往期文章
安卓逆向 -- 实战某峰窝APP(静态分析)
安卓逆向 -- IDA动态调试
一、启动调试环境
1、启动android-server
./as
2、转发端口
adb forward tcp:23946 tcp:23946
二、启动IDA,加载要调试的SO文件
三、在上节课分析的关键处下断,然后查看相关参数
四、运行起来,触发断点,查看参数
1、setkey:
asfsaADDJF55b262d99cff7cac7459e8&
2、update:
PUT&https%3A%2F%2Fmapi.mafengwo.cn%2Frest%2Fapp%2Fuser%2Flogin%2F&after_style%3Ddefault%26app_code%3Dcom.mfw.roadbook%26app_ver%3D8.1.6%26app_version_code%3D535%26brand%3DAndroid%26channel_id%3DGROWTH-WAP-LC-3%26device_id%3D8c%253A3a%253Ae3%253A97%253A1b%253A8a%26device_type%3Dandroid%26hardware_model%3DAOSP%2520on%2520HammerHead%26mfwsdk_ver%3D20140507%26o_lat%3D36.142714%26o_lng%3D113.761059%26oauth_consumer_key%3D5%26oauth_nonce%3Df061b558-d0c4-446c-b91c-7688d9219be1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1635414450%26oauth_version%3D1.0%26open_udid%3D8c%253A3a%253Ae3%253A97%253A1b%253A8a%26put_style%3Ddefault%26screen_height%3D1776%26screen_scale%3D3.0%26screen_width%3D1080%26sys_ver%3D5.1.1%26time_offset%3D480%26x_auth_mode%3Dclient_auth%26x_auth_password%3D223456%26x_auth_username%3D15836353612
3、base64:
YQRRJRfQbVXBzDA06EKXXvd6lmI=
五、算法验证
var key="asfsaADDJF55b262d99cff7cac7459e8&" var s="PUT&https%3A%2F%2Fmapi.mafengwo.cn%2Frest%2Fapp%2Fuser%2Flogin%2F&after_style%3Ddefault%26app_code%3Dcom.mfw.roadbook%26app_ver%3D8.1.6%26app_version_code%3D535%26brand%3DAndroid%26channel_id%3DGROWTH-WAP-LC-3%26device_id%3D8c%253A3a%253Ae3%253A97%253A1b%253A8a%26device_type%3Dandroid%26hardware_model%3DAOSP%2520on%2520HammerHead%26mfwsdk_ver%3D20140507%26o_lat%3D36.142714%26o_lng%3D113.761059%26oauth_consumer_key%3D5%26oauth_nonce%3Df061b558-d0c4-446c-b91c-7688d9219be1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1635414450%26oauth_version%3D1.0%26open_udid%3D8c%253A3a%253Ae3%253A97%253A1b%253A8a%26put_style%3Ddefault%26screen_height%3D1776%26screen_scale%3D3.0%26screen_width%3D1080%26sys_ver%3D5.1.1%26time_offset%3D480%26x_auth_mode%3Dclient_auth%26x_auth_password%3D223456%26x_auth_username%3D15836353612" console.log(CryptoJS.HmacSHA1(s,key).toString()) console.log(CryptoJS.HmacSHA1(s,key).toString(CryptoJS.enc.Base64)) 运行结果: YQRRJRfQbVXBzDA06EKXXvd6lmI=
禁止非法,后果自负