【Android安全】Keystone和Capstone
简介
Keystone是一个汇编器
https://www.keystone-engine.org/
Capstone是一个反汇编器
https://www.capstone-engine.org/
用法
pip install capstone
pip install keystone-engine
import keystone
import capstonedef ins2bcode(arm_ins):ks = keystone.Ks(keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM)arm_bytecode=ks.asm(arm_ins,as_bytes=True)bytecode =int.from_bytes(arm_bytecode[0],"little") # 将汇编后的字节码转换为整数,使用小端序bytecode_bin =format(bytecode, "032b") # 将整数转换为32位的二进制字符串print("arm ins: \t",arm_ins)print("bytecode hex: \t", hex(bytecode))print("bytecode bin: \t", bytecode_bin)return arm_bytecode[0]def bcode2ins(arm_bytecode):cs=capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)for ins in cs.disasm(arm_bytecode, 0):print("ins.address: \t",ins.address) # 指令的地址print("ins.mnemonic: \t",ins.mnemonic) # 指令的助记符(指令名称)print("ins.op_str: \t",ins.op_str) # 指令的操作数arm_ins ="B #0x40"bytecode = ins2bcode(arm_ins)bcode2ins(bytecode)
输出:
arm ins: B #0x40
bytecode hex: 0xea00000e
bytecode bin: 11101010000000000000000000001110
ins.address: 0
ins.mnemonic: b
ins.op_str: #0x40