search

zhkl0228 / unidbg

Allows you to emulate an Android native library, and an experimental iOS emulation
Apache License 2.0
3.64k stars 924 forks source link

执行结果返回空JNIEnv->SetByteArrayRegion([B@0x, 0, 0, unidbg@0xbffff6b1) was called from RX@0x400d55dc[libfekit.so]0xd55dc #629

Open a810291783 opened 1 month ago

a810291783 commented 1 month ago

`C:\Users\Administrator.jdks\corretto-21.0.3\bin\java.exe "-javaagent:E:\IntelliJ IDEA 2024.1.1\lib\idea_rt.jar=63217:E:\IntelliJ IDEA 2024.1.1\bin" -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.stderr.encoding=UTF-8 -classpath D:\unidbg-master1\unidbg-android\target\test-classes;D:\unidbg-master1\unidbg-android\target\classes;D:\unidbg-master1\unidbg-api\target\classes;C:\Users\Administrator.m2\repository\com\github\zhkl0228\unicorn\1.0.14\unicorn-1.0.14.jar;C:\Users\Administrator.m2\repository\org\scijava\native-lib-loader\2.3.5\native-lib-loader-2.3.5.jar;C:\Users\Administrator.m2\repository\com\github\zhkl0228\capstone\3.1.8\capstone-3.1.8.jar;C:\Users\Administrator.m2\repository\net\java\dev\jna\jna\5.10.0\jna-5.10.0.jar;C:\Users\Administrator.m2\repository\com\github\zhkl0228\keystone\0.9.7\keystone-0.9.7.jar;C:\Users\Administrator.m2\repository\commons-codec\commons-codec\1.15\commons-codec-1.15.jar;C:\Users\Administrator.m2\repository\org\apache\commons\commons-collections4\4.4\commons-collections4-4.4.jar;C:\Users\Administrator.m2\repository\commons-io\commons-io\2.11.0\commons-io-2.11.0.jar;C:\Users\Administrator.m2\repository\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Administrator.m2\repository\com\alibaba\fastjson\1.2.83\fastjson-1.2.83.jar;C:\Users\Administrator.m2\repository\com\github\zhkl0228\demumble\1.0.4\demumble-1.0.4.jar;C:\Users\Administrator.m2\repository\net\dongliu\apk-parser\2.6.10\apk-parser-2.6.10.jar;D:\unidbg-master1\backend\dynarmic\target\classes;D:\unidbg-master1\backend\hypervisor\target\classes;D:\unidbg-master1\backend\kvm\target\classes;D:\unidbg-master1\backend\unicorn2\target\classes;C:\Users\Administrator.m2\repository\org\slf4j\slf4j-api\2.0.5\slf4j-api-2.0.5.jar;C:\Users\Administrator.m2\repository\junit\junit\4.13.2\junit-4.13.2.jar;C:\Users\Administrator.m2\repository\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar;C:\Users\Administrator.m2\repository\org\slf4j\slf4j-reload4j\2.0.5\slf4j-reload4j-2.0.5.jar;C:\Users\Administrator.m2\repository\ch\qos\reload4j\reload4j\1.2.22\reload4j-1.2.22.jar com.mobileqq.Dandelion JNIEnv->FindClass(com/tencent/mobileqq/dt/Dc) was called from RX@0x4006b7d4[libfekit.so]0x6b7d4 JNIEnv->FindClass(com/tencent/mobileqq/qsec/qsecprotocol/ByteData) was called from RX@0x4006baec[libfekit.so]0x6baec JNIEnv->RegisterNatives(com/tencent/mobileqq/qsec/qsecprotocol/ByteData, RW@0x40a39c90[libfekit.so]0xa39c90, 1) was called from RX@0x4006c2e0[libfekit.so]0x6c2e0 RegisterNative(com/tencent/mobileqq/qsec/qsecprotocol/ByteData, getByte(Landroid/content/Context;Ljava/lang/Object;)[B, RX@0x403d1884[libfekit.so]0x3d1884) JNIEnv->FindClass(com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion) was called from RX@0x4006d364[libfekit.so]0x6d364 JNIEnv->RegisterNatives(com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion, RW@0x40a39cb0[libfekit.so]0xa39cb0, 1) was called from RX@0x4006c85c[libfekit.so]0x6c85c RegisterNative(com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion, energy(Ljava/lang/Object;Ljava/lang/Object;)[B, RX@0x403b76c0[libfekit.so]0x3b76c0) JNIEnv->FindClass(com/tencent/mobileqq/qsec/qseccodec/SecCipher) was called from RX@0x4006d7c0[libfekit.so]0x6d7c0 JNIEnv->RegisterNatives(com/tencent/mobileqq/qsec/qseccodec/SecCipher, RW@0x40a39cd0[libfekit.so]0xa39cd0, 1) was called from RX@0x4006e074[libfekit.so]0x6e074 RegisterNative(com/tencent/mobileqq/qsec/qseccodec/SecCipher, codec(Ljava/lang/Object;I)Ljava/lang/Object;, RX@0x403c06f4[libfekit.so]0x3c06f4) JNIEnv->FindClass(com/tencent/mobileqq/qsec/qsecurity/QSec) was called from RX@0x4006e664[libfekit.so]0x6e664 JNIEnv->RegisterNatives(com/tencent/mobileqq/qsec/qsecurity/QSec, RW@0x40a39cf0[libfekit.so]0xa39cf0, 3) was called from RX@0x4006e940[libfekit.so]0x6e940 RegisterNative(com/tencent/mobileqq/qsec/qsecurity/QSec, doSomething(Landroid/content/Context;I)I, RX@0x400cbc18[libfekit.so]0xcbc18) RegisterNative(com/tencent/mobileqq/qsec/qsecurity/QSec, getXwDebugID(Ljava/lang/String;)[B, RX@0x400d554c[libfekit.so]0xd554c) RegisterNative(com/tencent/mobileqq/qsec/qsecurity/QSec, doReport(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I, RX@0x400d5618[libfekit.so]0xd5618) JNIEnv->FindClass(com/tencent/mobileqq/qsec/qsecurity/QSec) was called from RX@0x4006fc18[libfekit.so]0x6fc18 JNIEnv->GetMethodID(com/tencent/mobileqq/qsec/qsecurity/QSec.updateO3DID(Ljava/lang/String;)V) => 0xd480a196 was called from RX@0x4007331c[libfekit.so]0x7331c JNIEnv->FindClass(com/tencent/mobileqq/sign/QQSecuritySign$SignResult) was called from RX@0x400736b8[libfekit.so]0x736b8 JNIEnv->NewGlobalRef(class com/tencent/mobileqq/sign/QQSecuritySign$SignResult) was called from RX@0x400736d8[libfekit.so]0x736d8 JNIEnv->GetMethodID(com/tencent/mobileqq/sign/QQSecuritySign$SignResult.()V) => 0xa877ec6e was called from RX@0x40073b90[libfekit.so]0x73b90 JNIEnv->GetFieldID(com/tencent/mobileqq/sign/QQSecuritySign$SignResult.token [B) => 0x729bba5d was called from RX@0x40074174[libfekit.so]0x74174 JNIEnv->GetFieldID(com/tencent/mobileqq/sign/QQSecuritySign$SignResult.sign [B) => 0x16eec18f was called from RX@0x40074610[libfekit.so]0x74610 JNIEnv->GetFieldID(com/tencent/mobileqq/sign/QQSecuritySign$SignResult.extra [B) => 0x488f14e6 was called from RX@0x40074a7c[libfekit.so]0x74a7c JNIEnv->FindClass(com/tencent/mobileqq/sign/QQSecuritySign) was called from RX@0x40074df4[libfekit.so]0x74df4 JNIEnv->RegisterNatives(com/tencent/mobileqq/sign/QQSecuritySign, RW@0x40a39da8[libfekit.so]0xa39da8, 8) was called from RX@0x4006fda8[libfekit.so]0x6fda8 RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, getSign(Lcom/tencent/mobileqq/qsec/qsecurity/QSec;Ljava/lang/String;Ljava/lang/String;[B[BLjava/lang/String;)Lcom/tencent/mobileqq/sign/QQSecuritySign$SignResult;, RX@0x400964e0[libfekit.so]0x964e0) RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, requestToken()V, RX@0x401a6578[libfekit.so]0x1a6578) RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, dispatchEvent(Ljava/lang/String;Ljava/lang/String;Lcom/tencent/mobileqq/fe/EventCallback;)V, RX@0x401aaa18[libfekit.so]0x1aaa18) RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, dispatchEventPB(Ljava/lang/String;Ljava/lang/String;[BLcom/tencent/mobileqq/fe/EventCallback;)V, RX@0x401cd300[libfekit.so]0x1cd300) RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, notifyFaceDetect(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Lcom/tencent/mobileqq/fe/EventCallback;)V, RX@0x401cefa4[libfekit.so]0x1cefa4) RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, safeUiReport(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Lcom/tencent/mobileqq/fe/EventCallback;)V, RX@0x401cf8f4[libfekit.so]0x1cf8f4) RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, notifyCamera(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Lcom/tencent/mobileqq/fe/EventCallback;)V, RX@0x40068fa8[libfekit.so]0x68fa8) RegisterNative(com/tencent/mobileqq/sign/QQSecuritySign, initSafeMode(Z)V, RX@0x401d0b24[libfekit.so]0x1d0b24) JNIEnv->FindClass(com/tencent/mobileqq/channel/ChannelManager) was called from RX@0x40075ff8[libfekit.so]0x75ff8 JNIEnv->FindClass(com/tencent/mobileqq/dt/app/Dtc) was called from RX@0x4040eee8[libfekit.so]0x40eee8 JNIEnv->NewGlobalRef(class com/tencent/mobileqq/dt/app/Dtc) was called from RX@0x4040f314[libfekit.so]0x40f314 JNIEnv->FindClass(com/tencent/mobileqq/fe/IFEKitLog) was called from RX@0x4040eee8[libfekit.so]0x40eee8 JNIEnv->NewGlobalRef(class com/tencent/mobileqq/fe/IFEKitLog) was called from RX@0x4040f314[libfekit.so]0x40f314 JNIEnv->FindClass(com/tencent/mobileqq/dt/model/FEBound) was called from RX@0x4040eee8[libfekit.so]0x40eee8 JNIEnv->NewGlobalRef(class com/tencent/mobileqq/dt/model/FEBound) was called from RX@0x4040f314[libfekit.so]0x40f314 JNIEnv->FindClass(com/tencent/mobileqq/fe/utils/DeepSleepDetector) was called from RX@0x4040eee8[libfekit.so]0x40eee8 JNIEnv->NewGlobalRef(class com/tencent/mobileqq/fe/utils/DeepSleepDetector) was called from RX@0x4040f314[libfekit.so]0x40f314 JNIEnv->GetStaticMethodID(com/tencent/mobileqq/dt/model/FEBound.transform(I[B)[B) => 0x5291e1bc was called from RX@0x40410184[libfekit.so]0x410184 JNIEnv->NewByteArray(256) was called from RX@0x4022208c[libfekit.so]0x22208c JNIEnv->SetByteArrayRegion([B@2b6856dd, 0, 256, RW@0x40d6d000) was called from RX@0x402220c8[libfekit.so]0x2220c8 JNIEnv->CallStaticObjectMethodV(class com/tencent/mobileqq/dt/model/FEBound, transform(0x1, [B@2b6856dd) => [B@6ab7a896) was called from RX@0x4022393c[libfekit.so]0x22393c JNIEnv->GetArrayLength([B@6ab7a896 => 256) was called from RX@0x402220f8[libfekit.so]0x2220f8 JNIEnv->GetByteArrayElements(false) => [B@6ab7a896 was called from RX@0x40222114[libfekit.so]0x222114 JNIEnv->GetStaticMethodID(com/tencent/mobileqq/dt/model/FEBound.transform(I[B)[B) => 0x5291e1bc was called from RX@0x40410184[libfekit.so]0x410184 JNIEnv->NewByteArray(256) was called from RX@0x40222eec[libfekit.so]0x222eec JNIEnv->SetByteArrayRegion([B@5e4c8041, 0, 256, RW@0x40d6d140) was called from RX@0x40222f28[libfekit.so]0x222f28 JNIEnv->CallStaticObjectMethodV(class com/tencent/mobileqq/dt/model/FEBound, transform(0x2, [B@5e4c8041) => [B@71c8becc) was called from RX@0x4022393c[libfekit.so]0x22393c JNIEnv->GetArrayLength([B@71c8becc => 256) was called from RX@0x40222f58[libfekit.so]0x222f58 JNIEnv->GetByteArrayElements(false) => [B@71c8becc was called from RX@0x40222f74[libfekit.so]0x222f74 JNIEnv->RegisterNatives(com/tencent/mobileqq/channel/ChannelManager, RW@0x40a39e88[libfekit.so]0xa39e88, 5) was called from RX@0x4007635c[libfekit.so]0x7635c RegisterNative(com/tencent/mobileqq/channel/ChannelManager, setChannelProxy(Lcom/tencent/mobileqq/channel/ChannelProxy;)V, RX@0x40204784[libfekit.so]0x204784) RegisterNative(com/tencent/mobileqq/channel/ChannelManager, onNativeReceive(Ljava/lang/String;[BZIJ)V, RX@0x402071c0[libfekit.so]0x2071c0) RegisterNative(com/tencent/mobileqq/channel/ChannelManager, initReport(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V, RX@0x40207a80[libfekit.so]0x207a80) RegisterNative(com/tencent/mobileqq/channel/ChannelManager, getCmdWhiteList()Ljava/util/ArrayList;, RX@0x402081ec[libfekit.so]0x2081ec) RegisterNative(com/tencent/mobileqq/channel/ChannelManager, setCmdWhiteListChangeCallback(Lcom/tencent/mobileqq/fe/CmdWhiteListChangeCallback;)V, RX@0x40221b54[libfekit.so]0x221b54) JNIEnv->FindClass(com/tencent/mobileqq/dt/Dtn) was called from RX@0x40078b98[libfekit.so]0x78b98 JNIEnv->RegisterNatives(com/tencent/mobileqq/dt/Dtn, RW@0x40a39f48[libfekit.so]0xa39f48, 3) was called from RX@0x400793f0[libfekit.so]0x793f0 RegisterNative(com/tencent/mobileqq/dt/Dtn, initUin(Ljava/lang/String;)V, RX@0x4022dc6c[libfekit.so]0x22dc6c) RegisterNative(com/tencent/mobileqq/dt/Dtn, initContext(Landroid/content/Context;Ljava/lang/String;)V, RX@0x40231684[libfekit.so]0x231684) RegisterNative(com/tencent/mobileqq/dt/Dtn, initLog(Lcom/tencent/mobileqq/fe/IFEKitLog;)V, RX@0x4023b278[libfekit.so]0x23b278) JNIEnv->FindClass(com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion) was called from RX@0x4007b9b4[libfekit.so]0x7b9b4 JNIEnv->GetStaticMethodID(com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion.getInstance()Lcom/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion;) => 0x748be920 was called from RX@0x4007d4bc[libfekit.so]0x7d4bc JNIEnv->FindClass(java/lang/String) was called from RX@0x4007cf38[libfekit.so]0x7cf38 JNIEnv->GetMethodID(java/lang/String.([BLjava/lang/String;)V) => 0x782c535e was called from RX@0x4007bfb4[libfekit.so]0x7bfb4 JNIEnv->NewByteArray(121) was called from RX@0x4007dfbc[libfekit.so]0x7dfbc JNIEnv->SetByteArrayRegion([B@3bd40a57, 0, 121, unidbg@0xbfffe832) was called from RX@0x4007e194[libfekit.so]0x7e194 JNIEnv->NewStringUTF("UTF-8") was called from RX@0x4007d130[libfekit.so]0x7d130 JNIEnv->NewObjectV(class java/lang/String, ([B@3bd40a57, "UTF-8") => "com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion->getInstance()Lcom/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion;") was called from RX@0x400bb554[libfekit.so]0xbb554 JNIEnv->GetMethodID(java/lang/String.hashCode()I) => 0x7eba2037 was called from RX@0x4007a620[libfekit.so]0x7a620 JNIEnv->CallIntMethodV("com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion->getInstance()Lcom/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion;", hashCode() => 0x7ebb0acc) was called from RX@0x4037a574[libfekit.so]0x37a574 JNIEnv->FindClass(com/tencent/mobileqq/qsec/qsecest/QsecEst) was called from RX@0x4007e6ac[libfekit.so]0x7e6ac JNIEnv->RegisterNatives(com/tencent/mobileqq/qsec/qsecest/QsecEst, RW@0x40a3bd78[libfekit.so]0xa3bd78, 1) was called from RX@0x4007e620[libfekit.so]0x7e620 RegisterNative(com/tencent/mobileqq/qsec/qsecest/QsecEst, d(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;)[B, RX@0x4037a944[libfekit.so]0x37a944) JNIEnv->FindClass(com/tencent/mobileqq/qsec/qsecest/QsecEst) was called from RX@0x4007e8c4[libfekit.so]0x7e8c4 JNIEnv->NewGlobalRef(class com/tencent/mobileqq/qsec/qsecest/QsecEst) was called from RX@0x4007eabc[libfekit.so]0x7eabc JNIEnv->GetStaticMethodID(com/tencent/mobileqq/qsec/qsecest/QsecEst.p(Landroid/content/Context;I)Ljava/lang/String;) => 0x747ab66c was called from RX@0x4007e97c[libfekit.so]0x7e97c Find native function Java_com_tencent_mobileqq_qsec_qsecurity_QSec_getXwDebugID => RX@0x400d554c[libfekit.so]0xd554c JNIEnv->NewByteArray(0) was called from RX@0x400d55a0[libfekit.so]0xd55a0 JNIEnv->SetByteArrayRegion([B@0x, 0, 0, unidbg@0xbffff6b1) was called from RX@0x400d55dc[libfekit.so]0xd55dc getXwDebugID ---->

进程已结束,退出代码为 0 package com.mobileqq;

import com.alibaba.fastjson.util.IOUtils; import com.github.unidbg.AndroidEmulator; import com.github.unidbg.Emulator; import com.github.unidbg.Module; import com.github.unidbg.arm.backend.Unicorn2Factory; import com.github.unidbg.arm.context.Arm64RegisterContext; import com.github.unidbg.hook.hookzz.; import com.github.unidbg.linux.android.AndroidEmulatorBuilder; import com.github.unidbg.linux.android.AndroidResolver; import com.github.unidbg.linux.android.dvm.; import com.github.unidbg.linux.android.dvm.api.Signature; import com.github.unidbg.linux.android.dvm.array.ArrayObject; import com.github.unidbg.linux.android.dvm.array.ByteArray; import com.github.unidbg.memory.Memory; import com.github.unidbg.virtualmodule.android.AndroidModule; import com.github.unidbg.virtualmodule.android.JniGraphics; import com.sun.jna.JNIEnv; import com.sun.jna.Pointer; import java.io.File; import java.io.UnsupportedEncodingException; import java.util.Arrays; import java.util.Base64;

public class Dandelion extends AbstractJni { private final AndroidEmulator emulator; private final VM vm; private final Module module; private final Memory memory; private final DvmClass Class_Dandelion; private final DvmClass Class_QSec; private final DvmClass Class_QQSecuritySign; Dandelion() { emulator = AndroidEmulatorBuilder.for64Bit() .setProcessName("com.tencent.mobileqq") .addBackendFactory(new Unicorn2Factory(true)) .build(); // 创建模拟器实例,要模拟32位或者64位,在这里区分 memory = emulator.getMemory(); // 模拟器的内存操作接口 emulator.getSyscallHandler().setEnableThreadDispatcher(true); memory.setLibraryResolver(new AndroidResolver(23)); // 设置系统类库解析 vm = emulator.createDalvikVM(new File("unidbg-android/src/test/resources/example_binaries/qq.apk")); // 创建Android虚拟机 new JniGraphics(emulator, vm).register(memory); new AndroidModule(emulator, vm).register(memory); vm.setVerbose(true); // 设置是否打印Jni调用细节 vm.setJni(this); DalvikModule dm = vm.loadLibrary(new File("unidbg-android/src/test/resources/example_binaries/libfekit.so"), true); // 加载libttEncrypt.so到unicorn虚拟内存,加载成功以后会默认调用init_array等函数 dm.callJNI_OnLoad(emulator); // 手动执行JNI_OnLoad函数 module = dm.getModule(); // 加载好的libttEncrypt.so对应为一个模块 Class_Dandelion = vm.resolveClass("com/tencent/mobileqq/qsec/qsecdandelionsdk/Dandelion"); Class_QSec = vm.resolveClass("com/tencent/mobileqq/qsec/qsecurity/QSec"); Class_QQSecuritySign = vm.resolveClass("com/tencent/mobileqq/sign/QQSecuritySign"); } void destroy() { IOUtils.close(emulator); }

public static void main(String[] args) {
    Dandelion test = new Dandelion();
    System.out.println("getXwDebugID   ---->    " + test.getXwDebugID("88312415"));
    //System.out.println("getSign   ---->    "+test.getSign());
    test.destroy();
}

//这个执行完毕返回空
public String getXwDebugID(String salt) {
    ByteArray result_string = Class_QSec.newObject(null).callJniMethodObject(emulator, "getXwDebugID(Ljava/lang/String;)[B"
            , new StringObject(vm, salt)
    );
    return result_string == null ? "加密错误" : Base64.getEncoder().encodeToString(result_string.getValue());
}

//这个报错,应该是环境问题,参数不确定是否正确,因为看java是6个参数,但是hook发现就传了5个参数
public String getSign() {
    ByteArray result_string = Class_QQSecuritySign.newObject(null).callJniMethodObject(emulator, "getSign(Lcom/tencent/mobileqq/qsec/qsecurity/QSec;Ljava/lang/String;Ljava/lang/String;[B[BLjava/lang/String;)Lcom/tencent/mobileqq/sign/QQSecuritySign$SignResult;"
            , Class_QSec
            , new StringObject(vm, "wtlogin.login")
            , new ByteArray(vm, hexToByte("0207DE1F410810000105438A5F03870000000002000000000000000002019ADA3AECB4F2C249D062223833FAD5DF01310001004104BCF0D483BFB4CA6D1D833D9D03E4BFD9D527FBEA3E670EF853F0C80634E7E91E080D2D1850D66F6A246CC6C21678A6A03625DF9424115F2140FF0BC2394C1C63D90F6948A77C826004F1609BD24FE81AE9CA21056A0BCC41E6E0E649E9A88A8404CDD1ECE6E4CE38F53A116FBB427D3AE3ECC03219B29E9121AEAF5B88758985BCB7F7BD5366FD2536E1E054D97CCA45F39EE580E951A250D7647E8D1736EDBEDFA72539C617BBAD1CEE9BABC0CB47DC32FF55933B52DA0B39577E6D4810CDBA4039EE8C6B76368BC33E1C44CF9E6413213071737D9F0178B8DB904EAB17219AEF9AFBF5A5ABF397BE703FB08D67FFAAE92B04F395A7C3CA6CDA910EA0D2840125073360F284BFE706071D5C55E02E0252A5AF19AFF6AB41856DFB166C21CCF61AEF79AF3B7B72B3C7515AA4FC0054D4F1CCF78EC9E7B10230E693070C73D174938161A75B9091BDB06A365C54F9B3FBA49041C06F2BB68EBC5EAD745F119D45267E24718ACD0DB4C93B8533847CEAD0218DD0CF1C738F821B03D67D3DDFA47ABBB800D99A904F84BA631D17C389E79D564B1D579679F992B66F43D4CA2CEC9F1A736060BA7BD8D7362FDE668BD0238A9687FFAD3BABF4B3F4CDFC04A9D7B0F1BD1AB82A8901BE033C9DE0E21BD6D644196D98C7AF9C299CA49FCB81D9A09871E7619AF6C16A9201F4A5A0DC1E3936301252B02BA6E21E1EBB978A1B307ADDFF8235A253667F7A3F75692E555C30987C9B04015082E09C6092F7A681C17D5A5351B746391B98AF95D78258FCCE50CCC6277B7F1157AB992208F59D79B56C52F9650023406DC20E781DDDD589A95EFE56C7E5EB0ABB99D336B431F30849CA9E9B1EE29A2777C9FC697C7DDA08A3E6DF50AA71559020D02506EB1FF5FE4AA385D09B86B3495A8E846C771531502D51B2D902FE5A3DEF7F8A61BFA36F29691D437F2AFADAC97BB239A3B9734F4DFBE2A456F042195299B05252B8FEAAD06E56D781CF98021FB843E4F6EED7B9A2A3D8B99ABA0B15F528FC81EAD82B7EC408585B2190FD4A74BD50CA4C02AC2EEA2473B5CD813425E17B3B242D234B9F65276689A837F63208AE5AC5AB5D89D643BD071492214FD8BADF573126E8D8E73C60557BC447D8633F98E0A04DC509434E9EBD9F33175B6AE1B20F0E2536916377CEF6A8DCCF50BAA5F4336D20E0CC421ABEFA7226CD4A071C4AB8AAD62FB90226C507B1166D6F07492776111C54320DA554D122F3F83E1FA202CFE96798D33E6DD01D81F7537E59AD0081744A55E92C88E99F9CFA1A1887487CB42900498EE4586C9A627D3B87C8E030E9D21D8A2C2EB4D3C63A727A82C89865D87F6B8E5FBC276FD11FAD4CD2F36E4307579DBAEBE5B3D42C8FC21E7BA5CE675844ECB30367031D015A87A78F3CB556456DCB5245F547E8C88835D7AB5DE3E1B63D1B0530BB32194F5B9A1C1FAA53DD3560834F66C586D44657A6BCF870DEB7307BDEB8084FA61E0BA34DAB35401EB950AD4C1A439F24D9D82FC1752C57BE8C652E7ACD85DC040FDB8C36B2302E2A16A1FDF34007532914CA19BB793C9B996F9B9BEA2ADBDBDC867A93A688FFBE49F3049F15FFCB56AF3278A7725BD7050B34857A5D9625E6697FE2DB8186D8DA02B8CC19543FA44A0EE85D362A94E015B5BC92C749F317A2E8F2712E7B67A57561CBD1792B7F3E7C7C1C883017CC844F9DE4F755F20EBEDE598CE21D3A4D331246058EAFB3B3524E5CD8E41FC2D960341422A1C6D83849A5DF5E531C74DE34C1DE36EBF62E5C4F325A957DE0196B9886F8C449572E0E6FED4FA5B545BC5C2DAA6E08C2A42ADD609FE87F34F09EF3F9192707E5606978515BD937096618D66D5D55825CFA530928265F31DC4628DD008F8EA0E010A9AEF3B9246A70C2518902B3B47156EB511B83F4EF863C49819525040495EA24FD5E9E705423AC31CA2FFD11877BADA70C4CD2A1B704F333DCB4758A18444DD0BCF26F67063189521828A2598F13B6C6762E6330089F5E2D94D2667DE15DAFC8B3EBA6A863F23AFEC4B7E145F80D504238F5F1895359BB87401460E73D8A7B88DF852A5D742CDF8BCB569CAB5294CDE9FDEDC07787D5EDF121510381050991C2712C22170F296FD1A0EF856B2C14C842718CDA12DDA1DF1AF54782207E458406A12590DECB603A88249C2D06E3DB2A38C18B454BA3C2C609681F25A7E461EBC493A7A7BAA49C7FD62D8CCA4977E4E3ECF4BED6ECD4D504F2F18F35AC3157F3DA7B69FC85642AB2B8AA8F04D4D41506CB8B7634DFA5F5B6977E1EAFA7EF34CD92D9B0F53410B77870301F2E4662FFA46D31699B5CFF09C789AAC1B85E2E55725BE15CDCD4C4FD750D770F1E215AFBF2995500EA26A93A154104A334956D308FFAA9C42CAC5BC915D5BAF043B7E244047B3863EF335C915E312A52D895D29CA9C64CCBC9F76907EEE9B2F84722A54D0111D7F4CDCA38FAA917EBBC06A0BD0173FDEBD55500F205745BF94D1A506BDA4E98CAB285089F31D3B434AA18CE887247A71ADAB198268AEA206BFEAD40B5E138E766E588174FEDC58ACA4C9AD8797B4512CB8B1A602A5D2629FDDE1F68A3A06EBEEF14FB087FBB8FA241239CC4BE3CC9C9E9DDF71D6857F5A5C4D93378BDB48A42E53FAB198BCCFCD5294547DD7E76F27D83A3529BC07AC20BAFCE57592A3B1E14617521DD6419C4FEA4E2974805EA840B116F327E747100D5BEF7F335EF51701D8B3F7BDE6158A9A13668AE3E7804FE174496FCC9CC5B6ACC153AFA80176F4B2E7603"))
            , new ByteArray(vm, hexToByte("0000AF58"))
            ,new StringObject(vm, "1552235")
    );
    return result_string == null ? "加密错误" : byteToHex(result_string.getValue());
}

@Override
public void setObjectField(BaseVM vm, DvmObject<?> dvmObject, String signature, DvmObject<?> value) {
    switch (signature) {
        case "com/tencent/mobileqq/sign/QQSecuritySign$SignResult->token:[B": {
            System.out.println("> Patched: com/tencent/mobileqq/sign/QQSecuritySign$SignResult->token:[B");
            return ;
        }
        case "com/tencent/mobileqq/sign/QQSecuritySign$SignResult->extra:[B": {
            System.out.println("> Patched: com/tencent/mobileqq/sign/QQSecuritySign$SignResult->extra:[B");
            return ;
        }
    }
    throw new UnsupportedOperationException(signature);
}
//这是我补的环境
@Override
public DvmObject<?> newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
    switch (signature) {
        case "com/tencent/mobileqq/sign/QQSecuritySign$SignResult-><init>()V": {
            return vm.resolveClass("com/tencent/mobileqq/sign/QQSecuritySign$SignResult").newObject(new SignResult());
        }
        case "java/lang/String-><init>([BLjava/lang/String;)V": {
            ByteArray array = vaList.getObjectArg(0);
            StringObject charsetName = vaList.getObjectArg(1);
            try {
                return new StringObject(vm, new String(array.getValue(), charsetName.getValue()));
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException(e);
            }
        }
    }
    throw new UnsupportedOperationException(signature);
}

public static class SignResult {
    static IPatchRedirector $redirector_;

    public SignResult() {
        IPatchRedirector iPatchRedirector = $redirector_;
        if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 1)) {
            return;
        }
        iPatchRedirector.redirect((short) 1, (Object) this);
    }
}

public interface IPatchRedirector {
    boolean hasPatch(short s);

    Object redirect(short s);

    Object redirect(short s, Object obj);

    Object redirect(short s, Object obj, int i2);

    Object redirect(short s, Object obj, int i2, Object obj2);

    Object redirect(short s, Object obj, long j2);

    Object redirect(short s, Object obj, Object obj2);

    Object redirect(short s, Object obj, Object obj2, int i2);

    Object redirect(short s, Object obj, Object obj2, Object obj3);

    Object redirect(short s, Object obj, Object obj2, Object obj3, Object obj4);

    Object redirect(short s, Object obj, boolean z);

    Object redirect(short s, Object... objArr);
}

//下边环境还有用处不要删除
@Override
public DvmObject<?> callStaticObjectMethodV(BaseVM vm, DvmClass dvmClass, DvmMethod dvmMethod, VaList vaList) {
    switch (dvmMethod.getSignature())
    {
        case "com/tencent/mobileqq/dt/model/FEBound->transform(I[B)[B":
            ByteArray array = vaList.getObjectArg(1);
            ByteArray result = new ByteArray(vm, transform(vaList.getIntArg(0),array.getValue()));
            //System.out.println("transform[" + vaList.getIntArg(0) + "][" + byteToHex(array.getValue()) + "][" + byteToHex(result.getValue()) + "]");
            return result;
        case "java/lang/Thread->currentThread()Ljava/lang/Thread;":
            return vm.resolveClass("java/lang/Thread").newObject(Thread.currentThread());
    }
    return callStaticObjectMethodV(vm, dvmClass, dvmMethod.getSignature(), vaList);
}
@Override
public int callIntMethodV(BaseVM vm, DvmObject<?> dvmObject, DvmMethod dvmMethod, VaList vaList) {
    switch (dvmMethod.getSignature())
    {
        case "java/lang/String->hashCode()I":
            return (dvmMethod.getSignature()).hashCode() + 60053;
    }
    return callIntMethodV(vm, dvmObject, dvmMethod.getSignature(), vaList);
}
@Override
public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, DvmMethod dvmMethod, VaList vaList) {

    switch (dvmMethod.getSignature())
    {

        case "java/lang/Thread->getStackTrace()[Ljava/lang/StackTraceElement;":
            StackTraceElement[] elements = ((Thread) dvmObject.getValue()).getStackTrace();
            DvmObject[] objs = new DvmObject[elements.length];
            for (int i = 0; i < elements.length; i++) {
                System.out.println(elements[i]);
                objs[i] = vm.resolveClass("java/lang/StackTraceElement").newObject(elements[i]);
            }
            return new ArrayObject(objs);
        case "java/lang/StackTraceElement->getMethodName()Ljava/lang/String;":
            StackTraceElement stackTraceElement = (StackTraceElement) dvmObject.getValue();
            return new StringObject(vm, stackTraceElement.getMethodName());
        case "java/lang/StackTraceElement->getClassName()Ljava/lang/String;":
            StackTraceElement stackTraceElement1 = (StackTraceElement) dvmObject.getValue();
            return new StringObject(vm, stackTraceElement1.getClassName());

    }
    return callObjectMethodV(vm, dvmObject, dvmMethod.getSignature(), vaList);
}

public class RegisterType {
    public static final byte DOUBLE_HI = 15;
    public static final byte DOUBLE_LO = 14;

}
private static byte[][] mConfigEnCode = new byte[][]{new byte[]{RegisterType.DOUBLE_LO, 1, 13, 10, 2, 7, 6, 5, 0, 12, 4, 8, 11, 9, RegisterType.DOUBLE_HI, 3}, new byte[]{10, 0, 12, 6, 9, 4, 8, RegisterType.DOUBLE_HI, 3, 7, 13, 5, RegisterType.DOUBLE_LO, 11, 1, 2}, new byte[]{6, 2, 0, 13, 4, 10, RegisterType.DOUBLE_LO, 11, RegisterType.DOUBLE_HI, 1, 12, 3, 9, 5, 8, 7}, new byte[]{2, 10, 4, 8, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 0, 3, 13, 12, 11, 6, 7, 5, 1, 9}, new byte[]{RegisterType.DOUBLE_LO, 3, 11, 12, 0, 6, 9, 13, 8, 4, 7, 1, 2, RegisterType.DOUBLE_HI, 10, 5}, new byte[]{10, 11, 5, 4, 8, 12, 13, 0, RegisterType.DOUBLE_HI, 7, 1, 9, 2, 6, 3, RegisterType.DOUBLE_LO}, new byte[]{7, 1, 9, RegisterType.DOUBLE_LO, 3, 5, 11, 13, 6, 2, 12, 10, 0, RegisterType.DOUBLE_HI, 4, 8}, new byte[]{3, 10, 0, 5, 6, 7, 11, 2, 4, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 1, 12, 8, 13, 9}, new byte[]{RegisterType.DOUBLE_HI, 2, RegisterType.DOUBLE_LO, 13, 1, 0, 4, 7, 5, 3, 9, 10, 8, 6, 11, 12}, new byte[]{11, 10, 8, 4, 6, 0, 12, 5, 7, 9, 13, 2, 1, 3, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI}, new byte[]{7, 3, 1, 12, RegisterType.DOUBLE_LO, 8, 10, 5, 6, 13, 11, RegisterType.DOUBLE_HI, 4, 9, 2, 0}, new byte[]{3, 11, 13, 0, 6, 5, 7, 8, 9, 1, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 12, 10, 2, 4}, new byte[]{RegisterType.DOUBLE_HI, 3, 7, 11, RegisterType.DOUBLE_LO, 5, 12, 2, 13, 4, 10, 0, 1, 8, 9, 6}, new byte[]{11, 12, 2, 3, 5, RegisterType.DOUBLE_LO, 1, RegisterType.DOUBLE_HI, 7, 10, 4, 8, 9, 6, 13, 0}, new byte[]{7, 4, 12, 10, 13, 11, 8, 2, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 0, 6, 3, 1, 5, 9}, new byte[]{3, 12, 7, 4, 2, 8, 13, 9, 6, 11, 10, RegisterType.DOUBLE_LO, 0, RegisterType.DOUBLE_HI, 1, 5}, new byte[]{0, 3, 10, 11, 1, 12, 9, 4, 7, 6, RegisterType.DOUBLE_HI, 5, 13, 2, RegisterType.DOUBLE_LO, 8}, new byte[]{12, 11, 5, 3, 13, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 6, 4, 8, 9, 10, 2, 7, 1, 0}, new byte[]{8, 3, RegisterType.DOUBLE_HI, 10, 11, 4, 9, 13, 1, 7, 6, RegisterType.DOUBLE_LO, 5, 0, 12, 2}, new byte[]{4, 12, 10, 6, 13, 9, 5, 7, 2, 8, 11, 0, 3, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 1}, new byte[]{0, 4, 1, 10, 11, 5, 6, RegisterType.DOUBLE_HI, 13, 9, 3, 2, 8, RegisterType.DOUBLE_LO, 12, 7}, new byte[]{12, 0, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 9, 1, 3, 13, 2, 4, 7, 6, 10, 8, 11, 5}, new byte[]{8, 5, 9, 2, 10, RegisterType.DOUBLE_LO, 11, 13, 7, 0, 1, 12, 6, 3, RegisterType.DOUBLE_HI, 4}, new byte[]{4, 13, 3, 9, 5, 1, 11, 2, 6, 8, 10, 0, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 7, 12}, new byte[]{0, 5, RegisterType.DOUBLE_LO, 8, 10, 3, 2, 7, 13, 1, 11, 12, 9, RegisterType.DOUBLE_HI, 6, 4}, new byte[]{13, 12, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 7, 1, 9, 2, 11, 5, 8, 10, 3, 0, 4, 6}, new byte[]{9, 4, 12, 0, 8, RegisterType.DOUBLE_LO, 1, 3, 11, 6, 5, 13, 10, 2, RegisterType.DOUBLE_HI, 7}, new byte[]{5, 12, 6, RegisterType.DOUBLE_HI, 10, 13, RegisterType.DOUBLE_LO, 3, 9, 8, 2, 11, 0, 1, 7, 4}, new byte[]{1, 5, 7, 2, 6, 11, 4, 13, 3, 10, 0, 9, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 12, 8}, new byte[]{13, 0, 11, RegisterType.DOUBLE_HI, 8, 4, 9, 3, 1, 5, RegisterType.DOUBLE_LO, 10, 7, 2, 6, 12}, new byte[]{9, 5, 6, 7, 3, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 4, 2, 8, 13, 0, 1, 11, 10, 12}, new byte[]{5, RegisterType.DOUBLE_LO, 1, 2, 13, 0, 7, 12, 9, 11, 8, 4, 3, 10, 6, RegisterType.DOUBLE_HI}};
private static byte[][] mConfigDeCode = new byte[][]{new byte[]{11, RegisterType.DOUBLE_HI, 6, 12, 5, 4, 1, 8, 13, 7, 3, RegisterType.DOUBLE_LO, 0, 9, 2, 10}, new byte[]{RegisterType.DOUBLE_LO, 4, 10, 7, RegisterType.DOUBLE_HI, 13, 8, 5, 0, 2, 12, 6, 3, 11, 1, 9}, new byte[]{9, 10, RegisterType.DOUBLE_HI, 2, 0, 4, 1, 8, 13, 3, 7, 11, 5, 12, 6, RegisterType.DOUBLE_LO}, new byte[]{6, 0, 12, 3, 7, 5, RegisterType.DOUBLE_HI, 2, 13, 10, 11, 4, 8, 1, RegisterType.DOUBLE_LO, 9}, new byte[]{4, 8, 13, 6, 5, 1, 3, 12, 11, 2, 7, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 0, 10, 9}, new byte[]{3, 7, RegisterType.DOUBLE_HI, 11, 5, 9, 13, 12, 6, 0, RegisterType.DOUBLE_LO, 10, 2, 1, 4, 8}, new byte[]{7, 2, 8, 6, 11, 0, 1, RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 3, 9, 4, 13, 5, 12, 10}, new byte[]{10, 0, 12, 5, 9, 13, 3, RegisterType.DOUBLE_LO, 2, 4, RegisterType.DOUBLE_HI, 6, 7, 8, 1, 11}, new byte[]{4, 2, 5, RegisterType.DOUBLE_LO, 1, 13, 7, 11, 10, 12, 6, 3, 9, 8, 0, RegisterType.DOUBLE_HI}, new byte[]{7, 6, 11, RegisterType.DOUBLE_HI, 12, 5, RegisterType.DOUBLE_LO, 3, 9, 10, 0, 8, 13, 1, 4, 2}, new byte[]{7, 6, RegisterType.DOUBLE_HI, 4, 8, 1, 0, 11, 9, 2, 3, 5, 13, RegisterType.DOUBLE_LO, 10, 12}, new byte[]{6, 10, 0, 4, 2, 9, 11, 3, 7, 13, 12, RegisterType.DOUBLE_HI, 8, 1, RegisterType.DOUBLE_LO, 5}, new byte[]{2, 6, 9, 10, 4, 7, 1, 5, 8, 3, 13, 12, RegisterType.DOUBLE_HI, 11, 0, RegisterType.DOUBLE_LO}, new byte[]{5, 12, 9, 11, 13, 7, 3, RegisterType.DOUBLE_LO, 2, 6, 0, 10, 4, 8, 1, RegisterType.DOUBLE_HI}, new byte[]{1, RegisterType.DOUBLE_LO, 8, 2, 6, 11, 0, 12, 3, 7, 9, RegisterType.DOUBLE_HI, 10, 13, 5, 4}, new byte[]{7, RegisterType.DOUBLE_LO, 0, 8, 10, 13, 3, 6, RegisterType.DOUBLE_HI, 5, 4, 11, 12, 2, 9, 1}, new byte[]{11, 3, 5, 9, 10, 13, 8, 1, 2, 12, 7, RegisterType.DOUBLE_HI, 6, RegisterType.DOUBLE_LO, 0, 4}, new byte[]{11, 3, 2, 9, 7, 5, 6, 4, 12, RegisterType.DOUBLE_LO, 0, 8, 13, RegisterType.DOUBLE_HI, 10, 1}, new byte[]{RegisterType.DOUBLE_HI, 12, 9, 13, 10, 1, 2, 0, 3, 11, 8, 6, RegisterType.DOUBLE_LO, 4, 5, 7}, new byte[]{7, 9, 6, 0, 3, RegisterType.DOUBLE_LO, 11, 10, 13, 8, 4, 12, 5, RegisterType.DOUBLE_HI, 1, 2}, new byte[]{13, 10, 12, 5, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 1, 6, 3, 9, 7, 2, 8, 4, 11, 0}, new byte[]{10, 3, 5, 8, 4, 2, 9, RegisterType.DOUBLE_HI, 7, 11, 13, 0, RegisterType.DOUBLE_LO, 6, 12, 1}, new byte[]{1, 3, RegisterType.DOUBLE_LO, 11, RegisterType.DOUBLE_HI, 7, 9, 0, 8, 12, 13, 5, 4, 10, 6, 2}, new byte[]{5, 10, RegisterType.DOUBLE_LO, 0, 4, 9, 12, 8, 13, 6, 2, 7, RegisterType.DOUBLE_HI, 11, 3, 1}, new byte[]{6, RegisterType.DOUBLE_HI, 8, 7, 2, 12, 3, 11, 1, 10, 9, 5, 4, 13, RegisterType.DOUBLE_LO, 0}, new byte[]{9, 8, 12, 3, RegisterType.DOUBLE_HI, RegisterType.DOUBLE_LO, 7, 4, 10, 6, 5, 0, 2, 13, 1, 11}, new byte[]{RegisterType.DOUBLE_LO, RegisterType.DOUBLE_HI, 7, 8, 11, 3, 9, 0, 1, 2, 5, 6, 4, 13, 12, 10}, new byte[]{9, 10, 4, 5, 0, RegisterType.DOUBLE_LO, 13, 6, 7, 12, 11, 8, RegisterType.DOUBLE_HI, 2, 1, 3}, new byte[]{0, 2, 12, 6, 10, RegisterType.DOUBLE_HI, 3, 1, 9, 8, 4, 5, RegisterType.DOUBLE_LO, 11, 7, 13}, new byte[]{6, 7, 2, RegisterType.DOUBLE_LO, 12, 9, 4, RegisterType.DOUBLE_HI, 8, 11, 10, 5, 0, 13, 3, 1}, new byte[]{10, 5, 12, 13, 6, 3, RegisterType.DOUBLE_HI, 1, 0, 4, 9, 11, 2, RegisterType.DOUBLE_LO, 8, 7}, new byte[]{6, 4, 5, 12, 0, 7, 1, RegisterType.DOUBLE_HI, 13, 11, 10, RegisterType.DOUBLE_LO, 2, 8, 9, 3}};

public static String byteToHex(byte[] bytes){
    String strHex = "";
    StringBuilder sb = new StringBuilder("");
    for (int n = 0; n < bytes.length; n++) {
        strHex = Integer.toHexString(bytes[n] & 0xFF);
        sb.append((strHex.length() == 1) ? "0" + strHex : strHex); // 每个字节由两个字符表示,位数不够,高位补0
    }
    return sb.toString().trim();
}
public static byte[] hexToByte(String hex){
    int m = 0, n = 0;
    int byteLen = hex.length() / 2; // 每两个字符描述一个字节
    byte[] ret = new byte[byteLen];
    for (int i = 0; i < byteLen; i++) {
        m = i * 2 + 1;
        n = m + 1;
        int intVal = Integer.decode("0x" + hex.substring(i * 2, m) + hex.substring(m, n));
        ret[i] = Byte.valueOf((byte)intVal);
    }
    return ret;
}

public static byte[] transform(int i2, byte[] bArr) {
    try {
        byte[] bArr2 = new byte[bArr.length];
        byte[][] bArr3 = mConfigEnCode;
        if (bArr3.length == 32 && i2 == 1) {
            transformInner(bArr, bArr2, bArr3);
        } else {
            byte[][] bArr4 = mConfigDeCode;
            if (bArr4.length == 32 && i2 == 2) {
                transformInner(bArr, bArr2, bArr4);
            } else {
            }
        }
        return bArr2;
    } catch (Throwable th) {
        return null;
    }
}

private static void transformInner(byte[] bArr, byte[] bArr2, byte[][] bArr3) {
    for (int i2 = 0; i2 < bArr.length; i2++) {
        int i3 = i2 * 2;
        bArr2[i2] = (byte) (bArr3[(i3 + 1) % 32][(byte) (bArr[i2] & RegisterType.DOUBLE_HI)] | (bArr3[i3 % 32][(byte) ((bArr[i2] >> 4) & 15)] << 4));
    }
}

} `

image