首页
社区
课程
招聘
[未解决,已结帖] 求某鱼最新代码 我hook到了getUnifiedSign这个方法 但是返回的数据还是非法签名 有大佬帮忙看看吗 行行好 具体见代码 50.00雪花
发表于: 2024-1-11 17:17 4717

[未解决,已结帖] 求某鱼最新代码 我hook到了getUnifiedSign这个方法 但是返回的数据还是非法签名 有大佬帮忙看看吗 行行好 具体见代码 50.00雪花

2024-1-11 17:17
4717

rpc调用1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
const PAGE_ID = 'pageId';
const PAGE_NAME = 'pageName';
const hashMap = Java.use('java.util.HashMap');
const string = Java.use('java.lang.String');
 
 
function hashPut(hashMap, key, value) {
    if (value === null) {
        return;
    }
    hashMap.put(string.$new(key), string.$new(value));
}
 
let h1 = hashMap.$new();
let h2 = hashMap.$new();
hashPut(h2, PAGE_ID, "");
hashPut(h2, PAGE_NAME, "");
 
let s2 = null;
let s3 = string.$new('r_110');
 
 
rpc.exports = {
    getsign: function (sign_params) {
        var export_result = '?'
        Java.perform(function () {
            try {
                // console.log("get_sign");
     
                let headers_obj = JSON.parse(sign_params);
                var h = JSON.stringify(headers_obj)
                console.log(h)
                // console.log(Java.cast(headers_obj, hashMap).toString())
                for (let key in headers_obj) {
                    console.log(key + " : " + headers_obj[key]);
                    hashPut(h1, key, headers_obj[key]);
                }
 
                console.log('?')
                console.log(h1)
 
                let s1 = string.$new('21407387');
                // ���� com.taobao.wireless.security.sdk.SecurityGuardManagerImpl.getStaticDataSign ����
                Java.choose("mtopsdk.security.InnerSignImpl", {
                    onMatch: function (instance) {
                        console.log("Found instance: " + instance);
                        var result = instance.getUnifiedSign(h1, h2, s1, s2, false, s3);
                        // console.log(result);
 
                        export_result = result.toString()
                        // send({"sign": result.toString()});
                        return "stop";
                    },
                    onComplete: function () {
                        console.log("Done");
                    },
                    onMatchOnce: true
                });
            } catch (err) {
                console.log(err.stack)
            }
        });
        export_result = JSON.stringify(export_result)
        return export_result;
    },
};
Java.perform(function () {
    var SwitchConfig = Java.use('mtopsdk.mtop.global.SwitchConfig');
    SwitchConfig.A.overload().implementation = function () {
        return false;
    }
});

rpc调用2 构造对象

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
rpc.exports = {
    xianyu: function () {
        var result = ''
        Java.perform(function () {
            var mtopconfig = Java.use('mtopsdk.mtop.global.MtopConfig').$new('INNER')
 
            var inner_sign_impl = Java.use('mtopsdk.security.InnerSignImpl').$new()
            inner_sign_impl.init(mtopconfig)
 
            mtopconfig.l.value = inner_sign_impl
 
            var str = Java.use('java.lang.String')
            var a = Java.use('mtopsdk.mtop.intf.Mtop').$new(str.$new('INNER'), mtopconfig)
 
            var b = Java.use('mtopsdk.mtop.domain.MtopRequest').$new()
 
            b.setApiName(str.$new('mtop.taobao.idle.xyh.item.list'))
            b.setVersion(str.$new('1.0'))
            b.setData(str.$new('{"defaultGroup":true,"groupId":940958,"groupName":"在售","needGroupInfo":false,"pageNumber":1,"pageSize":20,"userId":"1666753635"}'))
            b.setNeedEcode(false)
            b.setNeedSession(true)
 
 
            var c = null
            var d = Java.use('mtopsdk.mtop.common.MtopNetworkProp').$new()
            d.setProtocol(Java.use('mtopsdk.mtop.domain.ProtocolEnum').HTTPSECURE.value)
            d.setMethod(Java.use('mtopsdk.mtop.domain.MethodEnum').POST.value)
            // d.envMode
            // d.autoRedirect
            // d.setRequestHeaders()
 
            var headers = Java.use('java.util.HashMap').$new()
            // d.requestHeaders=
            headers.put(str.$new('EagleEye-UserData'), str.$new('spm-cnt=a2170.7905591.0.0&spm-url=a2170.7905805.clkhead.1'))
            headers.put(str.$new('referer'), str.$new('https://h5.m.goofish.com/cea/idleFish-F2e/idle-personal/pages/home'))
            headers.put(str.$new('first_open'), str.$new('0'))
            headers.put(str.$new('umid'), str.$new('itgB3FtLPILGBwKMrBnyNHO+GP824lta'))
            headers.put(str.$new('x-bx-version'), str.$new('6.6.230703'))
            headers.put(str.$new('imei'), str.$new('862641052827191'))
 
            d.setRequestHeaders(headers)
 
            // timeCalibrated
            d.ttid.value = str.$new('701186@fleamarket_android_7.12.80')
 
            // d.useCache
            // d.forceRefreshCache
            // d.cacheKeyBlackList
 
            var paramMap = Java.use('java.util.HashMap').$new();
            paramMap.put(str.$new('type'), str.$new('originaljson'))
 
            d.queryParameterMap.value = paramMap
            // d.queryParameterMap.value = d.queryParameterMap
            d.reqAppKey.value = str.$new('21407387')
            // d.clientTraceId=之后随机数构造
 
            //
            //
            //
            //
            //
            //
 
            var e = null
            // var f = Java.use('mtopsdk.mtop.common.ApiID').$new()
 
 
            var request_id = Java.use('mtopsdk.mtop.util.RequestIdGenerator').getRequestId()
 
            console.log('?request_id\t', request_id)
 
            var v1 = Java.use('mtopsdk.mtop.stat.UploadStatAppMonitorImpl').$new()
            var g = Java.use('mtopsdk.mtop.util.MtopStatistics').$new(null, null)
            var h = Java.use('java.lang.String').$new('MTOP' + request_id)
            var i = null
            var j = null
            var k = null
            var l = null
            var m = null
            console.log('?a class\t', a.class)
            console.log('?b class\t', b.class)
            var n = Java.use('mtopsdk.mtop.intf.MtopBuilder').$new(a, b, str.$new('701186@fleamarket_android_7.12.80'))
            n.requestId = request_id
 
            var o = 0
 
            //     一会开始补环境
 
 
            var new_build_param = Java.use('mtopsdk.mtop.protocol.builder.impl.InnerProtocolParamBuilderImpl').$new()
 
 
            var domain_mtop = Java.use('mtopsdk.framework.domain.MtopContext').$new()
 
            domain_mtop._a.value = a
 
 
            console.log(domain_mtop._a.value)
            domain_mtop.b.value = b
            domain_mtop.d.value = d
            domain_mtop.g.value = Java.use('mtopsdk.mtop.util.MtopStatistics').$new(v1, null)
            domain_mtop.n.value = n
            var a_result = new_build_param.buildParams(domain_mtop)
 
            // send(a_result.toString())
 
            result = a_result.toString()
 
            console.log('?a_result', a_result)
        })
 
        return result
    },
}

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (3)
雪    币: 601
活跃值: (663)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
加了虚拟内存转换
2024-3-1 03:33
0
雪    币: 1049
活跃值: (70)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
大佬解决了不,我也是这样一直非法请求签名
2024-5-23 19:38
0
雪    币: 1049
活跃值: (70)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
mb_rreehwfg 加了虚拟内存转换
大佬,可以教一下嘛?
2024-5-24 08:30
0
游客
登录 | 注册 方可回帖
返回
//