...
@Override
public DvmObject> getStaticObjectField(BaseVM vm, DvmClass dvmClass, String signature) {
switch (signature) {
case
"com/xingin/shield/http/ContextHolder->sLogger:Lcom/xingin/shield/http/ShieldLogger;"
:
return
vm.resolveClass(
"com/xingin/shield/http/ShieldLogger"
).newObject(null);
case
"com/xingin/shield/http/ContextHolder->sDeviceId:Ljava/lang/String;"
:
return
new StringObject(vm,
"0d7eee2c-5d77-3c26-99f8-a5a2c9e08aeb"
);
}
/
/
throw new UnsupportedOperationException(signature);
return
super
.getStaticObjectField(vm,dvmClass,signature);
}
@Override
public void callVoidMethodV(BaseVM vm, DvmObject> dvmObject, String signature, VaList vaList) {
switch (signature) {
case
"com/xingin/shield/http/ShieldLogger->nativeInitializeStart()V"
:
return
;
case
"com/xingin/shield/http/ShieldLogger->nativeInitializeEnd()V"
:
return
;
case
"com/xingin/shield/http/ShieldLogger->buildSourceStart()V"
:
return
;
case
"com/xingin/shield/http/ShieldLogger->buildSourceEnd()V"
:
return
;
case
"com/xingin/shield/http/ShieldLogger->initializeStart()V"
:
return
;
case
"com/xingin/shield/http/ShieldLogger->initializedEnd()V"
:
return
;
case
"com/xingin/shield/http/ShieldLogger->calculateStart()V"
:
return
;
case
"com/xingin/shield/http/ShieldLogger->calculateEnd()V"
:
return
;
case
"okhttp3/RequestBody->writeTo(Lokio/BufferedSink;)V"
:
BufferedSink bufferedSink
=
(BufferedSink) vaList.getObjectArg(
0
).getValue();
RequestBody requestBody
=
(RequestBody) dvmObject.getValue();
if
(requestBody !
=
null) {
try
{
requestBody.writeTo(bufferedSink);
} catch (IOException e) {
System.out.println(e);
}
}
return
;
}
super
.callVoidMethodV(vm,dvmObject,signature,vaList);
}
@Override
public DvmObject> callStaticObjectMethodV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
switch (signature) {
case
"java/nio/charset/Charset->defaultCharset()Ljava/nio/charset/Charset;"
:
return
vm.resolveClass(
"java/nio/charset/Charset"
).newObject(Charset.defaultCharset());
case
"com/xingin/shield/http/Base64Helper->decode(Ljava/lang/String;)[B"
:
String
input
=
vaList.getObjectArg(
0
).getValue().toString();
return
new ByteArray(vm, Base64.decodeBase64(
input
));
}
/
/
throw new UnsupportedOperationException(signature);
return
super
.callStaticObjectMethodV(vm, dvmClass, signature, vaList);
}
@Override
public
int
callIntMethodV(BaseVM vm, DvmObject> dvmObject, String signature, VaList vaList) {
if
(signature.equals(
"okhttp3/Headers->size()I"
)) {
Headers headers
=
(Headers) dvmObject.getValue();
return
headers.size();
}
if
(signature.equals(
"okio/Buffer->read([B)I"
)) {
Buffer
buffer
=
(
Buffer
) dvmObject.getValue();
return
buffer
.read((byte[]) vaList.getObjectArg(
0
).getValue());
}
if
(signature.equals(
"okhttp3/Response->code()I"
)) {
return
200
;
}
return
super
.callIntMethodV(vm, dvmObject, signature, vaList);
}
@Override
public DvmObject> callObjectMethodV(BaseVM vm, DvmObject> dvmObject, String signature, VaList vaList) {
switch (signature) {
case
"okhttp3/Interceptor$Chain->request()Lokhttp3/Request;"
:
return
vm.resolveClass(
"okhttp3/Request"
).newObject(request);
case
"okhttp3/Request->url()Lokhttp3/HttpUrl;"
:
return
vm.resolveClass(
"okhttp3/HttpUrl"
).newObject(request.url());
case
"okhttp3/HttpUrl->encodedPath()Ljava/lang/String;"
:
return
new StringObject(vm, request.url().encodedPath());
case
"okhttp3/HttpUrl->encodedQuery()Ljava/lang/String;"
:
if
(request.url().encodedQuery() !
=
null) {
return
new StringObject(vm, request.url().encodedQuery());
}
return
new StringObject(vm, "");
case
"okhttp3/Request->body()Lokhttp3/RequestBody;"
:
return
vm.resolveClass(
"okhttp3/RequestBody"
).newObject(request.body());
case
"okhttp3/Request->headers()Lokhttp3/Headers;"
:
return
vm.resolveClass(
"okhttp3/Headers"
).newObject(request.headers());
case
"okio/Buffer->writeString(Ljava/lang/String;Ljava/nio/charset/Charset;)Lokio/Buffer;"
:
Buffer
buffer
=
(
Buffer
) dvmObject.getValue();
buffer
.writeString(vaList.getObjectArg(
0
).getValue().toString(), (Charset) vaList.getObjectArg(
1
).getValue());
/
/
return
dvmObject;
return
ProxyDvmObject.createObject(vm,
buffer
);
case
"okio/Buffer->clone()Lokio/Buffer;"
:
Buffer
bufferc
=
(
Buffer
) dvmObject.getValue();
return
vm.resolveClass(
"okio/Buffer"
).newObject(bufferc.clone());
case
"okhttp3/Headers->name(I)Ljava/lang/String;"
:
Headers headers
=
(Headers) dvmObject.getValue();
return
new StringObject(vm, headers.name(vaList.getIntArg(
0
)));
case
"okhttp3/Headers->value(I)Ljava/lang/String;"
:
Headers headersValue
=
(Headers) dvmObject.getValue();
return
new StringObject(vm, headersValue.value(vaList.getIntArg(
0
)));
case
"okhttp3/Request$Builder->header(Ljava/lang/String;Ljava/lang/String;)Lokhttp3/Request$Builder;"
:
okhttp3.Request.Builder builder
=
(okhttp3.Request.Builder)dvmObject.getValue();
String para1
=
(String)vaList.getObjectArg(
0
).getValue();
String para2
=
(String)vaList.getObjectArg(
1
).getValue();
return
vm.resolveClass(
"okhttp3/Request$Builder"
).newObject(builder.header(para1, para2));
case
"android/content/Context->getSharedPreferences(Ljava/lang/String;I)Landroid/content/SharedPreferences;"
:
String xmlName
=
vaList.getObjectArg(
0
).getValue().toString();
System.out.println(
"xmlName : "
+
xmlName);
return
vm.resolveClass(
"android.content.SharedPreferences"
)
.newObject(null);
/
/
.newObject(vaList.getObjectArg(
0
).getValue().toString());
case
"android/content/SharedPreferences->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;"
:
String key
=
vaList.getObjectArg(
0
).getValue().toString();
System.out.println(
"get key:"
+
key);
switch (key){
case
"main"
:{
return
new StringObject(vm, "");
}
case
"main_hmac"
:{
return
new StringObject(vm,
"2s/EPZ9Xnk4cCZd5weXEd0DqcudY1yJwoQRV2cESN9+9HEVLiu6C72X5YfPYhiESrmuWLXe9U1BGSCIq7/DiMEWjsKmdlUEEbJGkmfTMN7xRJvuw2uqNpAewis/HKAQk"
);
}
}
case
"okhttp3/Request->newBuilder()Lokhttp3/Request$Builder;"
:
Request request
=
(Request) dvmObject.getValue();
return
vm.resolveClass(
"okhttp3/Request$Builder"
).newObject(request.newBuilder());
case
"okhttp3/Request$Builder->build()Lokhttp3/Request;"
:
Request.Builder builderr
=
(Request.Builder) dvmObject.getValue();
Request requestr
=
builderr.build();
return
vm.resolveClass(
"okhttp3/Request"
).newObject(requestr);
case
"okhttp3/Interceptor$Chain->proceed(Lokhttp3/Request;)Lokhttp3/Response;"
: {
return
vm.resolveClass(
"okhttp3/Response"
).newObject(null);
}
}
return
super
.callObjectMethodV(vm, dvmObject, signature, vaList);
}
@Override
public
int
getStaticIntField(BaseVM vm, DvmClass dvmClass, String signature) {
switch (signature){
case
"com/xingin/shield/http/ContextHolder->sAppId:I"
:{
return
-
319115519
;
}
}
return
super
.getStaticIntField(vm, dvmClass, signature);
}
@Override
public DvmObject> newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
switch (signature){
case
"okio/Buffer->()V"
:
return
dvmClass.newObject(new
Buffer
());
}
return
super
.newObjectV(vm, dvmClass, signature, vaList);
}
public void call_initializeNative() {
List
<
Object
> params
=
new ArrayList<>();
params.add(vm.getJNIEnv());
params.add(
0
);
Number number
=
module.callFunction(emulator,
0xbd8bc
, params.toArray());
}
public
long
call_initialize() {
List
<
Object
> params
=
new ArrayList<>();
params.add(vm.getJNIEnv());
params.add(
0
);
params.add(vm.addLocalObject(new StringObject(vm,
"main"
)));
Number number
=
module.callFunction(emulator,
0xbc3c8
, params.toArray());
return
number.longValue();
}
public void call_intercept(
long
cPtr) {
List
<
Object
> params
=
new ArrayList<>();
params.add(vm.getJNIEnv());
params.add(
0
);
DvmObject> chain
=
vm.resolveClass(
"okhttp3/Interceptor$Chain"
).newObject(null);
params.add(vm.addLocalObject(chain));
params.add(cPtr);
Number number
=
module.callFunction(emulator,
0xbc6b4
, params.toArray());
Object
result
=
vm.getObject(number.intValue()).getValue();
}
public static void main(String[] args) {
request
=
new Request.Builder()
.url(
"3d3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6W2k6r3W2@1K9q4)9J5k6i4S2A6j5h3!0Z5L8$3&6Y4M7$3S2#2i4K6u0W2j5$3!0E0i4K6u0r3j5i4m8A6i4K6u0r3M7$3&6K6i4K6u0r3N6U0k6Q4x3V1k6E0k6i4y4K6j5h3N6W2i4K6u0r3k6r3g2@1k6h3y4@1"
)
.addHeader(
"xy-direction"
,
"49"
)
.addHeader(
"xy-common-params"
,
"fid=1722182473106fc84899565e2acf00656ae05a78764b&device_fingerprint=2023122411004376bd379fe6f54e6dc5ca0b0cf8d24dd601dc85661f97571b&device_fingerprint1=2023122411004376bd379fe6f54e6dc5ca0b0cf8d24dd601dc85661f97571b&cpu_name=Qualcomm+Technologies%2C+Inc+SDM845&gid=7c7ea0a5b61c5590cec3770efa9cfec6e81b439947359eeb775b6fc4&device_model=phone&launch_id=1722617914&tz=Asia%2FShanghai&channel=Guanfang&versionName=8.42.0&overseas_channel=0&deviceId=0d7eee2c-5d77-3c26-99f8-a5a2c9e08aeb&platform=android&sid=session.1722182426050852896201&identifier_flag=4&t=1722617846&project_id=ECFAAF&build=8420294&x_trace_page_current=&lang=zh-Hans&app_id=ECFAAF01&uis=light&teenager=0"
)
.build();
fuckxhs fkxhs
=
new fuckxhs();
fkxhs.call_initializeNative();
long
cPtr
=
fkxhs.call_initialize();
fkxhs.call_intercept(cPtr);
}