[Mobile Security] mobile application encryption protocol reverse analysis is successful, and mobile application encryption protocol

Source: Internet
Author: User

[Mobile Security] mobile application encryption protocol reverse analysis is successful, and mobile application encryption protocol

1. Related tools:
Apktoolkitv2.1, Jeb cracked version Apk.
2. analysis process:
Confirm the data transmission process: decompile the apk file using the tool, and then use the jeb software to find the suspected algorithm location. Use the log printing method to check whether the process is a user name and password. After confirmation, generate a new dex file and put it in the apk. Then, use the signature tool for signature verification.
Find the encryption algorithm: After the above confirmation, find the data transmission and transmission process, finally confirm the location of the encryption algorithm, and finally analyze the output decryption algorithm to restore the encrypted data traffic.
3. Problems:
A. jeb is inconsistent with java version 1.7 in the current environment variable. Modify the jdk version in the following script. Currently, jdk7 and jdk8 are on the computer.
If defined JAVA_HOME (set base = "C: \ Program Files \ Java \ jdk1.8.0 _ 40 \ bin") else (set base = "% SystemRoot % \ System32 ")
Set JAVA = % base % \ java.exe
B. Sometimes apk cannot be used during decompilation and reconstruction. You can use the dex file for processing and then package the signature.
Command: Install the apk file on your phone
C. The installation file prompts that the "-r" option already exists.
Adb install-r D: \ software \ android \ apktoolkit \ GroupPurchase_bak \
GroupPurchase_bak_Signed.apk
4. analysis results:
The encrypted data packet is as follows:
Bytes
The decrypted data is as follows:
{"Sign": "aa7f6499aece7222247401889ed44c87", "time": "1427187051", "params": {"expire": 1, "username": "saaaaaaaa", "pwd ": "identifier", "baidu_user_id": "606964924566252670", "baidu_channel_id": "3982982813713319253", "recommend": 1, "check_code": "0", "discount ": 1 }}
5. Detailed analysis process:
To be continued

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.