首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. Android安全
    3. 发新帖
[原创]数藏平台协议分析
发表于: 2022-6-8 13:37 14158

[原创]数藏平台协议分析

wx_白熊 活跃值
2022-6-8 13:37
14158
public class iBox extends AbstractJni implements IOResolver<AndroidFileIO> {
    private final AndroidEmulator emulator;
    private final VM vm;
    private final Module module;
    iBox() {
        emulator = AndroidEmulatorBuilder.for64Bit().build(); // 创建模拟器实例,要模拟32位或者64位,在这里区分
        final Memory memory = emulator.getMemory(); // 模拟器的内存操作接口
        memory.setLibraryResolver(new AndroidResolver(23)); // 设置系统类库解析
        vm = emulator.createDalvikVM(new File("unidbg-android/src/test/resources/box.apk"));
        new AndroidModule(emulator, vm).register(memory);
        vm.setVerbose(false);
        DalvikModule dm = vm.loadLibrary(new File("unidbg-android/src/test/resources/libtiger_tally.so"), true);
        module = dm.getModule();
        vm.setJni(this);
        dm.callJNI_OnLoad(emulator);
        DvmClass dvmClass = vm.resolveClass("com/aliyun/TigerTally/TigerTallyAPI");
        dvmClass.callStaticJniMethodObject(emulator,"_genericNt1(ILjava/lang/String;)I",1,vm.addLocalObject(new StringObject(vm, "EWA40T3eMNVkLmj8Ur9CuQExbcOti8c3yd-I8xDkLhvphNMuRujkY7V6lKbvAtE2qXa4kTWSnXmo0HXfuUXRgyFNXYwhwvvf7yUYQ-DjWjAa34fjA9yJCam4Llddmcu3D8BQKw4gR-nkYzzOx0uGj9OkfgUHoFxF00akZNyeMrs=")));
        DvmObject<?> dvmObject = dvmClass.callStaticJniMethodObject(emulator,"_genericNt3(I[B)Ljava/lang/String;",2,new ByteArray(vm,"".getBytes(StandardCharsets.UTF_8)));
        System.out.println(dvmObject);
    }
    public static void main(String[] args) {
        iBox test = new iBox();
 
    }
 
 
    @Override
    public DvmObject<?> callStaticObjectMethodV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
        switch (signature){
            case "com/aliyun/TigerTally/A->ct()Landroid/content/Context;":
                return vm.resolveClass("android/app/Application",vm.resolveClass("android/content/ContextWrapper",vm.resolveClass("android/content/Context"))).newObject(signature);
            case "com/aliyun/TigerTally/A->pb(Ljava/lang/String;[B)Ljava/lang/String;":
                return new StringObject(vm,"NaNzfpjiUUl2gNOrCC7S4XS4SD0CH48UatD3GXb5Fh+NYB+0CenYh5nXysYWCfwd+sD4NbdYBDrlKPo5teC09A==");
        }
        return super.callStaticObjectMethodV(vm, dvmClass, signature, vaList);
    }
 
    @Override
    public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
        switch (signature){
            case "android/content/pm/PackageManager->getApplicationInfo(Ljava/lang/String;I)Landroid/content/pm/ApplicationInfo;":
                return vm.resolveClass("Landroid/content/pm/ApplicationInfo;").newObject(signature);
            case "android/content/pm/PackageManager->getApplicationLabel(Landroid/content/pm/ApplicationInfo;)Ljava/lang/CharSequence;":
                return new StringObject(vm,"Ljava/lang/CharSequence;");
            case "android/app/Application->getFilesDir()Ljava/io/File;":
                return vm.resolveClass("Ljava/io/File;");
            case "java/lang/String->getAbsolutePath()Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/app/Application->getSharedPreferences(Ljava/lang/String;I)Landroid/content/SharedPreferences;":
                return vm.resolveClass("Landroid/content/SharedPreferences;");
            case "java/lang/Class->getAbsolutePath()Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
        }
        return super.callObjectMethodV(vm, dvmObject, signature, vaList);
    }
    @Override
    public DvmObject<?> getStaticObjectField(BaseVM vm, DvmClass dvmClass, String signature) {
        switch (signature){
            case "android/os/Build->BRAND:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/os/Build->MODEL:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/os/Build$VERSION->RELEASE:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/os/Build->DEVICE:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
        }
        return super.getStaticObjectField(vm,dvmClass,signature);
    }
    public void destroy() {
        try {
            emulator.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    @Override
    public FileResult<AndroidFileIO> resolve(Emulator<AndroidFileIO> emulator, String pathname, int oflags) {
        return null;
    }
}
public class iBox extends AbstractJni implements IOResolver<AndroidFileIO> {
    private final AndroidEmulator emulator;
    private final VM vm;
    private final Module module;
    iBox() {
        emulator = AndroidEmulatorBuilder.for64Bit().build(); // 创建模拟器实例,要模拟32位或者64位,在这里区分
        final Memory memory = emulator.getMemory(); // 模拟器的内存操作接口
        memory.setLibraryResolver(new AndroidResolver(23)); // 设置系统类库解析
        vm = emulator.createDalvikVM(new File("unidbg-android/src/test/resources/box.apk"));
        new AndroidModule(emulator, vm).register(memory);
        vm.setVerbose(false);
        DalvikModule dm = vm.loadLibrary(new File("unidbg-android/src/test/resources/libtiger_tally.so"), true);
        module = dm.getModule();
        vm.setJni(this);
        dm.callJNI_OnLoad(emulator);
        DvmClass dvmClass = vm.resolveClass("com/aliyun/TigerTally/TigerTallyAPI");
        dvmClass.callStaticJniMethodObject(emulator,"_genericNt1(ILjava/lang/String;)I",1,vm.addLocalObject(new StringObject(vm, "EWA40T3eMNVkLmj8Ur9CuQExbcOti8c3yd-I8xDkLhvphNMuRujkY7V6lKbvAtE2qXa4kTWSnXmo0HXfuUXRgyFNXYwhwvvf7yUYQ-DjWjAa34fjA9yJCam4Llddmcu3D8BQKw4gR-nkYzzOx0uGj9OkfgUHoFxF00akZNyeMrs=")));
        DvmObject<?> dvmObject = dvmClass.callStaticJniMethodObject(emulator,"_genericNt3(I[B)Ljava/lang/String;",2,new ByteArray(vm,"".getBytes(StandardCharsets.UTF_8)));
        System.out.println(dvmObject);
    }
    public static void main(String[] args) {
        iBox test = new iBox();
 
    }
 
 
    @Override
    public DvmObject<?> callStaticObjectMethodV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
        switch (signature){
            case "com/aliyun/TigerTally/A->ct()Landroid/content/Context;":
                return vm.resolveClass("android/app/Application",vm.resolveClass("android/content/ContextWrapper",vm.resolveClass("android/content/Context"))).newObject(signature);
            case "com/aliyun/TigerTally/A->pb(Ljava/lang/String;[B)Ljava/lang/String;":
                return new StringObject(vm,"NaNzfpjiUUl2gNOrCC7S4XS4SD0CH48UatD3GXb5Fh+NYB+0CenYh5nXysYWCfwd+sD4NbdYBDrlKPo5teC09A==");
        }
        return super.callStaticObjectMethodV(vm, dvmClass, signature, vaList);
    }
 
    @Override
    public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
        switch (signature){
            case "android/content/pm/PackageManager->getApplicationInfo(Ljava/lang/String;I)Landroid/content/pm/ApplicationInfo;":

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

最后于 2022-10-24 10:24 被wx_白熊编辑 ,原因: 格式
收藏
免费 8
支持
分享
最新回复 (6)
mb_cvbohtup
雪    币: 77
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
私信
2
牛逼
2022-6-16 11:08
0
wx_我住隔壁我姓张
雪    币: 1
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
私信
3
新版1.19抓不到包了,不走http了
2022-7-1 17:49
0
New对象处
雪    币: 129
活跃值: (4490)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
4
wx_我住隔壁我姓张 新版1.19抓不到包了,不走http了
还是http吧,api还在啊
2022-7-3 02:03
0
mb_rgbfueod
雪    币: 129
活跃值: (147)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
有算法么大佬
2022-7-7 20:54
0
mb_fatmixdx
雪    币:
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
私信
6
怎么联系 老哥
2022-8-25 04:41
0
codeoooo
雪    币: 626
活跃值: (3926)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
7
牛逼
2023-6-6 14:54
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//