昨天有个客户在某多上申请了售后退款,本来应该退回支付宝的钱因为某些原因退到了某多钱包。可是这个客户的某多账号只有token数据,没法实名钱包申请提现。只能想办法把账号登录到APP上。我记得一两年前研究过这个问题,翻了很久资料终于找到了当时的文档,顺利把问题解决,在此把文档贴一下:
5.59.00\5.60.0版本
1、运行拼多多,自动生成/data/data/com.xunmeng.pinduoduo/files/pinUserFile
2、强行停止拼多多后,替换/data/data/com.xunmeng.pinduoduo/files/pinUserFile
内容如下:
{"access_token":"CVJUPJMN2WNHPVYOHTUOPJ3GOM6ZOIWHNVLMPF52E6AQHVD2QUUQ1135737","uid":"6357332116311","uin":"DYVVKENEVYVHM5ISUEOKZ3WOXU_GEXDA"}
5.7.0版本
1.登陆之后的数据:
/data/data/com.xunmeng.pinduoduo/shared_prefs/pdd_config_common.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="jsSecureKey___USER_UID__">6328845199095</string>
<boolean name="__oksp_compat__" value="true" />
<string name="longlink_local_port">51862</string>
<string name="jsSecureKey___ACCESS_TOKEN__">JGQWES6SIPUGBEGXTS3BAPXTQ2BJJZBPAO4ODEPEM6IV2CLZ4OJA112f765</string>
<string name="longlink_local_ip">10.1.10.1</string>
<string name="pdd_id">mhmhKI6j</string>
<string name="userAgentString">android Mozilla/5.0 (Linux; Android 5.1.1; OPPO R11 Plus Build/LMY48Z; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.100 Safari/537.36 phh_android_version/5.17.0 phh_android_build/477e7e7ada898a6d38802516dba46bf645562dbe phh_android_channel/qihu360 pversion/0</string>
</map>
2.清除PDD的数据,然后启动PDD,PDD是未登陆的,生成pdd_config_common.xml文件;
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<boolean name="__oksp_compat__" value="true" />
<string name="longlink_local_port">58543</string>
<string name="pdd_id">mhmhKI6j</string>
<string name="userAgentString">android Mozilla/5.0 (Linux; Android 5.1.1; OPPO R11 Plus Build/LMY48Z; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.100 Safari/537.36 phh_android_version/5.17.0 phh_android_build/477e7e7ada898a6d38802516dba46bf645562dbe phh_android_channel/qihu360 pversion/0</string>
<string name="longlink_local_ip">10.0.2.15</string>
</map>
3.把uid和token写到xml里面去;<string name="jsSecureKey___USER_UID__">6328845199095</string><string name="jsSecureKey___ACCESS_TOKEN__">JGQWES6SIPUGBEGXTS3BAPXTQ2BJJZBPAO4ODEPEM6IV2CLZ4OJA112f765</string>
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="jsSecureKey___USER_UID__">6328845199095</string>
<boolean name="__oksp_compat__" value="true" />
<string name="longlink_local_port">58543</string>
<string name="jsSecureKey___ACCESS_TOKEN__">JGQWES6SIPUGBEGXTS3BAPXTQ2BJJZBPAO4ODEPEM6IV2CLZ4OJA112f765</string>
<string name="pdd_id">mhmhKI6j</string>
<string name="userAgentString">android Mozilla/5.0 (Linux; Android 5.1.1; OPPO R11 Plus Build/LMY48Z; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.100 Safari/537.36 phh_android_version/5.17.0 phh_android_build/477e7e7ada898a6d38802516dba46bf645562dbe phh_android_channel/qihu360 pversion/0</string>
<string name="longlink_local_ip">10.0.2.15</string>
</map>
4.杀死PDD的app,重启。就登陆上去了。
说明:正常只需要2.3.4步骤即可以。第1步是为了抓取数据的样本;
我记得当时的做法很简单暴力,模拟器装一个某多,打开一下,不登录,用esFile把app目录下所有文件压缩拷贝出来,然后登录成功后,再用esFile把app目录下所有文件压缩拷贝出来。最后用beyond compare比较两次文件不同,顺利找到存储token的地方。