安卓smali问题
我目前正在对 smali/“代码混淆器”进行一些研究,并且目前正在尝试熟悉反编译的源代码。为此,我创建了一个简单的应用程序并通过 smali 对其进行了反编译。
我现在试图了解反编译的源代码,以改进和比较稍后使用代码混淆器后的安全性(针对反编译)。虽然大多数 smali 源代码并不那么困难,但有时我仍然会遇到数字格式转换问题。
您可以向我解释一下,例如以下行。我猜它的值应该是五,但我不确定这是什么类型的二进制格式。如何计算 0x4014 = 5 ???
const-wide/high16 v0, 0x4014 // 100000000010100 (5 = 101)
附件是该测试功能的完整java和smali代码源:
Java源:
boolean test(int a, double d) {
if (a < 5 && d < 5)
return true;
else
return false;
}
Smali源:
.method test(ID)Z
.locals 2
.parameter "a"
.parameter "d"
.prologue
.line 28
const/4 v0, 0x5
if-ge p1, v0, :cond_0
const-wide/high16 v0, 0x4014
cmpg-double v0, p2, v0
if-gez v0, :cond_0
.line 29
const/4 v0, 0x1
.line 31
:goto_0
return v0
:cond_0
const/4 v0, 0x0
goto :goto_0
.end method
I'm currently doing some research on smali/"code obfuscator" and I'm trying to get familar with the decompiled source codes at the moment. For this I created a simple app and decompiled it by smali.
I'm trying to understand the decompiled source code now to improve and compare the security (against decompiling) after using a code obfuscator later. While most of the smali source code is not that difficult, I'm still having sometimes problems with the format conversion of figures.
May you explain to me e.g. the following line. I guess it should have a value of five, but I'm not sure, which kind of binary format this is. How to calculate it 0x4014 = 5 ???
const-wide/high16 v0, 0x4014 // 100000000010100 (5 = 101)
Attached are the full java and smali code sources of this test function :
Java source:
boolean test(int a, double d) {
if (a < 5 && d < 5)
return true;
else
return false;
}
Smali source:
.method test(ID)Z
.locals 2
.parameter "a"
.parameter "d"
.prologue
.line 28
const/4 v0, 0x5
if-ge p1, v0, :cond_0
const-wide/high16 v0, 0x4014
cmpg-double v0, p2, v0
if-gez v0, :cond_0
.line 29
const/4 v0, 0x1
.line 31
:goto_0
return v0
:cond_0
const/4 v0, 0x0
goto :goto_0
.end method
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
不幸的是,dalvik 字节码不区分整数类型(短/整数/长/等)和浮点类型(浮点/双精度)。所以baksmali无法知道是否将这样的常量显示为浮点或整数,因此它只是默认为整数。
由于您提到的指令的存在,情况变得更加复杂。从 dalvik 文档中的 dalvik-bytecode 页面:
“移动给定的文字值(右零扩展为 64 位)到指定的寄存器对中。”。
因此该指令实际上会将值 0x4014000000000000 加载到 v0 和 v1 寄存器中。这是标准 64 位 IEEE-754 浮点表示形式。第一个(最高有效)位是符号位,接下来的 11 位是指数(基数 2),最后 52 位是尾数。在这种情况下,我们有一个二进制表示
对于符号位,0 为正,1 为负。
对于指数,您取 11 位的整数值(在本例中为 1025),然后减去 1023,得到指数 2。
对于尾数,前面有一个隐含的“1”,在 2 中^0 位置,后面的数字通常是 2^-1、2^-2 等。所以在这种情况下,我们有二进制数 1.01,或 1*2^0 + 1*2^-2,或1.25。
用于该值的计算的一般形式为
-1^(2+S) * M * 2^E
其中 S、M 和 E 是符号、尾数和指数。
在这种情况下,我们有
-1^(2+0) * 1.25 * 2^2 = 1 * 1.25 * 4 = 5
如果您不想每次都手动进行此计算,有各种在线计算器可以为您完成。 http://babbage.cs.qc.edu/IEEE-754/64bit.html 似乎是更好的之一。
Unfortunately, dalvik bytecode makes no distinction between integral types (short/integer/long/etc.), and floating point types (float/double). So baksmali can't know whether to show a constant like that as a floating point or integer, so it just defaults to integer.
This is further complicated by the existance of instructions like that one that you mentioned. From the dalvik-bytecode page from the dalvik documentation:
"Move the given literal value (right-zero-extended to 64 bits) into the specified register-pair.".
So that instruction will actually load the value 0x4014000000000000 into the v0 and v1 registers. This is a standard 64bit IEEE-754 floating point representation. The first (most significant) bit is the sign bit, the next 11 bits are the exponent (base 2), and the last 52 bits are the mantissa. In this case, we have a binary representation of
For the sign bit, 0 is positive and 1 is negative.
For the exponent, you take the integer value of the 11 bits (in this case, 1025), and subtract 1023, for an exponent of 2.
And for the mantissa, there is an implied "1" at the front, in the 2^0 place, with the following digits being the usual 2^-1, 2^-2, etc. So in this case, we have the binary number 1.01, or 1*2^0 + 1*2^-2, or 1.25.
The general form of the calculation used for the value is
-1^(2+S) * M * 2^E
Where S, M and E are the sign, mantissa and exponent.
In this case, we have
-1^(2+0) * 1.25 * 2^2 = 1 * 1.25 * 4 = 5
If you don't want to do this calculation manually every time, there are various online calculators that can do it for you. http://babbage.cs.qc.edu/IEEE-754/64bit.html seems to be one of the better ones.
我是凭记忆这样做的,但据我所知,浮点数通常是这样存储的:
s= 符号,m= 尾数,e= 指数。因此,在您的情况下,符号必须为 1 或正数,尾数为 5,指数为零:+5 x 2^0 = 5
请参阅维基百科文章 浮点 了解更多信息。显然,你的编码使用 15 位,这对于浮点数来说并不是很多,特别是指数只有 2 位,所以它可能完全是另一回事。这只是我有根据的猜测。您可以尝试输入其他数字并检查反编译的代码以了解更多信息。
I'm doing this from memory, but as far as I remember, floating point numbers are generally stored like this:
s= sign,m= mantissa,e= exponent. So in your case, the sign must be 1 or positive, the mantissa is 5, and the exponent is zero:+5 x 2^0 = 5
See the Wikipedia article on floating point for more information. Apparently your encoding uses 15 bits which is not a lot for a floating point number, especially with only 2 bits for the exponent, so it might be something else entirely. This is just my educated guess. You might try putting in other numbers and examining the decompiled code to learn more.
这显然是“5”作为双精度的适当二进制编码,用于与该浮点类型的第二个参数进行比较。
It's apparently the appropriate binary encoding of "5" as a double, for comparison against your second parameter of that floating-point type.