寻深圳逆向/爬虫坑位 , wx:cjh-18888

image-20220422161557529

很简单,没难度. 直接上代码了.

package com.rytong.hnair;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.arm.backend.DynarmicFactory;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.jni.ProxyDvmObject;
import com.github.unidbg.memory.Memory;
import sun.misc.BASE64Decoder;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.List;


public class HNASignature extends AbstractJni {
    private final AndroidEmulator emulator;
    private final Module module;
    private final VM vm;
    public HNASignature() {
        emulator = AndroidEmulatorBuilder.for32Bit()
                .addBackendFactory(new DynarmicFactory(true))
                .build();
        Memory memory = emulator.getMemory();
        memory.setLibraryResolver(new AndroidResolver(23));
        vm = emulator.createDalvikVM(new File("G:\\code\\java\\unidbg-master\\unidbg-android\\src\\test\\java\\com\\com\\rytong\\hnair\\base.apk"));
        vm.setJni(this);
        vm.setVerbose(false);
        DalvikModule dm = vm.loadLibrary(new File("G:\\code\\java\\unidbg-master\\unidbg-android\\src\\test\\java\\com\\com\\rytong\\hnair\\libsignature.so"), false);

        module = dm.getModule();
        dm.callJNI_OnLoad(emulator);
    }

    public void callSign(String encryptData){
        List<Object> list = new ArrayList<>(7);
        list.add(vm.getJNIEnv());
        list.add(0);
        String str1 = "{}";
        list.add(vm.addLocalObject(new StringObject(vm,str1)));
        String str2 = "{}";
        list.add(vm.addLocalObject(new StringObject(vm,str2)));
        list.add(vm.addLocalObject(new StringObject(vm,encryptData)));
        String str4 = "21047C596EAD45209346AE29F0350491";
        list.add(vm.addLocalObject(new StringObject(vm,str4)));
        String str5 = "F6B15ABD66F91951036C955CB25B069F";
        list.add(vm.addLocalObject(new StringObject(vm,str5)));

        Number number = module.callFunction(emulator,0xA49C+1,list.toArray())[0];
        DvmObject result = vm.getObject(number.intValue());
        String value = (String) result.getValue();
        System.out.println("result ->"  + value.split(">>")[0]);

    }



    public static void main(String[] args) throws IOException {
        HNASignature hnsign = new HNASignature();
        String encryptData = "{\"akey\":\"184C5F04D8BE43DCBD2EE3ABC928F616\",\"aname\":\"com.rytong.hnair\",\"atarget\":\"standard\",\"aver\":\"8.14.2\",\"did\":\"cdb090d2dd80442c\",\"dname\":\"Google_Pixel 3\",\"mchannel\":\"official\",\"schannel\":\"AD\",\"slang\":\"zh-CN\",\"sname\":\"google\\/blueline\\/blueline:9\\/PQ2A.190405.003\\/5310204:user\\/release-keys\",\"stime\":\"1650656867061\",\"sver\":\"9\",\"system\":\"AD\",\"szone\":\"-0500\",\"abuild\":\"62316\",\"riskToken\":\"62625d336v5NyL6OaDct0Fv0PVM5Yq5I1fFN6RJ3\",\"captchaToken\":\"\",\"hver\":\"8.14.2.23509.4f05a2e32.standard\",\"number\":\"13544221111\",\"pin\":\"F\\/rIccwe6CkRrHDXyr8Z4kjvfUQ932Co0XHIK6yyj74SHG9dla3S4GQlpSO7hWlh0HYgNLpdeCqL\\n\\/Wh7i6X5vr3Fs5w\\/qV8yjutwGo4IntwMx6\\/IDtQlbcX4iQ+R4lsPSASZAbbu8SRhX08YiCXZoLzI\\nVBpTjsQ+dU9A78O3HxE=\\n\",\"toSave\":true}";
        System.out.println(encryptData);
        hnsign.callSign(encryptData);

    }


}

密码pin是一个rsa.