The reverse of a gadget

Others 2020-11-18 11:27:09 views: null

Foreword:

        "Blow a balloon, blow a balloon and play with a ball"... I reversed a gadget called [Paper Airplane Fight]. There are three main areas that need to be broken: request message encryption (req_sign) in the body, ss- Sign, return data message decryption. As the saying goes: If you want to do well, you must first sharpen your tools and prepare jadx (jeb) and ida pro.

process:

(1) Encrypt the message in the request body (req_sign)

        There are a lot of information in the message, and most of the fields can be obtained by hook, and req_sign is calculated by algorithm.

        (1) Open jadx, drag the apk into it and find the keyword: req_sign, locate the specific code location:

        (2) After finding it, it should be easy to understand. The main thing is to splice the three strings together and perform MD5 once. The three strings are: current timestamp, code_id value, UUID random string.

(Two), ss-sign

        (1) Similarly, first find the character: ss-sign, and locate the implementation code:

        (2) Follow it step by step, and you will find that the native method is called. The so library called is libnms.so. Open this so library with ida, and there is a specific implementation process in it. But... my god made me vomit for a while, the confusion is too serious, and the control flow flattening is done, what do you need to do, is to flatten the control flow, what do I need to do, is to go straight andserver, hehehe (Sanlian~)...andserver direct google tutorial is just fine, very simple.

(3) Decrypt the returned data message

        (1) When you hook a lot of data, you will find that message decryption is decrypted by "AES/ECB/PKCS5Padding". You all know that decryption requires a key, where does the key come from, and the key comes from the loess plateau... From the first 17 characters of the message.

        (2) Now let's take a reverse positioning. We first locate the "AES/ECB/PKCS5Padding" decryption method, then find the method call location, and search step by step to find the key calculation location:

postscript

        Keep the specific code, lest you be forced to make it only visible to VIP... The idea is the above idea, it depends on everyone... Research is OK, don't mess...

        My vx:YY_yhzf

Guess you like

Origin blog.csdn.net/nanxiaotiantian/article/details/109755101
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com