xmexg
commented
1 month ago 这正是我正在解,还没解出来的地方,
看起来vue网页本身没有计算,小猿口算在vue网页通过webpack://leo-web-oral-pk/node_modules/@solar/solar-web-bridge/lib/native.js传给了安卓webview,由安卓app计算sign再传回来
他确实进行了接口名替换,把接口名统一替换成方法名_callback_当前时间戳_现有的已转换的数量这种格式,然后传给webview执行,通过frida注入anay_webview.js能看到传递的代码
javascript:(window.requestConfig_1728442488548_12 && window.requestConfig_1728442488548_12("W251bGwseyJ1c2VyQWdlbnQiOiJMZW8vMy45My4yIChYaWFvbWkyMjA2MTIyU0M7IEFuZHJvaWQgMTI7IFNjYWxlLzEuNDkpIiwid3JhcHBlZFVybCI6Ii9sZW8tc3Rhci9hbmRyb2lkL2V4ZXJjaXNlL3JhbmsvcHJlLWZldGNoP19wcm9kdWN0SWRcdTAwM2Q2MTFcdTAwMjZwbGF0Zm9ybVx1MDAzZGFuZHJvaWQzMlx1MDAyNnZlcnNpb25cdTAwM2QzLjkzLjJcdTAwMjZ2ZW5kb3JcdTAwM2R4aWFvX21pXHUwMDI2YXZcdTAwM2Q1XHUwMDI2c2lnblx1MDAzZGRjNzFjY2UyMjdmODM3YWYyNDJhMmUzZjdhMDMzOGE2XHUwMDI2ZGV2aWNlQ2F0ZWdvcnlcdTAwM2RwYWQifV0="))(window.requestConfig_callback_1728546427344_13 && window.requestConfig_callback_1728546427344_13("W251bGxd"))
signUrlIfNeeded 方法好像只是进行接口名称替换的,并不是加密sign的方法,我是直接浏览器打开页面,看里面的代码,并没用到模拟器。兄弟有时间本地可以找找sign加密的地方在哪里么