Android逆向 libNetHTProtect.so
2020-03-31 本文已影响0人
LiuJP
libtobEmbedEncrypt.so libnms.so
bytedance广告
libBugly.so
https://bugly.qq.com/docs/user-guide/faq-android/?v=20161115111521
libtersafe2.so
腾讯保护;游戏伊洛纳;关键函数:
tss_sdk_init
int tp2_sdk_init_ex(int game_id, const char* app_key);
tp2_setuserinfo
int tp2_setuserinfo(int account_type, int world_id, const char *open_id, const char *role_id);
tp2_setgamestatus
int tp2_setgamestatus (int status);
tss_sdk_setuserinfo_ex
tss_get_report_data
tss_get_report_data2
uintptr_t tp2_sdk_ioctl(int request, const char *param_str);
//示例代码
void game_start() {
// 游戏启动的第一时间调用
tp2_sdk_init_ex (9000, "d5ab8dc7ef67ca92e41d730982c5c602");
// 用户登录时调用
int account_type = ENTRY_ID_QZONE;/*帐号类型*/
int world_id = 101; /*大区id*/
char open_id[] = "B73B36366565F9E02C752";/*与平台相关的用户标识*/
char role_id[] = "paladin";/*角色id*/
tp2_setuserinfo(account_type, world_id, open_id, role_id);
};
// 游戏切换到后台
int game_pause()
{;
return tp2_setgamestatus(TP2_GAME_STATUS_BACKEND);
};
// 游戏切换到前台
int game_resume()
{;
return tp2_setgamestatus(TP2_GAME_STATUS_FRONTEND);
};
libNetHTProtect.so
unity dll method 保护
//_ZTISt9exception_ptr 往上第二个函数
//_ZTISt9exception_ptr 往上第八个函数
//_ZTISt9exception_ptr 往上第五个函数
都是net_test2
void initNetHTP(soinfo *info){
void* fuc = reinterpret_cast<void *>(info->base + 0x854F8+1);
inlineHookAddress(fuc, (void*)net_test2, (void**)&old_net_test2);
fuc = reinterpret_cast<void *>(info->base + 0x81F50+1);
inlineHookAddress(fuc, (void*)net_test2, (void**)&old_net_test2);
fuc = reinterpret_cast<void *>(info->base + 0x87404+1);
inlineHookAddress(fuc, (void*)net_test2, (void**)&old_net_test2);
fuc = reinterpret_cast<void *>(info->base + 0x8E3FC+1);
inlineHookAddress(fuc, (void*)net_test2, (void**)&old_net_test2);
fuc = reinterpret_cast<void *>(info->base + 0xDD4E8+1);
inlineHookAddress(fuc, (void*)net_test2, (void**)&old_net_test2);
fuc = reinterpret_cast<void *>(info->base + 0xD374C+1);
inlineHookAddress(fuc, (void*)net_test2, (void**)&old_net_test2);
fuc = reinterpret_cast<void *>(info->base + 0x459B4+1);
inlineHookAddress(fuc, (void*)net_test2, (void**)&old_net_test2);
}
https://mtp.qq.com/
android c
https://mtp.qq.com/sdk_Android_C.shtml
android c#
https://mtp.qq.com/sdk_home.shtml#sdk__C
C/C++里字符串的写法
char chars[] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D',
'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N',
'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8',
'9', '0', '_', '.'};
int libil2cpp[] = {11, 8, 1, 19, 4, 17, 18, 0, 5, 4, 53, 63, 18, 14};
int libil2cppso[] = {11, 8, 1, 8, 11, 53, 2, 15, 15, 63, 18, 14};
int tp2_sdk_init_ex_string[] = {19, 15, 53, 62, 18, 3, 10, 62, 8, 13, 8, 19, 62, 4, 23}; //15
int tp2_setuserinfo_string[] = {19, 15, 53, 62, 18, 4, 19, 20, 18, 4, 17, 8, 13, 5, 14};
int tp2_setgamestatus_string[] = {19, 15, 53, 62, 18, 4, 19, 6, 0, 12, 4, 18, 19, 0, 19, 20, 18};
int libNetHTProtectso[] = {11,8,1,39,4,19,33,45,41,17,14,19,4,2,19,63,18,14};//18
char string[100];
memset(string,0,100);
int length = sizeof(libNetHTProtectso) / sizeof(int);
for (int i = 0; i < length; i++) {
string[i] = chars[libNetHTProtectso[i]];
}