X书hmac参数
被删重新发送
全文可以查看:
上面一遍unidbg解密shield文章
unidbg - 》 callObjectMethodV方法填写你的小红书路径下s.xml里的值:
或者在抓包响应头中: 查找xy-ter-str
hmac 结果都是在,响应头里,所以 hmac 是服务器下发给客户端的.
@Overridepublic DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {switch (signature) {case "android/content/Context->getSharedPreferences(Ljava/lang/String;I)Landroid/content/SharedPreferences;":return vm.resolveClass("android/content/SharedPreferences").newObject(vaList.getObjectArg(0));case "android/content/SharedPreferences->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;": {if(((StringObject) dvmObject.getValue()).getValue().equals("s")){System.out.println("getString :"+vaList.getObjectArg(0).getValue());if (vaList.getObjectArg(0).getValue().equals("main")) {return new StringObject(vm, "");}if(vaList.getObjectArg(0).getValue().equals("main_hmac")){return new StringObject(vm, "a9+xPqTwWr7ua8QlDuTyLjvNTAszAxbIhBWeugeCNpcorLQJTUiH6JbLFDrW1cypknldr7izHSeoGQ1HzB6VAVu7iMG6FU1+bEt7/e+9cx6LmeDCOKSapcI9elpXr9ba");}}}case "okhttp3/Interceptor$Chain->request()Lokhttp3/Request;": {DvmClass clazz = vm.resolveClass("okhttp3/Request");return clazz.newObject(request);}case "okhttp3/Request->url()Lokhttp3/HttpUrl;": {DvmClass clazz = vm.resolveClass("okhttp3/HttpUrl");Request request = (Request) dvmObject.getValue();return clazz.newObject(request.url());}case "okhttp3/HttpUrl->encodedPath()Ljava/lang/String;": {HttpUrl httpUrl = (HttpUrl) dvmObject.getValue();return new StringObject(vm, httpUrl.encodedPath());}case "okhttp3/HttpUrl->encodedQuery()Ljava/lang/String;": {HttpUrl httpUrl = (HttpUrl) dvmObject.getValue();return new StringObject(vm, httpUrl.encodedQuery());}case "okhttp3/Request->body()Lokhttp3/RequestBody;": {Request request = (Request) dvmObject.getValue();return vm.resolveClass("okhttp3/RequestBody").newObject(request.body());}case "okhttp3/Request->headers()Lokhttp3/Headers;": {Request request = (Request) dvmObject.getValue();return vm.resolveClass("okhttp3/Headers").newObject(request.headers());}case "okio/Buffer->writeString(Ljava/lang/String;Ljava/nio/charset/Charset;)Lokio/Buffer;": {System.out.println("write to my buffer:"+vaList.getObjectArg(0).getValue());Buffer buffer = (Buffer) dvmObject.getValue();buffer.writeString(vaList.getObjectArg(0).getValue().toString(), (Charset) vaList.getObjectArg(1).getValue());return dvmObject;}case "okhttp3/Headers->name(I)Ljava/lang/String;": {Headers headers = (Headers) dvmObject.getValue();return new StringObject(vm, headers.name(vaList.getIntArg(0)));}case "okhttp3/Headers->value(I)Ljava/lang/String;": {Headers headers = (Headers) dvmObject.getValue();return new StringObject(vm, headers.value(vaList.getIntArg(0)));}case "okio/Buffer->clone()Lokio/Buffer;": {Buffer buffer = (Buffer) dvmObject.getValue();return vm.resolveClass("okio/Buffer").newObject(buffer.clone());}case "okhttp3/Request->newBuilder()Lokhttp3/Request$Builder;": {Request request = (Request) dvmObject.getValue();return vm.resolveClass("okhttp3/Request$Builder").newObject(request.newBuilder());}case "okhttp3/Request$Builder->header(Ljava/lang/String;Ljava/lang/String;)Lokhttp3/Request$Builder;": {Request.Builder builder = (Request.Builder) dvmObject.getValue();builder.header(vaList.getObjectArg(0).getValue().toString(), vaList.getObjectArg(1).getValue().toString());return dvmObject;}case "okhttp3/Request$Builder->build()Lokhttp3/Request;": {Request.Builder builder = (Request.Builder) dvmObject.getValue();return vm.resolveClass("okhttp3/Request").newObject(builder.build());}case "okhttp3/Interceptor$Chain->proceed(Lokhttp3/Request;)Lokhttp3/Response;": {return vm.resolveClass("okhttp3/Response").newObject(null);}}return super.callObjectMethodV(vm, dvmObject, signature, vaList);}
Bertha 。
雨点打透心脏的1/2处
淩亂°似流年
你的名字
╰+哭是因爲堅強的太久メ
还没有评论,来说两句吧...