抖音APP缓存提取token

抖音将部分数据缓存至本地,其中包含了ck(device信息、token、app版本信息等),可以通过安卓程序将数据提取出来用于平时测试。因为该数据是缓存在应用的独立数据目录 安卓默认是不允许app互相访问独立数据,这里需要手机root后才可以提取。

缓存文件目录:

/data/data/com.ss.android.ugc.aweme/shared_prefs
提取的核心操作是通过Runtime在安卓手机上执行脚本,执行RunTime执行su后cat查看缓存文件内容  最后读取cat输出的内容。这里给出这部分代码。

public static String execCmdForResult(String... cmds) {
    StringBuffer stringBuffer = new StringBuffer();
    try {
        Process process = Runtime.getRuntime().exec("su");
        OutputStream os = process.getOutputStream();
        process.getErrorStream();
        InputStream is = process.getInputStream();
        int i = cmds.length;
        for (int j = 0; j < i; j++) {
            String str = cmds[j];
            os.write((str + "\n").getBytes());
        }
        os.write("exit\n".getBytes());
        os.flush();
        os.close();
 
        stringBuffer.append(readStream(is));
 
        process.waitFor();
        process.destroy();
    } catch (Exception localException) {
    }
    return stringBuffer.toString();
}
 
 
public static String readStream(InputStream inStream) throws Exception {
    ByteArrayOutputStream outSteam = new ByteArrayOutputStream();
    byte[] buffer = new byte[1024];
    int len = -1;
    while ((len = inStream.read(buffer)) != -1) {
        outSteam.write(buffer, 0, len);
    }
    outSteam.close();
    inStream.close();
    return new String(outSteam.toByteArray());
}
我们主要提取这五个文件  缓存文件包含数据

ttnetCookieStore.xml             cookie,涉及敏感数据,数据需解码(下方代码里的decode方法)
token_shared_preference.xml      x-tt-token
wschannel_multi_process_config.xml    登录的设备信息,包含device_id install_id 应用版本 手机版本等查询通用参数。 
applog_stats.xml                 mac_addr fingerprint_codes等
LoginSharePreferences.xml        最后登录的账号信息
提取到的内容部分需要解密一遍 部分是明文

五个文件提取合并,最后得到以下json 可以拿去测试抖音的接口了(敏感数据已打码)

{
  "cookies": "n_mh=PNM9_mnN-Sn-enP8doLLQFlfusO7exHcL0lP4QE0MKg; install_id=打码; passport_csrf_token_default=打码; sid_guard=打码%7C1623491553%7C5184000%7CWed%2C+11-Aug-2021+09%3A52%3A33+GMT; odin_tt=打码; odin_tt=打码; sessionid_ss=5c91e35bbe600ff83e97f27b9bd2467b; sid_tt=打码; uid_tt_ss=打码; sessionid=打码; uid_tt=打码; d_ticket=6dfa101f3e38eb553ac11d027b16a588a61ef; ttreq=1$4502faafefd6da2e3473b0bbcbc14a1a9a9c2afc; passport_csrf_token=打码; ",
  "token": "打码-1.0.1",
  "devices": {
    "channel_id": 1239108,
    "app_id": 1128,
    "device_id": "xxx",
    "install_id": "xxx",
    "urls": [
      "wss://frontier-aweme.snssdk.com/ws/v2"
    ],
    "app_version": 100900,
    "platform": 0,
    "fpid": 9,
    "app_kay": "e1bd35ec9db7b8d846de66ed140b1ad9",
    "extra": "os_api=23&device_type=MI 5s&manifest_version_code=100901&dpi=416&uuid=打码&is_background=0&app_name=aweme&version_name=10.9.0&ts=1623491553&sid=打码&app_type=normal&ac=wifi&host_abi=armeabi-v7a&update_version_code=10909900&channel=tengxun_new&_rticket=1623491553963&device_platform=android&iid=打码&ne=1&version_code=100900&cdid=打码&openudid=打码&device_id=打码&resolution=1053*1872&os_version=6.0.1&language=zh&device_brand=Xiaomi&aid=1128",
    "os_api": "23",
    "device_type": "MI 5s",
    "manifest_version_code": "100901",
    "dpi": "416",
    "uuid": "打码",
    "is_background": "0",
    "app_name": "aweme",
    "version_name": "10.9.0",
    "ts": "1623491553",
    "sid": "xxx",
    "app_type": "normal",
    "ac": "wifi",
    "host_abi": "armeabi-v7a",
    "update_version_code": "10909900",
    "channel": "tengxun_new",
    "_rticket": "1623491553963",
    "device_platform": "android",
    "iid": "打码",
    "ne": "1",
    "version_code": "100900",
    "cdid": "打码",
    "openudid": "打码",
    "resolution": "1053*1872",
    "os_version": "6.0.1",
    "language": "zh",
    "device_brand": "Xiaomi",
    "aid": "1128"
  },
  "fingerprint_codes": "[1,2,3,4,5,6]",
  "mac_addr": "08:00:27:ED:打码:打码",
  "lastLoginInfo": {
    "phoneNumber": {
      "countryCode_": 86,
      "countryIso_": "CN",
      "nationalNumber_": 打码,
      "rawInput_": ""
    },
    "commonUserInfo": {
      "avatarUrl": "http://p9.douyinpic.com/aweme/100x100/打码.jpeg",
      "secUid": "打码-nFIdeSIthEH52a",
      "userName": "打码"
    },
    "expires": "Jul 12, 2021 5:52:33 PM",
    "lastIsReliableLogin": 0,
    "loginMethodName": "PHONE_SMS",
    "uid": "打码"
  }
}

https://blog.csdn.net/u014792378/article/details/118183398

通过抖音APP缓存提取token解析_诺离的博客-CSDN博客_抖音token

AUTOJS备份恢复抖音CK数据含php处理接口_XQMCN的博客-CSDN博客_抖音ck备份

你可能感兴趣的:(逆向,大数据)