Foreword
"Barley net" all know it, is that users are claiming that "what the barley net you sell?" Ticketing platform. Recently heard a friend say, "Barley net" difficult to grab votes, basically said: "! Oh Hey, tumbled friends, please try again later" do not know "barley net" in the end there is no vote ! ! !
Closer to home, ready to be a "barley net" software to grab votes, just want to prove under "barley net" in the end there is no vote (to promote public number)! ! Also do a search before from Baidu, Github inside too, Github there are several easy to use Python scripts to grab votes, are interested you can go to search inside. The ticket did grab the gadget is based on the "barley net" mobile terminal interface, direct access to "barley network" server, no page elements, speed is definitely stick.
This series of articles is mainly partial aspects tutorial to learn some Hook, capture, decompile knowledge. Furthermore, "barley net" has been to Ali received, so this is a App Ali, the system is reading this article, a pig, a reverse treasure helpful App's a cat. Having said that, the first listed software tool used when the reverse, and the main purposes:
- Frida
- Xposed
- Apktॊl
- Selenium
- After a phone Root
There are some difficulties in the reverse process:
- Charles Ethereal
- Api signature generation
- Automatic over human-machine verification
Outline
In order thinking more clearly, as we list some articles behind this series of related content:
- The basic tools introduced
- Ali network library reverse analysis, Charles capture
- MTOP signature parametric analysis, detour
- Man-machine test analysis, detour
Frida basic use
Frida used to hook the head to the method of application of the key to find a breakthrough in such App: logging of critical variables or methods, SSL switch. Frida's installation is very simple, only need to frida-serverbe uploaded to the use of cell phones shellup and running, then you can perform some hook operation, not one by one to explain the limited space, only a brief introduction to some of the commands used in this series of articles, there are interest to see the specific use of the document.
Will be frida-serveruploaded to the phone directory:
$ adb root # might be required
$ adb push frida-server /data/local/tmp/
$ adb shell "chmod 755 /data/local/tmp/frida-server"
$ adb shell "/data/local/tmp/frida-server &"View the system running processes:
$ frida-ps -UOpen the program needs to hook and incoming hook script:
$ frida -U -l src/index.js -f cn.damaiThis is several orders down, almost enough, the relevant point hook in src/index.jsthere, come back later to explain the key points to the hook.
Xposed basic use
The purpose is to use Xposed data is signed, it took Ali Api knows there will be a signature of this step. Signature Algorithm not go and shift, limited technology ... but can bypass the linen, the next best thing. Xposed Module only need to create a core Api can understand a few friends.
The introduction of Xposed dependence:
dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
provided 'de.robv.android.xposed:api:82'
provided 'de.robv.android.xposed:api:82:sources'
}Declare your module information:
<meta-data
android:name="xposedmodule"
android:value="true" />
<meta-data
android:name="xposeddescription"
android:value="大麦网签名" />
<meta-data
android:name="xposedminversion"
android:value="53" />
Entrance to implement the module:
package com.xposed;
import de.robv.android.xposed.*;
import de.robv.android.xposed.callbacks.*;
public class HookToast implements IXposedHookLoadPackage
{
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable
{
....
}
}Basic use Selenium
Selenium is mainly through the use of man-machine verification, Api tune too much back-end program will detect the machine in access Api, so in order to limit the protection system "of barley net" will pop up a Web page with a slider to identify the user, if you do not process will not restrict access to basic call Api Api unless the time limit passed to a normal visit, the introduction of Selenium is to simulate human behavior slide between human and machine check, the back end is not to tell the robot to grab votes.
Adding Selenium-dependent:
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>3.141.59</version>
</dependency>
Set WebDriver:
ChromeOptions chromeOptions = new ChromeOptions();
chromeOptions.setExperimentalOption("excludeSwitches", Arrays.asList("enable-automation"));
chromeOptions.addArguments("--user-agent=" + String.format("Mozilla/5.0 App"));
chromeOptions.addArguments("--no-sandbox");
chromeOptions.addArguments("--lang=zh-CN");
// chromeOptions.setHeadless(true);
webDriver = new ChromeDriver(chromeOptions) ;//new ChromeDriver(chromeOptions);Slide open the page:
webDriver.get(httpUrl.toString());
new WebDriverWait(webDriver, 2).until(ExpectedConditions.textToBe(
By.className("nc-lang-cnt"),
"请按住滑块,拖动到最右边"
));Unlocking address is dynamic, again subsequent operation instructions and addresses.
to sum up
Using substantially Frida, Selenium, Xposed capture can be solved, the man-machine calibration, which generates the signature of several key issues, again subsequent to explain the detailed operation process, the key code and the backward analysis.
I welcome everyone's attention last public number, obtain the latest progress "barley net rush tickets tools" rush tickets tools.
Disclaimer:
This article is only for study and research purposes; the foregoing shall not be used for commercial or illegal purposes, or for any consequences reader conceited