1、环境准备
jadx
某宝APP 9.XX
Frida
2、进行抓包
进行jadx分析 追踪到最后结果
3、进行unidbg黑盒调用
public void call2() {
int ret = (Integer) JNICLibrary.callStaticJniMethodObject(emulator,
"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",
10102,
new ArrayObject(
new StringObject(vm, "main"),
new StringObject(vm, "6.5.25"),
new StringObject(vm, "/data/app/com.xxx.xxx-dxUUnbPHWwZU57BNmoNiNg==/lib/arm64/libsgmainso-6.5.25.so")
)).getValue();
System.out.println("call2:" + ret);
}
public void call3() {
DalvikModule dm3 = vm.loadLibrary(new File("unidbg-android/src/test/resources/xxx/libsgsecuritybodyso-6.5.33.so"), true);
dm3.callJNI_OnLoad(emulator);
int ret = (Integer) JNICLibrary.callStaticJniMethodObject(emulator,
"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",
10102,
new ArrayObject(
new StringObject(vm, "securitybody"),
new StringObject(vm, "6.5.33"),
new StringObject(vm, "/data/app/com.xxxx.xxxx-dxUUnbPHWwZU57BNmoNiNg==/lib/arm64/libsgsecuritybodyso-6.5.33.so")
)).getValue();
System.out.println("call3:"+ret);
}
public void call4() {
DalvikModule dm2 = vm.loadLibrary(new File("unidbg-android/src/test/resources/taobao/libsgmiddletierso-6.5.27.so"), true);
dm2.callJNI_OnLoad(emulator);
int ret = (Integer) JNICLibrary.callStaticJniMethodObject(emulator,
"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",
10102,
new ArrayObject(
new StringObject(vm, "middletier"),
new StringObject(vm, "6.5.27"),
new StringObject(vm, "/data/app/com.xxxx.xxx-dxUUnbPHWwZU57BNmoNiNg==/lib/arm64/libsgmiddletierso-6.5.27.so")
)).getValue();
System.out.println("call1:"+ret);
}
public void call5(){
//ZC6SCZKQclcDAL6cEiSBzpAI&3313269468&&21646297&128cdf5f43477fcc0b432746fec6200b&1681832168&mtop.taobao.search.highway.upload&1.0&2ff1d7999c388923d9f9bd8ce005b285&700407@taobao_android_9.23.0&AgAvexEOGYPM-wHSrHun
//kITLXNnTDarE1iMdO6KDEqON&30.360142&113.442344&openappkey=DEFAULT_AUTH&27&&&&&&&
DvmObject ret = JNICLibrary.callStaticJniMethodObject(emulator,
"doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",
70102,
new ArrayObject(
new StringObject(vm,"21646297"),
new StringObject(vm,"ZC6SCZKQclcDAL6cEiSBzpAI&3313269468&&21646297&71a1fe384d778e0e45b229837b355048&1681894596&mtop.relationrecommend.mtoprecommend.recommend&1.0&2ff1d7999c388923d9f9bd8ce005b285&700407@taobao_android_9.23.0&AgAvexEOGYPM-wHSrHunkITLXNnTDarE1iMdO6KDEqON&30.360491&113.43443&27&&&&&&&"),
DvmBoolean.valueOf(vm, Boolean.FALSE),
DvmInteger.valueOf(vm,0),
new StringObject(vm, "mtop.relationrecommend.mtoprecommend.recommend"),
new StringObject(vm, "pageId=http%3A%2F%2Fs.m.taobao.com%2Fh5entry&pageName=com.taobao.search.searchdoor.SearchDoorActivity"),
new StringObject(vm, ""),
new StringObject(vm, ""),
new StringObject(vm, ""),
new StringObject(vm, "r_27")
)
);
System.out.println("result:"+ret.getValue());
}
得出结果