声明:
本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!
逆向分析
版本识货8.3
unidbg 跑的。有很多坑用SpringBoot今天又踩了一个新坑。一值报空指针,backException。排错太麻烦了。
@Service("ShiHuo")
public class ShiHuoService extends GlobalJni {private final AndroidEmulator emulator;private final VM vm;// 包名private final String processName = "";// apk 地址private final String packagePath = "lib/shihuo/8.0.apk";// so 名称, 要去掉 lib 和 .soprivate final String libraryName = "l";// jni 类名private final String jniClassName = "com.shihuo.shsecsdk.Enviroment";// 调试信息private final Boolean verbose = true;// jni 模块private File apkFile = TempFileUtils.createTempFileFromResource(packagePath);private File soFile = TempFileUtils.createTempFileFromResource(libraryName);private final Module module = null;public String getSign(String str) {DvmClass cContext = vm.resolveClass("android/content/Context");DvmClass cContextWrapper = vm.resolveClass("android/content/ContextWrapper", cContext);DvmObject<?> ctx = vm.resolveClass("android/app/Application", cContextWrapper).newObject(null);DvmClass env = vm.resolveClass("com/shihuo/shsecsdk/Enviroment");StringObject sign = env.callStaticJniMethodObject(emulator,"nativeParam(Landroid/content/Context;Ljava/lang/String)Ljava/lang/String;",ctx,(StringObject) ProxyDvmObject.createObject(vm, str));return sign.getValue();}public ShiHuoService() throws IOException {// 实例化一个模拟器emulator = AndroidEmulatorBuilder.for32Bit().addBackendFactory(new Unicorn2Factory(true)).setProcessName(processName).build();Memory memory = emulator.getMemory();memory.setLibraryResolver(new AndroidResolver(23));vm = emulator.createDalvikVM(getFileFromClasspath("/lib/shihuo/识货8.0.apk"));vm.setJni(this);
// vm.setVerbose(verbose);DalvikModule dm = vm.loadLibrary(getFileFromClasspath(""), false);dm.callJNI_OnLoad(emulator);}public File getFileFromClasspath(String fileName) {try {ClassPathResource resource = new ClassPathResource(fileName);return resource.getFile();} catch (IOException e) {throw new RuntimeException("Failed to get file from classpath: " + fileName, e);}}}
结果
列表
详情
总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。
