A, goals,
Today our target is this _sign
Second, the steps
Jadx _sign search”
The signature, with its special prefix and suffix, is basically a waving call to me, come to me, come to me, usually to find the right one.
Hashmap. put(KEY__SIGN, apputils.getSignParam (hashMap));
Don’t say anything, fuck him…
objection -g com.lxxx.hxxx.client explore
android hooking watch class 'com.hxx.pushsdk.push.util.AppUtils'
Copy the code
Then click left, click right, and wait for it to trigger the signature function.
A minute goes by, wood reaction?
Didn’t it trigger the page? No, Charles shouted from the front. New signature data appeared.
But there is no object printed.
This App is so crafty that it even sets up fake functions to disturb us.
But there’s only one place in the _sign string.
Take a closer look:
public static final String KEY__SIGN = "_sign";
Copy the code
Jadx search KEY__SIGN
We’re all in the same business. Why would we do that? We’re in the same business
Click to enter com.lxx.hxx.utils.hlljni class
Stop it
android hooking watch class 'com.lxx.hxx.utils.HllJni' (agent) Registering job 576062. Type: watch-class for: Com.lxx.hxx.utils.HllJni # getMD5 com.lxx.hxx.client on (Google: 10) [usb] # (agent) [576062] Called com. LXX. HXX. Utils. HllJni. GetMD5 (Java. Lang. String) # put into arguments and return values of getMD5 print com.lxx.hxx.client on (google: 10) [usb] # android hooking watch class_method 'com.lxx.hxx.utils.HllJni.getMD5' -- dump-args --dump-return (agent) Attempting to watch class com.lxx.hxx.utils.HllJni and method getMD5. (agent) Hooking com.lxx.hxx.utils.HllJni.getMD5(java.lang.String) (agent) [364807] Arguments com.lxx.hxx.utils.HllJni.getMD5(k12rbm8$AKhbuAz$c0jtQ&ru0s3lGW87_su21042519544179910000001177643065_t1619351681app_revis ion6506client_type32token7d0a1248c1d244ac8cc53027a7e4e013kZErbmP$AKhbuAz$c0jtQ&ru0s3l3387) (agent) [364807] Return Value: 3abaecabe9a8af7d37cbcfd41b077982Copy the code
There is only one truth, request inside the _su _t parameter concatenation, and then add fixed characters. Let’s do MD5.
We can call it a day…
Third, summary
Hang out, don’t be too obvious, should hide or hide. In particular, do not add some special characters, otherwise it is a beacon.
In fact, there is no need to envy those positive people, you want to imitate him is impossible, how to do the answer in your heart, many people will ask, I just don’t know what I want, how to do? Find what you want, the first word of this sentence is to find, every time you find tired, tell yourself: I am giving myself a chance.
TIP: The purpose of this article is only one is learning more backward techniques and train of thought, if anyone use this technology to get illegal commercial interests the legal liabilities are their operators, and the author and it doesn’t matter, this paper involves the knowledge of code project can go to my friends to fly star come undone, welcome to join star learn together to explore technology knowledge. Have a problem can add me WX: FENfei331 discussion.
Follow the wechat public account Fenfei safety, the latest technology dry goods real-time push