每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文,欢迎关注开源日报。交流QQ群:202790710;电报群 https://t.me/OpeningSourceOrg


今日推荐开源项目:《手把手教你如何用 JADX 反编译 APK

推荐理由:JADX 是一个集成化的反编译开发工具,还可以将源文件导出为 Android Gradle 项目。

2018年4月13日:开源日报第36期

1、准备

JADX 程序:

下载地址1:https://github.com/skylot/jadx/releases

下载地址2:https://sourceforge.net/projects/jadx/files/

(注意:电脑上需要安装 Java:安装教程

2、解压下载的压缩包

如图:

2018年4月13日:开源日报第36期

我们需要关注的是 bin 文件夹里面的 bat 文件

2018年4月13日:开源日报第36期

使用bat文件可以让你在命令行或图形用户界面中使用 JADX

注意:需以管理员权限运行,不然可能无法正常启动

3、一个例子(反编译360相机 APK)

(1)使用图形界面

启动 jadx-gui.bat 文件(在解压文件夹的 bin 文件夹里面)。然后,你会看到如图所示开始界面:

2018年4月13日:开源日报第36期

选择了文件后,JADX 会自动反编译它,界面的左边是资源管理器。 我们这用的是360相机的 APK 文件。

2018年4月13日:开源日报第36期

看起来是不是很炫酷呢?

点击 file -> save all可以将所有代码保存在一个文件夹里面。

(2)使用命令行

打开一个新的命令提示符,切换到 JADX 的 bin目录:

执行反编译:

 

注意:输入的目录文件夹应该是已经存在的。

4、优点

(1)文本搜索

点击 Navigation -> Text Search 或者 Navigation -> Class Search 激活它,并且 jadx 的搜索支持四种维度,Class、Method、Field、Code,我们可以根据我们搜索的内容进行勾选,范围最大的就是 Code ,基本上就是文本匹配搜索。

(2)查找引用

比如想要找到我们想要的类和代码,那么可以直接使用 jadx 的搜索代码功能,找到我们需要查看的类或者代码,选中点击右键,选择Find Usage。

2018年4月13日:开源日报第36期

这样的话, jadx 就会为你搜索出在此项目中哪些地方使用了这些类或代码.

(3)反混淆(Deobfuscation)

一般 apk 在发布出去之前,都是会被混淆的,这基本上是国内 App 的标配,但其实非常不利于我们阅读。我们很难看到一个 a.java 的文件之后,就确定它是哪一个,还需要根据包名来区分。而 Deobfusation 功能,可以为它们起一个特殊的名字,这样它在这个项目中,名字就是唯一的,方便我们识别和搜索。这个功能可以在 Tools -> deobfusation 中激活。

(4)导出为 Gradle 项目

jadx-gui 可以直接阅读代码,还是很方便的。但是毕竟没有我们常见的编辑器来的方便。jadx支持将反编译后的项目,直接导出成一个 Gradle 编译的工程。可以通过 File -> Save as gradle project 来激活这个功能。最终输出的项目,可以直接通过 Android Studio 打开。

5、错误处理方法

有些 apk 文件的体积比较大的时候,反编译的时候会卡住或者假死,解决方案:

使用记事本或者 notepad++ 打开 jadx-gui.bat

更改应用运行内存为1GB

变更前:

变更后:

(注意等号的后面有个减号)


今日推荐英文原文:《3 password managers for the Linux command line》

原文链接:https://opensource.com/article/18/4/3-password-managers-linux-command-line

推荐理由:很多朋友会使用密码管理器,不过,那是图形界面的,今天给大家介绍三个命令行下的三个密码管理器。

3 password managers for the Linux command line

Password
Image credits : freeGraphicToday, via Pixabay. CC0.

We all want our passwords to be safe and secure. To do that, many people turn to password management applications like KeePassX or Bitwarden.

If you spend a lot of time in a terminal window and are looking for a simpler solution, you’ll want to check out one of the many password managers for the Linux command line. They’re quick, easy to use, and secure.

Let’s take a look at three of them.

Titan

Titan is a password manager that doubles as a file-encryption tool. I’m not sure how well Titan works at encrypting files; I only looked at it as a password manager. In that capacity, it does a solid job.

Titan

Titan stores your passwords in an encrypted SQLite database, which you create and add a master passphrase to when you first fire up the application. Tell Titan to add a password and it asks for a name to identify it, a username, the password itself, a URL, and a comment about the password.

You can get Titan to generate a password for you, and you can search your database by an entry’s name or numeric ID, by the name or comment, or using regular expressions. Viewing a specific password, however, can be a bit clunky. You either have to list all passwords and scroll through them to find the one you want to use, or you can view the password by listing the details of an entry using its numeric ID (if you know it).

Gopass

Gopass is billed as “the team password manager.” Don’t let that put you off. It’s also great for personal use.

gopass

Gopass is an update of the venerable Unix and Linux Pass password manager written in the Go programming language. In true Linux fashion, you can either compile the source code or use an installer to get gopass on your computer.

Before you start using gopass, make sure you have GNU Privacy Guard (GPG) and Git on your system. The former encrypts and decrypts your password store, and the latter signs commits to a Git repository. If gopass is for personal use, you still need Git. You just don’t need to worry about signing commits. If you’re interested, you can learn about those dependencies in the documentation.

When you first start gopass, you need to create a password store and generate a secret key to secure that store. When you want to add a password (which gopass refers to as a secret), gopass asks you for information such as a URL, a username, and a note about the secret. You can have gopass generate the password for the secret you’re adding, or you can enter one yourself.

As you need to, you can edit, view, or delete passwords. You can also view a specific password or copy it to your clipboard to paste it into a login form or window.

Kpcli

The open source password manager of choice for many people is either KeePass or KeePassX. Kpcli brings the features of KeePass and KeePassX to your nearest terminal window.

kpcli

Kpcli is a keyboard-driven shell that does most of what its graphical cousins can do. That includes opening a password database; adding and editing passwords and groups (which help you organize your passwords); or even renaming or deleting passwords and groups.

When you need to, you can copy a username and password to your clipboard to paste into a login form. To keep that information safe, kpcli also has a command to clear the clipboard. Not bad for a little terminal app.


每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文,欢迎关注开源日报。交流QQ群:202790710;电报群 https://t.me/OpeningSourceOrg