速痕-原摩圈 APP分析 -CSDN博客

本文链接：https://blog.csdn.net/weixin_38927522/article/details/148900949

version:3.1.0

该app做了一些环境检测，部分越狱或root手机无法打开或闪退

ciphertext算法：

# 时间戳
timeSpan = str(int(time.time()))  # 10位时间戳短位
headers["timestamp"] = timeSpan

# ciphertext算法   随机加密影响不大
cipherBase = "android&"
cipherStr = timeSpan + "androidMQ158000001" + str(random.random()) + str(uuid.uuid4())
print(cipherStr)
cipherLast = hashlib.md5(bytes(cipherStr, encoding="utf8")).hexdigest()
cipherText = base64.b64encode((cipherBase + cipherLast).encode()).decode()
headers["ciphertext"] = cipherText

# sign hmac-sha256算法：

# sign hmac-sha256算法
signStr = "appid=MQ158000001&ciphertext=" + cipherText + "&method=" + method + "&path=" + path + "&timestamp=" + timeSpan
hmac_obj = hmac.new(
    "D4D07E5968CCBB455895BE897A4CAD69".encode('utf-8'),
    signStr.encode('utf-8'),
    hashlib.sha256
)
sign = base64.b64encode(hmac_obj.digest()).decode('utf-8')
headers["sign"] = sign

响应体解密：

hook该方法：

Java.perform(function () {
    let GZIPManager = Java.use("ih1");
    GZIPManager.a.implementation = function(str){
        console.log('a is called：',str);
        let ret = this.a(str);
        console.log('a ret value is： ' + ret);
        return ret;
    };
});