I am participating in the "Nuggets·Starting Plan"
The previous article introduced the construction of the reverse environment. There are also many reverse tools shared in the planet. This article starts to enter the actual combat. Let’s start with a simple one and get familiar with the tools and processes of reverse.
sample
- A certain planet 1.5.9
This software has some daily tasks every day. After completing the tasks, you can get ape points, and the obtained ape points can be exchanged for things or recharge phone bills. Our goal is to find an interface for doing tasks, write them into scripts, and automate daily tasks, saving worry and effort.
grab a bag first
Since it is necessary to write a script call, packet capture must be indispensable. This article has already introduced how to build a packet capture environment in this article, so here we will directly capture packets
The figure shows the interface of the daily task list. From the request body, it can be roughly guessed that some things appSignshould be related to the encrypted data of the interface, appTimeStampwhich is the timestamp of the request interface, andpageNo is the field of the request page. pageSizeHere we can make a bold guess that appSignit is the result of encryption of appTimeStamp, pageNo, and pageSize. This is the end of the packet capture analysis. According to the reverse thinking of this article , proceed to the next step - look at the source code.
shelling
First use the mt file manager to see if the app is packed
It can be found that it has been packed, so just unpack it directly, and try it with the automatic unpacking tool BlackDex first
Oops, direct success, then look at the dex file
wtfk, are you kidding me? Isn't this still a packed file? Since this doesn't work, try unpacking from memory on Frida!
Sure enough, it didn’t disappoint me, a lot of dex came out, let’s check it with the mt file manager first,
OK, it should be fine to take it off this time, search for the keyword that was captured just now appSign,
Well, fortunately, there are not many results. The next step is to check the code and hook to find the key code.
Since reverse engineering is a relatively special subject, and the tools in the article are also special editions, it is not convenient to release them publicly. It can be obtained from Knowledge Planet .
This article has been published by the public account "Code Lover Says"