Debugging non-debuggable apps
Normally, only apps whose Android Manifest explicitly has a debuggable flag set to true are debuggable. However, this is rarely the case when analyzing in-the-wild applications, malicious or otherwise. In such cases, you have several options.
-
Run the app in an emulator. Emulators have the ro.debuggableproperty set to 1. This means they will debug all apps, regardless of the debuggable flag in the Manifest.
-
Use a rooted phone. A rooted phone will allow you to modify thero.debuggable property, and change it from 0 (standard on production devices) to 1. The rooting process is out-of-scope for this document: it is device specific and rooting instructions can easily be found online. As for ro.debuggable, we will explain how to change this system property in a separate blog entry.
-
Unpack/modify/repack your app. Depending on whether the Manifest is obfuscated or not, this may be the simplest option. If the Manifest is obfuscated, the repacking process may not work. Another caveat applies: signing. You will have to sign the repacked app using your own key; be aware of the implications if you choose that option. 1
大概意思(调试任意apk的办法):
-
在模拟器具有ro.debuggable=1系统属性的模拟器上运行(比如Genymotion、天天模拟器、夜神模拟器,注最近夜神模拟器已经关闭这个功能)
-
用一部root过的手机,在已经root的设备上修改只读的系统属性。使用此工具来修改ro.debuggable的值(0->1)。(使用setpropex工具、或命令直接修改)
-
解压/修改/重新打包apk:修改AndroidManifest.xml中的debug属性就可以进行调试。(给app添加android:debuggable="true",再重打包的步骤了)
参考来源:https://www.pnfsoftware.com/blog/jeb-android-debuggers/
分享是一种美德,牵手是一种生活方式。