首页
社区
课程
招聘
未解决 [求助]unidbg自定义返回类型
发表于: 2024-6-8 13:32 1697

未解决 [求助]unidbg自定义返回类型

2024-6-8 13:32
1697

unidbg模拟so的getsign方法,遇到自定义返回类型,请大佬帮忙看看应该怎样获取这个返回值中的extra、sign和token。

1
2
3
//java接口
 
private native SignResult getSign(QSec qSec, String str, String str2, byte[] bArr, byte[] bArr2, String str3);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
//unidbg模拟
 
public void getSign(String ver,String name,String data,String rand,String uin) {
        DvmObject<?> call = vm.resolveClass("com/tencent/mobileqq/sign/QQSecuritySign").newObject(null);
        DvmObject<SignResult> result = call.callJniMethodObject(emulator, "getSign(Lcom/tencent/mobileqq/qsec/qsecurity/QSec;Ljava/lang/String;Ljava/lang/String;[B[BLjava/lang/String;)Lcom/tencent/mobileqq/sign/QQSecuritySign$SignResult;"
                , vm.resolveClass("com/tencent/mobileqq/qsec/qsecurity/QSec").newObject(null)
                , new StringObject(vm, ver)
                , new StringObject(vm, name)
                , new ByteArray(vm,hexToByte(data))
                , new ByteArray(vm,hexToByte(rand))
                , new StringObject(vm, uin)
        );
        System.out.println(result);
    }
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
//java中的SignResult类
 
public class QQSecuritySign {
    static IPatchRedirector $redirector_ = null;
    private static final String TAG = "QQSecuritySDK";
    private static QQSecuritySign sInstance;
    private String mExtra;
 
    /* compiled from: P */
    /* loaded from: classes2.dex */
    public static class SignResult {
        static IPatchRedirector $redirector_;
        public byte[] extra;
        public byte[] sign;
        public byte[] token;
 
        public SignResult() {
            IPatchRedirector iPatchRedirector = $redirector_;
            if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 1)) {
                return;
            }
            iPatchRedirector.redirect((short) 1, (Object) this);
        }
    }
 
    QQSecuritySign() {
        IPatchRedirector iPatchRedirector = $redirector_;
        if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 1)) {
            return;
        }
        iPatchRedirector.redirect((short) 1, (Object) this);
    }
 
    public static synchronized QQSecuritySign getInstance() {
        QQSecuritySign qQSecuritySign;
        synchronized (QQSecuritySign.class) {
            if (sInstance == null) {
                sInstance = new QQSecuritySign();
            }
            qQSecuritySign = sInstance;
        }
        return qQSecuritySign;
    }
 
    private native SignResult getSign(QSec qSec, String str, String str2, byte[] bArr, byte[] bArr2, String str3);
}
 
public interface IPatchRedirector {
    boolean hasPatch(short s);
 
    Object redirect(short s);
 
    Object redirect(short s, Object obj);
 
    Object redirect(short s, Object obj, int i2);
 
    Object redirect(short s, Object obj, int i2, Object obj2);
 
    Object redirect(short s, Object obj, long j2);
 
    Object redirect(short s, Object obj, Object obj2);
 
    Object redirect(short s, Object obj, Object obj2, int i2);
 
    Object redirect(short s, Object obj, Object obj2, Object obj3);
 
    Object redirect(short s, Object obj, Object obj2, Object obj3, Object obj4);
 
    Object redirect(short s, Object obj, boolean z);
 
    Object redirect(short s, Object... objArr);
}

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//