unidbg-ibox-wtoken-授人以渔不如授人以鱼

乌云科技团队

[Java] 纯文本查看 复制代码

package ibox;
 
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Emulator;
import com.github.unidbg.file.FileResult;
import com.github.unidbg.file.IOResolver;
import com.github.unidbg.file.linux.AndroidFileIO;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.array.ByteArray;
import com.github.unidbg.memory.Memory;
import com.github.unidbg.spi.SyscallHandler;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
 
 
public class TigerTallyAPI extends AbstractJni implements IOResolver<AndroidFileIO> {
    private final AndroidEmulator emulator;
    private final VM vm;
    public TigerTallyAPI(String apkPath) {
        emulator = AndroidEmulatorBuilder.for64Bit().build();
        SyscallHandler<AndroidFileIO> syscallHandler =
                emulator.getSyscallHandler();
        syscallHandler.setVerbose(true);
        syscallHandler.addIOResolver(this);
        Memory memory = emulator.getMemory();
        memory.setLibraryResolver(new AndroidResolver(23));
        vm = emulator.createDalvikVM(new File(apkPath));
        vm.setJni(this);
        vm.setVerbose(true);
 
    }
    public static void main(String[] args) {
        TigerTallyAPI tigerTallyAPI = new TigerTallyAPI("D:\\apk\\ibox.apk");
        AndroidEmulator emulator = tigerTallyAPI.emulator;
        DalvikModule dalvikModule = tigerTallyAPI.vm.loadLibrary(new File("D:\\apk\\libtiger_tally.so"), true);
        dalvikModule.callJNI_OnLoad(emulator);
        VM vm = tigerTallyAPI.vm;
        DvmClass dvmClass = vm.resolveClass("com/aliyun/TigerTally/TigerTallyAPI");
        dvmClass.callStaticJniMethodObject(emulator,"_genericNt1(I)I",2);
        dvmClass.callStaticJniMethodObject(emulator,"_genericNt2(ILjava/lang/String;)I",2,new StringObject(vm,"EWA40T3eMNVkLmj8Ur9CuQExbcOti8c3yd-I8xDkLhvphNMuRujkY7V6lKbvAtE2qXa4kTWSnXmo0HXfuUXRgyFNXYwhwvvf7yUYQ-DjWjAa34fjA9yJCam4Llddmcu3D8BQKw4gR-nkYzzOx0uGj9OkfgUHoFxF00akZNyeMrs="));
        DvmObject<?> dvmObject = dvmClass.callStaticJniMethodObject(emulator,"_genericNt3(I[B)Ljava/lang/String;",2,new ByteArray(vm,"{\"phoneNumber\":\"18888888888\",\"code\":\"188888\"}".getBytes(StandardCharsets.UTF_8)));
        System.out.println(dvmObject.getValue().toString());
        tigerTallyAPI.destroy();
 
    }
    @Override
    public DvmObject<?> callStaticObjectMethodV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
        switch (signature){
            case "com/aliyun/TigerTally/A->ct()Landroid/content/Context;":
                return vm.resolveClass("android/app/Application",vm.resolveClass("android/content/ContextWrapper",vm.resolveClass("android/content/Context"))).newObject(signature);
             case "com/aliyun/TigerTally/A->pb(Ljava/lang/String;[B)Ljava/lang/String;":
                 return new StringObject(vm,"wS8O4RYy64fZSJqmsPYWVT3K5+hweouz0YPvsxAs7x1mfWj0mqidyOwOBffV+mDcI9L0i2JLGp3YHbJYhxir0A==");
               }
        return super.callStaticObjectMethodV(vm, dvmClass, signature, vaList);
    }
 
    @Override
    public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
        switch (signature){
            case "android/content/pm/PackageManager->getApplicationInfo(Ljava/lang/String;I)Landroid/content/pm/ApplicationInfo;":
                return vm.resolveClass("Landroid/content/pm/ApplicationInfo;").newObject(signature);
            case "android/content/pm/PackageManager->getApplicationLabel(Landroid/content/pm/ApplicationInfo;)Ljava/lang/CharSequence;":
                return new StringObject(vm,"Ljava/lang/CharSequence;");
            case "android/app/Application->getFilesDir()Ljava/io/File;":
                return vm.resolveClass("Ljava/io/File;");
            case "java/lang/String->getAbsolutePath()Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/app/Application->getSharedPreferences(Ljava/lang/String;I)Landroid/content/SharedPreferences;":
                return vm.resolveClass("Landroid/content/SharedPreferences;");
            case "java/lang/Class->getAbsolutePath()Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
        }
        return super.callObjectMethodV(vm, dvmObject, signature, vaList);
    }
    @Override
    public DvmObject<?> getStaticObjectField(BaseVM vm, DvmClass dvmClass, String signature) {
        switch (signature){
            case "android/os/Build->BRAND:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/os/Build->MODEL:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/os/Build$VERSION->RELEASE:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
            case "android/os/Build->DEVICE:Ljava/lang/String;":
                return new StringObject(vm,"Ljava/lang/String;");
        }
        return super.getStaticObjectField(vm,dvmClass,signature);
    }
    public void destroy() {
        try {
            emulator.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    @Override
    public FileResult<AndroidFileIO> resolve(Emulator<AndroidFileIO> emulator, String pathname, int oflags) {
        return null;
    }
}

973992555

数藏锁单定制：973992555  另有偿出教程

A薛生

66666666666666666666666

俗的无畏

世界因你而不同 发表于 2022-5-13 21:34
解决了，大佬牛逼

有偿请教大佬 方便留个联系方式吧

dasdasdasdasd

世界因你而不同 发表于 2022-5-13 21:34
解决了，大佬牛逼

兄弟能给个ibox脱壳代码吗

feijingtianxia

能有个易语言的就好了，看不懂呀

xuyao

大佬喝茶，大佬牛皮

a498150474

wtoken 看不懂啊 谁能帮忙弄一下易语言的

gejiziliao

谢谢大佬分享

世界因你而不同

世界因你而不同 发表于 2022-5-13 21:28
java: 类TigerTallyAPI是公共的, 应在名为 TigerTallyAPI.java 的文件中声明  这个怎么解决啊 ...

解决了，大佬牛逼