查看apk签名

keytool -list -printcert -jarfile app-release-signed.apk

fastboot查看secureboot状态

fastboot getvar secure
secure: yes
finished. total time: 0.002s

fastboot模式下进9008

fastboot erase xbl
fastboot reboot

配置udev规则后，无需拔插usb设备，使权限生效

sudo service udev restart
sudo udevadm control --reload-rules
sudo udevadm trigger

super.img解包

source build/envsetup.sh
lunch 24

simg2img super.img  super.img_ex4

mkdir super

lpunpack super.img_ex4  super

cd super

mkdir vendor_a

sudo mount -o ro vendor_a.img vendor_a

快速编译

./prebuilts/build-tools/linux-x86/bin/ninja  -f out/combined-bengal.ninja  $1 -j4

查看apk是否对齐

zipalign -c -v -p 4 out/target/product/qssi/system/framework/framework-res.apk

Verification succesful
or
Verification FAILED

查看so库依赖库

readelf -d so_path  

dump 进程所有线程调用栈

debuggerd -b 24044  #24044是pid

"th_phoebe" sysTid=24071
    #00 pc 000000000008033c  /apex/com.android.runtime/lib64/bionic/libc.so (syscall+28) (BuildId: 91cd22218589ba7b9ea39ce46bc68dff)
    #01 pc 00000000000838a8  /apex/com.android.runtime/lib64/bionic/libc.so (__futex_wait_ex(void volatile*, bool, int, bool, timespec const*)+140) (BuildId: 91cd22218589ba7b9ea39ce46bc68dff)
    #02 pc 00000000000e5dd4  /apex/com.android.runtime/lib64/bionic/libc.so (pthread_cond_wait+60) (BuildId: 91cd22218589ba7b9ea39ce46bc68dff)
    #03 pc 0000000000243550  /data/app/com.sim.hellovins-35JE8JG0jg4eW1m1N4Cj3g==/base.apk!libvins.so (offset 0x17be000) (BuildId: 49c0261203965248782523d60226a9024b7ecead)
    #04 pc 0000000000030470  /data/app/com.sim.hellovins-35JE8JG0jg4eW1m1N4Cj3g==/base.apk!libvins.so (offset 0x17be000) (process_phoebe()+744) (BuildId: 49c0261203965248782523d60226a9024b7ecead)
    #05 pc 0000000000034a88  /data/app/com.sim.hellovins-35JE8JG0jg4eW1m1N4Cj3g==/base.apk!libvins.so (offset 0x17be000) (std::thread::_Impl<std::_Bind_simple<void (*)() ()>>::_M_run()+12) (BuildId: 49c0261203965248782523d60226a9024b7ecead)
    #06 pc 00000000002514b4  /data/app/com.sim.hellovins-35JE8JG0jg4eW1m1N4Cj3g==/base.apk!libvins.so (offset 0x17be000) (BuildId: 49c0261203965248782523d60226a9024b7ecead)
    #07 pc 00000000000e6890  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) (BuildId: 91cd22218589ba7b9ea39ce46bc68dff)
    #08 pc 0000000000084b6c  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 91cd22218589ba7b9ea39ce46bc68dff)

----- end 24044 -----

反编译so库，对应源码

~/Android/Sdk/ndk/android-ndk-r16b/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-objdump -d ./build/intermediates/cmake/debug/obj/arm64-v8a/libvins.so -S src/main/cpp/VINS-Mono-master_modify/vins_estimator/src

查看库中包含哪些函数

#查看.so
~/Android/Sdk/ndk/android-ndk-r17c/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-readelf -s lib/libceres.so

#查看.a
~/Android/Sdk/ndk/android-ndk-r17c/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-nm -g --defined-only lib/libblas.a

 ~/Android/Sdk/ndk/android-ndk-r17c/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-nm -g --defined-only ~/Android/Sdk/ndk/android-ndk-r17c/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/aarch64-linux-android/lib64/libgfortran.a

查看.a是32位还是64位

~/Android/Sdk/ndk/android-ndk-r17c/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-readelf -h lib/liblapack.a

查看elf可执行文件中包含哪些函数

~/Android/Sdk/ndk/android-ndk-r17c/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-nm -g --defined-only bin/xblat1c

反编译AndroidManifest.xml & 重新编译

# https://github.com/codyi96/xml2axml/releases
java -jar xml2axml.jar d AndroidManifest.xml AndroidManifest-out.xml
java -jar xml2axml.jar e AndroidManifest-out.xml AndroidManifest.xml