-
Notifications
You must be signed in to change notification settings - Fork 15
/
tiktok.py
111 lines (95 loc) · 4.41 KB
/
tiktok.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import posixpath
import os.path
from itertools import pairwise
from androidemu.emulator import Emulator
from androidemu.utils import memory_helpers
from androidemu.java.java_class_def import JavaClassDef
from androidemu.java.java_method_def import java_method_def
from androidemu.java.classes.string import String
from androidemu.java.classes.list import List
class ms_bd_c_k(metaclass=JavaClassDef, jvm_name='ms/bd/c/k'):
@staticmethod
@java_method_def(name='b', args_list=["jint", "jint", "jlong", "jstring", "jobject"],
signature='(IIJLjava/lang/String;Ljava/lang/Object;)Ljava/lang/Object;', native=False)
def b(emu, i1, i2, l, s, obj):
if i1 == 65539:
return String("/data/user/0/com.ss.android.ugc.aweme/files/.msdata")
elif i1 == 16777233:
return String("23.3.0")
elif i1 == 33554433:
return True
elif i1 == 33554434:
return True
class ms_bd_c_a0(metaclass=JavaClassDef, jvm_name='ms/bd/c/a0', jvm_super=ms_bd_c_k):
pass
class MS(metaclass=JavaClassDef, jvm_name='com/bytedance/mobsec/metasec/ml/MS', jvm_super=ms_bd_c_a0):
@staticmethod
@java_method_def(name='a', signature='()V', native=False)
def a(emu):
pass
class java_lang_Thread(metaclass=JavaClassDef, jvm_name='java/lang/Thread'):
@java_method_def(name="currentThread", signature='()Ljava/lang/Thread;', native=False)
def currentThread(self):
return java_lang_Thread()
@java_method_def(name="getStackTrace", signature='()[Ljava/lang/StackTraceElement;', native=False)
def getStackTrace(self, s):
return List([])
def get_sign(s1, s2):
g_vfs_path = "%s/vfs" % os.path.dirname(os.path.abspath(__file__))
emulator = Emulator(
vfs_root=posixpath.join(posixpath.dirname(__file__), g_vfs_path),
muti_task=True
)
vfs_path = emulator.get_vfs_root()
libcm = emulator.load_library("%s/system/lib/libc.so" % vfs_path)
libml = emulator.load_library(
"%s/data/data/com.ss.android.ugc.aweme/libmetasec_ml.so" % vfs_path, do_init=False)
emulator.java_classloader.add_class(ms_bd_c_k)
emulator.java_classloader.add_class(ms_bd_c_a0)
emulator.java_classloader.add_class(MS)
emulator.java_classloader.add_class(java_lang_Thread)
emulator.call_symbol(libml, 'JNI_OnLoad',
emulator.java_vm.address_ptr, 0x00)
s1_addr = emulator.call_symbol(libcm, 'malloc', len(s1)+1)
s2_addr = emulator.call_symbol(libcm, 'malloc', len(s2)+1)
memory_helpers.write_utf8(emulator.mu, s1_addr, s1)
memory_helpers.write_utf8(emulator.mu, s2_addr, s2)
result_addr = emulator.call_native(libml.base + 0x438c1, s1_addr, s2_addr)
result = memory_helpers.read_utf8(emulator.mu, result_addr)
#return result
result=result.strip().replace("\r","").split("\n")
return convert_to_dict(result)
def convert_to_dict(MyArr):
i=0
key=None
value=None
result={}
for item in MyArr:
if(i%2==0):
key=item
else:
value=item
i+=1
if(key!=None and value!=None):
result[key]=value
key=value=None
return result
s1 = "https://ichannel.snssdk.com/service/2/app_alert_check/?ac=wifi&channel=shenmasem_ls_dy_210&aid=1128&app_name=aweme&version_code=230300&version_name=23.3.0&device_platform=android&os=android&ssmix=a&device_type=Pixel&device_brand=google&language=zh&os_api=27&os_version=8.1.0&openudid=b104cd40fd2b3224&manifest_version_code=230301&resolution=1080*1794&dpi=420&update_version_code=23309900&_rticket=1670126182805&package=com.ss.android.ugc.aweme&cpu_support64=true&host_abi=armeabi-v7a&is_guest_mode=0&app_type=normal&minor_status=0&appTheme=light&need_personal_recommend=1&is_android_pad=0&ts=1670126133&cdid=26ed513b-3f69-440f-ba7d-4b53f333e88c&md=0&iid=4072246474186391&device_id=3122268427780248&uuid=352531081299354"
s2 = "x-ss-req-ticket\r\n"\
"1656193928088\r\n"\
"personal-recommend-status\r\n"\
"1\r\n"\
"x-vc-bdturing-sdk-version\r\n"\
"2.2.1.cn\r\n"\
"passport-sdk-version\r\n"\
"30626\r\n"\
"sdk-version\r\n"\
"2\r\n"\
"x-tt-trace-id\r\n"\
"00-48cde91e0100ba02e9a49302ff57211e-48cde91e0100ba02-01\r\n"\
"user-agent\r\n"\
"com.ss.android.ugc.aweme/230300 (Linux; U; Android 8.1.0; zh_CN; Pixel; Build/OPM1.171019.014;tt-ok/3.12.13.1)\r\n"\
"accept-encoding\r\n"\
"gzip, deflate"
sign = get_sign(s1, s2)
print(sign)