白乐天

道阻且长,行则将至。

识货app旧版本过强制更新及frida过反调试及搜索接口

发表于 更新于 分类于
本文字数: 20k 阅读时长 ≈ 18 分钟

App信息

包名:com.hupu.shihuo

旧版本7.21.1过强制更新

打开app出现如下弹窗,提示需要版本更新,没有跳过选项。

绕过方式

反编译apk,找到弹窗位置,通过hook修改跳出弹窗的逻辑,实现绕过。

反编译apk

搜索新版本

双击跳转

这里出现了UpdateDialog对象,用来显示更新对话框的,可以把它的show()方法给hook掉

1
2
3
4
5
6
7
8
9
function hook_dialog(){
    Java.perform(function(){
        let updatedialog = Java.use("com.azhon.appupdate.dialog.UpdateDialog");
        updatedialog.show.implementation = function(){
            console.log("hooked updatedialog!")
        }
    })
}
hook_dialog()

强制更新就被绕过了。

关于frida的反调试

目前我能实现的反调试方式

第一种:删除libmsaoaidsec.so

第二种:使用魔改特征的frida

第三种:使用脚本使libmsaoaidsec.so

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
function hook_dlopen(so_name){
    var android_dlopen_ext = Module.findExportByName(null,"android_dlopen_ext");
    console.log("addr_android_dlopen_ext",android_dlopen_ext);
    Interceptor.attach(android_dlopen_ext,{
        onEnter:function(args){
            var pathptr = args[0];
            if(pathptr!=null && pathptr != undefined){
                var path = ptr(pathptr).readCString();
                console.log(path);
                if(path.indexOf(so_name)!=-1){
                    args[0] = Memory.allocUtf8String("libc.so");
                    console.log("replaced!");
                    this.match = true;
                }
                
            }
        },
        onLeave:function(retvel){
            if (this.match){
                console.log(so_name,"加载成功");
                let module = Process.findModuleByName(so_name);
                console.log(module);
            }
        }
    })
}
hook_dlopen("libmsaoaidsec.so")

旧版本7.21.1搜索接口

不需要逆向,接口拿过来可以直接用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import requests

url = "https://sh-api.shihuo.cn/daga/search/goods/v1"

# params = {
#   "minVersion": "15811",
#   "clientCode": "{holder}",
#   "v": "7.21.1",
#   "channel": "huawei",
#   "device": "Pixel 3",
#   "platform": "android",
#   "timestamp": "1739685881886",
#   "token": "63d08c1b7e73f693ae469e496de9115d"
# }

headers = {
  "refer": "shihuo%3A%2F%2Fwww.shihuo.cn%3Froute%3DhomeSearchList%26keywords%3D%25E8%2580%2590%25E5%2585%258B%2520%25E6%259D%25BF%25E9%259E%258B%26user_input%3D%2525E8%252580%252590%2525E5%252585%25258B%252B%2525E6%25259D%2525BF%2525E9%25259E%25258B%26lspm%3D76e5b1d459b968c2%26auto_spm%3D1%23%257B%2522from%2522%253A%2522shihuo%253A%255C%252F%255C%252Fwww.shihuo.cn%253Froute%253Dhome%2522%252C%2522block%2522%253A%2522search%2522%252C%2522extra%2522%253A%2522%2525E8%252580%252590%2525E5%252585%25258B%252B%2525E6%25259D%2525BF%2525E9%25259E%25258B%2522%252C%2522lspm%2522%253A%252276e5b1d459b968c2%2522%257D",
  "pid": "homeSearchList_2C6CF5D74E1ECDB61F481B696DABC4EB",
  "platform": "android",
  "timestamp": "1739685881886",
  "app-v": "7.21.1",
  "sh-token": "I94Av9S84fN2NhNWJhOTdkMzY0ZTAzNmUy7n1IN+BhH/apcfLGs3AtbTItTM2aeBQsrmqjaFoIKuwJtiSOimYpEkf5HAQ+DnV2+ax5mFSS7UDffJ7yTDh09DVz8wy2IKAGFLxHn2so4qPnFCM7/bFZvMlxKtdBtpneNu4naDjGaYmmvtn5OiLyGA==",
  "sh-id": "6kcbtp547ae55614428f8a183900e404",
  "sh-sign": "BF6CBE0C80B13F43B0DF450795B07E5E",
  "abtest-control": "r2=3;r3=0;Oq=13;hm=0;HN=3;aJ=1;j4=0;zF=1;HV=0;zH=1;YJ=11;qe=3;QF=11;rK=2;92=0;QP=0;AA=3;af=12;18=32;Ya=0;ZE=1;AM=2;shrec_is_gdetail=12;c8=12;kB=13;ay=3;jc=1;search_wf=2;Ql=0;JG=1;ZW=12;1P=11;zz=12;BE=13;Qv=0;1V=15;S8=11;Ah=12;BK=2;SB=0;9h=2;9k=11;Av=22;cY=2;tK=3;1h=1;SK=0;2O=2;dD=0;Rs=0;t_s=1739685888575;gdetail_brand_rec=11;dQ=1;KY=4;Sa=0;Br=1;3D=12;CV=15;e9=1;By=1;uO=1;v3=0;uR=1;data_community_relate=11;42=1;dc=2;Ss=24;dg=0;tx=19;LR=0;DO=HN_3;lx=1;uc=2;nD=46;w1=1;w3=1;UU=18;EG=0;mp=2;ux=0;data_community_personal=89;UZ=0;fL=0;ev=21;5F=1;vh=34;vj=0;vn=14;NI=1;mainSearchV4=25;nj=2;VR=0;4r=2;ff=35;nn=0;vw=1;shrec_gdetail_bags=11;O4=1;fl=22;data_gdetail_shoes_personal=11;data_gdetail_clothes_personal=11;G2=4;oZ=12;fr=2;Vb=3;wd=25;h6=31;gdetail_shoes_brand_rec=11;5f=2;fx=3;Vi=22;Nc=1;OJ=1;shrec_home_feed=16;gd=11;Fd=2;6V=38;X9=48;xZ=1;ou=3;GN=0;i3=21;hS=1;shrec_cf_mine_v2=11;hW=3;Wg=12;shrec_gdetail_clothes=13;XK=14;XL=1;Od=11;XQ=0;HC=2;hf=44;XW=26",
  "shreqid": "0FC60C1C79E118772078BC81A8C5F408",
  "osv": "10",
  "network": "1",
  "sh_session": "bc29dc5aed1745e3a2b5107a51efa2a3_foreground_24728",
  "sk": "9RNoP7luDgrcx9TCUPfjbNh8NkZDAyE0Eh92Xn2YrHj29ftrV8byU7I0cndB2Mwhi6IWpNVii1GaAwv0L69US2K9fT1s",
  "appid": "app",
  "cookie": "acw_tc=1a0c380d17396858923536528e0039b6c0f0fdf49dab56cfa931f2163d400e",
  "user-agent": "Android 10 {Z29vZ2xl} CPU_ABI arm64-v8a CPU_ABI2  HARDWARE blueline MODEL {UGl4ZWwgMw} network/WIFI shihuo/7.21.1 sc({holder},huawei) minVersion(15811) sh-dv-sign[v1|e9f9a714ae419624528a60f5fbe353070d2751f79b8da0aa]",
  "daga-ban-personal": "0",
  "content-type": "application/json; charset=UTF-8",
  "content-length": "656",
  "accept-encoding": "gzip"
}

json = {
  "background_word": "%E8%80%90%E5%85%8B+%E6%9D%BF%E9%9E%8B",
  "from": "home",
  "isHot": "false",
  "keywords": "运动裤",
  "lspm": "76e5b1d459b968c2",
  "needAttrs": 1,
  "page": "1",
#   "pageContext": "{\"pageId\":\"homeSearchList_2C6CF5D74E1ECDB61F481B696DABC4EB\",\"ptiRoot\":{\"biz\":\"{\\\"layer\\\":\\\"1\\\"}\",\"name\":\"\",\"toInfo\":{\"route\":\"homeSearch\",\"back_keywords\":\"耐克 板鞋\"},\"id\":\"home:searchInput\",\"pageId\":\"appHome_078418BC23DF560B291D24AFF2FCF9B2\",\"pageOptions\":{\"haveSkin\":\"1\"}},\"layer\":\"3\"}",
  "pageSize": "20",
  "page_route": "homeSearchList",
  "predictSex": "2",
  "use_type": "2",
  "user_input": "%E8%80%90%E5%85%8B+%E6%9D%BF%E9%9E%8B"
}

response = requests.post(url=url,headers=headers,json=json)
print(response.status_code)
print(response.text)

直接修改请求体中的keywords进行使用

Unidbg

响应体解密

目标是heracles()函数,加载的so是libdusanwa.so

hook heracles()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
function bArrToString(bArr) {
    return Java.use("java.lang.String").$new(bArr);
}

function hook_heracles(){
    Java.perform(function(){
        let SwSdk = Java.use("com.shizhuang.dusanwa.main.SwSdk");
        SwSdk["heracles"].implementation = function (bArr, i, i2) {
            console.log(`SwSdk.heracles is called: bArr=${bArr}, i=${i}, i2=${i2}`);
            let result = this["heracles"](bArr, i, i2);
            console.log(`SwSdk.heracles result=${bArrToString(result)}`);
            return result;
        };
    })
}

hook_heracles()

hook结果

1
2
SwSdk.heracles is called: bArr=-33,-44,19,-38,69,38,-62,-117,-45,59,-80,-92,113,114,53,-92,-8,8,-63,-17,-81,4,-73,54,-117,-30,-111,-37,16,16,-26,35,31,53,81,126,-121,-59,16,45,88,-87,71,4,-15,-74,-29,26,74,11,-75,-120,95,37,23,125,-28,99,62,10,118,86,-8,84,20,-20,-12,-23,60,-16,-93,94,104,95,20,16,105,33,9,-54,-125,51,95,72,-104,-68,-5,8,95,5,60,-38,-128,74,16,-101,61,-105,9,38,-127,31,-51,-76,-93,10,-34,-117,-20,25,94,118,14,-46,58,-30,-41,125,-124,-26,-43,-74,-84,123,-118,-50,26,83,-77,16,-42,16,-54,-51,34,0,-58,-41,56,32,-74,83,70,112,21,101,42,26,101,-118,-112,-3,-88,-35,-127,-57,-93,-82,68,-65,107,-50,52,49,61,-85,44,92,-26,90,-42,76,-77,66,6,-29,-25,109,55,-44,-91,-81,-57,26,-52,-51,-118,-29,-74,-31,35,-85,41,12,-49,110,11,-44,118,43,14,1,94,-90,107,36,87,-108,82,27,8,-77,10,17,59,-58,-27,-112,-10,50,-125,103,-112,-86,22,-74,-11,-41,-31,11,-82,79,-97,86,15,16,-123,-17,-10,72,-54,100,-68,-33,-112,-34,114,-54,-75,126,-88,-31,-118,28,-50,76,-40,-107,-121,73,92,-64,120,60,-76,50,19,109,61,-20,73,4,24,57,62,-101,-71,114,-27,4,29,-11,-93,-84,-92,90,-73,-59,-102,14,-34,18,-43,48,29,-79,-19,25,76,79,87,-36,104,74,24,6,91,-74,-118,21,-49,44,6,-74,-125,-78,37,116,102,10,113,-111,51,46,-20,-123,-60,69,-53,-85,-81,-40,54,120,29,-108,-97,-83,-49,1,-119,90,108,94,47,18,-21,-21,116,-41,33,-28,25,-6,-10,-25,-28,93,-47,21,90,27,24,-110,65,-75,-91,-30,-108,-72,63,-86,-115,-121,80,-96,-18,-99,106,-47,64,-48,-6,-60,66,109,-63,-77,95,101,-123,4,-15,72,-3,-90,45,-58,-108,8,96,-12,34,-68,111,105,-50,-111,-108,-103,20,37,-48,-61,-36,-37,-19,105,-109,-31,-111,-119,-120,-93,-68,-5,50,86,-10,63,-87,47,34,-21,-29,-10,120,1,-75,5,44,17,-62,25,110,98,120,-108,101,82,19,38,-25,127,112,-73,-68,88,-112,92,85,20,-92,85,-119,-37,96,-50,-69,49,-30,-104,-19,-14,103,41,127,-87,85,-22,108,61,25,3,-74,57,-12,80,-110,-24,63,88,116,-126,71,-19,109,57,-47,-24,-30,89,36,-83,-95,88,-61,-41,-80,44,-75,30,-106,70,-31,-51,-16,68,39,94,-7,34,-120,118,-61,125,110,-127,-80,-92,12,-49,111,-61,18,-42,-17,118,30,-32,18,-88,-20,-59,-71,92,-105,-107,13,55,-76,32,-125,50,12,-99,80,11,92,-102,-121,18,-22,-55,-67,80,120,-107,-25,-85,-38,28,-92,103,-33,-67,82,-43,112,124,-21,-77,109,49,87,90,-102,-107,21,-46,81,10,-22,-46,-97,-7,66,31,-14,-85,50,-47,-30,-74,-22,-102,16,4,105,59,-76,44,108,27,3,-90,-66,-71,80,-42,-59,126,58,-70,-115,84,-17,88,-24,2,-22,99,106,-67,-56,-72,119,-24,-18,-91,-12, i=-1, i2=0
SwSdk.heracles result={"code":0,"status":0,"req_id":"BB3279FBC2CC8429647CB94564844A42","msg":"ok","data":{"activity_dynamic_modules":[{"component":"dynamic_common_hori_style_1","page":"detail_questionnaire_style_1","height":49,"pageData":{"href":"shihuo://www.shihuo.cn?route=fastWebview\u0026share_item=hidden\u0026url=https%3A%2F%2Fzt-public.shihuo.cn%2Fpage%2F17374428518420016%2Findex.html%3FsourceId%3D133","desc":"{\"goods_id\":\"5028781\",\"plan_id\":0,\"source_id\":1}","plan_id":374,"click_times":9999,"entry_type":1,"entrance_img":"http://static.shihuocdn.cn/app/res/dsgn/b757d06747a0458982fe0a62359f83c7.jpeg"}}]}}

call_heracles()

1
2
3
4
5
6
7
8
9
10
11
12
function call_heracles(){
    Java.perform(function(){
        let SwSdk = Java.use("com.shizhuang.dusanwa.main.SwSdk");
        let bArr = [-33,-44,19,-38,69,38,-62,-117,-45,59,-80,-92,113,114,53,-92,-8,8,-63,-17,-81,4,-73,54,-117,-30,-111,-37,16,16,-26,35,31,53,81,126,-121,-59,16,45,88,-87,71,4,-15,-74,-29,26,74,11,-75,-120,95,37,23,125,-28,99,62,10,118,86,-8,84,20,-20,-12,-23,60,-16,-93,94,104,95,20,16,105,33,9,-54,-125,51,95,72,-104,-68,-5,8,95,5,60,-38,-128,74,16,-101,61,-105,9,38,-127,31,-51,-76,-93,10,-34,-117,-20,25,94,118,14,-46,58,-30,-41,125,-124,-26,-43,-74,-84,123,-118,-50,26,83,-77,16,-42,16,-54,-51,34,0,-58,-41,56,32,-74,83,70,112,21,101,42,26,101,-118,-112,-3,-88,-35,-127,-57,-93,-82,68,-65,107,-50,52,49,61,-85,44,92,-26,90,-42,76,-77,66,6,-29,-25,109,55,-44,-91,-81,-57,26,-52,-51,-118,-29,-74,-31,35,-85,41,12,-49,110,11,-44,118,43,14,1,94,-90,107,36,87,-108,82,27,8,-77,10,17,59,-58,-27,-112,-10,50,-125,103,-112,-86,22,-74,-11,-41,-31,11,-82,79,-97,86,15,16,-123,-17,-10,72,-54,100,-68,-33,-112,-34,114,-54,-75,126,-88,-31,-118,28,-50,76,-40,-107,-121,73,92,-64,120,60,-76,50,19,109,61,-20,73,4,24,57,62,-101,-71,114,-27,4,29,-11,-93,-84,-92,90,-73,-59,-102,14,-34,18,-43,48,29,-79,-19,25,76,79,87,-36,104,74,24,6,91,-74,-118,21,-49,44,6,-74,-125,-78,37,116,102,10,113,-111,51,46,-20,-123,-60,69,-53,-85,-81,-40,54,120,29,-108,-97,-83,-49,1,-119,90,108,94,47,18,-21,-21,116,-41,33,-28,25,-6,-10,-25,-28,93,-47,21,90,27,24,-110,65,-75,-91,-30,-108,-72,63,-86,-115,-121,80,-96,-18,-99,106,-47,64,-48,-6,-60,66,109,-63,-77,95,101,-123,4,-15,72,-3,-90,45,-58,-108,8,96,-12,34,-68,111,105,-50,-111,-108,-103,20,37,-48,-61,-36,-37,-19,105,-109,-31,-111,-119,-120,-93,-68,-5,50,86,-10,63,-87,47,34,-21,-29,-10,120,1,-75,5,44,17,-62,25,110,98,120,-108,101,82,19,38,-25,127,112,-73,-68,88,-112,92,85,20,-92,85,-119,-37,96,-50,-69,49,-30,-104,-19,-14,103,41,127,-87,85,-22,108,61,25,3,-74,57,-12,80,-110,-24,63,88,116,-126,71,-19,109,57,-47,-24,-30,89,36,-83,-95,88,-61,-41,-80,44,-75,30,-106,70,-31,-51,-16,68,39,94,-7,34,-120,118,-61,125,110,-127,-80,-92,12,-49,111,-61,18,-42,-17,118,30,-32,18,-88,-20,-59,-71,92,-105,-107,13,55,-76,32,-125,50,12,-99,80,11,92,-102,-121,18,-22,-55,-67,80,120,-107,-25,-85,-38,28,-92,103,-33,-67,82,-43,112,124,-21,-77,109,49,87,90,-102,-107,21,-46,81,10,-22,-46,-97,-7,66,31,-14,-85,50,-47,-30,-74,-22,-102,16,4,105,59,-76,44,108,27,3,-90,-66,-71,80,-42,-59,126,58,-70,-115,84,-17,88,-24,2,-22,99,106,-67,-56,-72,119,-24,-18,-91,-12];
        let i = -1;
        let i2 = 0;
        let result = SwSdk["heracles"](bArr, i, i2);
        console.log(`SwSdk.heracles result=${bArrToString(result)}`);
    })
}

// call_heracles()

结果

1
SwSdk.heracles result={"code":0,"status":0,"req_id":"BB3279FBC2CC8429647CB94564844A42","msg":"ok","data":{"activity_dynamic_modules":[{"component":"dynamic_common_hori_style_1","page":"detail_questionnaire_style_1","height":49,"pageData":{"href":"shihuo://www.shihuo.cn?route=fastWebview\u0026share_item=hidden\u0026url=https%3A%2F%2Fzt-public.shihuo.cn%2Fpage%2F17374428518420016%2Findex.html%3FsourceId%3D133","desc":"{\"goods_id\":\"5028781\",\"plan_id\":0,\"source_id\":1}","plan_id":374,"click_times":9999,"entry_type":1,"entrance_img":"http://static.shihuocdn.cn/app/res/dsgn/b757d06747a0458982fe0a62359f83c7.jpeg"}}]}}

unidbg模拟执行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
public class SwSdk extends AbstractJni {
    private final AndroidEmulator emulator;
    private final Memory memory;
    private final VM vm;
    private DalvikModule dm;
    private Module module;


    public SwSdk() {
        emulator = AndroidEmulatorBuilder
                .for64Bit() // for32Bit()
                .setRootDir(new File("target/rootfs"))
                .build();
        memory = emulator.getMemory();
        memory.setLibraryResolver(new AndroidResolver(23));
        vm = emulator.createDalvikVM(new File("unidbg-android/src/test/java/com/com/hupu/shihuo/shihuo_7.21.1.apk"));
        vm.setJni(this);
        vm.setVerbose(true);
        dm = vm.loadLibrary("dusanwa",true);
        dm.callJNI_OnLoad(emulator);
        module = dm.getModule();
    }

    public byte[] heracles(){
        DvmClass SwSdkClass = vm.resolveClass("com.shizhuang.dusanwa.main.SwSdk");
        byte[] barr = {-33,-44,19,-38,69,38,-62,-117,-45,59,-80,-92,113,114,53,-92,-8,8,-63,-17,-81,4,-73,54,-117,-30,-111,-37,16,16,-26,35,31,53,81,126,-121,-59,16,45,88,-87,71,4,-15,-74,-29,26,74,11,-75,-120,95,37,23,125,-28,99,62,10,118,86,-8,84,20,-20,-12,-23,60,-16,-93,94,104,95,20,16,105,33,9,-54,-125,51,95,72,-104,-68,-5,8,95,5,60,-38,-128,74,16,-101,61,-105,9,38,-127,31,-51,-76,-93,10,-34,-117,-20,25,94,118,14,-46,58,-30,-41,125,-124,-26,-43,-74,-84,123,-118,-50,26,83,-77,16,-42,16,-54,-51,34,0,-58,-41,56,32,-74,83,70,112,21,101,42,26,101,-118,-112,-3,-88,-35,-127,-57,-93,-82,68,-65,107,-50,52,49,61,-85,44,92,-26,90,-42,76,-77,66,6,-29,-25,109,55,-44,-91,-81,-57,26,-52,-51,-118,-29,-74,-31,35,-85,41,12,-49,110,11,-44,118,43,14,1,94,-90,107,36,87,-108,82,27,8,-77,10,17,59,-58,-27,-112,-10,50,-125,103,-112,-86,22,-74,-11,-41,-31,11,-82,79,-97,86,15,16,-123,-17,-10,72,-54,100,-68,-33,-112,-34,114,-54,-75,126,-88,-31,-118,28,-50,76,-40,-107,-121,73,92,-64,120,60,-76,50,19,109,61,-20,73,4,24,57,62,-101,-71,114,-27,4,29,-11,-93,-84,-92,90,-73,-59,-102,14,-34,18,-43,48,29,-79,-19,25,76,79,87,-36,104,74,24,6,91,-74,-118,21,-49,44,6,-74,-125,-78,37,116,102,10,113,-111,51,46,-20,-123,-60,69,-53,-85,-81,-40,54,120,29,-108,-97,-83,-49,1,-119,90,108,94,47,18,-21,-21,116,-41,33,-28,25,-6,-10,-25,-28,93,-47,21,90,27,24,-110,65,-75,-91,-30,-108,-72,63,-86,-115,-121,80,-96,-18,-99,106,-47,64,-48,-6,-60,66,109,-63,-77,95,101,-123,4,-15,72,-3,-90,45,-58,-108,8,96,-12,34,-68,111,105,-50,-111,-108,-103,20,37,-48,-61,-36,-37,-19,105,-109,-31,-111,-119,-120,-93,-68,-5,50,86,-10,63,-87,47,34,-21,-29,-10,120,1,-75,5,44,17,-62,25,110,98,120,-108,101,82,19,38,-25,127,112,-73,-68,88,-112,92,85,20,-92,85,-119,-37,96,-50,-69,49,-30,-104,-19,-14,103,41,127,-87,85,-22,108,61,25,3,-74,57,-12,80,-110,-24,63,88,116,-126,71,-19,109,57,-47,-24,-30,89,36,-83,-95,88,-61,-41,-80,44,-75,30,-106,70,-31,-51,-16,68,39,94,-7,34,-120,118,-61,125,110,-127,-80,-92,12,-49,111,-61,18,-42,-17,118,30,-32,18,-88,-20,-59,-71,92,-105,-107,13,55,-76,32,-125,50,12,-99,80,11,92,-102,-121,18,-22,-55,-67,80,120,-107,-25,-85,-38,28,-92,103,-33,-67,82,-43,112,124,-21,-77,109,49,87,90,-102,-107,21,-46,81,10,-22,-46,-97,-7,66,31,-14,-85,50,-47,-30,-74,-22,-102,16,4,105,59,-76,44,108,27,3,-90,-66,-71,80,-42,-59,126,58,-70,-115,84,-17,88,-24,2,-22,99,106,-67,-56,-72,119,-24,-18,-91,-12};
        DvmObject barrobj = ProxyDvmObject.createObject(vm,barr);
        DvmObject dvmObject = SwSdkClass.callStaticJniMethodObject(emulator,"heracles([BII)[B",barrobj,-1,0);
        byte[] ret = (byte[]) dvmObject.getValue();
        return ret;
    }

    public static void main(String[] args) {
        SwSdk swSdk = new SwSdk();
        System.out.println(Arrays.toString(swSdk.heracles()));
    }
}

补环境

补currentActivityThread()

1
2
java.lang.UnsupportedOperationException: android/app/ActivityThread->currentActivityThread()Landroid/app/ActivityThread;
	at com.github.unidbg.linux.android.dvm.AbstractJni.callStaticObjectMethod(AbstractJni.java:433)

1
2
3
case "android/app/ActivityThread->currentActivityThread()Landroid/app/ActivityThread;":{
    return vm.resolveClass("android/app/ActivityThread").newObject(null);
}

补getApplication()

1
2
java.lang.UnsupportedOperationException: android/app/ActivityThread->getApplication()Landroid/app/Application;
	at com.github.unidbg.linux.android.dvm.AbstractJni.callObjectMethod(AbstractJni.java:933)

1
2
3
case "android/app/ActivityThread->getApplication()Landroid/app/Application;":{
    return vm.resolveClass("android/app/Application").newObject(null);
}

补getPackageManager()

1
2
java.lang.UnsupportedOperationException: android/app/Application->getPackageManager()Landroid/content/pm/PackageManager;
	at com.github.unidbg.linux.android.dvm.AbstractJni.callObjectMethod(AbstractJni.java:933)

1
2
3
case "android/app/Application->getPackageManager()Landroid/content/pm/PackageManager;":{
    return vm.resolveClass("android/content/pm/PackageManager").newObject(null);
}

over

1
{"code":0,"status":0,"req_id":"BB3279FBC2CC8429647CB94564844A42","msg":"ok","data":{"activity_dynamic_modules":[{"component":"dynamic_common_hori_style_1","page":"detail_questionnaire_style_1","height":49,"pageData":{"href":"shihuo://www.shihuo.cn?route=fastWebview\u0026share_item=hidden\u0026url=https%3A%2F%2Fzt-public.shihuo.cn%2Fpage%2F17374428518420016%2Findex.html%3FsourceId%3D133","desc":"{\"goods_id\":\"5028781\",\"plan_id\":0,\"source_id\":1}","plan_id":374,"click_times":9999,"entry_type":1,"entrance_img":"http://static.shihuocdn.cn/app/res/dsgn/b757d06747a0458982fe0a62359f83c7.jpeg"}}]}}