App 下载地址:https://static.inyuapp.com/d/yinyu-release-2.11.1-15192-offical_2111_jiagu_aligned_signed_offical.apk
0x1:查壳
360的加固,请自行脱壳............
0x2:抓包
POST https://ucenter.inyuapp.com/v1/login/mobile/check?__plat=android&__version=2.11.1&__app=inyu HTTP/1.1
User-Agent: YINYU/2.11.1 (AOSP+on+HammerHead, Android 4.4.4, okhttp/3.8.1)
Connection: close
sign: c13bca410fd5a4d2ddf69d39e274e077
ts: 1584002472
Content-Type: application/x-www-form-urlencoded
Content-Length: 34
Host: ucenter.inyuapp.com
Accept-Encoding: gzip
country_code=86&mobile=15845454545
这是登陆时候第一个包 应该是验证手机号是否存在的包 协议头 sign 就是我们要分析的算法
0x3:反编译dex文件查找关键字
String v0_2 = InyuString.getUrlSign(v1, v7);
v1 = "sign";
if(TextUtils.isEmpty(((CharSequence)v0_2))) {
v0_2 = "signature-failed";
}