0x0.
先分析一下考蟲的課程觀看流程, 無論是免費的課程還是付費課程, 都需要購買添加, 課程都有時間有效期, 購買後課程會添加到個人中心-我的訂單列表, 因此從這入手.
以下分析基於安卓考虫V3.7.1, 百度市場版, 之所以強調應用市場, 是因為一個應用市場下載的APP, 購買課程後其他市場APP觀看會提示無網絡, 逆向分析不同市場也有區別.
0x1. 我的訂單列表請求
進入我的訂單,先抓一下包:
{
"code": 1,
"msg": "成功",
"data": {
"historyContent": "点击查看更早的订单",
"historyUrl": "/api/newOrder/r/orderHistoryList",
"page": {
"totalCount": 5,
"pageSize": 12,
"pageCount": 1,
"currentPage": 1,
"nextPage": 1,
"previousPage": 1,
"hasNext": false,
"hasPrevious": false,
"startIndex": 0
},
"list": [
{
"isRmb": true,
"needRemain": 0,
"orderType": 0,
"tradeNo": "",
"orderId": "1001918726644",
"payTime": 1588312139138,
"type": 2,
"cutOffTime": 1588355339000,
"goodsIds": "14762",
"activityId": 0,
"totalAmount": 0,
"uid": 7379744,
"couponAmount": 0,
"goodsCount": 1,
"payAmount": 0,
"payType": 2,
"payFailedReason": "",
"closeTime": 1588313939000,
"ctime": 1588312139000,
"details": [
{
"totalAmount": 0,
"goodsId": 14762,
"goodsPrice": 0,
"sellCount": 1,
"type": 0,
"goodsName": "【微信群】为什么你需要一份雅思成绩?",
"status": 0
}
],
"refundable": false,
"optAttribute": -1,
"needAddress": false,
"status": 3
},
{
"isRmb": true,
"needRemain": 0,
"orderType": 0,
"tradeNo": "",
"orderId": "1001602521944",
"payTime": 1582872436000,
"type": 2,
"cutOffTime": 1582915636000,
"goodsIds": "14400",
"activityId": 0,
"totalAmount": 0,
"uid": 7379744,
"couponAmount": 0,
"goodsCount": 1,
"payAmount": 0,
"payType": 2,
"payFailedReason": "",
"closeTime": 1582874236000,
"ctime": 1582872436000,
"details": [
{
"totalAmount": 0,
"goodsId": 14400,
"goodsPrice": 0,
"sellCount": 1,
"type": 0,
"goodsName": "21考研数学新手3周刷题营01期",
"status": 0
}
],
"refundable": false,
"optAttribute": -1,
"needAddress": false,
"status": 3
},
]
},
"stime": 1592399316738,
"traceId": "b801d249d5854789a15638fdf7aed14e"
}
請求接口參數:
https://mobile.kaochong.com/api/mcore/order/r/getOrderList
?pageSize=12
&pageNum=1
&showAddress=0
&androidId=xxx // 安卓ID
&apiVer=3
&appId=1001
&ca=%E6%9C%AA%E7%9F%A5%E8%BF%90%E8%90%A5%E5%95%86 // 網絡運營商 : "未知运营商"
&channel=baidu // 應用市場
&cl=baidu // 應用市場
&duid=xxx // ID
&dv=ONEPLUS%20A5010 // 設備型號: 一加5T
&imei=
&nt=wifi
&ov=9 // 安卓版本
&rosType=android
&sh=2046
&sw=1080 // 屏幕分辨率
&token=xxx // token
&ver=3.7.1 // 版本
然後反編譯搜尋相關信息, 定位到請求位置MyOrderRepository: // com.xuanke.kaochong.l0.a.a
@NotNull
/* renamed from: a */
public final LiveData<DataWrap<CommonListEntity<OrderItem>>> mo45860a(@NotNull Map<String, String> map) {
C10434e0.m48756f(map, "params"); // 請求參數
MutableLiveData pVar = new MutableLiveData();
C3047z<BaseApi<CommonListEntity<OrderItem>>> F = KcNet.m16387a().mo42972F(map); // 接口
KCSuperRetrofit.C6862a aVar = KCSuperRetrofit.f25847b;
C10434e0.m48731a((Object) F, "observable");
aVar.mo42930a(F, new C7619b(map, pVar)); // C7619b 回調
return pVar;
}
請求完成C7619b回調, 到 C7619b 看看
/* renamed from: com.xuanke.kaochong.l0.a.a$b */
/* compiled from: MyOrderRepository.kt */
public static final class C7619b implements C6893p<CommonListEntity<OrderItem>> {
/* renamed from: a */
final /* synthetic */ Map f28267a;
/* renamed from: b */
final /* synthetic */ MutableLiveData f28268b;
C7619b(Map map, MutableLiveData pVar) {
this.f28267a = map;
this.f28268b = pVar;
}
/* renamed from: a */
public void onSuccess(@Nullable CommonListEntity<OrderItem> commonListEntity) { // onSuccess 請求成功返回
if (commonListEntity != null) {
int i = 1;
if (commonListEntity.isListNotEmpty()) {
String str = (String) this.f28267a.get("pageNum");
if (str != null) {
i = Integer.parseInt(str);
}
commonListEntity.setCurrentPageNumber(i);
this.f28268b.mo6430b(DataWrap.f15077d.mo28227c(commonListEntity));
return;
}
this.f28268b.mo6430b(DataWrap.C3777a.m20280b(DataWrap.f15077d, (Object) null, 1, (Object) null));
}
}
public void onFail(int i, @Nullable String str) { // 請求失敗
this.f28268b.mo6430b(DataWrap.C3777a.m20279a(DataWrap.f15077d, (Object) null, (Throwable) null, 3, (Object) null));
}
}
可用Xposed hook onSuccess 請求結果獲取信息, 以下相同思路
0x2. 訂單詳情
關鍵參數是上一步獲取的 "orderId": "1001602521944",
https://mobile.kaochong.com/api/mcore/order/r/detail
?orderId=1001602521944
&androidId=xxx
&apiVer=3
&appId=1001
&ca=%E6%9C%AA%E7%9F%A5%E8%BF%90%E8%90%A5%E5%95%86
&channel=baidu
&cl=baidu
&duid=xxx
&dv=ONEPLUS%20A5010
&imei=
&nt=wifi
&ov=9
&rosType=android
&sh=2046
&sw=1080
&token=xxx
&ver=3.7.1
{
"code": 1,
"msg": "成功",
"data": {
"orderId": "1001602521944",
"uid": 7379744,
"status": 3,
"payFailedReason": "",
"payType": 2,
"type": 2,
"goodsCount": 1,
"totalAmount": 0,
"couponAmount": 0,
"payAmount": 0,
"payTime": 1582872436000,
"tradeNo": "",
"ctime": 1582872436000,
"closeTime": 1582874236000,
"cutOffTime": 1582915636000,
"needAddress": false,
"needRemain": 0,
"refundable": false,
"details": [
{
"goodsId": 14400,
"goodsName": "21考研数学新手3周刷题营01期",
"sellCount": 1,
"goodsPrice": 0,
"totalAmount": 0,
"status": 0,
"type": 0,
"exchangedGoods": null
}
],
"optAttribute": -1,
"goodsIds": "14400",
"activityId": 0,
"plusUrl": null,
"orderType": 0,
"isRmb": true,
"payTypeDesc": "免费",
"typeDesc": "免费",
"refundTime": null,
"cancelReason": null,
"couponList": [ ],
"discountList": [ ],
"changeHistory": [ ],
"courseChangeHistory": [ ]
},
"stime": 1592399498624,
"traceId": "0168ff887c5e4c8fa7100d1147a66bc2"
}
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
最后于 2020-6-24 12:37
被KwaiChing编辑
,原因: 後半部分不顯示?
小黄鸭爱学习
