1. Prepare the tools
The tools used are as follows
1. The latest version of APP (download link https://www.wandoujia.com/apps/279987 )
2.jadx java reverse tool (download address https://github.com/skylot/jadx )
3.ida reverse tool (by Baidu)
4. Fiddler packet capture tool (Baidu itself)
5. One Android phone
2. Preliminary analysis
1. First download the latest app on the mobile phone, and then configure the fiddler phone to capture packets. There are many configuration capture tutorials on the Internet, so I won’t go into details here.
2. Try to search for a product in the app, and find that there is a sign signature, and it contains some important information, which will be used later
parameter | meaning |
---|---|
functionId | search interface name |
clientVersion | app version |
client | cellphone type |
st | timestamp |
sv | signature algorithm |
body | requested data |
3. Reverse APP analysis source code
1. Open the app directly with jadx to view the code. After searching for a long time, I found a relatively relevant place
According to the analysis of the above log output,
the sgin signature calculation involves the interface parameters
functionId, body, uuid, client, clientVersion
String signature = JDHttpTookit.m20863WV().mo68383Xd().signature(JDHttpTookit.m20863WV().getApplicationContext(), functionId, str, str2, property, versionName)
The uuid probably means to get the device ID
2. Enter the encryption method body and continue to analyze
The body of the method looks like this, it is an interface. Since there is an interface, there must be an implementation, continue to search and
find a decent one, which happens to have 5 parameters.
The key code
BitmapkitUtils.getSignFromJni(context, str, str2, str3, str4, str5);
Continue to analyze the method body.
This code probably means getSignFromJni. This encryption method calls the code in jdbitmapkit.so
ReLinker.loadLibrary(JdSdk.getInstance().getApplication(), "jdbitmapkit");
3. Find the jdbitmapkit.so file
Directly compress the software to open the app, search and find the file
4. Reverse analysis libjdbitmapkit.so file
1. Go directly to IDA and drag the file into it
In the method sub_127E4, find the keyword sign=
There are also keywords such as uuid, body, st, etc. in the method, confirm that this is correct
2. Check the code of ida to analyze the algorithm, and use java to
restore it and call it a day
Technical exchange QQ 53461569