402 words
2 minutes
海博TV账号密码登录协议分析
app name: HMAS | Identifier: com.hoge.WifiFujian
guess md5 was used.
frida-trace -U -N com.hoge.WifiFujian -i CC_MD5
modify the CC_MD5 file
defineHandler({
onEnter(log, args, state) {
log('CC_MD5() onEnter: ', hexdump(args[0], {length: args[1].toInt32()}));
this.args2 = args[2];
},
onLeave(log, retval, state) {
log('CC_MD5() onLeave: ', hexdump(this.args2, {length: 16})); // md5 has 16 bytes
}
});
// frida-trace -U -N com.hoge.WifiFujian -i CC_MD5 -o haibotvMD5.txt
here’s the result
CC_MD5() onEnter: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
16dda60f0 4d 47 43 6f 70 79 41 6e 73 77 65 72 50 72 6f 64 MGCopyAnswerProd
16dda6100 75 63 74 56 65 72 73 69 6f 6e uctVersion
CC_MD5() onLeave: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
16dda6150 a8 d3 5d 76 55 0a f8 1f d8 96 8a 0d a3 29 b0 80 ..]vU........)..
CC_MD5() onEnter: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
16dda60f0 4d 47 43 6f 70 79 41 6e 73 77 65 72 50 72 6f 64 MGCopyAnswerProd
16dda6100 75 63 74 56 65 72 73 69 6f 6e uctVersion
CC_MD5() onLeave: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
16dda6150 a8 d3 5d 76 55 0a f8 1f d8 96 8a 0d a3 29 b0 80 ..]vU........)..
CC_MD5() onEnter:
0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
2800b0e80 39 31 38 34 35 39 64 6b 32 37 37 67 34 78 64 33 918459dk277g4xd3
2800b0e90 6a 76 79 6a 63 33 37 68 32 66 74 35 78 30 31 73 jvyjc37h2ft5x01s
2800b0ea0 74 79 71 65 6d 39 31 37 35 35 38 33 35 30 39 36 tyqem91755835096
2800b0eb0 34 35 38 458
CC_MD5() onLeave: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
16dda62c8 aa bb 3d 87 91 3e 91 2c f1 86 fb 42 f5 e9 69 c2 ..=..>.,...B..i.
POST /member-center/auth/signIn?xy_req_id=1755835096d16a5554bea22681c48cffde2d15fa770 HTTP/1.1
user-agent: %20m2oSmartCity_468%20LINGXI_918459_8.0.7_25081504%20
x-api-signature: aabb3d87913e912cf186fb42f5e969c2
x-app-id: 918459
x-device-version: 15.8.1
x-app-config-version: 8.0.7.250815000
x-net-type: WIFI
accept-encoding: gzip
content-type: application/json; charset=utf-8
x-api-timestamp: 1755835096458
referer: http://www.fjtv.net
x-phone-models: iPhone8,1
content-length: 111
x-app-versioncode: 25081504
x-device-id: a1b88ceaa0298d2e4ba25053ff76effb
host: mapi-plus.fjtv.net
x-device-type: iOS
x-app-news-version: 1748589263
x-app-version: 8.0.7
x-language: zh
x-channel-id: appstore
x-app-buildtype: release
x-app-style: normal
x-company-id: 468
{"account":"y753bA2eYWkiAJ0juxHTeA==","password":"4mjmbmhPhlHsPmP088FpHg==","encrypt_field":"account,password"}
so we know x-api-signature was generated from md5
海博TV账号密码登录协议分析
https://zycreverse.netlify.app/posts/ioshaibotv/