5sing分析

标签：

1.抓包数据:用fiddler抓取不到,用smartsniff

[6/26/星期日 18:05:04:391]
GET /user/login?username=15081515272&password=123456aaa&sign=547956BCEAB839E41F75048203FDBED2&from=androidPhone&version=5.4.1 HTTP/1.1
Charsert: UTF-8
User-Agent: Jakarta Commons-HttpClient/3.1
Host: mobileapi.5sing.kugou.com

[6/26/星期日 18:05:04:466]
HTTP/1.1 200 OK
Date: Sun, 26 Jun 2016 10:05:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive

68
{"message":"","success":false,"data":[],"msg":"\u8be5\u624b\u673a\u6ca1\u6709\u7ed1\u5b9a","code":20001}
0

2.Dex转Jar,搜索关键字,sign

通过抓包的/user/login?定位到图中位置,,com/sing.client/login/

3.分析代码

String str1 = aa.a(paramString1 + KEY.getLoginKey() + paramString2);

localLinkedHashMap.put("username", str2);
localLinkedHashMap.put("password", str3);
localLinkedHashMap.put("sign", str1);

点击aa类,发现是MD5,,已经确定paramString1和paramString2,现在去找KEY.getLoginKey(),然后就可以得到sign了

点击KEY类,找到代码

public static String getLoginKey()
{
if (isError) {}
for (String str = stringFromLogin();; str = "") {
return str;
}
}

5sing分析

标签：

原文地址：http://www.cnblogs.com/milest/p/5618323.html