[求助]unidbg自定义返回类型-求助问答-看雪-安全社区|安全招聘|kanxue.com

未解决 [求助]unidbg自定义返回类型

发表于: 2024-6-8 13:32 1761

未解决 [求助]unidbg自定义返回类型

mb_vvpieebt 活跃值

2024-6-8 13:32

1761

unidbg模拟so的getsign方法，遇到自定义返回类型，请大佬帮忙看看应该怎样获取这个返回值中的extra、sign和token。

//java接口
 
private native SignResult getSign(QSec qSec, String str, String str2, byte[] bArr, byte[] bArr2, String str3);

//unidbg模拟
 
public void getSign(String ver,String name,String data,String rand,String uin) {
        DvmObject<?> call = vm.resolveClass("com/tencent/mobileqq/sign/QQSecuritySign").newObject(null);
        DvmObject<SignResult> result = call.callJniMethodObject(emulator, "getSign(Lcom/tencent/mobileqq/qsec/qsecurity/QSec;Ljava/lang/String;Ljava/lang/String;[B[BLjava/lang/String;)Lcom/tencent/mobileqq/sign/QQSecuritySign$SignResult;"
                , vm.resolveClass("com/tencent/mobileqq/qsec/qsecurity/QSec").newObject(null)
                , new StringObject(vm, ver)
                , new StringObject(vm, name)
                , new ByteArray(vm,hexToByte(data))
                , new ByteArray(vm,hexToByte(rand))
                , new StringObject(vm, uin)
        );
        System.out.println(result);
    }

//java中的SignResult类
 
public class QQSecuritySign {
    static IPatchRedirector $redirector_ = null;
    private static final String TAG = "QQSecuritySDK";
    private static QQSecuritySign sInstance;
    private String mExtra;
 
    /* compiled from: P */
    /* loaded from: classes2.dex */
    public static class SignResult {
        static IPatchRedirector $redirector_;
        public byte[] extra;
        public byte[] sign;
        public byte[] token;
 
        public SignResult() {
            IPatchRedirector iPatchRedirector = $redirector_;
            if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 1)) {
                return;
            }
            iPatchRedirector.redirect((short) 1, (Object) this);
        }
    }
 
    QQSecuritySign() {
        IPatchRedirector iPatchRedirector = $redirector_;
        if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 1)) {
            return;
        }
        iPatchRedirector.redirect((short) 1, (Object) this);
    }
 
    public static synchronized QQSecuritySign getInstance() {
        QQSecuritySign qQSecuritySign;
        synchronized (QQSecuritySign.class) {
            if (sInstance == null) {
                sInstance = new QQSecuritySign();
            }
            qQSecuritySign = sInstance;
        }
        return qQSecuritySign;
    }
 
    private native SignResult getSign(QSec qSec, String str, String str2, byte[] bArr, byte[] bArr2, String str3);
}
 
public interface IPatchRedirector {
    boolean hasPatch(short s);
 
    Object redirect(short s);
 
    Object redirect(short s, Object obj);
 
    Object redirect(short s, Object obj, int i2);
 
    Object redirect(short s, Object obj, int i2, Object obj2);
 
    Object redirect(short s, Object obj, long j2);
 
    Object redirect(short s, Object obj, Object obj2);
 
    Object redirect(short s, Object obj, Object obj2, int i2);
 
    Object redirect(short s, Object obj, Object obj2, Object obj3);
 
    Object redirect(short s, Object obj, Object obj2, Object obj3, Object obj4);
 
    Object redirect(short s, Object obj, boolean z);
 
    Object redirect(short s, Object... objArr);
}