安卓逆向到这,可以帮忙分析下java代码吗
本帖最后由 nuc.xxy 于 2022-3-23 13:00 编辑问题描述:安卓逆向到这,将app的smile转换成java代码后,这一段看不懂
自我分析:软件的逆向爆破完成,主要就是想分析里面的参数code,pwd怎么来的
问题配图 :代码如下想知道下面这俩参数咋来的
code= + rg_n29612
pwd= + rg_jjml.rg_n29612(rg_jjml.rg_n29612(String.valueOf(this.rg_n40241.GetTextView().getText()).getBytes()).toLowerCase().getBytes()).toLowerCase()
public rg_getquestion() {
this.rg_n40252.rl_xchl1_n27147(new 1(this), 0);
}
public AndroidViewGroup GetAndroidActivityContainer() {
return this.rp_2;
}
protected boolean onInitAndroidActivity() {
if (!super.onInitAndroidActivity()) {
return false;
}
setContentView(2130903041);
this.rp_2 = new rg_xxbjq(this, (LinearLayout) findViewById(2131099659));
this.rp_2.onInitControlContent(this, null);
AndComActivity.rg_n3845(this, 2130837505);
this.rg_n40239 = new rg_xxbjq(this, (LinearLayout) findViewById(2131099660));
this.rg_n40239.onInitControlContent(this, null);
this.rg_n40240 = new rg_bjk(this, (EditText) findViewById(2131099661));
this.rg_n40240.onInitControlContent(this, null);
this.rg_n40240.rg_n6245("作业帮账号");
this.rg_n40241 = new rg_bjk(this, (EditText) findViewById(2131099662));
this.rg_n40241.onInitControlContent(this, null);
this.rg_n40241.rg_n6245("作业帮密码");
this.rg_n40242 = new rg_xxbjq(this, (LinearLayout) findViewById(2131099663));
this.rg_n40242.onInitControlContent(this, null);
this.rg_n40243 = new rg_ann(this, (Button) findViewById(2131099664));
this.rg_n40243.onInitControlContent(this, null);
this.rg_n40243.rl_AndroidView_n4550(new 1(this), 0);
this.rg_n40244 = new rg_ann(this, (Button) findViewById(2131099665));
this.rg_n40244.onInitControlContent(this, null);
this.rg_n40244.rl_AndroidView_n4550(new 1(this), 0);
this.rg_n40245 = new rg_chxk(this, (RadioButton) findViewById(2131099666));
this.rg_n40245.onInitControlContent(this, null);
this.rg_n40245.rl_AndroidView_n4550(new 1(this), 0);
this.rg_n40245.rl_zgannjchl_n6373(new 1(this), 0);
this.rg_n40246 = new rg_xxbjq(this, (LinearLayout) findViewById(2131099667));
this.rg_n40246.onInitControlContent(this, null);
this.rg_n40247 = new rg_ann(this, (Button) findViewById(2131099668));
this.rg_n40247.onInitControlContent(this, null);
this.rg_n40247.rl_AndroidView_n4550(new 1(this), 0);
this.rg_n40248 = new rg_ann(this, (Button) findViewById(2131099669));
this.rg_n40248.onInitControlContent(this, null);
this.rg_n40248.rl_AndroidView_n4550(new 1(this), 0);
this.rg_n40249 = new rg_bjk(this, (EditText) findViewById(2131099670));
this.rg_n40249.onInitControlContent(this, null);
this.rg_n40249.rg_n6285(true);
this.rg_n40249.rg_n4751(true);
return true;
}
public void rg_n12823(Intent intent, Object[] objArr, int i) {
super.rg_n12823(intent, objArr, i);
this.rg_n40250 = rg_dxl.rg_n24205(objArr);
this.rg_n40251 = rg_dxl.rg_n24205(objArr);
this.rg_n40254 = rg_dxl.rg_n24197(objArr);
this.rg_n40240.rg_n6177(this.rg_n40250);
this.rg_n40256 = rg_shychl.rg_n20833(1, 3, 0);
this.rg_n40257 = rg_shychl.rg_n20841(this.rg_n40256, 2131034112, 1);
}
protected int rg_n40268(rg_ann rg_ann, int i) {
if (rg_ann == this.rg_n40243) {
this.rg_n40249.rg_n6177("");
String rg_n29612 = rg_jjml.rg_n29612(String.valueOf(rg_shxysl.rg_n25378(500, 9999)).getBytes());
rg_n29612 = rg_wbxl.rg_n26781(rg_anzhwlczl.rg_n9580("https://wenda.zuoyebang.com/commitui/session/login", 1, "code=" + rg_n29612 + "&userName=" + String.valueOf(this.rg_n40240.GetTextView().getText()) + "&pwd=" + rg_jjml.rg_n29612(rg_jjml.rg_n29612(String.valueOf(this.rg_n40241.GetTextView().getText()).getBytes()).toLowerCase().getBytes()).toLowerCase() + "&fromChannel=wechat&token=" + rg_jjml.rg_n29612(String.valueOf(rg_shxysl.rg_n25378(500, 9999)).getBytes()) + "&mpversion=202012291627", null, null, true, null, 0, 5000, null));
String rg_n32226 = rg_JSONgjl.rg_n32226(rg_n29612, "errStr", "");
if (rg_n32226.equals("success")) {
this.rg_n40258 = rg_JSONgjl.rg_n32226(rg_JSONgjl.rg_n32226(rg_n29612, "data", ""), "token", "");
if (this.rg_n40254 != 871295) {
rg_n29612 = "nb";
}
rg_yychx.rg_n1655("登录账号成功" + this.rg_n40258, false);
rg_n29612 = rg_wbxl.rg_n26781(rg_anzhwlczl.rg_n9580("https://wenda.zuoyebang.com/rui/teacher/getuserinfo", 1, "token=" + this.rg_n40258, null, null, true, null, 0, 5000, null));
rg_n32226 = rg_JSONgjl.rg_n32226(rg_JSONgjl.rg_n32226(rg_n29612, "data", ""), "userId", "");
String rg_n322262 = rg_JSONgjl.rg_n32226(rg_JSONgjl.rg_n32226(rg_n29612, "data", ""), "grade", "");
String rg_n322263 = rg_JSONgjl.rg_n32226(rg_JSONgjl.rg_n32226(rg_n29612, "data", ""), "subject", "");
this.rg_n40262 = "https://wenda.zuoyebang.com/static/wx_web/#detail?token=" + this.rg_n40258 + "&uid=" + rg_n32226 + "&openid=undefined&user_id=undefined&grade=" + rg_n322262 + "&course=" + rg_n322263 + "&vendorId=" + rg_JSONgjl.rg_n32226(rg_JSONgjl.rg_n32226(rg_n29612, "data", ""), "vendorId", "") + "&user_type=2&isIphoneX=false&temp=";
} else {
rg_yychx.rg_n1655(rg_n32226, false);
this.rg_n40249.rg_n6302(rg_n32226);
}
}
if (rg_ann == this.rg_n40247) {
this.rg_n40253 = false;
}
if (rg_ann == this.rg_n40244) {
this.rg_n40253 = true;
this.rg_n40252 = new rg_xchl1();
this.rg_n40252.rl_xchl1_n27147(new 1(this), 0);
this.rg_n40252.rg_n27144(this.rg_n40258, null);
}
if (rg_ann == this.rg_n40248) {
AndComActivity.sStartNewActivity(this, rg_dtchk.class, null, 0, 0, new Object[]{this.rg_n40263, this.rg_n40258, this.rg_n40259, this.rg_n40260, this.rg_n40261});
}
return 0;
}
病毒查杀截图或链接:
下载链接:
nuc.xxy 发表于 2022-3-23 13:01
就是我逆向一个app,dex里的smile转换成java后,他的两个参数,code和pwd怎么生成的,我看不懂,请大佬赐 ...
你的代码是很清楚了已经。。
首先,你所纠结的code其实在下面接口调用前就利用随机数已经生成了
String rg_n29612 = rg_jjml.rg_n29612(String.valueOf(rg_shxysl.rg_n25378(500, 9999)).getBytes());
然后,下面到调用方法 rg_wbxl.rg_n26781 传参的时候,就传入接口、code、username、pwd、还有其它参数
而code就是前面已经生成的随机数,然后用户名密码自然就是你前端输入的,这里只是获取你输入的数据,至于后面调用的方法那就是语法类了,用户名是获取字符串,但是像密码这种它做数据转换的,转成字节,基本是这样子了
通过上面的拿到一个结果作判断:
{
"errNo": 920001,
"errStr": "用户账号或密码错误",
"data": [
],
"logId": "1049303700"
}
问题能再详细点?你这问的。。。{:5_188:} 逆君 发表于 2022-3-23 12:55
问题能再详细点?你这问的。。。
就是我逆向一个app,dex里的smile转换成java后,他的两个参数,code和pwd怎么生成的,我看不懂,请大佬赐教 没有链接
页:
[1]