Overview
In this paper, the wish app is reversed-compiled, and the algorithm for generating app_device_id fields in the application is analyzed in reverse.
The tools used are:
1. Apktool: Get resource files and Smali disassembly code
2. Dex2jar: decompile apk, convert the Classes.dex into a jar file
3. Jd-gui: Open the jar file to view the Java source code
Anti-compilation environment: Mac OSX
apk anti-compilation gets Java code and Smali disassembly code
1. Download wish.apk from Google Play
2. Use Dex2jar to unpack the APK and convert the Classes.dex into a jar file
Open terminal, execute command: d2j-dex2jar wish.apk , such as, get Wish-dex2jar.jar
3. Use Jd-gui to view the Wish-dex2jar.jar file, which is the Java source code
Open the Wish-dex2jar.jar file in Jd-gui and get the Java source code, such as:
4. Using Apktool to decompile the APK, get the Smali disassembly code
Terminal execution command: apktool d-f wish.apk-o Wish , such as:
At this point, get the Wish folder containing the XML, transduction and other resource files in the APK and the Smali Anti-compilation code that can be parsed.
analysis app_device_id field generation algorithm
1. Quickly locate the app_device_id field code location
Jd-gui uses the search feature to quickly locate the location of app_device_id in your code, such as:
The key code is:
Paramhttprequestparams.put ("app_device_id", Getdeviceid ());
The application uploads the app_device_id field each time a network request is made, and the value of the field corresponds to the value returned in the Getdeviceid () method. So the next step is to analyze the method.
2. Getdeviceid () method Analysis
Let's start by looking at the code implementation of Getdeviceid ():
It is clear from the code that the whole process of acquiring DeviceID is divided into three parts:
(1) Remove the deviceuuid from the sharedpreferences storage.
The code snippet is:
(2) If the Deviceuuid value is not saved in sharedpreferences, it is taken from the local folder and the address of the file is/document/wish/device_data_. If the value is obtained, it is saved by sharedpreferences.
The code snippet is:
(3) If there is no local file, create one (the same situation as the first entry after installing the application). The created procedure uses a randomly generated approach, the Randomuuid () method provided in the Java.util.UUID class. The format is: 23c2add6-aa30-4442-97c8-81930766f089. The resulting values are then saved in a sharedpreferences manner.
The code snippet is:
When a random value is obtained, the new thread saves the value under the local pinned folder/docment/wish/device_data_.
The code snippet is:
The code in the Run method that appears in the/Error/,run () method cannot be deserialized. So use Smali to verify.
3. Smali Code Analysis The process of saving deviceuuid values locally device_data the new thread
The Smali folder contains files:
Find the Wishapi.smali in Com.contextlogic.wish.api.core, open the file to locate the Getdeviceid method, (too many code, so the middle omitted.) )
Step into the code for the new thread:
As you can see from the code, you define a local variable Writeabledeviceid to hold the Deviceuuid value, then open a thread and jump to Wishapi 2.smal Iingo to. hitOpenW IshAPI 2.smali Code,
There is only one run () method in the code.
In the Run () method, two things were done,
(1) Locate the/document/wish/device_data. If it exists, navigate directly to the file, or, if it does not exist, create a new wish folder and create a new device_data.
(2) Open FileOutputStream to write the value to the Device_data_ file.
Overall Process
The approximate flowchart is as follows:
The value of the path/docment/wish/devicedata saved in the phone:
Match the values obtained from the clutch:
Summary:
Since the value of the app_device_id field is randomly generated, the above code analysis shows that each time you access the network, the app_device_id field is sent, which requires that the corresponding value be unique to ensure that the device being operated on is secure. The only way to achieve this is to always randomly generate only one time, respectively, by Sharedpreferences and file method to separate the values separately. Only when the app uninstalls the reinstallation and deletes the local file Device_data will the app_device_id value be randomly generated, and then the average user will not be able to find the file path and delete it when the app is deleted, which is the device ID's uniqueness.
Wish App Reverse analysis app_device_id field generation algorithm