A, goals,

60 after stir-fry stamps, 70 after stir-fry stocks, 80 after stir-fry housing, 90 after stir-fry currency, 00 after a new way, shoes can also stir-fry. Times have changed. Look at shoes.

This newSign is our target.

Second, the steps

Jadx search “newSign”

I got a lot of results, but number onehost.addQueryParameter(“newSign”, RequestUtils.m38208c(hashMap2, currentTimeMillis));This one is suspicious.

On Frida

var RequestUtilsCls = Java.use('com.shxxhuang.xxapp.common.utils.RequestUtils');
RequestUtilsCls.c.implementation = function(a,b){
        var rc = this.c(a,b);
        console.log("a=" + a.entrySet().toArray());
        console.log("b=" + b);

        console.log("c >>> rc=" + rc);

        return rc ;
}
Copy the code

It looks good. The input parameter and the #newSign# value are out

A = v = 4.68.6 loginToken =, uuid = 76 dade3ad5f174d2, platform = android, timestamp = 1620702668425 = 1620702668425 c > b > > rc = 0237b9de491aee10ae238983144caa13Copy the code

There is a slight problem, however, that only the newSign for some requests is printed, and the signature value for many other requests is not printed.

Look again at the RequestUtils class

I used to have the same function a, b, and c. It’s easy to find the problem, do it all, make a distinction when you print it out.

var RequestUtilsCls = Java.use('com.shxxhuang.xxapp.common.utils.RequestUtils');

RequestUtilsCls.a.overload('java.util.Map', 'long').implementation = function(a,b){
        var rc = this.a(a,b);
        console.log("a= " + a.entrySet().toArray());
        console.log("b= " + b);

        console.log("a >>> rc= " + rc);

        return rc ;
}

RequestUtilsCls.b.overload('java.util.Map', 'long').implementation = function(a,b){
        var rc = this.b(a,b);
        console.log("a= " + a.entrySet().toArray());
        console.log("b= " + b);

        console.log("b >>> rc= " + rc);

        return rc ;
}

RequestUtilsCls.c.implementation = function(a,b){
        var rc = this.c(a,b);
        console.log("a= " + a.entrySet().toArray());
        console.log("b= " + b);

        console.log("c >>> rc= " + rc);

        return rc ;
}
Copy the code

That’s Ok. It’s almost all printed

a= LastId =, limit = 50.0, loginToken =, platform = android, propertyValueId = 0.0, spuId = 37494.0, timestamp = 1620703226570, 76 dade3ad uuid = 5 f174d2, v = 4.68.6 b = 1620703226570 b > > > rc = d8a9cd2770194d04b65d670df33b054eCopy the code

Third, summary

Times change, fashions change, technology changes. But what doesn’t change is routine and humanity.

Through the ages, there have always been people who have lived outside the smoke. There have even been people who have been able to walk through the smoke or stay in the smoke and come out of the smoke without being affected by the smell of the smoke or the coal dust, maintaining their original pace of life and their appearance of being out of this world. But the important thing is not to live outside the smoke, but to live in the smoke, because only by living in the smoke and breathing the foggy air like this morning can we recognize the real nature of the problem and solve it.

TIP: The purpose of this article is only one is learning more backward techniques and train of thought, if anyone use this technology to get illegal commercial interests the legal liabilities are their operators, and the author and it doesn’t matter, this paper involves the knowledge of code project can go to my friends to fly star come undone, welcome to join star learn together to explore technology knowledge. Have a problem can add me WX: FENfei331 discussion.

Wechat public account: Fenfei safety, the latest technology dry goods real-time push