POST 781K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2G2j5W2)9J5k6h3W2E0L8r3W2S2L8X3q4A6i4K6u0W2j5$3!0E0i4K6u0r3j5$3q4D9L8q4)9J5k6h3c8G2i4K6y4r3j5$3#2V1i4K6y4p5L8h3!0T1K9h3I4W2g2i4y4W2M7W2)9J5k6h3I4G2k6$3W2F1 HTTP/1.1
WbbJnSJh63FYTNGmBk5J+lGOOQ1PzYWveRIJF8F//3Wo576FuH0Kyhb9VG/UpFHkICtAQcQAReUcUYLjsJ4sozorNeprDwcahSJs7D3f2YJFWWNtlwJlqXmwIPHUz0mHPZiJqJJNSYmGr2EsfPHz6FtnagDzHP4eXQlsZMyRKOOrRgyigyTRYQ== JSONObject localJSONObject = new JSONObject();
localJSONObject.put("uid", paramString1);
localJSONObject.put("loginKey", paramString2);
paramString1 = com.a.a.a.f.a.a(localJSONObject.toString()).getBytes();
this.b.a(paramString1);
this.b.c();
return; package com.a.a.a.f;
import com.jni.Jni;
import java.security.Key;
import javax.crypto.spec.IvParameterSpec;
public class a
{
private static final byte[] a = { 1, 2, 3, 4, 5, 6, 7, 8 };
private static final IvParameterSpec b = new IvParameterSpec(a);
private static String c = "hqi/FjjcBxA=";
private static Key d = null;
public static String a(String paramString)
{
return Jni.getInstance().encryptString(paramString);
}
}
package com.jni;
public class Jni
{
private static final int blockLength = 500;
private static String hexString = "0123456789ABCDEF";
private static Jni myJni;
static
{
System.loadLibrary("jni");// jni这个lib中导出getEncryptString函数
}
private native String getEncryptString(String paramString, boolean paramBoolean);
public static Jni getInstance()
{
if (myJni == null) {
myJni = new Jni();
}
return myJni;
}
public String encode(String paramString) // 这个函数的功能是把paramString转换成16进制的数据文本
{
paramString = paramString.getBytes();
StringBuilder localStringBuilder = new StringBuilder(paramString.length * 2);
int i = 0;
for (;;)
{
if (i >= paramString.length) {
return localStringBuilder.toString();
}
localStringBuilder.append(hexString.charAt((paramString[i] & 0xF0) >> 4));
localStringBuilder.append(hexString.charAt((paramString[i] & 0xF) >> 0));
i += 1;
}
}
public String encryptString(String arg9) {
String v0_1;
if(arg9 == null || arg9.length() == 0) {
v0_1 = "";
}
else {
String v2 = this.encode(arg9);//把arg9转换为16进制文本
int v3 = v2.length();
StringBuffer v4 = new StringBuffer();
if(v3 < 500) {
v4.append(this.getEncryptString(v2, true));//通过getEncryptString对字符串编码
}
else {
int v0;
for(v0 = 1; v0 < v3 / 500 + 1; ++v0) {
if(v3 % 500 == 0 && v0 == v3 / 500) {//通过getEncryptString对字符串编码
v4.append(this.getEncryptString(v2.substring((v0 - 1) * 500, v0 * 500), true));
break;
}
//通过getEncryptString对字符串编码
v4.append(this.getEncryptString(v2.substring((v0 - 1) * 500, v0 * 500), false));
}
if(v3 % 500 == 0) {
goto label_14;
}
//通过getEncryptString对字符串编码
v4.append(this.getEncryptString(v2.substring((v0 - 1) * 500, v3), true));
}
label_14:
//getEncryptString("a", true).substring(0,8)做密匙
v0_1 = DESencryption.getEncString(v4.toString(), this.getEncryptString("a", true).substring(
0, 8));
}
return v0_1;
}
int __fastcall Java_com_jni_Jni_getEncryptString(int a1, int a2, int a3, int a4)
{
_JNIEnv *v4; // r5@1
int v5; // r4@1
int v6; // r2@1
const char *input; // r7@1
size_t sizeSInit; // r4@1
_JNIEnv *v9; // r0@2
char *v10; // r1@2
jstring (__cdecl *v11)(JNIEnv *, const char *); // r3@2
int result; // r0@6
char *s; // [sp+0h] [bp-828h]@1
int v14; // [sp+4h] [bp-824h]@1
char dest; // [sp+Ch] [bp-81Ch]@3
int v16; // [sp+80Ch] [bp-1Ch]@1
v4 = a1;
v5 = a3;
v14 = a4;
v16 = _stack_chk_guard;
g_env = a1;
s = initAddStr(); // 获取一段内置的字符串,具体分析看后文
input = jstringTostring(v4, v5, v6); // 转换函数,把java字符串类转换为char *
sizeSInit = strlen(s);
if ( strlen(input) + sizeSInit <= 0x7FF ) // 分两种情况:
// 1、输入字符串长度 + 内置字符串长度 小于等于0x7ff
{
memset(&dest, 0, 0x7FFu);
strcat(&dest, input);
if ( v14 ) // 根据Java传递过来的第二个参数(paramBoolean)选择处理方法
strcat(&dest, s); // 如果第二个参数为true,则追加内置字符串
v9 = v4;
v10 = &dest;
v11 = v4->functions->NewStringUTF;
}
else // 如果第二个参数为false,输入什么就返回什么
{
v9 = v4;
v10 = input;
v11 = v4->functions->NewStringUTF;
}
result = (v11)(v9, v10);
if ( v16 != _stack_chk_guard )
_stack_chk_fail(result);
return result;
}
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
