某音27.8版本Hook,X-Medusa,X-Helios,X-Argus,X-Ladon,X-Gorgon,X-Khronos-Toy模板网

这篇具有很好参考价值的文章主要介绍了某音27.8版本Hook,X-Medusa,X-Helios,X-Argus,X-Ladon,X-Gorgon,X-Khronos。希望对大家有所帮助。如果存在错误或未考虑完全的地方，请大家不吝赐教，您也可以点击"举报违法"按钮提交疑问。

本文章仅供学习研究，读者请勿用作非法用途，如若侵权，请联系第一时间进行删除。

两个关键的地方的路径

com.bytedance.mobsec.metasec.ml.MSManager

com.bytedance.frameworks.baselib.network.http.NetworkParams

三个关键的函数

setDeviceID

setInstallID

tryAddSecurityFactor

Hook这三个函数即可返回得到值，以下是Hook的Js代码

var six = function (did, iid, str, map) {
    var result = "";
    var Map = Java.use("java.util.TreeMap").$new();
    var HashMap = Java.use("java.util.HashMap").$new();
    var strArray = new Array();
    strArray = map.split(",");
    for (var i = 0; i < strArray.length; i++) {
        var List = Java.use('java.util.ArrayList').$new();
        var key = strArray[i].split("=")[0];
        List.add(strArray[i].split("=")[1].replace("[", "").replace("]", ""));
        Map.put(key, List);
    }
    Java.perform(function () {
        Java.choose("com.bytedance.mobsec.metasec.ml.MSManager", {
            onMatch: function (obj) {
                obj.setDeviceID(did)
                obj.setInstallID(iid)
            },
            onComplete: function () {

            }
        });
        var temp = Java.use("com.bytedance.frameworks.baselib.network.http.NetworkParams")
        result = Java.cast(temp.tryAddSecurityFactor(str, Map), HashMap).toString();
    })
    return result;
}

rpc.exports = {
    encrypt: six
}

python使用frida rpc调用即可,fastapi暴露接口，调用例子如下

@app.post('/six')
def encrypt_six(did: str = Form(...), iid: str = Form(...), url: str = Form(...), header: str = Form(...)):
    url = urllib.parse.unquote(url)
    header = urllib.parse.unquote(header)
    data = script5554.exports.encrypt(did, iid, url, header)
    return data

def sign(did, iid, url, header):
    payload = f'did={did}&iid={iid}&url={urllib.parse.quote(url)}&header={urllib.parse.quote(header)}'
    response = httpx.post('http://127.0.0.1:9002/six', headers={'Content-Type': 'application/x-www-form-urlencoded'}, data=payload)
    return response.json()

promotion_id = '123456789'
ticket = int(round(time.time() * 1000))
ts = int(time.time())
url = f'https://ecom5-normal-lq.ecombdapi.com/aweme/v2/shop/promotion/pack/?iid=25974xxxxxxxxxx'
headers = {
    'Host': 'ecom5-normal-lq.ecombdapi.com',
    'Cookie': 'Cookie',
    'x-tt-dt': '',
    'x-bd-kmsv': '1',
    'sdk-version': '2',
    'X-Tt-Token': '',
    'passport-sdk-version': '203157',
    'x-vc-bdturing-sdk-version': '3.7.0.cn',
    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
    'X-SS-STUB': '',
    'x-tt-request-tag': 's=0;p=0',
    'X-SS-DP': '1128',
    'x-tt-trace-id': '1',
    'User-Agent': '',
}
header = (f'Content-Type=[application/x-www-form-urlencoded; charset=UTF-8],'
          f'X-SS-STUB=[{hashlib.md5(data.encode()).hexdigest().upper()}],'
          f'User-Agent=[{headers["User-Agent"]}]')
#print(header)
print(url)
six = sign('', '', url, header)
print(six)

如需技术交流可以T,G搜索 @LuxoPus5896文章来源地址https://www.toymoban.com/news/detail-848071.html

到了这里，关于某音27.8版本Hook,X-Medusa,X-Helios,X-Argus,X-Ladon,X-Gorgon,X-Khronos的文章就介绍完了。如果您还想了解更多内容，请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章，希望大家以后多多支持TOY模板网！