PPTV (PPlive) Client batch membership exploitation Vulnerability

PPTV (PPlive) Client batch membership exploitation Vulnerability

Pptv recently held an activity with s6 and sent it to members... I was wondering, is it swollen? Is it true that my mobile phone is s6? It is very likely that it is through Build. MODEL.

So I changed my N5 model into a SM-9250.
Adb shell cat/system/build. prop | grep model
Ro. product. model = SM-G9250
It is too low.


Is that all done? If you want to refresh members in batches, capture the packets.

Yo, if the package cannot be changed, a message indicating a signature failure will be prompted. The communication is signed, and the attempt to catch up with tk is absolutely a HMAC parameter.

This Code confirms a lot of conjecture, including the previous build. model. Now the HMAC algorithm has come out. It's just a simple concatenation of strings and then two md5s.
LocalJSONObject. put ("tk", MD5.MD5 _ 32 (MD5.MD5 _ 32 (str + Build. MODEL + "c42f31b008bf257067abf115e0424e292313c746b3581fb0 ")));

The problem is also solved in batches. The following code is used to determine whether the same device uses the same device:
String str = UUIDDatabaseHelper. getInstance (this. context). getUUID ();
LocalJSONObject. put ("udid", str );

I'm sure this is not imei. As long as you hook the return values of this function, you can easily batch it. Of course, this is my opinion of the app security personnel, in fact, the plive does not validate the validity of the device id (only verify the uniqueness). Therefore, you can write a script on the PC for one click .. here I will only show you how to batch brush the poc on your mobile phone (see the test code)

Solution:

Filter