edt s reverzov\u00e1n\u00edm aplikac\u00ed pro Android, n\u00e1sleduj\u00edc\u00ed text se sna\u017e\u00ed vysv\u011btlit nezbytnou p\u0159\u00edpravu. \u010cl\u00e1nky, kter\u00e9 by m\u011bly n\u00e1sledovat, se u\u017e budou v\u00edc v\u011bnovat jednotliv\u00fdm t\u00e9mat\u016fm a reverzov\u00e1n\u00ed aplikac\u00ed. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/posts\/16"}],"collection":[{"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":19,"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"predecessor-version":[{"id":93,"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/posts\/16\/revisions\/93"}],"wp:attachment":[{"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/barebit.com\/cz\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}