Android逆向(二)-系统调试开关

本篇文章主要介绍下android下的系统调试开关.

1: build.prop简介

android中有一些常用的配置信息都存放在一个文件中,如:设备系统/版本号/Cpu等信息.

而这个文件就是/system/build.prop

我们先简单看下这个文件:

zh@zh:~/workSpace$ adb shell
le_x2:/ $ su
le_x2:/ # cat /system/build.prop      # begin common build properties
# autogenerated by build/make/tools/buildinfo_common.sh
ro.system.build.date=Mon Nov 22 11:56:36 CST 2021
ro.system.build.date.utc=1637553396
ro.system.build.fingerprint=LeEco/LeMax2_WW/le_x2:6.0.1/FKXOSOP5801910311S/letv10310125:user/release-keys
ro.system.build.id=QQ3A.200805.001
ro.system.build.tags=release-keys
ro.system.build.type=userdebug
ro.system.build.version.incremental=eng.xiezia.20211122.094459
ro.system.build.version.release=10
ro.system.build.version.sdk=29
ro.product.system.brand=LeEco
ro.product.system.device=x2
ro.product.system.manufacturer=LeEco
ro.product.system.model=lineage_x2
ro.product.system.name=LeMax2_WW
# end common build properties
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=QQ3A.200805.001
ro.build.display.id=lineage_x2-userdebug 10 QQ3A.200805.001 eng.xiezia.20211122.094459 release-keys
ro.build.version.incremental=eng.xiezia.20211122.094459
ro.build.version.sdk=29
ro.build.version.preview_sdk=0
ro.build.version.preview_sdk_fingerprint=REL
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=10
ro.build.version.security_patch=2021-05-05
ro.build.version.base_os=
ro.build.version.min_supported_target_sdk=23
ro.build.date=Mon Nov 22 11:56:36 CST 2021
ro.build.date.utc=1637553396
ro.build.type=userdebug
ro.build.user=xieziao
ro.build.host=xieziao-OptiPlex-7050
ro.build.tags=release-keys
ro.build.flavor=lineage_x2-userdebug
# ro.product.cpu.abi and ro.product.cpu.abi2 are obsolete,
# use ro.product.cpu.abilist instead.
ro.product.cpu.abi=arm64-v8a
ro.product.cpu.abilist=arm64-v8a,armeabi-v7a,armeabi
ro.product.cpu.abilist32=armeabi-v7a,armeabi
ro.product.cpu.abilist64=arm64-v8a
ro.product.locale=en-US
ro.wifi.channels=
# ro.build.product is obsolete; use ro.product.device
ro.build.product=le_x2
# Do not try to parse description or thumbprint
ro.build.description=le_x2-user 6.0.1 FKXOSOP5801910311S eng.letv.20161031.012138.wechatpay release-keys
ro.lineage.device=x2
# end build properties#
# ADDITIONAL_BUILD_PROPERTIES
#
ro.treble.enabled=true
persist.debug.dalvik.vm.core_platform_api_policy=just-warn
dalvik.vm.lockprof.threshold=500
net.bt.name=Android
ro.build.fingerprint=LeEco/LeMax2_WW/le_x2:6.0.1/FKXOSOP5801910311S/letv10310125:user/release-keys
ro.lineage.version=17.1-20211122-UNOFFICIAL-x2
ro.lineage.releasetype=UNOFFICIAL
ro.lineage.build.version=17.1
ro.modversion=17.1-20211122-UNOFFICIAL-x2
ro.lineagelegal.url=https://lineageos.org/legal
ro.lineage.display.version=17.1-20211122-UNOFFICIAL-x2
ro.lineage.build.version.plat.sdk=9
ro.lineage.build.version.plat.rev=0
le_x2:/ # 

android 中通过两个命令可以操作这些信息: getprop和setprop.

le_x2:/ # getprop ro.build.fingerprint
LeEco/LeMax2_WW/le_x2:6.0.1/FKXOSOP5801910311S/letv10310125:user/release-keys

127|le_x2:/ # setprop ro.build.fingerprint eEco/LeMax2_WW/le_x2:6.0.1/FKXOSOP5801910311S/letv10310125:user/release-keys1
setprop: failed to set property 'ro.build.fingerprint' to 'eEco/LeMax2_WW/le_x2:6.0.1/FKXOSOP5801910311S/letv10310125:user/release-keys1'

但是ro开头的这些属性是不允许后期修改的，需要重新编译系统镜像文件boot.img。

而我们说的系统调试开关是哪个呢？

2: default.prop

这里就要讲到另一个文件default.prop

1|le_x2:/ # cat default.prop                                                                                                                                                           
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.actionable_compatible_property.enabled=false
ro.postinstall.fstab.prefix=/system
ro.secure=1
security.perf_harden=1
ro.allow.mock.location=0
ro.debuggable=1
debug.atrace.tags.enableflags=0
dalvik.vm.image-dex2oat-Xms=64m
dalvik.vm.image-dex2oat-Xmx=64m
dalvik.vm.dex2oat-Xms=64m
dalvik.vm.dex2oat-Xmx=512m
dalvik.vm.usejit=true
dalvik.vm.usejitprofiles=true
dalvik.vm.dexopt.secondary=true
dalvik.vm.appimageformat=lz4
ro.dalvik.vm.native.bridge=0
pm.dexopt.first-boot=quicken
pm.dexopt.boot=verify
pm.dexopt.install=speed-profile
pm.dexopt.bg-dexopt=speed-profile
pm.dexopt.ab-ota=speed-profile
pm.dexopt.inactive=verify
pm.dexopt.shared=speed
dalvik.vm.dex2oat-resolve-startup-strings=true
dalvik.vm.dex2oat-max-image-block-size=524288
dalvik.vm.minidebuginfo=true
dalvik.vm.dex2oat-minidebuginfo=true
ro.iorapd.enable=false
tombstoned.max_tombstone_count=50
ro.com.google.clientidbase=android-leeco
ro.adb.secure=1
ro.control_privapp_permissions=enforce
ro.storage_manager.enabled=true
persist.sys.dun.override=0
media.recorder.show_manufacturer_and_model=true
net.tethering.noprovisioning=true
persist.sys.usb.config=none
le_x2:/ # 

Dalvik虚拟机从android 框架中启动时，系统的ro.debuggable为1。 则说明系统中的所有程序都是可以调试的。

如果为0，则继续判断应用程序manifest文件中android:debuggable的值是否为true.如果是true，则支持调试。