1、抓包剖析协定数据
第一次抓包:
POST https://mapi.4399api.net/user... HTTP/1.1
Content-Length: 179
Content-Type: application/x-www-form-urlencoded
Host: mapi.4399api.net
Connection: Keep-Alive
User-Agent: 4399GameCenter/4.7.0.26(android;oppo R11
Plus;5.1.1;720x1280;WIFI;1322.352;a4399)
Accept-Encoding: gzip
mauth:
mareacode: 999999
mauthcode:
SM-DEVICEID: 201905041309028d5a7f8497361da6970ae4648182
781501ebe495ed6c69f4
m-id: 00%3A81%3Af0%3A3a%3A81%3Ae1
a-id: 90af9d75bb5711af
e-id: 865166020506633
mdeviceId: 865166020506633
pauth:
s-id: 460006017714263
mudid: 1094ghmbkrL3FHgyrMy0ca6d4
dateline=1557294373&deviceIdentifier=865166020506633&info=1&
model=oppo+R11+Plus&password=ytHJhV3wqmTLqeV%2BzhXB%2BA%3D%3D&
sign=8d86292d44242171706dbb86878c5fef&username=1908920848
第二次抓包:
POST https://mapi.4399api.net/user... HTTP/1.1
Content-Length: 179
Content-Type: application/x-www-form-urlencoded
Host: mapi.4399api.net
Connection: Keep-Alive
User-Agent: 4399GameCenter/4.7.0.26(android;oppo R11
Plus;5.1.1;720x1280;WIFI;1322.352;a4399)
Accept-Encoding: gzip
mauth:
mareacode: 999999
mauthcode:
SM-DEVICEID: 201905041309028d5a7f8497361da6970ae464818278
1501ebe495ed6c69f4
m-id: 00%3A81%3Af0%3A3a%3A81%3Ae1
a-id: 90af9d75bb5711af
e-id: 865166020506633
mdeviceId: 865166020506633
pauth:
s-id: 460006017714263
mudid: 1094ghmbkrL3FHgyrMy0ca6d4
dateline=1557294488&deviceIdentifier=865166020506633&info=1&
model=oppo+R11+Plus&password=ytHJhV3wqmTLqeV%2BzhXB%2BA%3D%3D&
sign=17098977627437634f0e58674edcafc3&username=1908920848
](https://p6-juejin.byteimg.com...
](https://p1-juejin.byteimg.com...
2、间接搜寻网址
](https://p3-juejin.byteimg.com...
](https://p3-juejin.byteimg.com...
](https://p6-juejin.byteimg.com...
](https://p1-juejin.byteimg.com...
](https://p9-juejin.byteimg.com...
](https://p1-juejin.byteimg.com...
除了”sign”这个字段,其余字段都找到了。”sign”字段就在以后类的左近,通过com.m4399.gamecenter.plugin.main.f.ay.ae类的基类(com.m4399.gamecenter.plugin.main.f.c)发现一个十分可疑的类(com.m4399.framework.providers.SignDataProvider),点击进去发现该类有一个办法(buildRequestParams)正是计算”sign”字段的值。
3、Android Studio+smalidea插件动静调试smali代码
调试模启动式
adb shell am start -D -n com.m4399.gamecenter/.controllers.splash.SplashActivity
端口转发
adb forward tcp:8700 jdwp:2561
呈现这个谬误阐明8700端口被占用
error: cannot bind listener: cannot bind to 127.0.0.1:8700: 通 常每个套接字地址(协定/网络地址/端口)只容许应用一次。 (10048)
解决办法
netstat -nao | findstr "8700"
依据PID找到该过程,完结过程
关上工作管理器—>查看—>选项列(S)—>勾选 PID,确定—>过程按钮栏
小结(回顾)
1、抓包剖析43XX的登录协定,两次抓包,比照哪些字段产生了变动,重点剖析变动字段。
2、通过搜寻网址定位到关键点,进行上上层回溯,找到相干字段拼接的地位。
3、动静调试43XX的登录逻辑,剖析登录协定拼接流程。