[求助]阿里系x-signature加密方法逆向-Android安全-看雪-安全社区|安全招聘|kanxue.com

[求助]阿里系x-signature加密方法逆向

发表于: 2024-6-18 13:35 5569

[求助]阿里系x-signature加密方法逆向

会飞的蛋蛋面

2024-6-18 13:35

5569

最近在抓包X里云盘的x-signature-v2，发现最终是由ISecureSignatureComponent.signRequest生成的

@Nullable
    public final String signString(@NotNull String appKey, @NotNull String needSignString) {
        Intrinsics.checkNotNullParameter(appKey, "appKey");
        Intrinsics.checkNotNullParameter(needSignString, "needSignString");
        // 签名方法
        ISecureSignatureComponent secureSignatureComp = SecurityGuardManager.getInstance(AppContext.INSTANCE.get()).getSecureSignatureComp();
        HashMap hashMap = new HashMap();
        hashMap.put("INPUT", needSignString);
        SecurityGuardParamContext securityGuardParamContext = new SecurityGuardParamContext();
        securityGuardParamContext.appKey = appKey;
        securityGuardParamContext.paramMap = hashMap;
        securityGuardParamContext.requestType = 3;
        try {
            return secureSignatureComp.signRequest(securityGuardParamContext, "");
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

package com.alibaba.wireless.security.open.securesignature;
 
import com.alibaba.wireless.security.framework.InterfacePluginInfo;
import com.alibaba.wireless.security.open.IComponent;
import com.alibaba.wireless.security.open.SecException;
import com.alibaba.wireless.security.open.SecurityGuardParamContext;
 
@InterfacePluginInfo(pluginName = "main")
/* loaded from: classes11.dex */
public interface ISecureSignatureComponent extends IComponent {
    String getSafeCookie(String str, String str2, String str3) throws SecException;
 
    String signRequest(SecurityGuardParamContext securityGuardParamContext, String str) throws SecException;
}

但是ISecureSignatureComponent在静态分析里找不到实现类，frida hook signString方法打印ISecureSignatureComponent实现类名是а.а.а.а.а.з.а，是否意味着实现类是动态创建并且混淆了，该如何破局，大佬们给点丝路

Java.perform(() => {
    let SecurityGuardHelper = Java.use("com.alicloud.common.securityguard.SecurityGuardHelper");
    let Companion = Java.use("com.alicloud.databox.library.AppContext").Companion;
    let SecurityGuardManager = Java.use("com.alibaba.wireless.security.open.SecurityGuardManager");
    SecurityGuardHelper["signString"].implementation = function (appKey, needSignString) {
        let secureSignatureComp = SecurityGuardManager.getInstance(Companion.value.get()).getSecureSignatureComp();
 
        // 打印 secureSignatureComp 的具体实现类和地址
        console.log("secureSignatureComp class: " + secureSignatureComp.$className);
 
        return this["signString"](appKey, needSignString);
    };
});

APK链接: c43K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6H3j5h3&6Q4x3X3g2T1j5h3W2V1N6g2)9J5k6h3y4G2L8g2)9J5c8Y4y4Q4x3V1j5I4x3i4q4f1N6g2k6Q4y4h3k6%4M7s2c8d9j5#2j5@1M7@1b7$3M7r3&6Q4x3X3c8D9L8f1q4Q4x3@1k6H3N6$3c8Q4x3@1c8K6K9h3N6F1 提取码: sign

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

#逆向分析

收藏・2

免费・0

支持

最新回复 (7)
mb_ldbucrik 雪币： 5 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 346 粉丝 3 关注私信	mb_ldbucrik 2 楼可以试试用真实的类hook试试 2024-6-18 17:31 0
会飞的蛋蛋面雪币： 20 活跃值： (87) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 2 粉丝 0 关注私信	会飞的蛋蛋面 3 楼 mb_ldbucrik 可以试试用真实的类hook试试可以hook到真实的类，signRequest native，但是怎么追到是哪个so，遍历了所有so的expoet也遍历不到这个方法，求教 2024-6-20 12:44 0
小堆雪币： 3134 活跃值： (1227) 能力值： ( LV5，RANK：70 ) 在线值：发帖 5 回帖 24 粉丝 33 关注私信	小堆 1 4 楼这不是阿里的libsgmain吗？ 2024-6-20 13:44 0
菜鸟泽雪币： 628 能力值： ( LV1，RANK：0 ) 在线值：发帖 1 回帖 12 粉丝 7 关注私信	菜鸟泽 5 楼会飞的蛋蛋面可以hook到真实的类，signRequest native，但是怎么追到是哪个so，遍历了所有so的expoet也遍历不到这个方法，求教可能是动态注册的吧？试试hook一下？ 2024-6-20 14:42 0
mb_wcefwdph 雪币： 200 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 1 粉丝 0 关注私信	mb_wcefwdph 6 楼楼主成功了吗，我也是卡到了这一步，根据帖子416K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3f1#2x3Y4m8G2K9X3W2W2i4K6u0W2j5$3&6Q4x3V1k6X3L8%4u0#2L8g2)9J5k6i4m8Z5M7q4)9K6c8X3#2G2k6q4)9K6c8s2k6A6k6i4N6@1K9s2u0W2j5h3c8Q4x3U0k6S2L8i4m8Q4x3@1u0@1K9h3c8Q4x3@1b7I4y4o6V1I4x3K6p5&6i4@1f1#2i4@1u0q4i4K6V1%4i4@1f1%4i4K6W2r3i4@1p5#2i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1u0r3i4K6V1&6i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1#2i4@1p5#2i4@1u0p5i4@1f1#2i4K6R3K6i4K6S2r3i4@1f1#2i4K6W2o6i4@1p5^5L8r3W2T1M7$3N6E0j5h3W2F1i4K6u0W2M7$3!0Q4c8e0c8Q4b7U0S2Q4b7f1b7`. 2024-8-1 15:31 0
mb_gmamdgrr 雪币： 0 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 4 粉丝 0 关注私信	mb_gmamdgrr 7 楼可以参考这个文章 d7eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2B7K9h3q4F1M7$3S2#2i4K6u0W2j5$3!0E0i4K6u0r3M7q4)9J5c8X3f1@1x3K6V1#2j5U0b7&6x3o6V1@1j5g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0g2Q4b7U0m8Q4b7U0q4Q4c8e0g2Q4z5f1y4Q4b7e0S2D9K9h3u0K6k6$3#2S2K9h3&6Q4x3X3g2K6L8#2!0q4z5g2)9^5y4#2)9^5b7#2!0q4y4q4!0n7b7g2)9^5y4W2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0S2Q4b7V1k6Q4z5e0S2Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0g2Q4z5p5k6Q4z5o6u0Q4c8e0S2Q4z5o6m8Q4z5o6y4Z5N6s2c8H3M7#2)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0M7$3c8F1i4K6u0W2L8X3g2@1i4K6u0r3N6$3g2A6P5r3W2F1i4K6g2X3y4o6b7H3z5o6b7$3x3o6u0Q4x3V1k6S2M7Y4c8A6j5$3I4W2i4K6u0r3k6r3g2@1j5h3W2D9M7#2)9J5c8U0p5J5y4U0V1J5x3K6t1J5x3g2!0q4z5q4!0n7c8W2)9&6z5g2!0q4y4#2!0m8c8W2)9^5y4#2!0q4y4W2)9&6y4W2)9^5y4#2!0q4y4#2!0m8b7W2!0m8x3q4)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0N6Q4z5f1k6Q4b7e0g2Q4c8e0W2Q4z5o6q4Q4z5e0y4v1e0V1W2o6e0r3W2T1M7X3q4J5P5g2)9J5k6h3c8G2b7$3!0E0L8h3q4F1k6p5&6S2N6r3W2$3k6g2!0q4y4W2)9&6y4W2!0n7z5g2!0q4y4W2!0n7x3#2)9&6y4b7`.`. 2024-11-14 14:20 0
mb_gmamdgrr 雪币： 0 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 4 粉丝 0 关注私信	mb_gmamdgrr 8 楼还可以参考2dfK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8V1q4H3K9g2)9#2k6X3S2W2P5q4)9J5c8X3q4J5N6r3W2U0L8r3g2Q4x3V1k6V1k6i4c8S2K9h3I4K6i4K6u0r3x3e0x3^5x3e0t1^5y4K6R3$3i4K6t1$3L8X3u0K6M7q4)9K6b7W2!0q4z5q4!0n7c8W2)9&6z5g2!0q4y4#2!0m8c8W2)9^5y4#2!0q4y4W2)9&6y4W2)9^5y4#2!0q4y4#2!0m8b7W2!0m8x3q4!0q4c8W2!0n7b7#2)9^5b7#2!0q4z5g2)9&6c8q4)9&6c8g2!0q4y4g2!0n7z5q4!0n7z5q4!0q4y4g2!0m8y4g2!0n7c8q4!0q4x3#2)9^5x3q4)9^5x3W2!0q4z5q4)9^5x3#2!0n7c8q4!0q4y4W2)9^5z5g2!0n7c8g2!0q4y4g2)9^5z5q4!0n7x3p5A6z5d9f1y4x3K9h3u0J5j5i4u0&6i4@1f1%4i4@1t1I4i4@1u0n7i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1%4i4K6W2o6i4K6W2r3i4@1f1$3i4@1q4p5i4@1p5K6i4@1f1#2i4@1q4q4i4K6W2q4i4@1f1%4i4K6S2q4i4@1t1H3i4@1f1K6i4K6R3H3i4K6R3J5 2024-11-14 18:13 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

会飞的蛋蛋面

发帖

回帖

RANK

关注

私信

他的文章

[求助]阿里系x-signature加密方法逆向 5570

关于我们

联系我们

企业服务

看雪公众号

最新回复 (7)
mb_ldbucrik 雪币： 5 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 346 粉丝 3 关注私信	mb_ldbucrik 2 楼可以试试用真实的类hook试试 2024-6-18 17:31 0
会飞的蛋蛋面雪币： 20 活跃值： (87) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 2 粉丝 0 关注私信	会飞的蛋蛋面 3 楼 mb_ldbucrik 可以试试用真实的类hook试试可以hook到真实的类，signRequest native，但是怎么追到是哪个so，遍历了所有so的expoet也遍历不到这个方法，求教 2024-6-20 12:44 0
小堆雪币： 3134 活跃值： (1227) 能力值： ( LV5，RANK：70 ) 在线值：发帖 5 回帖 24 粉丝 33 关注私信	小堆 1 4 楼这不是阿里的libsgmain吗？ 2024-6-20 13:44 0
菜鸟泽雪币： 628 能力值： ( LV1，RANK：0 ) 在线值：发帖 1 回帖 12 粉丝 7 关注私信	菜鸟泽 5 楼会飞的蛋蛋面可以hook到真实的类，signRequest native，但是怎么追到是哪个so，遍历了所有so的expoet也遍历不到这个方法，求教可能是动态注册的吧？试试hook一下？ 2024-6-20 14:42 0
mb_wcefwdph 雪币： 200 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 1 粉丝 0 关注私信	mb_wcefwdph 6 楼楼主成功了吗，我也是卡到了这一步，根据帖子416K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3f1#2x3Y4m8G2K9X3W2W2i4K6u0W2j5$3&6Q4x3V1k6X3L8%4u0#2L8g2)9J5k6i4m8Z5M7q4)9K6c8X3#2G2k6q4)9K6c8s2k6A6k6i4N6@1K9s2u0W2j5h3c8Q4x3U0k6S2L8i4m8Q4x3@1u0@1K9h3c8Q4x3@1b7I4y4o6V1I4x3K6p5&6i4@1f1#2i4@1u0q4i4K6V1%4i4@1f1%4i4K6W2r3i4@1p5#2i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1u0r3i4K6V1&6i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1#2i4@1p5#2i4@1u0p5i4@1f1#2i4K6R3K6i4K6S2r3i4@1f1#2i4K6W2o6i4@1p5^5L8r3W2T1M7$3N6E0j5h3W2F1i4K6u0W2M7$3!0Q4c8e0c8Q4b7U0S2Q4b7f1b7`. 2024-8-1 15:31 0
mb_gmamdgrr 雪币： 0 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 4 粉丝 0 关注私信	mb_gmamdgrr 7 楼可以参考这个文章 d7eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2B7K9h3q4F1M7$3S2#2i4K6u0W2j5$3!0E0i4K6u0r3M7q4)9J5c8X3f1@1x3K6V1#2j5U0b7&6x3o6V1@1j5g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0g2Q4b7U0m8Q4b7U0q4Q4c8e0g2Q4z5f1y4Q4b7e0S2D9K9h3u0K6k6$3#2S2K9h3&6Q4x3X3g2K6L8#2!0q4z5g2)9^5y4#2)9^5b7#2!0q4y4q4!0n7b7g2)9^5y4W2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0S2Q4b7V1k6Q4z5e0S2Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0g2Q4z5p5k6Q4z5o6u0Q4c8e0S2Q4z5o6m8Q4z5o6y4Z5N6s2c8H3M7#2)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0M7$3c8F1i4K6u0W2L8X3g2@1i4K6u0r3N6$3g2A6P5r3W2F1i4K6g2X3y4o6b7H3z5o6b7$3x3o6u0Q4x3V1k6S2M7Y4c8A6j5$3I4W2i4K6u0r3k6r3g2@1j5h3W2D9M7#2)9J5c8U0p5J5y4U0V1J5x3K6t1J5x3g2!0q4z5q4!0n7c8W2)9&6z5g2!0q4y4#2!0m8c8W2)9^5y4#2!0q4y4W2)9&6y4W2)9^5y4#2!0q4y4#2!0m8b7W2!0m8x3q4)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0N6Q4z5f1k6Q4b7e0g2Q4c8e0W2Q4z5o6q4Q4z5e0y4v1e0V1W2o6e0r3W2T1M7X3q4J5P5g2)9J5k6h3c8G2b7$3!0E0L8h3q4F1k6p5&6S2N6r3W2$3k6g2!0q4y4W2)9&6y4W2!0n7z5g2!0q4y4W2!0n7x3#2)9&6y4b7`.`. 2024-11-14 14:20 0
mb_gmamdgrr 雪币： 0 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 4 粉丝 0 关注私信	mb_gmamdgrr 8 楼还可以参考2dfK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8V1q4H3K9g2)9#2k6X3S2W2P5q4)9J5c8X3q4J5N6r3W2U0L8r3g2Q4x3V1k6V1k6i4c8S2K9h3I4K6i4K6u0r3x3e0x3^5x3e0t1^5y4K6R3$3i4K6t1$3L8X3u0K6M7q4)9K6b7W2!0q4z5q4!0n7c8W2)9&6z5g2!0q4y4#2!0m8c8W2)9^5y4#2!0q4y4W2)9&6y4W2)9^5y4#2!0q4y4#2!0m8b7W2!0m8x3q4!0q4c8W2!0n7b7#2)9^5b7#2!0q4z5g2)9&6c8q4)9&6c8g2!0q4y4g2!0n7z5q4!0n7z5q4!0q4y4g2!0m8y4g2!0n7c8q4!0q4x3#2)9^5x3q4)9^5x3W2!0q4z5q4)9^5x3#2!0n7c8q4!0q4y4W2)9^5z5g2!0n7c8g2!0q4y4g2)9^5z5q4!0n7x3p5A6z5d9f1y4x3K9h3u0J5j5i4u0&6i4@1f1%4i4@1t1I4i4@1u0n7i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1%4i4K6W2o6i4K6W2r3i4@1f1$3i4@1q4p5i4@1p5K6i4@1f1#2i4@1q4q4i4K6W2q4i4@1f1%4i4K6S2q4i4@1t1H3i4@1f1K6i4K6R3H3i4K6R3J5 2024-11-14 18:13 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复