一个电话软件的sign算法
本人刚接触android,最近反编译一个电话软件遇到了问题总是解决不了apk代码:
String str4 = new Date().getTime() / 1000L;
HashMap localHashMap = new HashMap();
localHashMap.put("appid", "1000");
localHashMap.put("username", this.mPref.getString("number", ""));
localHashMap.put("password", "1");
localHashMap.put("callnum", this.mCallee);
localHashMap.put("timeline", str4);
localHashMap.put("sign", MD5Util.MD5(HttpTool.caculateSign(localHashMap)).toLowerCase());
JSONObject localJSONObject = new JSONObject(HttpHelper.httpPost("http://xxx.com/api/callback", localHashMap));
抓包数据:sign=88591ec46365e9947875f2ab4dd08d2a&timeline=1428800915&appid=1000&username=13910321687&password=1&callnum=13800138000
从上面apk代码看出sign的值“88591ec46365e9947875f2ab4dd08d2a”是由1000+13910321687+1+13800138000+1428800915再从HttpTool.caculateSign函数里取key值md5加密而成。
一,HttpTool.caculateSign相关函数代码:
public class HttpTool
{
public static String caculateSign(Map<String, String> paramMap)
{
ArrayList localArrayList = new ArrayList();
Iterator localIterator = paramMap.keySet().iterator();
for (;;)
{
if (!localIterator.hasNext()) {}
try
{
String str2 = App_Params_Key.getAuth(localArrayList);//关键key值引用函数
return str2;
}
catch (Exception localException)
{
String str1;
localException.printStackTrace();
}
str1 = (String)localIterator.next();
localArrayList.add(new Parameter(str1, (String)paramMap.get(str1)));
}
return null;
}
二,App_Params_Key.getAuth(localArrayList)关键key值引用函数代码:
public class App_Params_Key
{
private static final String Separator = "";
public static String getAuth(List<Parameter> paramList)//这里还调用了Parameter函数
throws Exception
{
if (paramList != null) {}
try
{
int i = paramList.size();
if (i == 0) {
return "";
}
Parameter[] arrayOfParameter = (Parameter[])paramList.toArray(new Parameter);
Arrays.sort(arrayOfParameter);
StringBuffer localStringBuffer = new StringBuffer();
for (int j = 0;; j++)
{
if (j >= arrayOfParameter.length)
{
localStringBuffer.append("c02258bbcc8c2f5b1fff81fa03759603");//key的值
return localStringBuffer.toString();
}
if (j != 0) {
localStringBuffer.append("");
}
localStringBuffer.append(arrayOfParameter.mValue);
}
return "";
}
catch (Exception localException)
{
localException.printStackTrace();
}
}
三,Parameter函数代码:
public class Parameter
implements Serializable, Comparable
{
private static final long serialVersionUID = 5164951358145483848L;
public String mName;
public String mValue;
public Parameter(String paramString1, String paramString2)
{
this.mName = paramString1;
this.mValue = paramString2;
}
public int compareTo(Object paramObject)
{
Parameter localParameter = (Parameter)paramObject;
int i = this.mName.compareTo(localParameter.mName);
if (i == 0) {
i = this.mValue.compareTo(localParameter.mValue);
}
return i;
}
public boolean equals(Object paramObject)
{
if (paramObject == null) {}
Parameter localParameter;
do
{
do
{
return false;
if (this == paramObject) {
return true;
}
} while (!(paramObject instanceof Parameter));
localParameter = (Parameter)paramObject;
} while ((!this.mName.equals(localParameter.mName)) || (!this.mValue.equals(localParameter.mValue)));
return true;
}
public String getmName()
{
return this.mName;
}
public String getmValue()
{
return this.mValue;
}
public void setmName(String paramString)
{
this.mName = paramString;
}
public void setmValue(String paramString)
{
this.mValue = paramString;
}
}
本人只有点php基础对安卓这块儿是空白,只能通过半猜测的方法追出这些与sign算法有关的代码,经过多次实验还是不能解决,恳请大神们帮助解决小弟这里谢谢了!
1000 13800138000 11428800915 13910321687 c02258bbcc8c2f5b1fff81fa03759603
按照字母排序后 只取参数值 然后加上字符串 再md5 就可以得到
md5(1000138001380001142880091513910321687c02258bbcc8c2f5b1fff81fa03759603)
88591ec46365e9947875f2ab4dd08d2a
看着这注释,说明水平就比我高出很多了。。我无能为力了。 ceshi999 发表于 2015-4-12 09:51
看着这注释,说明水平就比我高出很多了。。我无能为力了。
不要笑话我了,我借用php的说法,安卓的我真不懂 以前分析过一个sign的值来源
不知道这个怎么样 cvt126 发表于 2015-4-12 09:37
1000 13800138000 11428800915 13910321687 c02258bbcc8c2f5b1fff81fa03759603
按照字母排序后 只取参数值 ...
谢谢这位朋友,原来它是按参数字母顺序排列的,非常感谢您的解答
页:
[1]