当前位置:网站首页>米斗APP逆向分析
米斗APP逆向分析
2022-08-09 09:19:00 【Codeooo】
- 该app难点就是个360数字壳 : com.touchtv.midou
直接脱壳处理,脱完壳分析dex:
package com.touchtv.internetSDK.network;
hashMap.put("X-ITOUCHTV-Ca-Timestamp", currentTimeMillis + "");
if (str2 == null) {
str4 = str3 + "\n" + str + "\n" + currentTimeMillis + "\n";
} else if (!"".equals(str2)) {
MessageDigest instance = MessageDigest.getInstance("MD5");
str4 = str3 + "\n" + str + "\n" + currentTimeMillis + "\n" + new String(Base64.encodeBase64(instance.digest(str2.getBytes())));
} else {
str4 = str3 + "\n" + str + "\n" + currentTimeMillis + "\n";
}
hashMap.put("X-ITOUCHTV-Ca-Signature", r(str, str4));
时间戳 ,md5 ,64se64 , 还有请求的url ,参数等做了一些操作。
我们重点看下:"X-ITOUCHTV-Ca-Signature“
走了一个r方法:
=======判断x(str)
private static boolean x(String str) {
return str.contains("/baoliaoservice");
}
其除了请求中/baoliaoservice,则秘钥为:bArr = b.c().getBytes();
其余秘钥都为: bArr = b.h().getBytes();
b是导入的:import i.s.b.a.b;、
=============先去找b.c:
public static String b() {
return new String(Base64.decodeBase64("MDE3MzMyMjk5MzU5OTA0NDEwMTY1MjQ4NTc3NDYzNzI=".getBytes()));
}
==============再去找b.h
package i.s.b.a;
import android.text.TextUtils;
import com.touchtv.internetSDK.Environment;
import com.touchtv.internetSDK.TouchtvInternet;
import com.touchtv.internetSDK.network.a;
import org.apache.commons.codec.binary.Base64;
public class b {
public static String a() {
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_QUZHI.value())) {
return f();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_QUJIAN.value())) {
return d();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_TOUCHTV.value())) {
return i();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_MIDOU.value())) {
return b();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_GDSPORT.value())) {
return "";
}
TouchtvInternet.getInstance().getConfig().a().equals(a.ID_COUNTY.value());
return "";
}
public static String b() {
return new String(Base64.decodeBase64("MDE3MzMyMjk5MzU5OTA0NDEwMTY1MjQ4NTc3NDYzNzI=".getBytes()));
}
public static String c() {
return new String(Base64.decodeBase64("T3NpbGdJMFZ6RmNBNGl4MVh4OGNwYU1XM1BWUE9tN1BaWkhMYm1FSjNqUUM5cGs4VTc1T09PdU9NeW14WEtpdA==".getBytes()));
}
public static String d() {
return f();
}
private static String e() {
return g();
}
public static String f() {
return new String(Base64.decodeBase64((TouchtvInternet.getInstance().getConfig().b() == Environment.TEST ? "wNzg0Mzg0ODk4MDc5ODc5MTQ3NDU0Nzk4NzA5NTY0MDY=" : "wNzc1NDMyMjA3NDIxMjM2MzQ0NzA1OTA0MDQwNDMyNzI=").substring(1).getBytes()));
}
private static String g() {
String str = TouchtvInternet.getInstance().getConfig().b() == Environment.TEST ? "kajY3TTBXN2hBbWtDNTFORHYyTTVxWmZpRVE5QnhOaFVaTjhpaDJ4QVRSaTNmUnBKZmE0Y3hUbVdBbnlUaUkwVg==" : "hdjU3eEp4NkJxdWVGOGNPekxVZURGVXd5WWd0M1dDZEFUQWhndks3aGtpeVZGY3lybEF4ZGJUejVNaTVpbFVyUw==";
if (TextUtils.isEmpty(str)) {
return "";
}
return new String(Base64.decodeBase64(str.substring(1, str.length()).getBytes()));
}
public static String h() {
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_QUZHI.value())) {
return g();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_QUJIAN.value())) {
return e();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_TOUCHTV.value())) {
return j();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_MIDOU.value())) {
return c();
}
if (TouchtvInternet.getInstance().getConfig().a().equals(a.ID_GDSPORT.value())) {
return "";
}
TouchtvInternet.getInstance().getConfig().a().equals(a.ID_COUNTY.value());
return "";
}
public static String i() {
return new String(Base64.decodeBase64("MDQwMzkzNjg2NTM1NTQ4NjQxOTQ5MTA2OTEzODk5MjQ=".getBytes()));
}
public static String j() {
return new String(Base64.decodeBase64("cW1pSGVCOWJLZ293SHF4UnYwcHJjMmNQTjJFd1hMMUhPWXUzRFBpWUNjYVl4eXhkRkl5VDVtQWZCbXIwVUtQTw==".getBytes()));
}
}
没啥东西,自己捋一下就都出来了。。。。。。
边栏推荐
- 绝了,这套RESTful API接口设计总结
- JMeter初探五-配置元件与参数化
- The era of Google Maps is over, how to view high-definition satellite image maps?
- Lecture 4 SVN
- shell 定时监控并处理脚本
- Venture DAO Industry Research Report: Macro and Classic Case Analysis, Model Summary, Future Suggestions
- AES/ECB/PKCS5Padding加解密
- When and How to use MALLOC
- What are the basic concepts of performance testing?What knowledge do you need to master to perform performance testing?
- 本体开发日记05-努力理解SWRL(上)
猜你喜欢
随机推荐
教你如何免费获取0.1米高精度卫星地图
软件测试面试思路技巧和方法分享,学到就是赚到
Lecture 4 SVN
使用Protege4和CO-ODE工具构建OWL本体的实用指南-1.3版本(7.4 Annotation Properties-注释属性)
Teach you how to get a 0.1-meter high-precision satellite map for free
这12个GIS软件一个比一个好用
【Harmony OS】【ArkUI】ets开发 简易视频播放器
奥维地图电脑端手机端不能用了,有没有可替代的地图工具
【环境搭建】tensorrt
软件测试流程包括哪些内容?测试方法有哪些?
TypeScript简记(一)
MySQL事件_单次事件_定时循环事件
jfinal加载配置文件原理
如何用数组实现环形队列
接口测试的基础流程和用例设计方法你知道吗?
C语言单、双引号的区别
MySQL查漏补缺(三) 计算字段
MySQL查漏补缺(二)排序检索、过滤数据、模糊查询、正则表达式
swap交换分区
游戏测试的概念是什么?测试方法和流程有哪些?