-
-
未解决 [求助]unidbg自定义返回类型
-
发表于: 2024-6-8 13:32 1697
-
unidbg模拟so的getsign方法,遇到自定义返回类型,请大佬帮忙看看应该怎样获取这个返回值中的extra、sign和token。
1 2 3 | / / java接口 private native SignResult getSign(QSec qSec, String str , String str2, byte[] bArr, byte[] bArr2, String str3); |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | / / unidbg模拟 public void getSign(String ver,String name,String data,String rand,String uin) { DvmObject<?> call = vm.resolveClass( "com/tencent/mobileqq/sign/QQSecuritySign" ).newObject(null); DvmObject<SignResult> result = call.callJniMethodObject(emulator, "getSign(Lcom/tencent/mobileqq/qsec/qsecurity/QSec;Ljava/lang/String;Ljava/lang/String;[B[BLjava/lang/String;)Lcom/tencent/mobileqq/sign/QQSecuritySign$SignResult;" , vm.resolveClass( "com/tencent/mobileqq/qsec/qsecurity/QSec" ).newObject(null) , new StringObject(vm, ver) , new StringObject(vm, name) , new ByteArray(vm,hexToByte(data)) , new ByteArray(vm,hexToByte(rand)) , new StringObject(vm, uin) ); System.out.println(result); } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | / / java中的SignResult类 public class QQSecuritySign { static IPatchRedirector $redirector_ = null; private static final String TAG = "QQSecuritySDK" ; private static QQSecuritySign sInstance; private String mExtra; / * compiled from : P * / / * loaded from : classes2.dex * / public static class SignResult { static IPatchRedirector $redirector_; public byte[] extra; public byte[] sign; public byte[] token; public SignResult() { IPatchRedirector iPatchRedirector = $redirector_; if (iPatchRedirector = = null || !iPatchRedirector.hasPatch((short) 1 )) { return ; } iPatchRedirector.redirect((short) 1 , ( Object ) this); } } QQSecuritySign() { IPatchRedirector iPatchRedirector = $redirector_; if (iPatchRedirector = = null || !iPatchRedirector.hasPatch((short) 1 )) { return ; } iPatchRedirector.redirect((short) 1 , ( Object ) this); } public static synchronized QQSecuritySign getInstance() { QQSecuritySign qQSecuritySign; synchronized (QQSecuritySign. class ) { if (sInstance = = null) { sInstance = new QQSecuritySign(); } qQSecuritySign = sInstance; } return qQSecuritySign; } private native SignResult getSign(QSec qSec, String str , String str2, byte[] bArr, byte[] bArr2, String str3); } public interface IPatchRedirector { boolean hasPatch(short s); Object redirect(short s); Object redirect(short s, Object obj); Object redirect(short s, Object obj, int i2); Object redirect(short s, Object obj, int i2, Object obj2); Object redirect(short s, Object obj, long j2); Object redirect(short s, Object obj, Object obj2); Object redirect(short s, Object obj, Object obj2, int i2); Object redirect(short s, Object obj, Object obj2, Object obj3); Object redirect(short s, Object obj, Object obj2, Object obj3, Object obj4); Object redirect(short s, Object obj, boolean z); Object redirect(short s, Object ... objArr); } |
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
看原图
赞赏
雪币:
留言: