唯品会 unidbg 补环境 分析
声明:
本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!
逆向分析
unidbg整合springboot太多坑了,被静态资源坑了,没有报错代码也没问题但是加密一直不通过,把整个项目静态资源重新改了才可以正确加密。
部分代码
@Service("weipinhui")
public class WeiPinHui extends AbstractJni{
private final AndroidEmulator emulator;
private final VM vm;
// 包名
private final String processName = "com.achievo.vipshop";
// apk 地址
private final String packagePath = "lib/wph/wph.apk";
// so 名称, 要去掉 lib 和 .so
private final String libraryName = "lib/wph/libkeyinfo.so";
// jni 类名
private final String jniClassName = "com.vip.vcsp.KeyInfo";
// 调试信息
private final Boolean verbose = true;
// jni 模块
private final DvmClass Module;
private File apkFile;
private File soFile;
public String getSign(TreeMap<String,String> map){
DvmClass keyInfo = vm.resolveClass("com/vip/vcsp/KeyInfo");
DvmObject<?> contextObj = vm.resolveClass("android/content/Context").newObject(null);
// TreeMap<String, String> map = new TreeMap<>();
// map.put("api_key", "aaaa");
// map.put("app_name", "shop_android");
StringObject dvmObject = keyInfo.callStaticJniMethodObject(emulator,
"gsNav(Landroid/content/Context;Ljava/util/TreeMap;Ljava/lang/String;Ljava/lang/Boolean;)Ljava/lang/String;",
contextObj,
ProxyDvmObject.createObject(vm, map),
null,
false
);
return dvmObject.getValue();
}
public WeiPinHui() throws IOException {
// 生成临时 APK 文件
File apkFile = TempFileUtils.createTempFileFromResource(packagePath);
// 生成临时 SO 文件
File soFile = TempFileUtils.createTempFileFromResource(libraryName);
emulator = AndroidEmulatorBuilder
.for32Bit()
.addBackendFactory(new Unicorn2Factory(true))
.setProcessName(processName)
.build();
Memory memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(23));
vm = emulator.createDalvikVM(apkFile);
vm.setJni(this);
// vm.setVerbose(verbose);
DalvikModule dm = vm.loadLibrary(soFile, false);
Module = vm.resolveClass(jniClassName);
// System.out.println(Module);
dm.callJNI_OnLoad(emulator);
}
结果
