A, goals,

Today’s target is sig and __NS_sig3, let’s grab a package first

Second, the steps

Sig visually looks like MD5

First jadx search sig=, no result found.

Try sig again, faint 6K more results, suddenly a flash of light, these parameters must be added to the Map, so we search “sig”

CPU. GetClock. Hook

var  signCls = Java.use('com.yxcorp.xxx.util.CPU');
signCls.getClock.implementation = function(a,b,c){
    var result = this.getClock(a,b,c);
    console.log(bytesToString(b));
    console.log(result);

    var stack = threadinstance.currentThread().getStackTrace();
    console.log("Full call stack:" + Where(stack));

    return result;
}
Copy the code

The results were satisfactory:

Input parameters are the parameters in the URL and post sorted and pasted together. Let’s work our way up the stack. Sig appears. __NS_sig3 shouldn’t be far behind.

Jeb is coming on

All the way back to p.c.0. N.Y.V.A. starting to get upset and JADx going on strike

What can I do now? Do you really want to go back and tear smali? Although longer than Arm assembly looks a little bit better, after all, it is also skewed melon split dates.

Ok we have been friends much better road, to new friends Jeb Pro debut 91 fans.com.cn/post/jebtoo…

Jeb is a little bit better than JADX, IDA style, chewing on Apk for several minutes.

Mr. A once said, the more you eat, the more you can do.

With the help of Jeb’s big eaters, we quickly located KSecurity.atlasSign(V0_1)

Nothing more to say, big brother, Hook you:

var IKSecurityExCls = Java.use("com.xxx.android.security.KSecurity");
IKSecurityExCls.atlasSign.implementation = function(a){
    var result = this.atlasSign(a);
    console.log(a + " >>> atlasSignB " + result);
    return result;
}
Copy the code

The results are beautiful:

Third, summary

Development experience is very important, some keywords keyword function positioning needs the help of development experience. Then we all have a few tools at our disposal. Jadx is gone and we still have JEb.