首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[原创]某大厂生鲜超市加密协议分析
发表于: 2021-11-18 20:24 14649

[原创]某大厂生鲜超市加密协议分析

灵风_spirit 活跃值
2021-11-18 20:24
14649

Charles

关于charles的使用可翻阅我之前的charles专题文章

Nexus 5x

郑重声明,本文只分享思路,不做它用,为保护案例商家安全隐私,敏感信息用xxx代替

curl
所有接口调用url均为77dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0L8$3I4G2N6i4u0Q4x3X3g2^5P5s2S2^5P5s2S2^5i4K6u0W2j5$3!0E0i4K6u0r3j5i4m8A6, 通过postbody参数functionId控制获取具体的数据

postBody URL解码后

接口正确返回 responseBody

接口错误返回:接口有调用时效,会检测时间戳参数t,时效性为五分钟,五分钟后再次调用返回异常

接口分析得知,有三个加密参数 sign eu fv

jadx-反编译

frida+objection 动态调试

sign从字符串特征和长度来看,看起来像sha256

jadx打开apk搜索关键字“HmacSha256”,看到加密HmacSha256搜选出多个

image-20211118200626723

frida+objection跟踪调用入参

需要objection个个追踪然后和抓包得到的sign比对,最终确定调用的为 com.xxx.common.http.GatewaySignatureHelper.HMACSHA256
image-20211118200712661

image-20211118200745887

objection追踪

--dump-backtrace追踪调用方法栈

上游重要的方法为这三个:
com.xxx.common.http.GatewaySignatureHelper.HMACSHA256(Native Method)
com.xxx.common.http.GatewaySignatureHelper.signature(TbsSdkJava:60)
com.xxx.common.http.HttpRequest.paramHandler(TbsSdkJava:108)

追signature

多次触发抓包发现调用的是以下方法

多次触发调用后,可确定第二个参数str是加密盐值,且为恒定值:fa5010c35exxxxxxx40060d65d3f3801
第一个参数是map,objection只显示为[object Object],无法显示其具体kv内容
写个frida hook脚本将map kv打印出来

但很遗憾,有反注入检测,执行后app直接重启
也没关系,用笨办法试一下,将postbodyStr按&切开后组装成map,调用signature看看得到的sign是否一致,或者相差多少

好家伙,运行后发现sign和接口抓包的一毛一样
说明postBody中所有的参数都参与了sign的运算,换句话说sign参数是postBody参数构造的最后一步。

这两个一致在变化,应该也是加密
搜下代码

image-20211118201231262
有多个,xxxcrashreport像是崩溃报告类,排除。其他的一个一个watch追吧

定位到

image-20211118201321979

image-20211118201401263
image-20211118201438690

由于eu和fv一致变化,猜测androidId是随机的,即调用了getRandomString方法,此可以通过hook证明确实调用了getRandomString
image-20211118201513898
eu和fv的加工
image-20211118201546631
对象EncryptResult只是个简单的封装,含有eu和fv两个参数
那么java很好还原,做做变体即可。
用到的HexUtils如下,还原时照抄就好了
image-20211118201621038

 
 
curl -H 'Host: colour.xxxxxxx.com' -H 'x-mlaas-at: wl=0' -H 'user-agent: xxxxxxxapp_android' -H 'content-type: application/x-www-form-urlencoded; charset=utf-8' --data-binary "commonExtend=&loginType=4&sign=b6beeee33ad4142cc54f3e55a045fbb1c70ecdfdbffa985b559cc36797d20357&screen=1794*1080&d_brand=LGE&body=%7B%22commonExtend%22%3A%22%22%2C%22data%22%3A%7B%22lon%22%3A%22120.02877%22%2C%22lat%22%3A%223x.278442%22%7D%2C%22appName%22%3A%22xxxxxxx%22%2C%22screen%22%3A%221794*1080%22%2C%22lon%22%3A%221xx.143936%22%2C%22platformId%22%3A%221%22%2C%22clientVersion%22%3A%223.6.4%22%2C%22storeId%22%3A%22232686%22%2C%22recommendSwitch%22%3A%22true%22%2C%22eu%22%3A%2275B6364667C69667%22%2C%22fv%22%3A%220333461727947597%22%2C%22osVersion%22%3A%228.1.0%22%2C%22partner%22%3A%22huawei%22%2C%22v%22%3A2%2C%22tenantId%22%3A%221%22%2C%22client%22%3A%22android%22%2C%22clientVersionBuild%22%3A%222110251117%22%2C%22model%22%3A%22Nexus5X%22%2C%22networkType%22%3A%22wifi%22%2C%22brand%22%3A%22LGE%22%2C%22lat%22%3A%223x.323437%22%7D&clientVersion=3.6.4&eu=75B6364667C69667&fv=0333461727947597&d_model=Nexus5X&functionId=xxxxxxx_platform_address_getPosition&t=1636957653670&partner=huawei&osVersion=8.1.0&build=2110251117&appid=****fresh_APP&client=xxxxxxx_android&lang=zh_CN&networkType=wifi" --compressed 'a17K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0L8$3I4G2N6i4u0Q4x3X3g2^5P5s2S2^5P5s2S2^5i4K6u0W2j5$3!0E0i4K6u0r3j5i4m8A6i4K6t1%4
curl -H 'Host: colour.xxxxxxx.com' -H 'x-mlaas-at: wl=0' -H 'user-agent: xxxxxxxapp_android' -H 'content-type: application/x-www-form-urlencoded; charset=utf-8' --data-binary "commonExtend=&loginType=4&sign=b6beeee33ad4142cc54f3e55a045fbb1c70ecdfdbffa985b559cc36797d20357&screen=1794*1080&d_brand=LGE&body=%7B%22commonExtend%22%3A%22%22%2C%22data%22%3A%7B%22lon%22%3A%22120.02877%22%2C%22lat%22%3A%223x.278442%22%7D%2C%22appName%22%3A%22xxxxxxx%22%2C%22screen%22%3A%221794*1080%22%2C%22lon%22%3A%221xx.143936%22%2C%22platformId%22%3A%221%22%2C%22clientVersion%22%3A%223.6.4%22%2C%22storeId%22%3A%22232686%22%2C%22recommendSwitch%22%3A%22true%22%2C%22eu%22%3A%2275B6364667C69667%22%2C%22fv%22%3A%220333461727947597%22%2C%22osVersion%22%3A%228.1.0%22%2C%22partner%22%3A%22huawei%22%2C%22v%22%3A2%2C%22tenantId%22%3A%221%22%2C%22client%22%3A%22android%22%2C%22clientVersionBuild%22%3A%222110251117%22%2C%22model%22%3A%22Nexus5X%22%2C%22networkType%22%3A%22wifi%22%2C%22brand%22%3A%22LGE%22%2C%22lat%22%3A%223x.323437%22%7D&clientVersion=3.6.4&eu=75B6364667C69667&fv=0333461727947597&d_model=Nexus5X&functionId=xxxxxxx_platform_address_getPosition&t=1636957653670&partner=huawei&osVersion=8.1.0&build=2110251117&appid=****fresh_APP&client=xxxxxxx_android&lang=zh_CN&networkType=wifi" --compressed 'a17K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0L8$3I4G2N6i4u0Q4x3X3g2^5P5s2S2^5P5s2S2^5i4K6u0W2j5$3!0E0i4K6u0r3j5i4m8A6i4K6t1%4
commonExtend=&loginType=4&sign=b6beeee33ad4142cc54f3e55a045fbb1c70ecdfdbffa985b559cc36797d20357&screen=1794*1080&d_brand=LGE&body={"commonExtend":"","data":{"lon":"xxx.02877","lat":"xx.278442"},"appName":"xxxxxxx","screen":"1794*1080","lon":"xxx.143936","platformId":"1","clientVersion":"3.6.4","storeId":"232686","recommendSwitch":"true","eu":"75B6364667C69667","fv":"0333461727947597","osVersion":"8.1.0","partner":"huawei","v":2,"tenantId":"1","client":"android","clientVersionBuild":"2110251117","model":"Nexus5X","networkType":"wifi","brand":"LGE","lat":"xx.323437"}&clientVersion=3.6.4&eu=75B6364667C69667&fv=0333461727947597&d_model=Nexus5X&functionId=xxxxxxx_platform_address_getPosition&t=1636957653670&partner=huawei&osVersion=8.1.0&build=2110251117&appid=****fresh_APP&client=xxxxxxx_android&lang=zh_CN&networkType=wifi
commonExtend=&loginType=4&sign=b6beeee33ad4142cc54f3e55a045fbb1c70ecdfdbffa985b559cc36797d20357&screen=1794*1080&d_brand=LGE&body={"commonExtend":"","data":{"lon":"xxx.02877","lat":"xx.278442"},"appName":"xxxxxxx","screen":"1794*1080","lon":"xxx.143936","platformId":"1","clientVersion":"3.6.4","storeId":"232686","recommendSwitch":"true","eu":"75B6364667C69667","fv":"0333461727947597","osVersion":"8.1.0","partner":"huawei","v":2,"tenantId":"1","client":"android","clientVersionBuild":"2110251117","model":"Nexus5X","networkType":"wifi","brand":"LGE","lat":"xx.323437"}&clientVersion=3.6.4&eu=75B6364667C69667&fv=0333461727947597&d_model=Nexus5X&functionId=xxxxxxx_platform_address_getPosition&t=1636957653670&partner=huawei&osVersion=8.1.0&build=2110251117&appid=****fresh_APP&client=xxxxxxx_android&lang=zh_CN&networkType=wifi
{
    "code": "0",
    "success": true,
    "msg": null,
    "data": {
        "success": true,
        "businessCode": 0,
        "msg": null,
        "type": 1,
        "locationInfo": {
            "addressExt": "浙江xxxxxxx",
            "addressSummary": "浙江省xxx",
            "storeId": null,
            "lat": "xx.27x442",
            "lon": "xxx.02x77",
            "testShop": false
        },
        "defaultAddress": null,
        "tenantShopInfoList": [{
            "storeId": 232xxx,
            "storeName": "华东****鲜云超",
            "storeAddress": "江东中路与江东门北街交汇处",
            "promiseInfo": "最快30分钟达 | 230.96KM",
            "tenantDesc": "",
            "businessInfo": "",
            "tenantInfo": {
                "tenantId": 1,
                "tenantName": "****鲜",
                "bigLogo": "bf0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1y4o6R3$3y4q4)9J5c8U0t1$3i4K6u0r3z5e0p5#2x3#2)9J5c8U0t1%4x3o6p5I4i4K6u0r3y4h3j5$3j5h3f1#2x3o6N6q4z5h3c8X3j5K6V1$3j5e0g2Q4x3V1k6X3j5K6u0X3y4e0S2V1y4K6N6T1j5$3u0X3x3X3y4V1i4K6u0W2M7r3&6Y4",
                "smallLogo": "f46K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3K6f1@1z5q4)9J5c8U0S2Q4x3V1j5I4x3K6x3K6y4g2)9J5c8U0j5$3x3U0k6Q4x3V1j5#2k6X3p5@1j5h3k6X3j5V1f1^5y4$3j5@1k6r3g2V1x3#2)9J5c8X3j5@1y4X3t1#2y4K6l9^5x3e0R3I4z5r3b7K6j5X3q4Q4x3X3g2H3L8X3M7`.",
                "circleLogo": "08eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3o6f1H3x3g2)9J5c8U0u0Q4x3V1j5&6x3o6R3#2i4K6u0r3y4U0f1^5z5g2)9J5c8U0g2X3y4X3q4W2y4e0m8T1c8e0l9#2x3o6S2X3y4o6W2U0i4K6u0r3j5h3f1#2x3X3t1I4k6X3x3I4k6r3x3J5j5h3p5#2z5g2)9J5k6i4m8F1k6H3`.`.",
                "contactTel": "4006068768",
                "supportGiftCard": false,
                "supportEmployeeCard": false,
                "supportInvoiceCenter": false,
                "supportBalance": false,
                "clientInfo": null
            },
            "lon": "118.737681",
            "lat": "32.036757",
            "valid": true,
            "freeBuy": false,
            "delivery": false
        }, {
            "storeId": 196243,
            "storeName": "华中****鲜云超",
            "storeAddress": "光谷保利广场",
            "promiseInfo": "最快30分钟达 | 539.52KM",
            "tenantDesc": "",
            "businessInfo": "",
            "tenantInfo": {
                "tenantId": 1,
                "tenantName": "****鲜",
                "bigLogo": "ea3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1y4o6R3$3y4q4)9J5c8U0t1$3i4K6u0r3z5e0p5#2x3#2)9J5c8U0t1%4x3o6p5I4i4K6u0r3y4h3j5$3j5h3f1#2x3o6N6q4z5h3c8X3j5K6V1$3j5e0g2Q4x3V1k6X3j5K6u0X3y4e0S2V1y4K6N6T1j5$3u0X3x3X3y4V1i4K6u0W2M7r3&6Y4",
                "smallLogo": "863K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3K6f1@1z5q4)9J5c8U0S2Q4x3V1j5I4x3K6x3K6y4g2)9J5c8U0j5$3x3U0k6Q4x3V1j5#2k6X3p5@1j5h3k6X3j5V1f1^5y4$3j5@1k6r3g2V1x3#2)9J5c8X3j5@1y4X3t1#2y4K6l9^5x3e0R3I4z5r3b7K6j5X3q4Q4x3X3g2H3L8X3M7`.",
                "circleLogo": "a2dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3o6f1H3x3g2)9J5c8U0u0Q4x3V1j5&6x3o6R3#2i4K6u0r3y4U0f1^5z5g2)9J5c8U0g2X3y4X3q4W2y4e0m8T1c8e0l9#2x3o6S2X3y4o6W2U0i4K6u0r3j5h3f1#2x3X3t1I4k6X3x3I4k6r3x3J5j5h3p5#2z5g2)9J5k6i4m8F1k6H3`.`.",
                "contactTel": "4006068768",
                "supportGiftCard": false,
                "supportEmployeeCard": false,
                "supportInvoiceCenter": false,
                "supportBalance": false,
                "clientInfo": null
            },
            "lon": "114.410486",
            "lat": "30.490744",
            "valid": true,
            "freeBuy": false,
            "delivery": false
        }],
        "nearStore": false,
        "fix": false,
        "fixLat": null,
        "fixLon": null
    },
    "extMap": {}
}
{
    "code": "0",
    "success": true,
    "msg": null,
    "data": {
        "success": true,
        "businessCode": 0,
        "msg": null,
        "type": 1,
        "locationInfo": {
            "addressExt": "浙江xxxxxxx",
            "addressSummary": "浙江省xxx",
            "storeId": null,
            "lat": "xx.27x442",
            "lon": "xxx.02x77",
            "testShop": false
        },
        "defaultAddress": null,
        "tenantShopInfoList": [{
            "storeId": 232xxx,
            "storeName": "华东****鲜云超",
            "storeAddress": "江东中路与江东门北街交汇处",
            "promiseInfo": "最快30分钟达 | 230.96KM",
            "tenantDesc": "",
            "businessInfo": "",
            "tenantInfo": {
                "tenantId": 1,
                "tenantName": "****鲜",
                "bigLogo": "bf0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1y4o6R3$3y4q4)9J5c8U0t1$3i4K6u0r3z5e0p5#2x3#2)9J5c8U0t1%4x3o6p5I4i4K6u0r3y4h3j5$3j5h3f1#2x3o6N6q4z5h3c8X3j5K6V1$3j5e0g2Q4x3V1k6X3j5K6u0X3y4e0S2V1y4K6N6T1j5$3u0X3x3X3y4V1i4K6u0W2M7r3&6Y4",
                "smallLogo": "f46K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3K6f1@1z5q4)9J5c8U0S2Q4x3V1j5I4x3K6x3K6y4g2)9J5c8U0j5$3x3U0k6Q4x3V1j5#2k6X3p5@1j5h3k6X3j5V1f1^5y4$3j5@1k6r3g2V1x3#2)9J5c8X3j5@1y4X3t1#2y4K6l9^5x3e0R3I4z5r3b7K6j5X3q4Q4x3X3g2H3L8X3M7`.",
                "circleLogo": "08eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3o6f1H3x3g2)9J5c8U0u0Q4x3V1j5&6x3o6R3#2i4K6u0r3y4U0f1^5z5g2)9J5c8U0g2X3y4X3q4W2y4e0m8T1c8e0l9#2x3o6S2X3y4o6W2U0i4K6u0r3j5h3f1#2x3X3t1I4k6X3x3I4k6r3x3J5j5h3p5#2z5g2)9J5k6i4m8F1k6H3`.`.",
                "contactTel": "4006068768",
                "supportGiftCard": false,
                "supportEmployeeCard": false,
                "supportInvoiceCenter": false,
                "supportBalance": false,
                "clientInfo": null
            },
            "lon": "118.737681",
            "lat": "32.036757",
            "valid": true,
            "freeBuy": false,
            "delivery": false
        }, {
            "storeId": 196243,
            "storeName": "华中****鲜云超",
            "storeAddress": "光谷保利广场",
            "promiseInfo": "最快30分钟达 | 539.52KM",
            "tenantDesc": "",
            "businessInfo": "",
            "tenantInfo": {
                "tenantId": 1,
                "tenantName": "****鲜",
                "bigLogo": "ea3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1y4o6R3$3y4q4)9J5c8U0t1$3i4K6u0r3z5e0p5#2x3#2)9J5c8U0t1%4x3o6p5I4i4K6u0r3y4h3j5$3j5h3f1#2x3o6N6q4z5h3c8X3j5K6V1$3j5e0g2Q4x3V1k6X3j5K6u0X3y4e0S2V1y4K6N6T1j5$3u0X3x3X3y4V1i4K6u0W2M7r3&6Y4",
                "smallLogo": "863K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3K6f1@1z5q4)9J5c8U0S2Q4x3V1j5I4x3K6x3K6y4g2)9J5c8U0j5$3x3U0k6Q4x3V1j5#2k6X3p5@1j5h3k6X3j5V1f1^5y4$3j5@1k6r3g2V1x3#2)9J5c8X3j5@1y4X3t1#2y4K6l9^5x3e0R3I4z5r3b7K6j5X3q4Q4x3X3g2H3L8X3M7`.",
                "circleLogo": "a2dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6p5J5i4K6u0W2x3K6j5H3j5Y4g2&6K9h3#2Y4i4K6u0W2j5$3!0E0i4K6u0r3k6Y4u0W2M7$3S2S2M7s2m8Q4x3V1k6B7k6Y4y4Q4x3V1k6@1x3g2)9J5c8U0p5@1x3o6f1H3x3g2)9J5c8U0u0Q4x3V1j5&6x3o6R3#2i4K6u0r3y4U0f1^5z5g2)9J5c8U0g2X3y4X3q4W2y4e0m8T1c8e0l9#2x3o6S2X3y4o6W2U0i4K6u0r3j5h3f1#2x3X3t1I4k6X3x3I4k6r3x3J5j5h3p5#2z5g2)9J5k6i4m8F1k6H3`.`.",
                "contactTel": "4006068768",
                "supportGiftCard": false,
                "supportEmployeeCard": false,
                "supportInvoiceCenter": false,
                "supportBalance": false,
                "clientInfo": null
            },
            "lon": "114.410486",
            "lat": "30.490744",
            "valid": true,
            "freeBuy": false,
            "delivery": false
        }],
        "nearStore": false,
        "fix": false,
        "fixLat": null,
        "fixLon": null
    },
    "extMap": {}
}
{"code":"1","echo":"invalid signature"}
{"code":"1","echo":"invalid signature"}
 
 
 
 
 
 
 
android hooking watch class_method com.xxx.common.http.GatewaySignatureHelper.HMACSHA2
56  --dump-args --dump-return --dump-backtrace
android hooking watch class_method com.xxx.common.http.GatewaySignatureHelper.HMACSHA2
56  --dump-args --dump-return --dump-backtrace
(agent) [172759] Called com.xxx.common.http.GatewaySignatureHelper.HMACSHA256([B, [B)
(agent) [172759] Backtrace:
    com.xxx.common.http.GatewaySignatureHelper.HMACSHA256(Native Method)
    com.xxx.common.http.GatewaySignatureHelper.signature(TbsSdkJava:60)
    com.xxx.common.http.HttpRequest.paramHandler(TbsSdkJava:108)
    com.xxx.common.http.HttpRequest.add(TbsSdkJava:9)
    com.xstore.****fresh.modules.search.SearchRequest.getWareInfosIcon(TbsSdkJava:11)
    com.xstore.****fresh.modules.productdetail.utils.GetWareInfoIconUtils.getWareInfoMsg(TbsSdkJava:7)
    com.xstore.****fresh.modules.category.menulist.NewProductCategoryFragment.setListView(TbsSdkJava:34)
    com.xstore.****fresh.modules.category.menulist.NewProductCategoryFragment.initView(TbsSdkJava:32)
    com.xstore.****fresh.modules.category.menulist.NewProductCategoryFragment.onCreateView(TbsSdkJava:3)
    androidx.fragment.app.Fragment.performCreateView(TbsSdkJava:4)
    androidx.fragment.app.FragmentStateManager.createView(TbsSdkJava:15)
    androidx.fragment.app.FragmentStateManager.moveToExpectedState(TbsSdkJava:23)
    androidx.fragment.app.FragmentManager.executeOpsTogether(TbsSdkJava:34)
    androidx.fragment.app.FragmentManager.removeRedundantOperationsAndExecute(TbsSdkJava:10)
    androidx.fragment.app.FragmentManager.execPendingActions(TbsSdkJava:4)
    androidx.fragment.app.FragmentManager$5.run(TbsSdkJava:1)
    android.os.Handler.handleCallback(Handler.java:790)
    android.os.Handler.dispatchMessage(Handler.java:99)
    android.os.Looper.loop(Looper.java:164)
    android.app.ActivityThread.main(ActivityThread.java:6494)
    java.lang.reflect.Method.invoke(Native Method)
    com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
    com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807)
 
(agent) [172759] Arguments com.xxx.common.http.GatewaySignatureHelper.HMACSHA256([object Object], [object Object])
(agent) [172759] Return Value: b196066d6b926a9e032ea9ae1b0a52a048b03ac063ad55bfbc3fca0fe88959c6
(agent) [172759] Called com.xxx.common.http.GatewaySignatureHelper.HMACSHA256([B, [B)
(agent) [172759] Backtrace:
    com.xxx.common.http.GatewaySignatureHelper.HMACSHA256(Native Method)
    com.xxx.common.http.GatewaySignatureHelper.signature(TbsSdkJava:60)
    com.xxx.common.http.HttpRequest.paramHandler(TbsSdkJava:108)
    com.xxx.common.http.HttpRequest.add(TbsSdkJava:9)
    com.xstore.****fresh.modules.search.SearchRequest.getWareInfosIcon(TbsSdkJava:11)
    com.xstore.****fresh.modules.productdetail.utils.GetWareInfoIconUtils.getWareInfoMsg(TbsSdkJava:7)
    com.xstore.****fresh.modules.category.menulist.NewProductCategoryFragment.setListView(TbsSdkJava:34)
    com.xstore.****fresh.modules.category.menulist.NewProductCategoryFragment.initView(TbsSdkJava:32)
    com.xstore.****fresh.modules.category.menulist.NewProductCategoryFragment.onCreateView(TbsSdkJava:3)
    androidx.fragment.app.Fragment.performCreateView(TbsSdkJava:4)
    androidx.fragment.app.FragmentStateManager.createView(TbsSdkJava:15)
    androidx.fragment.app.FragmentStateManager.moveToExpectedState(TbsSdkJava:23)
    androidx.fragment.app.FragmentManager.executeOpsTogether(TbsSdkJava:34)
    androidx.fragment.app.FragmentManager.removeRedundantOperationsAndExecute(TbsSdkJava:10)
    androidx.fragment.app.FragmentManager.execPendingActions(TbsSdkJava:4)
    androidx.fragment.app.FragmentManager$5.run(TbsSdkJava:1)
    android.os.Handler.handleCallback(Handler.java:790)
    android.os.Handler.dispatchMessage(Handler.java:99)
    android.os.Looper.loop(Looper.java:164)
    android.app.ActivityThread.main(ActivityThread.java:6494)
    java.lang.reflect.Method.invoke(Native Method)
    com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
    com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807)
 
(agent) [172759] Arguments com.xxx.common.http.GatewaySignatureHelper.HMACSHA256([object Object], [object Object])
(agent) [172759] Return Value: b196066d6b926a9e032ea9ae1b0a52a048b03ac063ad55bfbc3fca0fe88959c6
 
android hooking watch class_method com.xxx.common.http.GatewaySignatureHelper.signature  --dump-args --dump-return
android hooking watch class_method com.xxx.common.http.GatewaySignatureHelper.signature  --dump-args --dump-return
public static String signature(Map<String, String> map, String str) {
        if (map == null || map.isEmpty() || TextUtils.isEmpty(str)) {
            return null;
        }
        TreeSet treeSet = new TreeSet();
        for (String str2 : map.keySet()) {
            treeSet.add(str2);
        }
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = treeSet.iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            String str3 = map.get(obj);
            if (DEBUG) {
                String str4 = TAG;
                Log.d(str4, "sorted key : " + obj + ", value : " + str3);
            }
            if (!TextUtils.isEmpty(str3)) {
                stringBuffer.append(str3);
                stringBuffer.append("&");
            }
        }
        String stringBuffer2 = stringBuffer.toString();
        if (stringBuffer2.endsWith("&") && stringBuffer2.length() > 1) {
            stringBuffer2 = stringBuffer2.substring(0, stringBuffer2.length() - 1);
        }
        if (DEBUG) {
            String str5 = TAG;
            Log.d(str5, "raw signature param str : " + stringBuffer2);
        }
        return HMACSHA256(strToByteArray(stringBuffer2), strToByteArray(str));
    }
public static String signature(Map<String, String> map, String str) {
        if (map == null || map.isEmpty() || TextUtils.isEmpty(str)) {
            return null;
        }
        TreeSet treeSet = new TreeSet();
        for (String str2 : map.keySet()) {
            treeSet.add(str2);

[培训]科锐逆向工程师培训第53期2025年7月8日开班!

最后于 2021-11-19 10:33 被灵风_spirit编辑 ,原因: 脱敏
收藏
免费 3
支持
分享
最新回复 (4)
雪    币: 890
活跃值: (681)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
位置暴露了,注意屏蔽
2021-11-19 09:56
0
灵风_spirit
雪    币: 589
活跃值: (1727)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
多谢
2021-11-19 10:35
0
灵风_spirit
雪    币: 589
活跃值: (1727)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
位置暴露了,注意屏蔽
多谢
2021-11-19 10:36
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回