PS:APP 提供来源
app 下载 地址:
http://imtt.dd.qq.com/16891/626914D9666589CB122BFA2FDAAC6AF4.apk?fsname=com.crland.mixc_2.9.0_92.apk&csr=1bbd
app 提供来源:
https://bbs.125.la/forum.php?mod=viewthread&tid=14214285&highlight=APP
第一步 抓登陆抓包:
GET /mixc/api/v1/login?platform=android&password=123456&sign=a88496e328d6930fd0d2b425214538d5&appVersion=2.9.0&imei=359593493182282&mac=A6:B0:D8:BF:08:A9&mallNo=0301A404&osVersion=5.1.1×tamp=1534076481030&userName=13162190051&channel=C000 HTTP/1.1
Host: app.mixcapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1
复制代码
第二步 分析加密主要参数:
1 sign=a88496e328d6930fd0d2b425214538d5 (MD5加密)
第三步 逆向找到其主要算法
public void a(String arg3, String arg4) {
if(PublicMethod.isMobile(arg3)) {
this.b();
HashMap v0 = new HashMap();
v0.put("userName", arg3);
v0.put("password", arg4);
this.a = this.a(RegAndLoginRestful.class).login(j.a("v1/login", ((Map)v0)));
this.a.a(new BaseCallback(((RestfulResultCallback)this)));
}
}
---------------------------------------------------------------
public static Map a(String arg3, Map arg4) {
Map v3_1;
Class v0 = j.class;
__monitor_enter(v0);
try {
j.a();
j.a.putAll(arg4);
j.a.put("sign", j.a(j.a, arg3));
v3_1 = j.a;
}
catch(Throwable v3) {
__monitor_exit(v0);
throw v3;
}
__monitor_exit(v0);
return v3_1;
}
-------------------------------------------------------------------
private static String a(Map arg6, String arg7) {
String v6_1;
Class v7 = j.class;
__monitor_enter(v7);
try {
int v1 = 0;
j.e.setLength(0);
Object[] v0 = arg6.keySet().toArray(new String[0]);
Arrays.sort(v0);
int v2 = v0.length;
while(v1 < v2) {
Object v3 = v0[v1];
StringBuffer v4 = j.e;
v4.append(((String)v3));
v4.append("=");
v4.append(arg6.get(v3));
v4.append("&");
++v1;
}
j.e.append(Security.getSecurityKey());
j.e.append("9e14fe4b");
v6_1 = g.a(j.e.toString());
}
catch(Throwable v6) {
goto label_34;
}
__monitor_exit(v7);
return v6_1;
label_34:
__monitor_exit(v7);
throw v6;
}
--------------------------------------------------------------
public static String a(String arg1) {
if(arg1 == null) {
return null;
}
return g.a(arg1, "utf-8");
}
private static String a(String arg3, String arg4) {
MessageDigest v0;
try {
v0 = MessageDigest.getInstance("MD5");
}
catch(Exception v3) {
v3.printStackTrace();
return null;
}
try {
v0.update(arg3.getBytes(arg4));
}
catch(UnsupportedEncodingException ) {
v0.update(arg3.getBytes());
}
byte[] v3_1 = v0.digest();
StringBuffer v4 = new StringBuffer();
int v0_1;
for(v0_1 = 0; v0_1 < v3_1.length; ++v0_1) {
int v1 = v3_1[v0_1] & 255;
if(v1 < 16) {
v4.append("0");
}
v4.append(Integer.toHexString(v1));
}
return v4.toString();
}
--------------------------------------------------------------------
复制代码
第四步 总结
sign = MD5("appVersion=2.9.0&channel=C000&imei=359593493182282&mac=A6:B0:D8:BF:08:A9&mallNo=0301A404&osVersion=5.1.1&password=1234567890&platform=android×tamp=1534078982223&userName=13162190051" + "&3061b746b58d492baaf373cb9e14fe4b")
ps: "&3061b746b58d492baaf373cb9e14fe4b" 为固定值