某宝x-sign、x-mini-wua、 x-sgext、 x-umt算法解析

1、环境准备 

      jadx 

      某宝APP 9.XX

      Frida

2、进行抓包

 进行jadx分析 追踪到最后结果

3、进行unidbg黑盒调用

public void call2() {int ret = (Integer) JNICLibrary.callStaticJniMethodObject(emulator,"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",10102,new ArrayObject(new StringObject(vm, "main"),new StringObject(vm, "6.5.25"),new StringObject(vm, "/data/app/com.xxx.xxx-dxUUnbPHWwZU57BNmoNiNg==/lib/arm64/libsgmainso-6.5.25.so"))).getValue();System.out.println("call2:" + ret);}public void call3() {DalvikModule dm3 = vm.loadLibrary(new File("unidbg-android/src/test/resources/xxx/libsgsecuritybodyso-6.5.33.so"), true);dm3.callJNI_OnLoad(emulator);int ret = (Integer) JNICLibrary.callStaticJniMethodObject(emulator,"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",10102,new ArrayObject(new StringObject(vm, "securitybody"),new StringObject(vm, "6.5.33"),new StringObject(vm, "/data/app/com.xxxx.xxxx-dxUUnbPHWwZU57BNmoNiNg==/lib/arm64/libsgsecuritybodyso-6.5.33.so"))).getValue();System.out.println("call3:"+ret);}public void call4() {DalvikModule dm2 = vm.loadLibrary(new File("unidbg-android/src/test/resources/taobao/libsgmiddletierso-6.5.27.so"), true);dm2.callJNI_OnLoad(emulator);int ret = (Integer) JNICLibrary.callStaticJniMethodObject(emulator,"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",10102,new ArrayObject(new StringObject(vm, "middletier"),new StringObject(vm, "6.5.27"),new StringObject(vm, "/data/app/com.xxxx.xxx-dxUUnbPHWwZU57BNmoNiNg==/lib/arm64/libsgmiddletierso-6.5.27.so"))).getValue();System.out.println("call1:"+ret);}public void call5(){
//ZC6SCZKQclcDAL6cEiSBzpAI&3313269468&&21646297&128cdf5f43477fcc0b432746fec6200b&1681832168&mtop.taobao.search.highway.upload&1.0&2ff1d7999c388923d9f9bd8ce005b285&700407@taobao_android_9.23.0&AgAvexEOGYPM-wHSrHun
//kITLXNnTDarE1iMdO6KDEqON&30.360142&113.442344&openappkey=DEFAULT_AUTH&27&&&&&&&DvmObject ret = JNICLibrary.callStaticJniMethodObject(emulator,"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",70102,new ArrayObject(new StringObject(vm,"21646297"),new StringObject(vm,"ZC6SCZKQclcDAL6cEiSBzpAI&3313269468&&21646297&71a1fe384d778e0e45b229837b355048&1681894596&mtop.relationrecommend.mtoprecommend.recommend&1.0&2ff1d7999c388923d9f9bd8ce005b285&700407@taobao_android_9.23.0&AgAvexEOGYPM-wHSrHunkITLXNnTDarE1iMdO6KDEqON&30.360491&113.43443&27&&&&&&&"),DvmBoolean.valueOf(vm, Boolean.FALSE),DvmInteger.valueOf(vm,0),new StringObject(vm, "mtop.relationrecommend.mtoprecommend.recommend"),new StringObject(vm, "pageId=http%3A%2F%2Fs.m.taobao.com%2Fh5entry&pageName=com.taobao.search.searchdoor.SearchDoorActivity"),new StringObject(vm, ""),new StringObject(vm, ""),new StringObject(vm, ""),new StringObject(vm, "r_27")));System.out.println("result:"+ret.getValue());}

得出结果

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！