最近半年在学安卓逆向方面的知识，也考虑将其作为未来职业。

在看雪论坛上学到很多，这里做一个小的总结，同时有一些关于就业方向上的困惑，希望路过的各位大师傅可以提点一二

ps：后期能力提升了也打算贡献两篇实战文章~

这里分享一些学习路线和收藏的博客：

加固基础知识：

Android 类加载机制及热修复原理：ba7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6B7N6h3g2B7K9h3&6Q4x3X3g2U0L8W2)9J5c8Y4m8G2M7%4c8Q4x3V1j5$3z5o6b7@1z5e0l9K6z5o6f1#2z5e0V1H3x3U0b7K6x3K6x3#2i4K6t1K6K9r3g2S2k6r3W2F1k6#2)9J5k6o6l9`.

Android中插件开发篇之----动态加载Activity(免安装运行程序)：014K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8Y4y4#2P5h3W2E0K9h3^5J5x3o6p5H3i4K6u0r3j5i4u0@1K9h3y4D9k6g2)9J5c8X3c8W2N6r3q4A6L8s2y4Q4x3V1j5^5x3o6V1#2z5o6M7I4x3R3`.`.

Android的Proxy/Delegate Application框架：264K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4M7#2)9J5k6e0x3$3x3q4)9J5k6h3y4F1i4K6u0r3M7r3!0K6N6q4)9J5c8Y4m8J5L8%4S2&6k6r3g2D9k6h3N6S2N6r3g2Q4x3X3c8S2M7s2m8D9K9h3y4S2N6r3W2G2L8W2)9J5k6h3S2@1L8h3I4Q4x3U0y4U0L8$3#2E0k6h3&6@1i4K6u0V1y4K6M7`.

一代壳（落地）：d0cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2U0L8X3u0D9L8$3N6K6i4K6u0W2j5$3!0E0i4K6u0r3j5$3S2W2L8X3I4A6j5h3&6Y4j5$3I4Q4x3V1k6H3i4K6u0r3z5e0p5#2y4o6l9#2x3W2)9J5k6h3S2@1L8h3H3`.

一代壳（不落地）：7f2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0f1J5x3r3#2G2L8X3E0W2P5g2)9J5k6h3y4G2L8g2)9J5c8X3q4J5j5$3S2A6N6X3g2K6i4K6u0r3y4U0t1&6

二代壳（指令抽取）：5ddK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0f1J5x3r3#2G2L8X3E0W2P5g2)9J5k6h3y4G2L8g2)9J5c8X3q4J5j5$3S2A6N6X3g2K6i4K6u0r3x3e0p5I4z5l9`.`.

通过一款早期代码抽取壳入门学习 so 层分析：https://bbs.pediy.com/thread-260251.htm

hook加载dex的底层系统函数：dstmath/frida-unpack

内存暴力搜索：hluwa/FRIDA-DEXDump

基于主动调用的自动化脱壳方案：hanbinglengyue/FART

工具的话常用的有jadx，jeb，mt管理器，httpcanary，charles

动态调试用jeb或者as+smalidea

然后用得比较多的就是神器frida了

看雪的一篇基础教程：https://bbs.pediy.com/thread-227232.htm

r0ysue大佬的github：5f5K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6J5x3s2W2K6N6h3g2Q4x3V1k6m8L8X3c8J5L8$3W2V1f1$3g2U0N6i4u0A6N6s2W2e0N6s2g2V1P5g2)9J5c8X3u0D9L8$3u0Q4x3V1k6E0j5i4y4@1k6i4u0Q4x3V1k6r3f1V1W2p5b7g2)9J5c8V1p5H3x3W2)9J5c8W2u0q4b7f1c8y4c8g2)9J5k6h3#2V1

Sakura大佬的博客：d87K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6W2N6r3g2J5L8X3q4D9M7$3q4C8N6i4u0S2x3e0y4Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6t1H3i4K6u0r3x3o6N6Q4x3V1j5H3y4q4)9J5c8X3k6J5K9h3c8S2i4K6u0r3

r0ysue大佬的知识星球真心不错！

工具就不用多说了，ida7.5，最好有个真机

so层的学习就是些逆向基本功了，我这方面的学习主要是通过ctf（到目前，也打了接近一年了）

这里分享几个android题型ctf的网站：

看雪自家的kctf题目真心质量不错：03fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0N6r3k6Q4x3X3g2H3k6h3c8A6P5g2)9J5k6h3y4G2L8g2)9J5c8W2!0q4c8W2!0n7b7#2)9^5z5q4!0q4y4q4!0n7b7W2!0m8y4g2!0q4y4g2)9^5z5g2)9^5c8q4!0q4y4#2)9&6b7g2)9^5y4q4!0q4z5g2!0m8x3W2)9&6z5q4!0q4z5g2)9^5x3#2!0n7c8q4!0q4y4W2)9&6b7#2)9^5z5g2!0q4y4g2!0m8c8q4)9&6z5q4!0q4y4W2!0m8x3g2!0m8x3#2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4q4!0n7z5q4)9^5c8q4!0q4z5q4!0n7c8W2)9^5y4$3q4F1k6s2u0G2K9h3c8Q4c8e0W2Q4b7e0u0Q4z5e0S2Q4c8e0g2Q4z5f1g2Q4z5p5u0Q4c8e0g2Q4z5p5k6Q4b7f1k6Q4c8e0S2Q4z5o6y4Q4b7V1c8Q4c8e0c8Q4b7U0S2Q4z5p5c8Q4c8e0g2Q4b7e0c8Q4z5f1q4Q4c8f1k6Q4b7V1y4Q4z5o6V1`.

赛宁的攻防世界：024K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6s2N6G2M7X3I4V1i4K6u0W2P5r3y4@1k6W2)9J5k6h3!0J5k6#2)9J5k6h3y4F1i4K6u0r3N6r3q4K6K9#2)9J5c8Y4c8S2M7$3E0Q4y4h3k6D9K9i4y4@1i4K6y4r3N6s2W2H3k6g2)9K6c8r3#2G2j5X3W2D9k6g2)9J5y4X3q4E0M7q4)9K6b7X3&6#2L8h3u0W2M7W2)9K6c8o6k6Q4x3U0k6S2L8i4m8Q4x3@1u0Y4M7X3q4V1k6g2)9K6c8o6p5`.

不知名大佬的仓库：5cfK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6%4L8X3q4Y4P5X3W2Z5P5r3p5I4L8W2)9J5c8V1y4f1c8W2)9J5k6p5#2G2j5X3W2D9k6b7`.`.

另一位不知名大佬的个人网站：a1cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2D9k6h3q4V1M7X3!0&6j5h3I4Q4x3X3g2U0L8W2)9J5c8W2)9K6c8X3y4S2N6q4)9K6c8o6M7`.

然后就是各大比赛中android题经常会出现在逆向题中，不过比较零散..

so层主要要求，对一些加解密算法的掌握，对抗反调试，对抗混淆

ollvm混淆是so层很硬核的一个点，这里推荐4哥的一篇基础博客：dc5K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0j5h3u0A6L8U0l9H3y4q4)9J5k6h3N6A6N6r3S2#2j5W2)9J5k6h3W2G2i4K6u0r3x3U0l9I4z5q4)9J5c8U0l9^5i4K6u0r3x3U0y4Q4x3V1k6G2L8r3I4$3L8g2)9J5y4f1f1#2i4K6t1#2b7f1c8Q4x3U0g2m8y4W2)9J5y4f1f1@1i4K6t1#2b7U0W2Q4x3U0g2m8x3q4)9J5c8W2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4W2)9&6b7#2)9^5x3q4!0q4y4g2)9&6x3q4)9^5c8g2!0q4y4W2)9^5x3#2!0n7x3#2!0q4y4g2!0m8c8g2)9&6c8g2!0q4y4#2)9^5c8g2!0n7x3q4!0q4y4#2!0m8c8g2)9&6y4#2!0q4y4W2!0n7x3#2)9&6y4g2!0q4z5q4!0n7c8W2)9&6z5q4!0q4y4g2)9^5c8g2)9&6c8W2!0q4z5q4!0n7c8W2)9&6z5q4!0q4y4W2)9&6z5q4!0m8c8W2!0q4y4g2!0n7c8g2)9&6y4#2!0q4y4#2)9&6b7#2)9^5b7W2!0q4z5g2)9^5x3q4)9^5y4W2!0q4y4g2)9&6x3q4)9&6x3g2!0q4z5q4!0n7x3q4)9^5x3#2!0q4z5q4!0m8c8W2)9&6y4g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4g2)9&6c8W2!0n7b7g2!0q4y4W2)9&6b7#2!0m8b7#2!0q4y4g2)9^5b7g2)9&6c8W2!0q4y4q4!0n7b7g2)9^5y4W2)9J5z5q4!0q4y4g2!0n7c8W2)9^5x3#2!0q4y4#2!0n7y4q4!0m8c8W2)9J5k6g2)9J5z5b7`.`.

今年开春就准备找实习了，但感觉学得比较杂，没怎么聚焦.

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课