跟进com.vst.player.parse.a.getCDNUrl_a,发现是直接反射调用的SoMananger类的getLiveUrl函数
跟进SoManager类(已重命名过),发现SoManager类在自加载dex中
看了一下上面的逻辑,加载的是android.jar和temp.jar
在/data/data/com.vst.live里搜索这两个文件,发现在cache目录下,导出,扔进010看一下,发现没有dex文件特征,放弃。
尝试用大佬的dumpdex(工具git:https://github.com/smartdone/Frida-Scripts/tree/master/unpack)工具从内存里直接把动态加载的dex拿出来
我是直接复制了dump_dex()函数到自己的js中:
从dump出的dex里搜SoManager,找到包含SoManager类的dex,但是无法解析出来
怀疑是优化过的dex(我测试用的手机是8.1.0的)
在/data/data/com.vst.live里搜索SoManager,发现vdex
把两个vdex文件用vdexExtractor转成dex文件一下(工具git见:https://github.com/anestisb/vdexExtractor)
命令:bin/vdexExtractor -i temp.vdex -o tmp --deps -f
出现下图表示转换成功:
得到两个dex文件
解析bi.dex, 没什么东西
解析temp.dex看看, 发现SoManager
顺藤摸瓜,发现各家视频播放相关的so放在app_XXXX中
在该函数中发现大量不同类的so信息,顺此查看逻辑可发现so通过http方式下载,使用时解压出来:
随便逮两个拼一下url(如http://down.xiaoweizhibo.com/app/plugin/libp2p.zip)下载,可看到下载下来的全是so:
发现一个独树一帜的downURL,不知道是什么,好奇的扒一下:
原文本如下:
H4sIAAAAAAAAC+18e1xU1/XvPvOA4SEMgop4fjo8ooiKA/jAR8yIE94gKioaExxhdFAeI4wG7cNRSTQmVASTKEQz6ce2+EiDiSb+Us01j9umre0PEtvYxLTDDGMQqCGpFZOYzP2ucw7xMNGk96/7x/V8slx77b322muvvdbae084Z9uDuekcx7HBR8ni2SA1DVC+SCiqpzEd80fbCBbB/KS2QXBKoJLgtjTxuTFPBDURWrE9Lh/wiAi8grETaPST2kEyPdr1j4ggdODEdpK/yGMrZXd4/CQMVuvk2YwNQiYnwqB+i9FfPv5lToRB+b6PfD7DRRWH0P/lQ8f50NNldBggg+w1hTGN0O7PaIqfjWSsUKK3+vTfDninRNQtDKM3Ar8ro18GfnAU5ir1f9On/7s+9J8BG2X8HwEfGiWuJdFKTPiSpF8M6CjQHWhPlNqng+Yib/MXgp4OmpfoKtCLQPdzIv0k8Pwoxm5K7YdBzxqDOUl0OzdUv0ugn8P84qX5dRJtYoJjEN0H+usxIq+gL+pD+dvjx4GeAuKCRJcphsq3+tCP+tA/9aEf96Gf8qGbQH+B8VZL873o0/43H/rvPnSXD93rQ//Lh/7Sh1Yqh9IaHzpERpP/RYFeMRbjSvre78Nv9KFzfOhiH9rsQ1eAviDzz32g79fBH5g43inQU6KxDiqR/l+y/jGAD0C3y/zvGujnUgbl+7MA9HtKRseAPiGj00GfldEm0MZpt+kfg65Fe4RE/0wW9KT/ftCrJ6KP1H4E9AUZfUrGj2mxd33ov5F8BP1+pch/zaddhVzXjfkVSe0RoI/I9J0Mer+MTgN9SkaXUCKVzedHoItkdBNoQ9Lt/PJz0Jmgj0j0G6D7km7HyyXQmmTkeonuA21LFnUlOgiJcX+yuJ5E86APyNqngT4D+rxE5/gNtW8x6PJpYl4kutaH3gu6QUY7fOiXQJ+S0X/0oT2gL8noWz50mD9jt2T0fT70TNDBs2Azic4GnTvrdn40ga4FnSrR20G3zbpt3wOgz8jol0AbVovroWWfeV/1od8C3V5ym2bFxSW1puK1ZZWm8rKtZok02cy1ZTZWYa4osW5BXY3NVLKhuMSyoXitqax8SMW6TabqUtSYzKY1ZcWbKh8tqywtLrFai63Vela8rnJT8VKxbnHyMv1SY/aipSmLLaUZS1mNrbrcXMny1i/dmr8+L0XAhYuSWVFy6abSZbOWraksta6pWLzWt9+K5On60vJZFWtS0srXrCMx+I+trbJC2JqKZSlFySs3l2Qs2zRk8HxjSXJ+YYkeALxiS37h/OTF60u25G9ddGfdk4Z0l9CyxUuK0wsz79aUm5OemZFtvFvz/MIVd2sqWpGZMaSNKjMWDqnKLszTA1IAydmFwj9500VisHJREquxVpdV2tYyU3m5rWoDTGKuLKkqNZdVrq0aIi2nMl9fUpH/qHnRkGphFbbmbZWwnvB3GQaXa31ekpwx35hXK9Xrh+CteVvYOrPNWlZKy0UuBQT1RLSpnK1Faw1bW1JeVWP2mXTJ1uzCFUnAmPzSR1GuRXmLiFc+eLtNwFuInwmuUG02lbLyGrN5A6uAMapKaLDqEku1oEKFlVVYq6ts5hIbW1ttNjNp6GKraZ25uEaIBPmsN6xIWVS4ckH+1vlJ+esX1ebpF21dPJ+VlgtDrX20usxGnU2VpdVVZaXF5VXrioV1AEfNlgr8+92Z+bo5uXdJ5dDVyN+QBy9dUYshk/O2Yvj1S1MWLmLZ+VnFCytzq0wUdzL2dPoHgVtae2efTh7KvthcY6uqNhcvSy8oNt616Xv6FCfNKLZVFack3ZlneV5e0V3kUtMCLJFIldA/1eZ1Ncy0pqraxoYEgXkovYRoIUetMa8rqywuKTebKjdZpTrbFqu5uMJkK7FI40rzN9eaSzbZBrNbCfwBLeZaK5bfXDpEfkGVdajKS0yb72iiwfq7cd/FOALDHSzzbf2Cb9XB1Bekz/cxoKmsxvxgbYnZaiurqvRZ/qrqEnOpSHzH7JsqzHeqK66qRslmqa569NtxF1RVWMvNZC2pwmgm8i6jpmEjsFWbSkj8dxe0uPhumt9tQr46+07hh/W/Q0vxnW10Z8PdYWZ3mKvMu9ZWm2SaYtkWwzWrKpfYTDJnRnWuqRK75TrzEvhd2dqyEqPJZpK3E73YXJ5mqhkirdBca/u22lwqdCpeU1NDmzANYIbW5WVrkHQSa6qoVGMrLZk0SSIqJFwi4dJyqVC+rkbowBhdb9YB7gcsY+I5ePAJkfAj0vmUngUAupqvZOL9k+5KD0ttD8j60kV5sYxOk3AWYC1AL2sbz8S7qnTUZIEAHBPZHACuf0x27RCe+2TlWACu1CxdVlcMoGNPArt9J14OeAgwATBfxotrOsMVkU1l4rly8MkBZANWAPIAM5h4bl0IWAXAsYuNZuKd2l/qUyTrT8cssu0YWZ2ZifegkRI9E4DjK5NdQ/7jJ+AH2rV3qQ8HjGDiGfn7nnHf04YrNhv2A/0HH1xfhPPp4DP4W0m0hOluP1kqj/XpO0nCdE1PlcoPAuYx8U5E15FgQKisD11HggC45rC5TLw70O8bS2U8Bd+jbyZgCWCNRBsAuUz8vYZ8cVqxiFMlPFfCBgnnSrhAwoUSXiXh1RIulbBFwuUSVq0WsUbCwRLWSjhCwpES5iWsk3CchOMlPFnCeglPk3CqhOcOtmP8EXRfI4zFNRKmuyJhOKqVMIxvBx6JgKwjjIXZTRgO/BRhGLuBMBZ8P2EszgHCkPccYQzkIIzEcYQwFryVMJztBGEd7jeE4RynCCMZnSGMID5LGIF/njASxjuEEczvEkYSukAYztZOGIF/kTAc6BJhONhlwghyJ2Ekny7CSDLdhBGEfYSRgPoJY77XCSOh3SSM5HWLMJKfyjnFo3I+7wlx7nVq+t/wnKAk8du9LtUfnnKd+PKsZ7B8RFZ+TlbeLys/JSvXyco/lpVtsnK5rFwqK6+SlQtl5VxZ2Sgrz5WVp8nKk2XlOFmZl5UjZOVgWVklK9/64nb5uqzcJyt3ycqXZeWLsvIFWfkdWfmsrHwKZY3ueQ/TOtwK3V5ni9fbcySL4h51bK+zGfR+0P2n+Vw+64m2HxvjLOylLcZYi5qPiknlvzJ5ByZ/uqetLJ3Fjuc/fFiX/IdCLiVq0hcdLPbJzZMs8XxL2YEMbqy2Pd4yLPuD2Bb2TtFWYzyvjnVksHj1R5zuy7IUS3Oaqp1zMt3NT7wDgZ+eSw9o6z93Pv0Uksnn8F0jxr95eniOih/F/8g4xjLWwhJHtyssRyHt/aJZPIs5kKHmvQPXrwXmcHy8wDPGciAjxnIMHH78+0U6fhafwB/I0PM3ITcVciMBqaeDef8sNb/F6B24fI3FK9rVmbVG5oznoyHt0rVU8F7H+F0+vL8Fr1LgrdUPcr8F7nfBewa8mtOaHFEHNknT7pfjlxkaTXStkbRiTmWm5lwDNr46wNPo04z41Z4Oj1dc5vmnFvg5J8QHfDwnXn05gs818IYwQ65B5VyIVqJXGXS89hz2oXi/jycA5gAWAvycqhwVQAFggEjemnFwy46VL/T+rfLy2TF7//rmmj9oT+tihkdxsU0Gbk4w/9yCIMNOw0VDJK9boD3Xf3oEH8gHJP911Kshr0a+GvZxm98z1vwLLNmg+othPDd7c1ryAg6tL0f5HX4vlE14NdLvmZe5EJ5z7lrKzXgm7auPdkTax6cXLhobbB0fuG9siHV8cAf+XZ2vmh0Xwj1TnP92VIRV8cwj+cULg5qUwKpn2Hj1M4l8uZM1hyYEXUqo3VB7tXa43xjVe5HHaxdHjlG8Hxm7ergzho/ldbOD54yxhFk43QpDLJ+KMmGDgL0DTV5k7xbVdNU0LoU1FUz6awfXrGhhzwY2apqUzaoWdp9/Y0CTv1PT7N/i3xDYyJo1TWx/QCM7qNZ5B2zegIP+zSpe0xKPdZzjDWzpioyLpHKe9zhbn65PaSmKiww4OFbHTe+K9A6s8hZM+VsHpDY/MLolUtWkbFE0j4lUNvm3vBepaNS0cM3vRXKN6mYuWd2obvFrbkrz+/AQF9TCYoJPPDyaNe76ZE7ggPUV65zgB0Km8zXWmdYN6drx/1qlOrw+vXdjSuDxjSnBGzamhCgPT9oYHNu8CjXVqKlOCVEc7qmeVL0+XSPW1qC2JiWEO9xTsz59Us3wLaizoc72cFtKSI9tko1iCCnY3t/53tubC5O131x+/QAX++C6J47/6dP+06m5ofwI/hfGmbkzs1OzKK7XGymuo5L8+PDVXGtcjHdg3j/1sEPmP1ksx0fxga1RiG3DpC8R29yxA6sCj50fcwA1cZMGUDMjJrB13Kqo1uWGcQIX1UUda161UOp1E7TKObDqrUhD8igrl/Jk2s2PEngWa0jyDpz/hsWuigk8WrQq4WiBoejb/gnoP1vW/6rQm0sJs0aApt6F0d6BF77xz9lgjLLEIo9w7d6Bnj51ziFj/7m517zeyzjonMWhMQp74jthlMcm5k9cmJD3U+MMyzbjT4xTLA9Y6tvUjSkWFpNgnW1VWIKaxLyiPshiVMgZuhxddnTWj4yqBn3KVljImsya4nlVi3fgz33x/Jg8e7TfMe/Aci+LVTb9xKhs9jueyr+/aiI/G5Y726ds4VKUTRGTPu8QsxHlIvVBVTNlp19J9CyMEtScImm/p28Ysl8f9srrgBuACzg3pAM6sb9fACgRdVwKlxRYG2VlCV90WDNA67kkZS2bpGoPrGUJXHtT2r/bNbWRUdYMmnNCrj9WemKu91h8Mq10rGU81tg7UN2n4JGFP47L4lops5X2qZwxUnl9n04qFfapx07m2ZTY9pHOgNZZmJexj8Vr20dnBQjtq/q0MQzr8EjfyGwVvzNy5dim+Q+l8QaN0x4d0Pp7loAey9DD2aHi44Wy93h8SpQlxaLjxTlr+zTCip1Pv/iV1/s5zgujMM/RgHEADsDsXu9kFc1lYd7CnBfalA1s30+MfUUankXHWsY1eQf0fX68//6NPOvY6Rx+IpqfBv+d3Bfzswnr9byq0V3PYrgm089WLPj9aO/A+D7NUa6ZfJvvG3bAOxDXF3xQ0cBiqCayb1iz4iCVQvpobxFLU6MZ+Eb2cXpaa32WuoFN2GJk+xY49TzJ8g7c6A1o4SbN7tA8p2hmByNG69BPhVn7td+XpRP2jW96WXxCR9Bz6pZhB9kEfrTfPp1zXHas5VhRmEXZnJmmM3AJmg4++1hRU1pYhxL69/SOzgl0KpuVCQEdI4V6dYcSY/29NyKntyh2tWqmappfy/NpH73PzVQd3Jt25iMFtPxrL+l8qZfT+R8c1xwk+dUjvdHwq3LY9qzX6/XHntOF82M7yhcBlwCXAf2ny/NeaFM0UmQoLIqDkyz+vCV/nBQTtNNy0azBO9DWW5pLMfRjYzTPNehXz0sKjglthWV7o/nspOGtwdBe16t8msVO50OPHVw14pgh6SDiOFiI6+GI68gTDyRHLRVruGYWO+JoUE1sTXMa69jmzM//qdE6g2bR+A38s10v7LFPobyxIzMzM6vWSPbU9KrGxrSnZ4XEjIEfLkMeudIzppWLDomJBXcprD2sXaljB70DXd/4jQ34eG7W/dlK3RbjVvLZXsTM+M1ptEohUnlGrjrGv5VmVEo5qSeaL0sKbg3CTF7vYbHBmEXAsRJhFkHCLPwxC/XRyuSVqFGjZmoMi11vzNkYbo23wB97Y3MDjlK06VYTHd+ry4mz0DkAd4/JAe0s3r+dHZiKuOnr4fR0GvJrJ76oXqWgDXO+O362lDNSecVBhpyhxHrq+cEV3dwTLZyTLuCSdQLQjQv2ZVzO5wEO4o6wGrQJuBQwEuVWbAY/foBiKCX3Sawx6UZrTGe5APkKN0zOnJxFpxsh+nuU+/2RJWa0x2dFxKhgaRusk9yjgqUjYubAfm09LD66nTvAYS5HelRjx7RzOg5Wnwirj/qYl7y/tUeJU+Do7K3GhgoWH9TOog9kjMoa9e2KNPaIq5BK+UUqJ0jzj8f8OWH+AbL537gaJMy/GxfaDzGvFMzxRpT4/5R3wB7/M4axL8fQfK/kXsliMb8wXsktM2oaxQwYtNqNU9poXp8UaD1gVlo0R53ZdFb136/GbFk75/o49++ZUTHkD5okCzQ8c/WjzGg+JmlsDFFtVy+BMiRpBerYVe8xe3R8csDxUF0Wey9/Mq8yVBqnPax7m5uufas+7d8df87+80IWO5rfnx5w7FARZeLmoqzRpelPROpmRRsUf+FmzVrAJQUc283qil5k9vEXC14sUqXcYI8VvJLm6YjCSeW9q2/ksWhFQyCv4b2xnD7S8DgLOH6j6LXcU+kmoyhjIsk4vpfdKnqcXS8oTT/CuopuFRxecST917lrjeOJZ17iAm7Gq+zwil9i12xZVWNQHH6lkEuOSrjYweJObR6LkZ67qmxw5CgPbzC6V9nnpCzlpo2dfKNDc4BNeO1RJTyG7KTmNQdasl2xnOUhttV4oWgir2xxZChQ2xX7EOMsf0TNgQw/0I3ZTTmcZavxR0ZN0oWqibzIlcQrLbtT6ETsJ1EfVR3IUDVoDuzOfkLGrzroy08jT5T4OZR/mr0tRyXw35rWVSVyvxGdxZSWrbkPCVpQj6MxjaiZyP/Y2FI0G3W2LAVPnlmLjN7djfboJ9A+mxd7VEit3oEP0bYhe8MdNVqXp7T8xChpBc3VB29rZco2SVppBK380P5ItgocW42alMtVk+5oB1HLJF7UkeMX45ZhhYbqW5oDhhiSzxr9mnen8JYU9JdbjsbMzM78riXiSgWJY1aIPC8iohSW9wX5vv1nZ39Xu6PjlZZX2bRcUUeBi78ffWBHSJyarYuemr8edvrrlz816mdMyqFcvcHYuyqZ56Z7B+Z2R0y53kG70p5uJf7dDWtib7rJ4he1G53n020DXm+dBjF6P2L3Abp3cuxxxHAm6koBcQAvdn+Gvekh1OcBVlI7YAVgMaAIoED/mcCxAB1AD3gGEAdIAiwFvDcXZwrgGIAfwEl/OwP5ragPzhmWNSz7R0bKRdYUJWIguzswE1lIZ0gLyPJ/rswYKJ0vvxl4/VM/4bSydg5jCyAjYrSoN83jKfqxTt/g4bhwtyJpZ7gi6W2lktmdY71TO/sXTrl6YtHznhNJz3vUBXudSv3Tn0S057kYW+JmBkenYvV8l5qxQD/m6AzW1ruCb3l7WUOByx/H12WM9dSiX2308x7qp2h4+hOlvsz5dhJ49fWeYP0hD8nBMTeQ0y9wKdscnczhcKvQFmTd4/zVtl3O31kdnbu2P+HUQP5fvN5ele6QR8GWdzI9eHEtpbE5tstl555wMvS7AB4GuRwzuJRsWaeSsYRA8GuIry3D1e319jDUKxjbg1Vw+zHhT456OMcuVye16R1urb7OE8Ac7kmop3Ffo3H1ByATc9Y7lGhXZ7I6j5o5lDHCT9dL3Cq225XL6k5jV3wFsl8/JujhcKPOk8v2ewogk2xMvMMZOxY719EZqg93rdY9r1YyB6fQPe2v1dWpQ4T5YByMn6l/Xg1ZgQrQmEfUXL1oR9IPx8oeLWTjHNSzF2NRmfpEtNe7+vee6z4xC2cl+B/m6+2jMxLgOuAmgPTQGqZc5Vi4sIawYZQC5Uxmd8EWgV8pWC88ouffhPX7MVa4G/VR7azOdVOq00h1Y0LqXANSnRZ1Wvu5yFjUaQ3nusOVrKc/Y8pVlXO7K9je4IlsaPAM/xi+Q35TgPmzN7o18KXg8/WuUHaim+ih+HA3szrcmtXU/lS3xloPXRydmdpDniKyL1vqDnQ4wgMcDiUrKHBpHXvCDfpDI4KhVyZ8IAJ28tM6OgOmONyNofWuUV/BTtAzEDJUqG+cWu9KgY/bk+GH8LNc+I9BUd/NwY6BaFfpAPCzVPAwVuAOEv63AcYEJn9vHFfvItkc5GrYcvcHXm+gPzDZRcUedzlgl4AChxt+0rkb68J9hLXZda47FbZnmD8n2N7RadDu98QJ8ykQZBugY4T+MQ/podU/7VFLupCuGvB8JoxTAB9hgSkYW4V1eUxYs0XkJ4EqYAVz7ET/JorhULYYvEuaFJwdieaQWqVtUJMfw1fDmXaH6H/MEU6848gvdEJ8uuj3NYop8HV+Av2CGWyKeTD7ue4fGotpD6mF8b4dZx/GtatpHBrv27EgW4u8odJFe5i2XvhNT4nxqd6DMQfHozxE9sq1wlbwGcVqR6dGy9Dv2S6KKeQej9LOXJHkI9BZ8Ok4R+d/6f+EmEFc6Oo9PMrISz0xqY5Or17pUsQ7OqleuXGXU6FzuImX1/3JU9CwHzmmyJ1q3a/mGka7WIMj/Ajm2oq+lH8y9dS+2K1qe1b9ctsHYZqCXYo2xwdhqoJdw8kvOOsf3aE0D+sup5AHKF/BRojZPZz+D0I91o/qYmG3FK4tyMU5Al1POvZ0cmyle4QQ82y2AuUXMI8ZGJdyFfiVwp/RYe1V1sdc28FH/rP3G29vqhXxD5+i+Dj5pehL0CUMeoSrdY6wveB9UpIzUvDjAjeuUoHB7OluBatx70JZo6W8WePGeiD/iXlNqX9Mq9I2jdBoHRzJ/vlUrBd8o0UaQ8vq1Vopj6ND4GSMQTYYhvnrsFbrpflT/oqH3ZRsKfk8Z6DxMIcC0sn6tIf0Umz8nfs+Sbc00k1Hcsmfloer2xycxuHgMPnAObQO2t94NMK4i9zc+T2uIO2+UdBLyA9MR3EDvzlf79lIep4nvgI35VJ/trJzkpDvWE+ww9FJdK/XGzWo8zzKpZAbh9wRX1Dn0SGvos1tkM/Lsd8zTZjXys5I2bxGUNzD18iH9egP2znjsS6TtXWeaUL+f5r2kE7Y6XXasxj3mFOHtSNfgc6dJH8W5BImGRTzY2lvaqA4RF/rLmHfVRU89rL/xsectG8V6epcGvgwczyLOa50L5PmEoGYYkJOoDUim65wYy9T0v5C4xGPEmOFyMaOAq3TPU/z7QwVflt//pMRqPPH/Gk/oD0xTtpfziTh/IK5RmL/Qay6R0p7ZwRw/4PIb4jVdf9AnAo+iTX6bG/DHyADcdkzguYEeApwgsrI8e8IvrnE/SatTS1yrq7BMwGYgx5hylFOJVenVZ1vjOD0O12q8/YRWvBiL4tSbB3lSsW+eQrzaiP52iUu9AmnPVTNloS/SPKKIAd0jMXReR/KfjrYHXlIC3vAvzqPUFyyBcgzVkCrM5Qtc+Mc0sQ5HDs1LKrzOcF+K91qhyOMcrsWPql1pO1g1mYXdMdYozqbUE/9QuhcoduPdR5O+0Ugp33LTT4JXdyZWnsXxYFCux0+UudB8NOf3/YodW9hDeo8Yzhar+V0Jgkc3HeFHKt/W5DRrrd3RQk8RaBZYFhIvStE6oPzTRSgh3SAjnuoLUhqI79HnAq0tmCtKxX7De1jlGMR5x+GJda7HsM6Pc7tcKop91J8nd/XBTt3cbrFrq+83gR10k4nySL/WYt9T4tx4CfRsGGKndvu3INY2hGKMxf2qsC7yAgUZEB3/c7hhFMREwppHh8y1mvw0f9vTNT/fkl/omeSvWDLmdK6frumiDXyiSSyP843dD4h2RrYri3J3vUP9G2AjI+BU2FbKtOcaa953GR3qrH/K4S80tTFWTNcKu3jXTT2l/Ax9aIdzlTkAupzFv1HC2cvcZ+jmBfOU9J4WoynT7Z3ka7DsGYf0HjwB4oN0ZdHOFWsMULJ1Y8SfBk6f4Ex4MMe4v8tzdkqxpsCGLGHOELMPXau28gaPMKZHPvmXP0+D52rDPrtnsGzBJ2b9iHmVN9zngqoEM9STO90G5LHe8TzxyGP6msxnw8j/5bOHMNkZw46H/0L5w7SsfJrylGCX0WppbPU71FH+WEf6Yr9OlJn98zVNXmCtXaPQbfTQ35BeXnr194eOv9EwGakezCdiQ10ll/i5gqENQjE+cNthbwQsjPaST7ODW61pI+/lMtJL7V0flexx1xG2E6INfD/Av37buLMomuQ9hAW1YbcNFe3D/rAZhhjOXQhe2qgj4b00Ip6aOznNHT2EuaOuVgFezfC3jtg7x1D7P1L2HvV99h70NZF2JvIdgdg66O3RFsjCKKK4FPB8Auy9evQmWia73TpzBkgxDXaUVekQ9xhbyK9AoS5F4QznINwxo8S8vNqh5v6+30t7iG/xFpYof80rd2VyvZ1p7IpV72hDd3Meag7Oqihj+YeHWQXsE6idd/S7RI+L2AF19+nCANEA5IA8wGLACbARsB2wD7AC4CTgDcBHYBOwGf9kgwnZACiAUmA+YBFABNgI2A7YB/gBcBJwJuADkAn4DOnIIPb3naL2wd4AXCy7ZZY50Ad4AXASYdQx5yY6zjsQ4i7YMxbhf1Qj73M4MT5DXvY3XiW/wc8ZT/Eg7PHvB/iwVpafHg0unaPeK9d7OZ0acMppwdQHWhhL9GluQJ05z0qHcVEY5cfs3cjf7k1urfhz02emGDESRzF2U4hT7TBbwh7M6T7BnyFckuwo97lPSyeAXDn7W2j+IY/hwn73HI6Z4ZfRDnYUO/yh9+FYAx/vXhXYYZ6Txf8l8rUFiq1Uf0Xt4SzQuf/hi/atVoXnTtoj2HbhVwi3IO8do2LOeo974OX7v8q+26XgUW4lXaLVmPfyYLtdJapF/ISnYHiIKtfz1x2xKWgn1E8q7xCd3KDvVMRUOhupf2SzksJoo4x8eL94TLiQLXDIcTR87RfBES6ab8+jzzQIMkL1THXMNgX95ZwZsdebnco9wtnYVGWhvSHPr+S5kz1RNN8aIyzqD8BeQ7KG6Sfztnpr1O4VsSAl2nd3kSFi5u4I3xwPg9jPm3gxRk26iT08pfuktvoPKkrcG3C2P3a4a4aKbcuAv/L4KNzJhPzhDCuIA96bL8lxnoV+isMDrfwu4BqpzOY1QvnOH9DneBntB5k722MuW4gX2x/YKeL+EgG8ZK832Mer8h0Wol+tGeFwv79sBPtV8Q3CmPcQt0puh8YmMLfoBrO6eoUgOF0tldocU+ZsEOJchidxRQTdoSPQ5/z4v4c9VuMoZHGmI8xlHcYQzF+ZyfyY8/vZLwzJBtNJhvph7sSbu8/gp/chAwag37TCTVAFs7G1E7yA+N3CHaDg/e8S/cnSWY0ZNK4Wt0OF9nu92iLkNqipDbSbVAvsgfp5i+N1y6tu79sPIFnwg63GrE+R9pXY7F30v6obRd/A6C7by795kb6I3Ypr1DsIi94NLqdwpmeYjsY91F//fueYbibBsvuw9Sf/EG4p9NvaZJffP2VGFeZrMnzQ7yfS7y5+iaPv+59jwLnMw3b6RrsR/vimAFvL+HRhE8i+7axOvobuf6XqXxc+DPIPWJZeLPu52JZ+PPGF4Tyr4X6B8ZTuVjoK5dzt7Lxsnfbcc2z9rMCPmnXfOzddhS4CLjW691WB9zW1mo/IeA2+yWJ7gM+/gBvv/gP77ZV4HvHifrjwXZ7p8jXClyA+nIX1evsrR7CgfaGK95tRtTf7BH5NL3AL6nsF/tEuan/9G7D/rHNeE3UY/81ka8duDX0pL1foid/KtIFn1J/jf3y52J9H/Ctb7zb5t4QacLHtS/bL0l03w1RbsGASJcDXwJ/HfCx+162z73p3UaGvPyFNM6X3m2/xjhnvhbHKwTvKQDhMxIm/vn5xsULs4yh8wtyQqMXFGYtyypcMS1z8YPzjWdOv3z6yn+3XXnxyqkrr7146or7zIuuK22nX3zt1Munuv77yulT7tdOxk6dci0+7trs+IkxU+P0iZ/OnDb90ykJM8eXVFUkmk3rys2J5WWbzR6/f6n8uhRh//yff/aHfROmoNYNthJr4uayUnPV7BJTicU86tAXR559w/621X/+9ZkND45bGfXM9T0ng8795mzr0Qud17o+//Rq10ud/f0vvem+fvXG1etfXOz+3NPZ9ZsVdcuXL328cNn2omWPF2xftnxqSUVpeVmlmWWYbcvNawqqqm2zN1eVlbL7aiYL/6Fwnz65lk21VleVTL2vdGqFyVojUTXm8rUiXc2msMR1VbZEa7lNKLBHWW7Gkgx610Invmuhy6mqKig3bTFX65ZsKikx19TIX8SQ8S3YYN6SYa40V5tsVbd5SzZVV5srbfNLbGWby2xbCi3CCyrrzLb5Vmt5WYlJ+PP3+Im50jskU01W61RZ0xwf1ix6oUfGXlJVaYP4qdaKqT5ccxj9ybixrJrlrjdtNk0tN1Wum7rEVl1WuW4OjDN140bBfihtqKoSihipwFSywbTOnGeqxL/VdxloKNMcWT9Ru++Ol/V9ckRlbwvJp7+qx8jf1bqmbF2lybap2lzDHrqTwCWD7XOYrWqBxVRdI/aULZjuvhpdjbQ0JO5O2t5p6HL0LcEC35E/i8GEZZVlNuFtp2Srld5miUe1SNbYTDbzXf/q+N5z77n33HvuPfeee8+9595z77n33HvuPfee/3+f1SNvl+lHRFux9C44J76zeiZcfI85TIK24dJ3qDjxPWf6U8Yvvd4qem+b3juO4MR3g+ndaHp3uM5ffNdcoRHfE94dKr5r/Dt/EXdI+O8SviLha/7iu/ED/uK748K35KTx6J3wyY+I732r2O33sOndZhrrK+jj+526//Shb7HR99foG2XCd8mkh76pRt9huyB928c2R/z+HH3rjb6nRt+08n3ORPy/BXp2z2Osfp74TbZTwOfmid/rel8q07fCPgK+Mk/8TlyPVE/frGMZCxbM1sVn5C+dqJuWOEOXrE/Cf/oZunhrtbnaXG421ZgnSmsQIGEws3VV5aW6pMQk+v7AfHrxXPhWCuPouwfq6YUPMj+VhgvgAhXDVRHcCG6UMpKLUoxVTOZYYo2FPlljWsMSS7dU0qddBGyrZokWU42FJWJUqhELwm+JNnMt/p2/OC8RBeooFukjLYnVVcLXHBLXllWWFZuqq01bWCL9fDRYhiRTRVmJ+INkosi7pqaGJZZUVVSYK1FXWWUzJ66r3JRIc5qy2VxdQz8jCmOYbLbqsjWbbOaa/xv/CpKAYoxihcDqJ9Icu+3PFFtKiY9iiEAhe8l/0L8pBtQSH8UWQbzydvvgdxGjpTUiPophAophOR+JT5DxUewTMInPT8aXyG7XDfrbflnQDX4WLUXGlztSBFvsd/lmSXw07vlZIpSz7/IZRT7rDjb0G5D+Mj7Sb6FMHsUqwQ7ZRyCkz04K36wIlWwtfDMyf+i3FAbHpbAPkfgo90zOH/o9ycGpV0lzJT7hG5f5YqNCJo/k10p9BD7kXD0Ubr/DuD+R8Qkf3CgQv5fgy7dTkkt89D0yA/galN/l2y3JG/w2CPGN95kHwT5226b0WArE/Osrr1Uc0zpYX1cgfhdCLm8Qy7/BcRJ8Z+7A938A59qgYbRUAAA=
跟进下载的地方,发现是base64
即data类型的直接base64解密就是相应的so了
发现构造虚假Context的代码,替换了PackageManager,包名等,以此伪装正常包的信息:
在自实现的PacageManager中大量的签名伪装信息:
总结思路
该app打开后,通过自加载的dex,下载各家的播放相关的so,构造相关的请求CDNUrl的Request,中间通过构造自实现的Context,重写了一般会检查的诸如包名,签名之类的函数以达到躲避常规盗链检测的目的,从而实现视频盗链。
PS:apk下载找小薇直播,附件附上还原出来的dex