-
-
-
[原创] 使用sekiro获取微视数据
- 10小时前 338
-
前几天我发了一个通过代码注入的方式调用app API的框架Sekiro https://bbs.pediy.com/thread-254923.htm,不过没有提供真实的可以app数据获取demo。
所以现在找一个app,在sekiro和xposed的基础上,实现微视的全局搜索接口的调用。
首先,配置xposed依赖和sekiro依赖
compileOnly 'de.robv.android.xposed:api:82' implementation 'com.virjar:sekiro-api:1.0.0'
由于项目依赖netty,对于netty项目有一个文件冲突,特殊配置一下
android {
packagingOptions {
exclude 'META-INF/INDEX.LIST'
exclude 'META-INF/io.netty.versions.properties'
}
lintOptions {
abortOnError false
}
}通过逆向分析,可以得到search搜索请求代码如下:
long a3 = com.tencent.weseevideo.common.utils.ar.a();
// 这里产生了一个请求id,autoIncrement
if (!android.text.TextUtils.isEmpty(str) && !android.text.TextUtils.isEmpty(trim)) {
this.l.b(str, trim);
}
com.tencent.oscar.base.service.TinListService.a()
.a(
new com.tencent.oscar.module.discovery.ui.adapter.i(a3, trim, 0, 0, "")
, com.tencent.oscar.base.service.TinListService.ERefreshPolicy.EnumGetNetworkOnly
, GLOBAL_SEARCH_ALL
);我们用sekiro的方式,模拟这个逻辑,并且和sekiro上游结合
首先创建sekiroClient对象:
final SekiroClient sekiroClient = SekiroClient.start("sekiro.virjar.com", UUID.randomUUID().toString(), "weishi-demo");然后注册一个名为globalSearchAll的handler
sekiroClient.registerHandler("globalSearchAll", new SekiroRequestHandler() {
@AutoBind
private int searchType = 0;
@AutoBind
private int dataType = 0;
@Override
public void handleRequest(SekiroRequest sekiroRequest, SekiroResponse sekiroResponse) {
String key = sekiroRequest.getString("key");
String attachInfo = sekiroRequest.getString("attachInfo");
if (attachInfo == null) {
attachInfo = "";
}
}
});
然后通过反射模拟请求发送逻辑
//请求id long a3 = com.tencent.weseevideo.common.utils.ar.a();
Class<?> arClass = XposedHelpers.findClass("com.tencent.weseevideo.common.utils.ar", lpparam.classLoader);
long a3 = (long) XposedHelpers.callStaticMethod(arClass, "a");
//reqeust bean
Class<?> seachBeanClass = XposedHelpers.findClass("com.tencent.oscar.module.discovery.ui.adapter.i", lpparam.classLoader);
Object requestBean = XposedHelpers.newInstance(seachBeanClass, a3, key, searchType, dataType, attachInfo);
//请求和响应绑定关系
Store.requestTaskMap.put(requestBean, sekiroResponse);
//请求发出去
Class<?> tinListServiceClass = XposedHelpers.findClass("com.tencent.oscar.base.service.TinListService", lpparam.classLoader);
Object tinListService = XposedHelpers.callStaticMethod(tinListServiceClass, "a");
Class<?> ERefreshPolicyEnumClass = XposedHelpers.findClass("com.tencent.oscar.base.service.TinListService$ERefreshPolicy", lpparam.classLoader);
Object EnumGetNetworkOnly = XposedHelpers.callStaticMethod(ERefreshPolicyEnumClass, "valueOf", "EnumGetNetworkOnly");
XposedHelpers.callMethod(tinListService, "a", requestBean, EnumGetNetworkOnly, "GlobalSearchActivity_global_search_all");再然后,由于请求是异步的,我可通过hook的方式,在数据返回的时候拦截数据:
//数据响应的时候,拦截请求
//com.tencent.oscar.utils.network.j#a(com.tencent.oscar.utils.network.d, com.tencent.oscar.utils.network.e)
XposedHelpers.findAndHookMethod("com.tencent.oscar.utils.network.j", lpparam.classLoader,
"a", "com.tencent.oscar.utils.network.d", "com.tencent.oscar.utils.network.e", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
SekiroResponse sekiroResponse = Store.requestTaskMap.remove(param.args[0]);
if (sekiroResponse == null) {
return;
}
Object jceStructObj = XposedHelpers.callMethod(param.args[1], "d");
Object responseData = ForceFiledViewer.toView(jceStructObj);
sekiroResponse.success(responseData);
param.setResult(true);
}
});然后安装插件,使代码生效,之后通过sekiro服务器调用:
http://sekiro.virjar.com/invoke?group=weishi-demo&action=globalSearchAll&key=小姐姐
目前看起来自动bean注入和异步http存在一些问题,我再调试看看
[公告]安全服务和外包项目请将项目需求发到看雪企服平台:https://qifu.kanxue.com
最后于 10小时前 被virjar编辑 ,原因:
文章来源: https://bbs.pediy.com/thread-254994.htm
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh