某影视APP算法逆向分析
原创
©著作权归作者所有:来自51CTO博客作者web安全工具库的原创作品,请联系作者获取转载授权,否则将追究法律责任
一、抓取数据包
1、请求头有%加十六进制,说以是url编码,先解密一下
GET http://m.mapps.m1905.cn/User/sendVer?request=jYgPer7AuEqdM+DYqs/AbNb35UrMvjLwt4+f0p3RHXc= HTTP/1.1
2、需要找的数值是requests的组成、pid(常量值)、key、did(设备编号)
GET http://m.mapps.m1905.cn/User/sendVer?request=jYgPer7AuEqdM%2BDYqs%2FAbNb35UrMvjLwt4%2Bf0p3RHXc%3D HTTP/1.1
sid:
pid: 236
key: 69b39cb24632252f7bb891bdb1f0de85
did: 010067028741939
uid:
ver: 100/95/2016020901
User-Agent: Dalvik/2.1.0 (Linux; U; Android 7.1.2; HD1900 Build/N2G47O)
Host: m.mapps.m1905.cn
Connection: Keep-Alive
Accept-Encoding: gzip
二、搜索链接里关键字"User/sendVer"
1、查看aay.b()函数,DESede算法
key:iufles8787rewjk1qkq9dj76,iv:vs0ld7w3
2、由于DESede是对称加密算法,密文是:jYgPer7AuEqdM+DYqs/AbNb35UrMvjLwt4+f0p3RHXc=,可以反推一下得到加密内容为:mobile=15836353612&templateid=1
三、搜索关键字key
1、查看v0.i()函数
public String i() {
return abh.a(abb.c() + "m1905_2014");
}2、查看abb.c()函数,获取设备id
public static String c() {
String v0_2;
try {
TelephonyManager v0_1 = (TelephonyManager)BaseApplication.a().getSystemService("phone");
v0_2 = v0_1 == null ? "" : v0_1.getDeviceId();
}
catch(Exception v0) {
v0_2 = "";
}
return v0_2;
}3、查看abh.a()函数,获取md5值
public class abh {
public static final String a(String arg9) {
int v0 = 0;
if(!TextUtils.isEmpty(arg9)) {
char[] v2 = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
try {
byte[] v1 = arg9.getBytes();
MessageDigest v3 = MessageDigest.getInstance("MD5");
v3.update(v1);
byte[] v3_1 = v3.digest();
char[] v5 = new char[(((int)v1)) * 2];
int v1_1 = 0;
while(v0 < v3_1.length) {
int v6 = v3_1[v0];
int v7 = v7 + 1;
char v8 = v2[v8 >>> 4 & 15];
v5[v1_1] = v8;
++v1_1;
v5[v7] = v2[v6 & 15];
++v0;
}
arg9 = new String(v5);
}
catch(Exception v0_1) {
arg9 = null;
}
}
return arg9;
}
}4、最终就是设备id+m1905_2014,然后再算md5
四、响应值解密
禁止非法,后果自负
欢迎关注公众号:逆向有你
欢迎关注视频号:之乎者也吧
