【记录】从反编译安卓apk得到的java源码代码中尝试找返回json中J加密的逻辑和线索

折腾：

【已解决】尝试破解小花生app安卓apk希望看到api返回的json中的J的解密算法得到明文

期间，现在已经有了：

apk改名zip后解压得到的：xiaohuashengv3.6.9 – unzipped
apktool反编译得到的：xiaohuashengv3.6.9 – apktool decoded
jd-gui查看到的jar包的源码：jar sourcecode

jar包是dex2jar从dex破解得到的

现在只能是尝试利用手上的资源，去找找，能否发现点返回的json中J的加密逻辑和其他有用的线索。

参考：

https://zhuanlan.zhihu.com/p/51260384

“AndroidManifest.xml：这东西大家肯定非常熟悉，是一个存了一大堆程序配置信息的清单文件，当然也是二进制的。”

去看看：AndroidManifest.xml

jar改名zip解压后的：是二进制乱码

apktool反编译得到的：是xml源码

其中有我要的很多的：

com.huili.readingclub.xxx

/Users/crifan/dev/dev_tool/android/reverse engineering/apk/xiaohuashengv3.6.9 – apktool decoded/AndroidManifest.xml

<uses-permission android:name="com.huili.readingclub.permission.JPUSH_MESSAGE"/>

<meta-data android:name="TxAppEntry" android:value="com.huili.readingclub.MyApplication"/>

<provider android:authorities="com.huili.readingclub.provider" android:exported="false" android:grantUriPermissions="true" android:name="android.support.v4.content.FileProvider">

<activity android:label="@string/app_name" android:name="com.huili.readingclub.activity.LauncherActivity">

<activity android:name="com.huili.readingclub.activity.note.WebWriteArticleFinishActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustPan"/>
<activity android:name="com.huili.readingclub.activity.note.ExperienceVoteUsersActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.LoginActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.LoginPasswordActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.LoginBindPhoneActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.RegisterActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.VerificationCodeLoginActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.GuidePageActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.base.WebViewActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.YouzanH5Activity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.base.ChoosePictureActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.ViewActivityBooklistActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.AddBookWithChildrenBooklistActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.AgeRankingActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.BookCommentsAndBookAppraisesActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.ActivityBooklistActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.CreateActivityBooklistActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.booklist.UserAndRecommendBooklistsActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.BooklistsAndHotBooksActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.bookcase.SearchMyBookWithSelectedBookActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.book.ShareBookCardActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.booklist.UBLSelectBookWithWriteActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.tabreading.ReadingCalendarActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.tabreading.ReadingRankingListActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.tabreading.SingleMonthlyBookListActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.tabreading.SingleDarenActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.tabreading.ShareReadingActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.tabreading.ReadedActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.tabreading.ReadedMoreActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.english.BookCommentsWithSingleGroupActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.englishresource.SingleCategoryActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.englishresource.SearchSeriesActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.englishresource.AudioPlayViewActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.english.AddNoteTagActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.english.AddQuestionActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.english.ModifyQuestionActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.english.SingleQuestionTagActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.english.SingleEnglishAnswerBooksActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.english.AddBooksForAnswerActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.english.AnswerReplyActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.english.HistoryQuestionActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.englishresource.RelationAudioActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.englishresource.SingleAudioPackageActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.SelfReadingCategoryActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.ParentChildReadingActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.SelfReadingActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.WhitePaperActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.EnglishGradeActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.ShareInviteActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.ShareInviteCardActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.InviteAwardActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.ExchangeCouponActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.ExchangeCoupon1Activity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.GetTestAccountActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.SelectedGradeWithScreenActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.SearchEnglishLevelActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.classroom.SelectedChildSituationWithScreenActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.SelectedTestProjectWithScreenActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.TestHomeActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.XueLeTestActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.LanceTestWithScreenActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.classroom.ARTestWithScreenActivity" android:screenOrientation="portrait" android:windowSoftInputMode="adjustResize"/>
<activity android:name="com.huili.readingclub.activity.classroom.LevelBuyListActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.NoTestWithScreenActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.RelatedExperiencesActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.TestResultWithScreenActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.LatelyNewSeriesActivity" android:screenOrientation="portrait"/>
<activity android:name="com.huili.readingclub.activity.classroom.SellBooklistActivity" android:screenOrientation="portrait">
<intent-filter>
...

其中可见：

com.huili.readingclub：下面有很多文件夹和类

activity

note

WebWriteArticleFinishActivity
ExperienceVoteUsersActivity

LoginActivity
LoginPasswordActivity
LoginBindPhoneActivity
RegisterActivity
VerificationCodeLoginActivity
GuidePageActivity
base

WebViewActivity
ChoosePictureActivity

YouzanH5Activity
booklist

ViewActivityBooklistActivity
AddBookWithChildrenBooklistActivity
AgeRankingActivity
BookCommentsAndBookAppraisesActivity
ActivityBooklistActivity
CreateActivityBooklistActivity
UserAndRecommendBooklistsActivity
BooklistsAndHotBooksActivity
UBLSelectBookWithWriteActivity

bookcase

SearchMyBookWithSelectedBookActivity

book

ShareBookCardActivity

tabreading

ReadingCalendarActivity
ReadingRankingListActivity
SingleMonthlyBookListActivity
SingleDarenActivity
ShareReadingActivity
ReadedActivity
ReadedMoreActivity

english

BookCommentsWithSingleGroupActivity
AddNoteTagActivity
AddQuestionActivity
ModifyQuestionActivity
SingleQuestionTagActivity
SingleEnglishAnswerBooksActivity
AddBooksForAnswerActivity
AnswerReplyActivity
HistoryQuestionActivity
TopicsWithSingleGroupActivity
SingleEnglishQuestionActivity
AddAndModifyEnglishAnswerActivity
AddAndModifyEnglishAnswerBooksActivity
SingleEnglishAnswerActivity

englishresource

SingleCategoryActivity
SearchSeriesActivity
AudioPlayViewActivity
RelationAudioActivity
SingleAudioPackageActivity

classroom

SelfReadingCategoryActivity
ParentChildReadingActivity
SelfReadingActivity
WhitePaperActivity
EnglishGradeActivity
ShareInviteActivity
ShareInviteCardActivity
InviteAwardActivity
ExchangeCouponActivity
ExchangeCoupon1Activity
GetTestAccountActivity
SelectedGradeWithScreenActivity
SearchEnglishLevelActivity
SelectedChildSituationWithScreenActivity
SelectedTestProjectWithScreenActivity
TestHomeActivity
XueLeTestActivity
LanceTestWithScreenActivity
ARTestWithScreenActivity
LevelBuyListActivity
NoTestWithScreenActivity
RelatedExperiencesActivity
TestResultWithScreenActivity
LatelyNewSeriesActivity
SellBooklistActivity
TestResultNotificationActivity
AllSellBooklistActivity
AllSellPosterActivity
SingleWhitePaperActivity
LexileARFindBookActivity

。。。

。。。

还有很多，就不继续列举了。

其中的：

classroom

SelfReadingCategoryActivity
ParentChildReadingActivity

像是我此处希望找的：

花生团-》教师，房间

自主阅读馆
亲子阅读馆

搜：

com.huili.readingclub

app detail info – Appstyle –

小花生-小米应用商店

搜：

C，J，M，ST

中的ST，找不到：

搜：

    GET /Reading.svc/queryRecentPopularBook/1134781/1 HTTP/1.1
Content-Type    application/json
Authorization    NSTp9~)NwSfrXp@\
Content-Length    2
Host    www.xiaohuasheng.cn:83
User-Agent    Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; A0001 Build/KOT49H) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Cookie    ASP.NET_SessionId=b25ctv2hir0gibk4aaxj5aix
Cookie2    $Version=1
Accept-Encoding    gzip
Connection    keep-alive


{
    "C": 2,
    "J": "H4sIAAAAAAAEAKVXXU8bVxD9K5afEok29\/vu5aU。。。9fYLgHH\/g\/\/AoBWrGdtEAAA",
    "M": "1001",
    "ST": null
}

中的

1001

是能搜到的：

-》那这部分代码，可能就是有关系的。

-》针对于返回的json去解析的代码。

所以去研究看看

com/tencent/bugly/legu/crashreport/crash/BuglyBroadcastRecevier.java

public class BuglyBroadcastRecevier
  extends BroadcastReceiver
{
  public static String ACTION_PROCESS_CRASHED = "com.tencent.feedback.A02";
  public static String ACTION_PROCESS_LAUNCHED = "com.tencent.feedback.A01";
  public static final long UPLOADLIMITED = 60000L;
  private static BuglyBroadcastRecevier d = null;
  private IntentFilter a = new IntentFilter();
  private Context b;
  private String c;
  
  private boolean a(Context paramContext, Intent paramIntent)
  {
    boolean bool1 = true;
    if ((paramContext != null) && (paramIntent != null)) {}
    for (;;)
    {
      boolean bool2;
      Object localObject1;
      try
      {
        bool2 = paramIntent.getAction().equals("android.net.conn.CONNECTIVITY_CHANGE");
        if (!bool2)
        {
          bool2 = false;
          return bool2;
        }
        paramIntent = com.tencent.bugly.legu.proguard.a.e(this.b);
        localObject1 = new java/lang/StringBuilder;
        ((StringBuilder)localObject1).<init>("is Connect BC ");
        w.c(paramIntent, new Object[0]);
        localObject1 = new java/lang/StringBuilder;
        ((StringBuilder)localObject1).<init>();
        localObject2 = this.c;
        localObject1 = new java/lang/StringBuilder;
        ((StringBuilder)localObject1).<init>();
        w.a("network %s changed to %s", new Object[] { localObject2, paramIntent });
        if (paramIntent == null)
        {
          this.c = null;
          bool2 = bool1;
          continue;
        }
        localObject1 = this.c;
      }
      finally {}
      this.c = paramIntent;
      long l = System.currentTimeMillis();
      Object localObject2 = com.tencent.bugly.legu.crashreport.common.strategy.a.a();
      t localt = t.a();
      paramContext = com.tencent.bugly.legu.crashreport.common.info.a.a(paramContext);
      if ((localObject2 == null) || (localt == null) || (paramContext == null))
      {
        w.d("not inited BC not work", new Object[0]);
        bool2 = bool1;
      }
      else
      {
        bool2 = bool1;
        if (!paramIntent.equals(localObject1))
        {
          if (l - localt.a(c.a) > 60000L)
          {
            w.a("try to upload crash on network changed.", new Object[0]);
            c.a().a(0L);
          }
          bool2 = bool1;
          if (l - localt.a(1001) > 60000L)
          {
            w.a("try to upload userinfo on network changed.", new Object[0]);
            paramIntent = v.a();
            paramContext = new com/tencent/bugly/legu/crashreport/crash/BuglyBroadcastRecevier$1;
            paramContext.<init>(this);
            paramIntent.b(paramContext);
            bool2 = bool1;
          }
        }
      }
    }
  }

可以看懂，基本上是网络相关，上传文件或数据超过一定大小了，然后会报错之类的。

-》不是我们要找的。

com/tencent/bugly/legu/crashreport/biz/b.java

  private static void c(Context paramContext, BuglyStrategy paramBuglyStrategy)
  {
    boolean bool1;
    boolean bool2;
    if (paramBuglyStrategy != null)
    {
      bool1 = paramBuglyStrategy.recordUserInfoOnceADay();
      bool2 = paramBuglyStrategy.isEnableUserInfo();
    }
    for (;;)
    {
      int m;
      Object localObject2;
      if (bool1)
      {
        paramBuglyStrategy = com.tencent.bugly.legu.crashreport.common.info.a.a(paramContext);
        localObject1 = paramBuglyStrategy.d;
        localObject1 = a.a((String)localObject1);
        if (localObject1 != null)
        {
          m = 0;
          if (m < ((List)localObject1).size())
          {
            localObject2 = (UserInfoBean)((List)localObject1).get(m);
            if ((((UserInfoBean)localObject2).n.equals(paramBuglyStrategy.i)) && (((UserInfoBean)localObject2).b == 1))
            {
              long l1 = com.tencent.bugly.legu.proguard.a.o();
              if (l1 <= 0L) {
                break label151;
              }
              if (((UserInfoBean)localObject2).e >= l1) {
                if (((UserInfoBean)localObject2).f <= 0L) {
                  a.b();
                }
              }
            }
          }
        }
        label151:
        for (m = 0;; m = 1)
        {
          if (m != 0) {
            break label157;
          }
          return;
          m++;
          break;
        }
        label157:
        bool2 = false;
      }
      Object localObject1 = com.tencent.bugly.legu.crashreport.common.info.a.a();
      if (localObject1 != null)
      {
        int n = 0;
        localObject2 = Thread.currentThread().getStackTrace();
        int i1 = localObject2.length;
        paramBuglyStrategy = null;
        for (m = 0; m < i1; m++)
        {
          Object localObject3 = localObject2[m];
          if (((StackTraceElement)localObject3).getMethodName().equals("onCreate")) {
            paramBuglyStrategy = ((StackTraceElement)localObject3).getClassName();
          }
          if (((StackTraceElement)localObject3).getClassName().equals("android.app.Activity")) {
            n = 1;
          }
        }
        if (paramBuglyStrategy == null) {
          break label403;
        }
        if (n == 0) {
          break label397;
        }
        ((com.tencent.bugly.legu.crashreport.common.info.a)localObject1).n = true;
      }
      for (;;)
      {
        ((com.tencent.bugly.legu.crashreport.common.info.a)localObject1).o = paramBuglyStrategy;
        if (bool2)
        {
          paramBuglyStrategy = null;
          if (Build.VERSION.SDK_INT >= 14)
          {
            if ((paramContext.getApplicationContext() instanceof Application)) {
              paramBuglyStrategy = (Application)paramContext.getApplicationContext();
            }
            if (paramBuglyStrategy == null) {}
          }
        }
        try
        {
          if (k == null)
          {
            paramContext = new com/tencent/bugly/legu/crashreport/biz/b$2;
            paramContext.<init>();
            k = paramContext;
          }
          paramBuglyStrategy.registerActivityLifecycleCallbacks(k);
        }
        catch (Exception paramContext)
        {
          for (;;) {}
        }
        i = System.currentTimeMillis();
        a.a(1, true, 0L);
        t.a().a(1001, System.currentTimeMillis());
        w.a("[session] launch app, new start", new Object[0]);
        a.a();
        paramContext = a;
        v.a().a(new a.a(paramContext, null, true), 21600000L);
        break;
        label397:
        paramBuglyStrategy = "background";
        continue;
        label403:
        paramBuglyStrategy = "unknown";
      }
      bool2 = true;
      bool1 = false;
    }

以及：

com/tencent/bugly/legu/crashreport/biz/a.java

都不是我们要的业务逻辑，而是bugly相关的，bug report相关的代码。

后来继续去：

【已解决】从不同版本的小花生apk中反编译出包含业务逻辑代码的dex和jar包源码

转载请注明：在路上 » 【记录】从反编译安卓apk得到的java源码代码中尝试找返回json中J加密的逻辑和线索

Post Views: 1,642

【记录】从反编译安卓apk得到的java源码代码中尝试找返回json中J加密的逻辑和线索

与本文相关的文章

Hi，您需要填写昵称和邮箱！