From c5620951e812deaa8393fcd64bc059b6c84072fa Mon Sep 17 00:00:00 2001 From: Joe Kirwin Date: Sun, 19 Apr 2020 14:43:21 -0700 Subject: [PATCH] initial commit --- .android/README.md | 8 +++ Dockerfile | 63 ++++++++++++++++++++ README.md | 82 +++++++++++++++++++++++++ img/mascot-recovery.png | Bin 0 -> 19306 bytes samples/.gitignore | 2 + scripts/build_docker.sh | 17 ++++++ scripts/gui_launch.sh | 21 +++++++ scripts/usb_launch.sh | 16 +++++ scripts/vanilla_launch.sh | 18 ++++++ vendored/smali.vim | 122 ++++++++++++++++++++++++++++++++++++++ 10 files changed, 349 insertions(+) create mode 100644 .android/README.md create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 img/mascot-recovery.png create mode 100644 samples/.gitignore create mode 100755 scripts/build_docker.sh create mode 100755 scripts/gui_launch.sh create mode 100755 scripts/usb_launch.sh create mode 100755 scripts/vanilla_launch.sh create mode 100644 vendored/smali.vim diff --git a/.android/README.md b/.android/README.md new file mode 100644 index 0000000..a596ced --- /dev/null +++ b/.android/README.md @@ -0,0 +1,8 @@ +This is a keypair that is usually generated by adb (android debug bridge) +`adb keygen adbkey` + +You can hardcode it with the above command and fix it to this fingerprint: +``` +$ awk '{print $1}' < ~/.android/adbkey.pub|openssl base64 -A -d -a | openssl md5 -c|awk '{print $2}'|tr '[:lower:]' '[:upper:]' +5D:36:FE:BE:B2:56:F4:18:5C:AB:6D:C8:91:E5:01:80 +``` diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..34dc079 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,63 @@ +FROM ubuntu:18.04 + +# UTF8 needed for mitmproxy +ENV LANG=en_CA.UTF-8 + +RUN apt-get update \ + && apt-get upgrade -y \ + && apt-get install -y \ + openjdk-11-jdk \ + libcanberra-gtk-module \ + libcanberra-gtk3-module \ + wget \ + git \ + vim \ + sudo \ + python \ + python-pip \ + python3-pip \ + xdg-utils \ + unzip \ + android-sdk + +RUN cd `mktemp -d` \ + && wget -nv https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool -O apktool \ + && wget -nv https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar -O apktool.jar \ + && sudo mv apktool* /usr/local/bin/ \ + && sudo chmod +x /usr/local/bin/apktool* \ + && git clone --recursive https://github.com/androguard/androguard.git \ + && cd androguard \ + && pip3 install --user .[magic] \ + && wget -nv https://github.com/java-decompiler/jd-gui/releases/download/v1.4.0/jd-gui_1.4.0-0_all.deb -O jdgui.deb \ + && sudo mkdir /usr/share/desktop-directories \ + && dpkg -i jdgui.deb \ + && echo "java --add-opens java.base/jdk.internal.loader=ALL-UNNAMED \ + --add-opens jdk.zipfs/jdk.nio.zipfs=ALL-UNNAMED \ + -jar /opt/jd-gui/jd-gui.jar" > /usr/local/bin/jd-gui \ + && chmod +x /usr/local/bin/jd-gui \ + && mkdir /opt/jadx \ + && cd /opt/jadx \ + && wget -nv https://github.com/skylot/jadx/releases/download/v0.8.0/jadx-0.8.0.zip \ + && unzip jadx-0.8.0.zip \ + && rm jadx-0.8.0.zip \ + && ln -s /opt/jadx/bin/jadx /usr/local/bin/jadx \ + && ln -s /opt/scripts/apex.sh /usr/local/bin/apex \ + && cd /opt \ + && wget -nv https://github.com/pxb1988/dex2jar/releases/download/2.0/dex-tools-2.0.zip \ + && unzip dex-tools-2.0.zip \ + && chmod +x /opt/dex2jar-2.0/* \ + && chmod 655 /opt/dex2jar-2.0 \ + && ln -s ${PWD}/dex2jar-2.0/d2j-dex2jar.sh /usr/local/bin/dex2jar \ + && python3 -m pip install --upgrade trio \ + && sudo pip3 install mitmproxy \ + && mkdir -p /root/.vim/syntax + +COPY vendored/smali.vim /root/.vim/syntax/smali.vim +RUN echo 'autocmd BufRead,BufNewFile *.smali set filetype=smali' >> /root/.vimrc + +# Set up a baked-in way to know which commit this image came from: +ARG SOURCE_URL +RUN echo $SOURCE_URL > /source_url + +WORKDIR /tmp/samples +CMD ["bash"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..4d0f7a0 --- /dev/null +++ b/README.md @@ -0,0 +1,82 @@ +# Android Reversing Workbench + +![mascot bootloader recovery](img/mascot-recovery.png) + +Some tools for manual Android app analysis + +### What's in this docker image? + +Current: +* apktool +* androguard +* dex2jar +* jd-gui +* jadx +* android-sdk +* mitmproxy + +TODO: +* AVD-emulators - SDK is in, just nothing in README yet + +### Building + +_this will take a long time!_ +`$ ./scripts/build_docker.sh` + +### Basic Usage + +`$ ./scripts/vanilla_launch.sh` + +_which is essentially:_ +`$ docker run -v $PWD/samples:/tmp/samples --rm -it --network none android-reversing-workbench:latest` + +For the args above that aren't self-explanatory: + + docker-argument | why + :--- | :--- + \--rm | remove after run because these are teardowns | + \-it | interactive + tty | + \--network none | even though these are arm apps there's an AVD emulator in there, we don't want network requests going unless you say so +\-v | volume mount the local samples dir for use inside the container + +### GUI Decompilation + +Useful if you want to use use JD-GUI for example. +Note: If you need this to work on MacOS then you'll need to do some extra work with Xquartz see [here](https://sourabhbajaj.com/blog/2017/02/07/gui-applications-docker-mac/) for details. + +`$ ./scripts/gui_launch.sh` + +Then you could do something like: +``` +$ dex2jar /tmp/samples/yourfoo.apk +$ jd-gui +``` +this will launch the GUI decompiler + +### mitmproxy +``` +$ ./scripts/usb_launch.sh + +# adb devices +List of devices attached +* daemon not running. starting it now on port 5037 * +ADB server didn't ACK +* failed to start daemon * +error: cannot connect to daemon +# adb kill-server +* server not running * +root@1e58ff8d2e79:/# adb devices +List of devices attached +* daemon not running. starting it now on port 5037 * +* daemon started successfully * +063fb29ef0eaa207 unauthorized + +# adb devices +List of devices attached +063fb29ef0eaa207 device + +# adb reverse tcp:9850 tcp:8080 +# mitmproxy +``` + +Then be sure to connect to wifi with the proxy of localhost:8080 on the device ;) diff --git a/img/mascot-recovery.png b/img/mascot-recovery.png new file mode 100644 index 0000000000000000000000000000000000000000..cb3d1ab228d4b037532434bd485841cc04e9365c GIT binary patch literal 19306 zcmXt8c_38Z`yTslL`artAxW8Rk!6M?BqphlGNdR=60*%=$-Yb_2_Hr%ZJHJ#%Zz=j zjU~xC_MMqwn8BTyZ@)i&=bwA-U-z8%JmuN=Pb?5pqWrSFGKbpP8AkB26mYwm6kjm+kNp!m~6(we=D zJNV&%q_MH9UdL{S7`1j^y5hBAy56|@y6#+1tQl$GVR?^@q>%9A>lc%80m#&=GKQr{x`&Ni$d4s>U3sa@|c&keLpLkJaI)>kY5l4@(3}y8(?7L zs`;fK@uJG{>%fJvE$=&|mh#R^@5xs}tRZm?SV<-(`6CKtz4ghjzZLiy>23%e-KFmpRQdwza?&tP*t ze!iGDh=0e^KYPdK*rQw!=n%;6yyex1|K+b4UC#DsaxSxnuxfxVMkd-hiOJCW3`UNk+Q>GUCm{eMciBXh zDlu*CV zw~zEh{GvWB0aCTd=FOYd>CpqHa_9zw``X|FZ{g0j9K>GzG>Y%Wu`z#pl;{*}y;Hqa zqc=sanX~B&D|EYcYRN{9O97GI*+-d+yp=@7%XvO8%z)Fn)nce07i}oZGqP-id22eN zQDl0itnfLWnH>{!hNM*ZhA<)UnOa*FW$@bjD&^5LfW+N$MsNYX|jEoW#QKj16&_?8CW;+;Oxage3oN45cxbGEfT%>h6cv7}8Kj!#= z1MhZp(YqkdNzv?>PHfne#4j!IEx*zQ!R?RdU*YQY*;Ys0@9uHR%TlqW!p1bmi$ zE`Cg)ot5O^i(VO;##=ty@+CIEhzrsoHGf9G=y2N2vd(?fK?tw>hE>NXz(55uHXne9^JwEf@T-7e9h?;u~%W9+o!Gr zSjDMq{-Xka1vr|MHI1e(X!<&yHgcXU}pUQCcU59x4?R>@bKbiNQQdqAPv*j~3tWA8biL%keHYQBjj&PyT#G-)+$5yUyWpSu5T=8`ay9 zS$y8W0g1Z9q_FAl8)A*{y_Y6x>ViUD$C#(g_xpMZ)hBAk@I}B;5LQlmNi$uI-Iqx3Gm*?Dz^7y5E#hlJ-A=|kMX*ibjecI zAe-q%5)SGm+&mjyskEc10yCd{L%P4c7rwa|zQqW%St`9aZl;7`u>5`*^%2IZXbKr4 zDnuzdvrZ(5r?gXxtn2lAerY(-6lO|&xnye|AJs3+MFe~ zvL2?kOV8u*1cVZOkgtwShzH#GNx#7Vkoef#ng4ouo_Vc*RI>f%UIp(OxvEe12O%-& zC3f(GQ8^o1$HCn?*3cA`3)~!74-c)I!eHt1{Z;)|W4DjgbLeqGRpCn@0bUurmbhUP zoN;6Y0%I=5Ah`b5IDHpZSO`+&rjIJGA{R3lko6}?jQ4Oz z)nb5GHs41Zc??g&q5^9^4&W>M1xOvc-Lz&dTz5u-%iDO)yK$Yzw#_k}xx%brA>5}9 z_by{wKr8y@9kgqFJ{;coG#0sm3`Cg~I&SQh88vF7GBDc^B{e$S7{!JhpqymKz=nSC z8E|wzTWvwYZi!DIk@dr!Im8Ia2r~`~1_B-wgZLU9m)+e4Z zSzqD-F9U%AVO6VyuZo;r#cdqrk|x_|KN`#Kli)zTIIki$=o}U@Z8*gpHQXgbkPq3o zsC#0)FUccJL_3tu0~TI=r0^C?ZV&2H2<+%n)9%B%f?ScN-76Rp0N35@8iv2MSiq(H z+}*%hvUBLf*PQ!75ih9jsHfP*HOvn7k;IePoM>b+PV){y113*`pdi^a0WN2#n*Eh_ zpXsr|>pKUPJ;Zk79!bVVCnKLG?+XrN+@B7~{evCIFJM?MfMKW8Z~%loLuy?sG>@(v zMW&dG^eJs~J}9Gp5nesswHtsXu?uP3?J5%Iwap*m0nT~; zR8jo&^07&R^v$j6FqT}^&euP%Sl)d81l<w_ASu{+1g#%C}b z>QA~nyaQ6ciF_kyta3(d|`#4Wicz$O={_y4}LGoC9kqDQC?h_zE8K>gmPpMd3 za_vNvKYxq+6P)fo%!>fk$w<{CE;3E>W<3AHh6-wfqDBy=xE36@h_=TCvjyl*IL!TGTm&z%O&F@Rd|&nkYSq9fIe?DNT2&1YAz8gcJF@2uSPB{a<+{25C zD)SNZ3`OK`b}kos(6p6R$4+`vRwjoXd!JYCI22`Tp(JmSZe{E_C7%#({09=2&ww6a z=O?h=s;UJs6alLd?&LNLh~)Hs@hsN z=hJUeq`uswL+kp1l_e)!EG3&_IyS-l*iApg_0k|F@`{_1)BSC# zJ{3A7zzR))r!#3nV(peZ#g~bR(hrAK+}wVHKA(n3p;nGsGqkr@on&PhzxaWQei!EL zb{38|Jp|_I<7dnW6)Tf87_!l6X z$?L31!WRZ_Q>agX8%a_TATE%($+$K6=j!TG0|Vm1$TRCR@x0EdfnG(sdc=0U#6j+T ztb#W-+j(CuH9*huap^zz#CBrg*p-Jl4m-TgK0?_ud=y@c2b$WO zn7B2E5%n@qxYhV|Y4*T%0`o{eh1V`ex3xkysMY`GEoyv&$!_ zLxw~?YE89u^1MPo&R}q#D zS4%^ZNxkw!zuhFoSCbmB-&}8KDrGDjKZ(7(z-u)JW0NH5T}W}RZ$16~BBE&;dI$BC zB=y$9>5x`_O7=6N)B~lo#o|Hu}U@x$-O=Q6sJ~d$hU?YbW!C)PU zdW4nT@TTDnw6JR4b+Fg_%6gi0hLcT_o@hPBxC+QSD25QPPeSVW}^=@7BdOa(2 z?^k&X&olr;f%$hwO9KC?ucA+Hapb0WuPcAq-{JMyR4D;v`ZyoT+Iu_jlOz^}k?RnG}uH9{go(D|Vs|6Ubyf*E> zym#9rJTsWpHmsask4XdicO_80Arbc}02sz@^e5>tr~^{$+IoMwGP8dDL2feJP@M}Y z#1c(4CcEY}UD8k1UfCrqu-Iy;*Xt2|kiP-*Ml<1-w6p>?wK1Fa53jdK)hpcmB0l1% z^9Jh*qklYHnN6i(eCYje>|-Ib*hkglj}zEKgoQsW-@!fgIz?g|uQ9xu7Fj~tJVf?} zNycpRK#$5csaxC8P!e!@8M_=Pf$2Ig#cO#(y%w-~C;6y?L`!UW%gQ<@J!ssXYJ zbT1CMj$SVpvz;{Jw$)6!m(QW@jd%5eE@LN+7B%x28a%P*q~fK{3Tz4_qn@zdbn>kx zs_v)2(#I680kQ6wS_pCJE{A-6%(ty-BOU+~6Bni?cxl{EGvUUdy3r65y1waDJS&{$ zXkyI{x81>g+0$ZC!IEP zb2(&w|5KpC?f4G$B`_X}seq*-*nf94NG+80aO+OwJ6>;J(#>OA&_f)dFL2nBjOyhr z(vZOl>8QYx1~BXwZ{^uQamU27%{Om5>%JYrJVUnb#TWO56AZ77*di zKYWOFE+%ioBUWvA2c>uVP)c|2To^x4Q&mjaq*x6i-@!uWC103RuOtXim-2i9Q5Ze#2+I;WtBGn1nv~;#W?k5|;qXTnrw8J2zGw>s+v{hFjpwBg>y%RK>cL?C@*AS+=)RUg?2(0%r zX&nHr?sr-pn0XR5H4w!En=J)NE3$v-{igX(X5BaW-r1SjW>Yh3_$k6$;tD>J+q5|t zp|K=n8+VX%0jE}voAiZ5tSQ~%n*LnMcdCE%IuAZ=zekbmr6Wg79?izk?+$2Aqabv< z=oY-kx4_ZL{S8U-&`<19L5#EI$WQ@r8hzdESskY8Gi4%O-*?+0hUwkQr64_*eAnce zWkNt_Hf`_5viZDx0H}){u3166rfr9=V|}Z7#2bY=poSt>=#_OCp_oqJa-7t2-c3+>hbt-Xp0#_yJVZ!z|!11Ia=FpiWH+CXy8@O;*E9R=YOZt!=2Uk0k(t|gx%85fZR;{_*I!zz+^+;d{TLu zx0r$xnX#;W6a68>-(EV|_m(Y%j`o>ykz{ZQvu6_t2MFcU3vWt<%r~@wl(IzAz48dw zPn*JQ;0e57kR}GWKf}|V8-b4dg@lu&n4zWduxOgbuCg%xy)ey6_%hGUc%vCnV&hHj zYJX*(HtahQ4ITe;;?O5rWxK1L-auOB{@aXqi@vE5h#Bb5zQ~!>@_}e`|HYtcBwd@e zaI9>Y^a0S#+qRC-hV=99g@!+Ye?x&Qi3==`2sQp)m{fF$Z%^SZmmH^XPlIR9Aeh1D zT&A3e;~k+Y3@}$q%@&jS-ZpSODjwn+W&WO1ueW+_w#t4OCWs|x-*GB`%YOm z%0S(dy4qt9tfz#0wG=KV&uuxg(9RdAg{!-`3oqV`?gFp#{03=R#0Pe)_{{|Y-tC4Y zCCX-;TF@MN8gv5hBto=#v@ZrMRs>#`*E)^z%!u~AjjrpkDRqo)Jc{iZ{R`6MUukjH z{=zX2XMJo2!EMq34UX@iR*w6U|U?VqPsu;+}=VcLJPBPfM9n(8Udm)E(hV}E|j z0Pn}kssT-+pC4AEh42$AB*nS!=*mvfN2)(`VP`u2CXUHa<#YqdnW|!9AA>IJ?ua;{ zgTb2#CdH)FBLP68X_6!#w^2dcwdeKBKvKL`gZ|`aecw9$%O<*7OTX7sYO@~Gbd)An zZMI$JkY@GgI}ttjJgWF0Fq<-@ljiA_-ptqO`*kbrDeP;7{368GwmNsF8Tavid5915 zQ)Jj`^mC6!DG!r7?N8^ra&)#X#)OZ3oV)ua759v4!(T(5n@zUnt{2|n*+}j%4nsQ; z>r}sX$V-Wh=-b^>RZP{)jYqCjJ@lPYU(bozj`H$U*kL|8d9{_WoI>IR{(k3V&)shB ziy8*2nccaCQ|r<_&UZstI6Pb0lDMB=LZt0_N09pDC6+=PW!Ri?)p&&W)1w8Sb$&y6 zoq8e<{}5X{&0N0*;Mm*kTX!co`wsfl;EeBJio8E9o#H?Z2&5*~Tp(;(u z$;q!w!ag)ne@ZV#2e|zbYmoK4XEjRwR}jY!LQl~Fg5{Frgn*cFNLxEdW2!s4qS@N% zTk4}D=%KM~WzaRqksA%7%ocfaX1Ras}A%<${(8Xc^nE!grR&ov2@XK4n( zgK6NhN1^~IbG`lR!h$Iuwo9Rr!k)K4A-`U25P)(0zkD_jQ7U>G&Zd*~{sZ33)};bx z?d&dMoEcrOsqw_jln%X3@~b7)f~#AiRHd2WgYtua=>~mP>P!vx&+#%pzJ7`)dt_up zZoJlNMXl}y{VX3p4nD~5FW&%apu zMqpK~Am$}LoOEYMU{}xm4(YjburQiRtSv08tH)yX>*I_TY1K35!`a_*ptL@#Ua-$u zsSj`d%H^cu9=Pg!E15}ySA~w(gei!m!}OzkywcL&#a3^9J*Bz^C1ddG3wI&wZYQ{p z^kM$U!i160&Q)_nE1!7-%ldH)WhE#9EZVyi%~D{8tDFzaIk$K4h*FZ|>t~na_~=)@ z54X}z&B1G5oVdMH6BcA487tV^FT3=SlCE}ZykJ;)ik8>?_$j^?nfZ_x+STg6S9`ep&KZkuh*)@Og^2x~*OiNK+VzoC}e4&tTjqK{nXSAN#v$SoP#Os?o z^8Yrzr{0iX@Zqke@T|mCbimG{NIS2srXacyB5+vlVUV{;y3PI|YvcUuS2xC>WFw5x zBHBTy(G`%H)2TwUp@^+rG=ciBwfn$5-GkN33b5Y3JCN4F5{2JxDPp!&Pfs`5)%y#? z5KFAeTxR$CQ*?nb8kV>B6jZ!F3v^cI6{-kZ_r?Zy_|@CPDl3U6zdVduw~b#-NjHx4S#WO>n7e&*9#n-KZzr8G>fX@4NTfAg6~J%+dZk;F6a&Ms8e zqCcCkWPauoa6V_BI`eK-17P<5KnkBfR3}EghOMm^bij`*|P^FXR9pJ?`e2hTNaEg_xQjTT69yZHe!ETz9GhS2V_<3`@*) zQe@&P`j=LqJ7h{uR|aRc(H_DvK<%f_i~B2ApS+uI+fXDNgNK2s6cI=C2I)gM8;JEA`Oc-uCx5 zY!@+Q^cSP!AGVbL^)!^W-Y1jxF`NtYxt&K35bE?eKNrkok^L<9zOm~+!`u+REcQ1h zeU<`kpOsNHpk&aSu(WzsvIn_L&{ISv3-lK0HyNbFzwwc}eE3nH6=3;AY!mz2dt9az z9wK}JG!NI8@|i&BW4wP$ssM$x(FdTY?xQ@5CfvJ2sJ$5Zz^*HW&5L4e^X7uvOW^6F z=*XRRzG3GxpGVeY(y0JJapHG$WPX z5fE{$4Wkxbs=_`$mos|PNMj-KuFEG;Fj?@jaH0MCwQ6I(j^`S}#72l`JD3@R{IDs< zwJc=ubw4dQU8uXN(1<8-tS(qeai!0^`ubq}X+d-an|*1k@Tb@;P?wk}{Ay=bJz-Q% zSR(+6@7cxDV$suIrk5gXs@D=;u&dpe5s1g}X!y zw&7uJ%!qW1&92jo&ad1MkCTs{VTCsZ%s(R72?+@yUQvIsrmdN(B47;r@aG_mV@Qlz z+wm`V?ZMaPtrj=UuYO+;JjDBj_xCR`|8kNzW#t-N!Wf9H=R<_f&;EWg8oV4`l}S3q zRZ&~_0g}br!bj;2NgEqjj*BY%!gRE3fe{~O{YZli#?~T`e7x9(0sVCr`|oD&V1>_H zgy^eV{3Pw)!ELz!rjJ(}%$wp%;RZEfkifoTvWXMx&W_Q$0oAjQo{(#dPD4!@$bswK zAbjtMCFL784!||w>vL~^M0@r%GlhwC*kriE*{soh zq?E;d@VX6|et&i|{?$q)Vk&17M%-WDt?V^v@9Bp?&guPhtyoJN0QpHWu z+@pNYrN+VMuv=whXSDnMA;meW1N+UJtQh3fK%M3*hPMF<-6Rpu)x389eo6;Fq&288 zJ^>QP)=b!4xGQ|+t_XT(6AhZt}{)NfhSx=%r%c`yTFUXd%!{qyVaqg>n3 z!}efI^*{ci5Y>jbcu{uL;}F)-!GnJ#`v1KE!CqckGkAAxVORsM)ecVE)-f393M2Mh z%YIL{1LiZG?4QE!*j+x!=eNP&wDY641iR4cY^ z{lh6z-t}GSiMcO7^_(RxvG>iqd~(`+5;`^`CQJ}G`zKI7lYBhDv1>TmRymDxvFBG{w%R<$441*MoC`@QfBIov&Z z%RwAMT_0p9UYSYDe0<(VtX&aK9r$$* z{g)H$bNtU<+wE7Amb)U4bC(?0c00eGdG%-+N-bp=mSW6^ea25;nzea*2q2?>l|7CO zQ0D*eJS$6sn=Vbqh)#<w*h^DGhI;ByFG<`5jFX272N#*)fVOWMVy zZxKg?jlUhpK+tdXk>%CG&kRDf11<$6TcI{!1a?LF13&a1ms;xu0aUbwpC#XP$zJo( z`Esg&Q;(&KnNCDtXVvsO0Yj3A5Z!i+cImM~Xlt_nrRIwYF5B zfSIvYNwUYff;K?W{E{G{7~nV87SrMah&{)4)g1Pl9`!Ex`nJqms?8_>+)qK4r{h1{ zL-R3?SN0E(3nU!70$?s0F_!KmW zG=t__$}3sWCH6@28jSEQLv{}B{4NeQy;XRopJX}yh5QIkk0dUJJSr|0g?~Qw`Sf>A z0H@)3^~-nD&o6IYFZ;U|+_`X*NPkA1UsttcpI##1Q{Uj2%8Am0;>g_wm46}&Eu@p1 zks-CzLahplYlN4Iux~!zRl8lvyZ0}x++Oofy|1Y#yNclhAA zs!K|cooE@e>7ZxM1-O>|E{_vViGuqzPjiYwCD3VcxYRV+b;4Q27mv+QZgy83zfzJ= z9ru-u#DRaAdkT|Zd!{HQ6>HJ*`>f@`diowlv^!R-lrIKuLC@lJaN>ofZlgNDYsl+$ ze`%f(x@wo*jW=?qqF=)5trg)HFQ`OA7!vvgLh{+8j%%>Hu!*B|uRq>6CJxG8wc61m*SF06-lr!r zC4(-7?o{do?Rt~*)>6CzwFbnH1#5B?HeHM~j`=+puG(b%MO!`K!-+$=L$Il^bqM~l_vp>4Xk@8lQ1}qM)KB2+Am*fnVQizQg zA!P%K3eus|E#af@o%2}lnbr&6qv;o+G;N291$XPYXJ32dz0wq{1^)xzJknwVAht_3 zV^KWUlc4X6kG}-q8Dg#=VV-+3yr}`6=~KUKSB;i{9y{ILrCD_u8Q195FNq>51h`?mhXa|RI$*2x`0j-11q4XPG=WG&#U zH$!9xgB`>?;~NzC@F5xEKP86*((z9{>CKm`GV=>Y0JGcACSnwqvjEtX-Cp46iGuAG zt!%AZqF#%qThFDn!orC6@=3Ly1W66J)$@Rb z2DgkYKp*;~r2U)lVVd;uJb$%93slc}g0PgZn|w- zt385G1`X2h|IU$6qp~FiYsw@UB}T%b>HI+2CEik5I%3)-cN&!)197)jDgtX@QTOe1 zH*gWzj>-4_L9FXR(kgTMy~+x@|7f&#Nh@2}>;`1sL|)Ao9*Rwc(gxzl6lV2l$-m=7~HI+RKUIxc4uip1ubb zpvQKP+89JU_vi)d`BQs)@3k4(K@N68^$em{k9sYRzPv4u)J7wj7csHe(EXEEOUOG6 zqsyO^Qm66dCehoUUh(S_FUI^rdcA;8lRC*I20O9T7#Aj(T@rNf_hQy_LDbh5g)NBp z72XV}0BTDwYlArM{9qHCRuD>RARTz9D=N%Eh~k%=IEH)sJbLj$5x>XsF{@>9aNZcL zmwS#&*;+Tka&O0G(yy;Mco#b2IyH0OP>(Hoeb$#v!}?!Lm4)Cc#A&s)CgcYLgAhn$ z@N#Q|)aAis@Zy(c4U7zAN&m1YeuRfn+yBMzB5<>nvK@5b*sMzk{1A6l-5<3GVI)XFxSPa>SI!@a?30Vh+inB{7VjhY7PdEg}M0VDiQA>rJXx4dbF zg#UTrM^0EjY$q2jg^?gW^|(hvpi0)m*s@E}#YlwDXb^zlEPCsgF>M~oCtcyO@2Z3W$ zdh_#c=engnP%pZe4IkxgQi9IV>lYz(d+NPn!ZYS;AL`6ylHpiP3?YXTn(dyWV{RMP;@WIsplkJn-mM<@rWw5n)b5LCH-|BxftaYf^7OA;1qP45lM5tO zgmk6B;g;kwW5-x_9DWS9Vb%N8)p`!Mk@TE1I7zzU*>z}5i1WEjWNLGdX$A=+G5c}QQ5ch+~T+UW>CLi(1#Utdb1s-l=h z#0RVw&$SV^&*ul6DF5YP)x)re;-GByKa0s*KB^x|&b(0$T|F?v2XvmXB-GK?H`WZ> zXsi3b7q+(t^Udg_#!IR$Scd#l-i?iqKa>hiO0WZt_3v z>DqLOS7BWKG0c4B9&{->?}ZKdC^v>4K4n$p63FYH&_w;me8!$33(>W7_HEdD&+ojB zZEVc{V{q7f+Q?AVmqpGThko!V8(M?bPdL84j1cmdKqrNLRR<9-W8Oy&nf`}#Q(Q^t2r z^mC4~Fk{U3$rv~5^}vGCw9%t+WoANx!cx_P!58EMc1Ix`ez*(7Cz(1|KUgub-~}!* zFY?ZOLX);kV(01lT)i_dtVwXI5M^ZZ)BE8ovh2EHrBf%U^7p}>5r^PkLzhzI zkQh4=*QGDEXg}wNkFpYxVZf(Y|H(9b#iY(x26o2nesg1m;V`K-Wi{xSgVTCu$a}Yz5XOdhDgaqI- z11F0*HDP6kqoM+2LT)lN3g@J99DF_-p+qe|e=3+N_ zp&^7+Ixp`C+7P_m= z&I@;R{59T<_0OGVrGWoXPH4+^)=tsZHEXC3WfmE0=|8hBUVCzmzliU*uSgL8&J^K$ zD*R6;R6rOTWm8;gtW|dRuV@?OOnMpXU|p_<67Rr8WO+!$Z5}1VSEcS{3zCr zBJY?&8wFf#SU6_LK zjvS`EAf)o%zV6V6pCo=XQF~a!4v6=XtiJ%7Vsdb^D>Zq-oB9{Fb*LX(?LAU)pL6#2 zflI(WUZv9e{PQfUkrNXet%472%pCQnT{YlmG*&Tpu<}bw@%LgE^0}{y$ob@Fn6(>b z?`?v7_i^Y`!@~kiO$rGPUmK|9lRIZfOQ(0i&~H0V@Cy+Ty1B9u_u=~VPK3Q(Q>JQG zS>JoWEDHI2~F0IYw$nQLzP1%j1YpJGg#)UuQ#8xx|xxdCVmW2 zc#^1h1MSWK6nn*N+P7)MhF-$1n4n^B>WJv(oqr1SWV>5pW@&E*%G{@vd)kajk^Z(w z3bP0(UVRt`jeKLQWhdv+r#ZD^J{omhI=nN500vIRVuMEl-BL3e>ptKhjD3u*?&Cz=XD-1O-!Mx#>ac=za@JD%3E20xz)t}>QHf9=_RCt@ z%OEYi`iPH8^yVa+5!B2;^ypufdHv39wdtfcZrV7zHm-YoEd0yQ+YbMz)Z)-5C*?v} zlAVMWe3X=9iDOF%qy7;&vw`WV=P#J@^786vS9E?H;#@>z;Li&b=oUYw`o?zT%#6JG z=dquriyms%@e{)?`MCc;E##xkHv!*$_;4a951)V*hZq{#VRjpVM8NRuRj!Bo@Ij8Q zH3V*FODX$q7xjc9yu=4XYEk?9i$8xp##RYV&>~T!*$=2})Q68_**A;>ZJGi@4Z(d9 zsI#U<^t&`uWfgV0(;k9xU$iCh=B0+>V@}+DK`;67C;tGZuyRx-WLRPbF`Xm(ikR_o z)E0k{Ioy-Ib8+Y8OW~Q34UbTIP*p@p4q~UVzkLQm>Yh(sLqAyG{-Zh_br7Roa;oP5 z$&yTwl=f%_&LijtgoJ)Nq$$LjT?Ks;zPd?nB(y5lY2jEz{s-UZ4XuCwwVxu>D9~lGoSSGh#3%mP`x%5 zV$E_r&_AQ9(9Dqnq*2&`iNbE+GN>HAcLE^FBL8_~&;fw{6-wgqEtUYRH>vbT&{%cf zaN*0B?-*&4cZMjF?;#IRv%Pj2jcS97R#AhSez}+nf-liNKCafABY@qTR`PUl@u7r+ zW_`_3x+k8Gb0C3{6h@ASd8#}?HWmh_I9i2h9t;fMr*^{8-n-MYy?wpjKd;&`qkyQiMwkT;6mn=Na#w#Mrd z-B2xrK#blI{V(Q=>NEIpxPc6PbToe3*XQkYaNgUNiWZClDr#1HR&y^O{PA>MFZaJ< z-j!aPL+JUeAL1U~3vZ6Xj(F|f)-b1z8lo(+2B`n^u(>lvlVx*0e~gAcXFv;j;r|3y z4|emVX{^{Z9vR2pI6K+VQ1rB6Q+^-fj8RutqaC&p``_dGd!tEnh;N1cdXsOq)j2s= zx2s#F+i>r0X-}T2nW?nX_NPz_?QM}A{Yi%7%S;wJRVDKzov2?98WUTGp8D^LIbs^S zUb3P2dJAtBin$tXThsyvFXOt-KOU2MYm|JVDH(og1OLVbmI&C5IJ;X#*RKkh+d+bl z8|qKnCk6#HWKSPDd!+AWZe91elB5rcMt=K`^^6WW0FNE%AIgK`(8G6a@N{QM*%K17-QLa#VDmQlM*R4Z*wr_1E8zB#dD z^Xi99R0Z)Q>Nimpxth&Z-N%PKV!AF$E-Nj)%>NYf_q)Ey## zY|vpe`L(9MCMRWbQ`l{CZ(2FCpDk>@M~wUYp=H60yZ&xf9p!uDhV26%!E4wa!58?& z3^B0O4)*qL=Gi#RFBLJQyTob)+WLKj!dJBVlf^2PNq42+x80Gf5hE@^dj)hY438U?`C2_ zz4~T--em1n=w$d3*oMJ5^fsqIM-Qk)*=y`f=oHYvR3{xq{Fx%oX5+suU}XG-2r3(I_CQy z$0pA8SLwal!N(pK8Ew^F&SK6+6`K6v28S8vL`>*$$0*|?k| zw`+9fV42?RTTc{ie%Ik=1?zAQIvIW%4kPYoOQfA**1ggAv$Z9!x(_*@qfoq2UM-{h zm4b&;Z=-6QZ}quWJO&AcC2yFAU%w|HoC(#Ub{ax+cCNaiN^+chCF`Q zc!UqHJx)3a$GB@T^3xH}v9$QV?{l|)>|jp_vO7S$m|$7aVYpns#LU3<(cYPtGRWVJ z9HMAx*v)gOrf@CPCyZHoQn_UQ->=?pUZ3vaY;;^&6MFoQiI7cCNHTBLvNJe;I!65u zkctmE%_O}>v?FrHY$GxXS$g09<+DwD+*hWFX%qGguTtM*)4hIWA%RJG|=xnVz0 zVs7Gwsd?*t&!;8*hFQ9>ScB%uarE7gR_<#n_%LBULKJS-xXE}yTuvw-m3@5am;V!` zN5?bK4qvtv+5Wd97nMc7H%BnK|DL0s%sl$1Dt6P~liPO!5lg*bR61kVI~qEZ#a!5U zA22%@YWDXm-Cev-*hP^U8XbSC-`jU5M{s&fWJi-Br|^UTuZ=}6?cISFt_Uslu_SRW z3qSm_Q;>6+*Xzcz=%dTc^n<5=P?1iQ9vpP%wXzRA@o)yF^~Kb1T2r1AP@PzJ>rry8 zl9AVv%1Ju}^Empx7INVAo*H7ax5`;I>4r`$)$P}I*^2m?J8H!<#ygDHvL62}kX`Z; z3;&agWxn}mx&vSKK9bR!Up1acR0ks3TsCmot>8f+;B_d4-^ko5x(Hkwd~sCIOgb)H zT{C&jR}AaUPo)n0Wh?Z5XGT~`VFW5CAFHfpPOD{}<~DUTCK-}!=pxteUZCeBmsbZ~ zzfE9B#tDpdwzB%Xblc?Lp|9LH5&0eO(p9GjZBhUef~X6n?CO^8=kJqwjk& zGYK@O-PnzeQ?TzI`x6mC7gLq+5LmKYZz4mp?rwG=8XP~~wBdL>y5_}5C0&-9dTZ?O zHAi5QS0r`q{pHs^%tPj8V>6GAC8-CEy!h|tm;26^?ZU&Y)KgRbS6FZnp-6l?ZP zzp9fH_V0+h8G!Qt^GU4P8or>glg$*+-fAK}QyWTBAWw}Po$?6-RHqo3%#O&>D#T=2 z2Fh?CT}eK7axY^$Lv84s^0e`tVdU~&uRiAG(XRSuJ6_B96b*5Khxr48ZtLRGjcfj6 zjnen2F`8jTx{goHbMv0R>)NSOVv^hUWU&qp9_SRXMNnR+YNj*iO-#&P;n7Yct*OB3 zQ&;4K>?wj-Ow*@o7Y4-=nLWjG&uCpBqVqwXEV0b>INQ{F>~R3-GGE8fufy-<<$E|| z1=iNq(uf;*lR;pmk5lkN`Lfv9&DIE}LD-$bQx!e$?!~>i!?%b}ODgm}`?Up8*4i>- z8hJZ@!eY_obV6Zrg2IpiZ2SbHhgrkidO!SibJ@Dj2>)VjA?_~vAufM`NtjhGCj@zGv(yNCae@AB!nEdTg*;@ zc<25v3k&r0qLZ3th4cUq*iBY!YB12;qm4#YL_x*4S>dg;u3Isu!xp&juz739*1 z|JblpEPmo2xQxnvpg6M8%+tNFMNNtQvWFx8Kp6U`weI-vHiLfh_U(rBwcPUX-F%$k z;#ITd?0d(hhC45Q@;@X%++x~UCLl<68ieHAJm*O`iCWd8KR3QI3>M?xllSYry_eS4Gq*iSp-$T*!z4MMv?s=C} z_GW&%$P!b4-yT&0z<&}FvC^8$D)t9 z`&kX?nDwmOkS;&em=Zo82H#yS+X-^3F>+wOGz@KlX=d$mOdxELw1KWu{Bq*7u zjf~H83M3!M>wAqJU%*ICqsxNBvZ>7Cfxkapd7?f2|;X{7VMmck-n!HXm@)u;{^MH6f46#FWC8Wovza-9#h>mf5$!Q4F zGybN64I2<&Wp zMu!-U-@O5kF5CoDKs*c3Jn-D4!v53rt|aO*Aff}Ge+C8V_{p32+!Nq~`@0c8zZ}Hy zMBjwYM|vkNlCl2L{tcakO25QnG=vZHa0sO+zZ5O;VBemVuh{KEe9cx$fi`%z0q zUHpXc1C0zYJ@5;BkRSQOXGrN|nO?%{{J2P%!H1hN&yQLHzK@Kd2`L#Loxku3``(&_ z82$zZwxd#h;HSxt>`Job%^5Z7;(2x9hu}{(@L@bd_oMun0Ch?+c5Ln@q;Gc$czc~4 zvz!S30#-{so$o;3FY&lyqKnA)Jl?_RbXDPXewSVGC-WOx`2A==dExs}Re^EPFopnzBzHGML{!Mu>x1~ylVlk^SkWKPji2~oNWfM3wSF% zs?QN*;0yUFu;=9#u=MT9_xyYc_-v7GyT`r}!;Z_^7~%V9W1e?4`h6Gt4#|&mzhqp$ z9XfOf;qigLLGKSAx4dGBKRcC%JL!9^>hYm8FSp8VHhjSbJh0K@c11gAu%mfiIgRz# zpzIBN#m`NNPJ__3X5(P66Y!E=;N#N)Q%HQ|$C=L94eWbKUq=t69pw)3?4i?U%feS{ zBg<@#XeoRrH~eeldkcT3t;mgn@PUAkC9t#^HSQw(g@5bxbim&WU-Dzbj@@9Az7C51 zsEu|Vh`&?l46M8d70r7(*VgwMKW&LE#Qk6_$#(q0H@2S~r^g0KzrkDl_Dn1ZJRxI7tCN1xj|K>wA|! zMRIaTh*tFOqXxV~ZnVUx{WtMj^yzC{^xpim`%#1^LTE1|C{V@8lak&qzYJL2S&E+c zn4A7bu#|Dc7`t!O?XQ>ek{^X3KRU|skudY?8Sn!y7X2bZ)EpPTgFTJ(Qg?nVE%0L& z(i1Ck{B;#x;xClDAJOFt-5XT_SW{q`?E<~r`hxiaJ~L`Jd|$>Ry`;xy^6C+l+> zx{EOIVJN}@pj{b&G7!Xz+(3PyW5B10kSkk+$A{7mP5Y~|adG8>{D}QHE33>l-rc^D zj)druoSbZ-x3IT6Wy9x_CzqS z)a$?D!gHw65BZ@0JniC8jENur4#tLO)Vzcz`Z`+HYQA^aE`1Q^8xb@har=voF0)1R zp_nwer_bUC(GIWBoax&QcsmVtG3CZYXW_R5-iH2nh!X*90C^}TEkutrQ?x61DtlVi zs)-y*|80TCh%t`DKmr^Nmq(roO0!^V>hI zT0WKh_7%M;qyrrCJdDkD6t{wWg~twayfVG$zooX{VeHCidvgx@ zEk10=e@dOScKG;?nBV4zi7`%v$^B^#YVkBV=rr~)@tN%ZB6 +" Last change: 2010 Jan 8 +" +" Syntax highlighting for baksmali (Dalvik disassembler) output + +" For version 5.x: Clear all syntax items +" For version 6.x: Quit when a syntax file was already loaded +if version < 600 + syntax clear +elseif exists("b:current_syntax") + finish +endif + +setlocal iskeyword=@,48-57,_,128-167,224-235,.,-,/ + +syn region dalvikComment start="#" keepend end="$" + +" directives +syn keyword dalvikDirective .class .super .implements .field +syn keyword dalvikDirective .subannotation .annotation +syn keyword dalvikDirective .enum .method .registers .locals .array-data +syn keyword dalvikDirective .packed-switch +syn keyword dalvikDirective .sparse-switch .catch .catchall .line +syn keyword dalvikDirective .parameter .local +syn keyword dalvikDirective .prologue .epilogue +syn keyword dalvikDirective .source +syn match dalvikDirective /\.end\s\+\(field\|subannotation\|annotation\|method\|array-data\)/ +syn match dalvikDirective /\.end\s\+\(packed-switch\|sparse-switch\|parameter\|local\)/ +syn match dalvikDirective /\.restart\s+local/ + +" access modifiers +syn keyword dalvikAccess public private protected static final synchronized bridge varargs +syn keyword dalvikAccess native abstract strictfp synthetic constructor declared-synchronized +syn keyword dalvikAccess interface enum annotation volatile transient + +" instructions +syn keyword dalvikInstruction goto return-void nop const/4 move-result move-result-wide +syn keyword dalvikInstruction move-result-object move-exception return return-wide +syn keyword dalvikInstruction return-object monitor-enter monitor-exit throw move +syn keyword dalvikInstruction move-wide move-object array-length neg-int not-int neg-long +syn keyword dalvikInstruction not-long neg-float neg-double int-to-long int-to-float +syn keyword dalvikInstruction int-to-double long-to-int long-to-float long-to-double +syn keyword dalvikInstruction float-to-int float-to-long float-to-double double-to-int +syn keyword dalvikInstruction double-to-long double-to-float int-to-byte int-to-char +syn keyword dalvikInstruction int-to-short add-int/2addr sub-int/2addr mul-int/2addr +syn keyword dalvikInstruction div-int/2addr rem-int/2addr and-int/2addr or-int/2addr +syn keyword dalvikInstruction xor-int/2addr shl-int/2addr shr-int/2addr ushr-int/2addr +syn keyword dalvikInstruction add-long/2addr sub-long/2addr mul-long/2addr div-long/2addr +syn keyword dalvikInstruction rem-long/2addr and-long/2addr or-long/2addr xor-long/2addr +syn keyword dalvikInstruction shl-long/2addr shr-long/2addr ushr-long/2addr add-float/2addr +syn keyword dalvikInstruction sub-float/2addr mul-float/2addr div-float/2addr rem-float/2addr +syn keyword dalvikInstruction add-double/2addr sub-double/2addr mul-double/2addr +syn keyword dalvikInstruction div-double/2addr rem-double/2addr goto/16 sget sget-wide +syn keyword dalvikInstruction sget-object sget-boolean sget-byte sget-char sget-short sput +syn keyword dalvikInstruction sput-wide sput-object sput-boolean sput-byte sput-char sput-short +syn keyword dalvikInstruction const-string check-cast new-instance const-class const/high16 +syn keyword dalvikInstruction const-wide/high16 const/16 const-wide/16 if-eqz if-nez if-ltz +syn keyword dalvikInstruction if-gez if-gtz if-lez add-int/lit8 rsub-int/lit8 mul-int/lit8 +syn keyword dalvikInstruction div-int/lit8 rem-int/lit8 and-int/lit8 or-int/lit8 xor-int/lit8 +syn keyword dalvikInstruction shl-int/lit8 shr-int/lit8 ushr-int/lit8 iget iget-wide iget-object +syn keyword dalvikInstruction iget-boolean iget-byte iget-char iget-short iput iput-wide iput-object +syn keyword dalvikInstruction iput-boolean iput-byte iput-char iput-short instance-of new-array +syn keyword dalvikInstruction iget-quick iget-wide-quick iget-object-quick iput-quick +syn keyword dalvikInstruction iput-wide-quick iput-object-quick rsub-int add-int/lit16 mul-int/lit16 +syn keyword dalvikInstruction div-int/lit16 rem-int/lit16 and-int/lit16 or-int/lit16 xor-int/lit16 +syn keyword dalvikInstruction if-eq if-ne if-lt if-ge if-gt if-le move/from16 move-wide/from16 +syn keyword dalvikInstruction move-object/from16 cmpl-float cmpg-float cmpl-double cmpg-double +syn keyword dalvikInstruction cmp-long aget aget-wide aget-object aget-boolean aget-byte aget-char +syn keyword dalvikInstruction aget-short aput aput-wide aput-object aput-boolean aput-byte aput-char +syn keyword dalvikInstruction aput-short add-int sub-int mul-int div-int rem-int and-int or-int +syn keyword dalvikInstruction xor-int shl-int shr-int ushr-int add-long sub-long mul-long div-long +syn keyword dalvikInstruction rem-long and-long or-long xor-long shl-long shr-long ushr-long +syn keyword dalvikInstruction add-float sub-float mul-float div-float rem-float add-double +syn keyword dalvikInstruction sub-double mul-double div-double rem-double goto/32 const-string/jumbo +syn keyword dalvikInstruction const const-wide/32 fill-array-data packed-switch sparse-switch move/16 +syn keyword dalvikInstruction move-wide/16 move-object/16 invoke-virtual invoke-super invoke-direct +syn keyword dalvikInstruction invoke-static invoke-interface filled-new-array invoke-direct-empty +syn keyword dalvikInstruction execute-inline invoke-virtual-quick invoke-super-quick +syn keyword dalvikInstruction invoke-virtual/range invoke-super/range invoke-direct/range +syn keyword dalvikInstruction invoke-static/range invoke-interface/range filled-new-array/range +syn keyword dalvikInstruction invoke-virtual-quick/range invoke-super-quick/range const-wide + +" class names (between L and ;) +syn region dalvikName matchgroup=dalvikNameWrapper start="L" end=";" oneline +syn region dalvikString start=+"+ end=+"+ + +" branch labels +syn match dalvikLabel "\<[A-Za-z0-9_]\+\>:$" + +" registers +syn match dalvikRegister "\<[vp]\d\+\>" + +" number literals +syn match dalvikNumber "\<\-\?\(0[0-7]*\|0[xX]\x\+\|\d\+\)[lLst]\=\>" +syn match dalvikNumber "\(\<\d\+\.\d*\|\.\d\+\)\([eE][-+]\=\d\+\)\=[fFdD]\=" +syn match dalvikNumber "\<\d\+[eE][-+]\=\d\+[fFdD]\=\>" +syn match dalvikNumber "\<\d\+\([eE][-+]\=\d\+\)\=[fFdD]\>" + +" default colors (for background=dark): +" Comment/Identifier = cyan +" Constant = magenta +" Special = lightred +" Identifier = cyan +" Statement = yellow +" PreProc = lightblue +" Type = lightgreen + +hi def link dalvikDirective PreProc +hi def link dalvikAccess Statement +hi def link dalvikComment Comment +hi def link dalvikName Constant +"hi def link dalvikNameWrapper Special +hi def link dalvikNumber Constant +hi def link dalvikString Constant +hi def link dalvikLabel Statement +hi def link dalvikRegister Special +hi def link dalvikInstruction Type + +let b:current_syntax = "smali" +