ever_hu
ever_hu

boss直聘sig和响应数据逆向及unidbg实现

boss直聘sig和响应数据逆向及unidbg实现

sig

Java层

抓包

image-20220112162453198

搜索"sig"

image-20220112154956924
image-20220112155021749

net.bosszhipin.base.i.a

image-20220112155049614

com.twl.signer.a.a

image-20220112155106595

com.twl.signer.YZWG.signature

image-20220112155142236

com.twl.signer.YZWG.nativeSignature

image-20220112155202949
so层

搜索jni

image-20220112155728242

跳转看看

image-20220112155811269

可以看到动态注册的函数名

跳转到signature并修改a1类型为JNIEnv *a1

image-20220112160253662

看看sub_A464

image-20220112160315749

看看sub_AAE4

image-20220112160454460

MD5的常数,所以sub_A464应该就是进行MD5的地方了,hook一下

function dump(name, addr, length) {
    console.log("======================== " + name + " ============");
    console.log(hexdump(addr, {length:length||32}));
}

function hook_a464() {
    var bptr = Module.findBaseAddress("libyzwg.so");
    Interceptor.attach(bptr.add(0xa464+1), {
        onEnter: function(args) {
            dump("a464-arg0", args[0], parseInt(args[1]));
        },
        onLeave: function(retval){
            dump("a464-ret", retval, 32);
        }
    })
}
image-20220112162018625

可以看到是相对url+请求参数+盐,最后做个MD5。在cyberchef验证一下

image-20220112162245608

代码

_SALT = 'a308f3628b3f39f7d35cdebeb6920e21'

def calc_sig(rel_url, params):
    if isinstance(params, (list, tuple, dict)):
        if hasattr(params, 'items'):
            params = params.items()
        params = ''.join(f'{k}={v}' for k,v in sorted(params))
    data = ''.join((rel_url, params, _SALT))
    print(data)
    sig = 'V2.0' + hashlib.md5(data.encode()).hexdigest()
    return sig

响应数据解密

Java层
image-20220112195826156
image-20220112195854433

发现后面的几个参数不太相同,有的时候是null, 0, 1, 0,有的时候是null, 0, 1, 2

so层
image-20220112163116350
image-20220112163306727
image-20220112171534711

有几个函数,数量比较少,都看看。

image-20220112163745928

sub_A684可能是个base64,但是响应数据是二进制数据,可能没有调用。

image-20220112163906983

sub_A438是拼接两个字符串

image-20220112164024034

sub_A6F0看不出什么,sub_B36Csub_B3B6这两个函数看了下,应该是码表替换。

image-20220112171619762

sub_A75C应该是做个lz4解压。

hook一下sub_A6F0sub_A75C

null, 0, 1, 0

image-20220112200538561

null, 0, 1, 2

image-20220112201317388

当参数为null, 0, 1, 0时,sub_A6F0的结果已经是完全解密的字符串

当参数为null, 0, 1, 2时,sub_A6F0的结果并不是完全解密的字符串,而是以"BZPBlock"开头的数据,还需要经过sub_A75C的lz4解压才能完全解密

先看看sub_A6F0里面的两个函数

image-20220113100714363
image-20220113100740899

简单的码表替换,对照着重写一下即可。

def sub_B36C(a2):
    """
    Init table
    Args:
        a2: secret key
    """
    a3 = len(a2)
    a1 = [0] * 260
    for i in range(256):
        a1[i] = i
    v5 = 0
    for v6 in range(256):
        v7 = a1[v6]
        v5 += v7 + a2[v6 % a3]
        v5 &= 0xff
        a1[v6] = a1[v5]
        a1[v5] = v7
    return a1

def sub_B3B6(result, a2):
    """
    Apply trans byte
    Args:
        result: table
        a2: input bytes
    """
    a4 = len(a2)
    a3 = []
    for i in range(a4):
        v5 = result[257]
        v6 = (result[256] + 1) & 0xff
        result[256] = v6
        v7 = (v5 + result[v6]) & 0xff
        result[257] = v7
        v8 = result[v6]
        result[v6] = result[v7]
        result[v7] = v8
        t = result[(result[result[256]] + result[result[257]]) & 0xff] ^ a2[i]
        a3.append(t & 0xff)
    return bytes(a3)
lz4

接下来就是sub_A75Clz4解压,先看看码表替换之后的结果

image-20220113142604209

对比一下使用python的lz4压缩后的数据

image-20220113142743877

和标准的有所不同,这样的话就不能直接调用lz4的解压函数,需要添加一下header和footer信息。

具体可参考lz4/lz4_Frame_format.md

image-20220113144758526
image-20220113144818807

对比了一下,除了HC(Header Checksum),其他都能在sub_A6F0的输出里面找到,根据其定义算出即可

image-20220113145007693 
def decode(data, key=b''):
    a1 = sub_B36C(_SALT.encode() + key)
    ret = sub_B3B6(a1, data)
    if not ret.startswith(b'BZPBlock'):
        return ret.decode()

    compress_size = ret[12:16]
    decode_size = ret[16:20]
    checksum = ret[20:24]
    print(compress_size)
    print(decode_size)
    print(checksum)
    
    # lz4_header = bytes([0b01101000, 0b01000000]) + decode_size + b'\x00' * 4
    lz4_header = bytes([0b01100000, 0b01000000])
    lz4_header_checksum = (xxhash.xxh32_intdigest(lz4_header) >> 8) & 0xff

    data2 = b'\x04"M\x18' + lz4_header + bytes([lz4_header_checksum]) + compress_size + ret[24:] + b'\x00'*4
    data3 = lz4.frame.decompress(data2)
    return data3.decode()

unidbg实现

搭个框架

public class Boss extends AbstractJni {
    private final AndroidEmulator emulator;
    private final VM vm;
    private final Module module;

    public static String pkgName = "com.hpbr.bosszhipin";
    public static String apkPath = "unidbg-android/src/test/java/com/boss/boss8170.apk";
    public static String soPath = "";

    public Boss() {
        emulator = AndroidEmulatorBuilder.for32Bit().setProcessName(pkgName).build();
        Memory memory = emulator.getMemory();
        memory.setLibraryResolver(new AndroidResolver(23));
        vm = emulator.createDalvikVM(new File(apkPath));
        vm.setJni(this);
        vm.setVerbose(true);
        DalvikModule dm = vm.loadLibrary("yzwg", true);
        module = dm.getModule();
        dm.callJNI_OnLoad(emulator);
    }
    
    public void call_decode() {
//        byte[] data = new byte[]{-10,114,76,25,44,-37,100,101,-128,-89,82,-77,-46,-79,-105,125,-105,-32,-97,119,58,83,-13,-111,-30,-102,-103,-4,-64,116,71,21,-99,2,-95,113,-79,114,8,37,105,120};
        byte[] data = new byte[]{-49,10,127,52,36,-47,37,52,-80,-117,112,-34,79,-46,-28,28,127,-79,-67,77,111,36,-122,-14,112,-34,-111,-83,-127,55,1,10,-49,124,-16,41,-14,61,87,45,103,100,-128,45,17,115,-123,122,11,-66,-27,-44,-109,44,109,100,-24,-16,-94,103,100,-113,29,-56,-24,126,37,12,-11,-126,-13,31,-79,24,105,-95,68,-57,113,-14,93,91,-27,78,-111,-66,91,54,-6,108,-13,-68,65,82,51,92,-103,60,-25,-11,113,124,-44,-18,17,76,103,-10,-123,53,-19,68,-65,0,-5,98,108,-18,111,-91,35,-61,-77,-77,24,71,106,-33,53,58,64,68,56,-110,8,125,-13,-109,-30,-74,89,66,1,58,44,-3,77,92,70,10,72,-23,-118,-3,86,-21,-103,127,-58,43,78,6,-71,116,-23,32,69,-30,-66,103,3,98,46,-110,38,-22,79,58,8,-74,-30,-97,112,66,-76,-93,-83,71,-38,107,76,-87,0,-62,29,-69,8,-17,36,-61,64,90,-119,38,-9,121,-110,-25,-92,11,123,52,55,-68,8,100,66,43,16,53,-80,103,-40,-3,-56,-105,-7,-107,36,14,-113,-103,-9,103,53,18,71,122,-82,-43,-120,-122,-22,-42,113,52,20,-111,-23,50,60,92,7,7,-32,-6,-4,-75,42,-44,-66,7,94,39,40,-63,-90,-96,116,-67,-13,-82,125,116,84,-101,8,71,82,-60,84,-46,-115,122,-118,-101,-121,-47,100,25,-78,-16,50,9,-35,84,12,120,-89,4,27,32,-63,-6,18,-115,-59,-75,5,-125,-58,-65,-62,91,-64,99,-47,30,18,37,48,-14,92,41,38,60,10,82,78,64,-87,31,18,98,5,-61,49,75,2,-108,-126,-53,-26,-95,-122,-14,74,-10,49,-36,44,2,7,40,23,42,75,82,123,67,26,-37,79,52,-65,-9,101,-97,78,82,-20,-116,61,99,127,-87,-20,-105,48,49,-27,109,-56,49,16,74,21,-128,42,122,-124,5,43,27,29,4,-9,-73,-124,89,-46,-63,-69,-95,-19,-47,-6,21,-21,-66,-51,-100,-86,-78,41,-33,-80,18,-20,31,-57,4,-99,-38,-42,4,106,115,30,21,42,16,-96,-59,-5,-25,111,73,117,-76,0,42,124,27,105,-11,-40,22,42,73,-29,43,0,11,73,107,83,-55,37,-60,-104,127,-111,16,-4,98,-112,-113,28,-52,64,119,6,103,-7,117,59,6,-31,115,-68,90,-40,-80,108,-119,125,92,-112,22,48,88,2,-22,31,12,106,-86,63,-43,-87,-53,118,63,-75,2,-52,113,10,4,45,42,7,-69,104,62,17,66,106,-67,-69,6,-32,126,4,51,-49,113,-34,-57,-85,-9,122,-60,52,4,-57,-4,-100,-94,-16,-91,-69,84,-42,108,7,-87,110,-14,-58,-112,57,-112,60,29,-63,25,-123,73,56,-77,-128,98,65,103,-104,47,120,-29,102,-86,58,-119,-101,-52,6,-88,-28,21,-20,-4,-62,39,-50,25,94,37,83,-119,-110,-43,17,-3,-5,19,-46,51,98,127,12,-40,114,94,-77,-50,-8,-46,107,23,-30,100,68,37,-31,76,20,33,-29,-117,83,90,-101,99,95,10,117,-111,107,-125,-122,79,30,-15,94,93,115,101,110,-82,-79,-49,-3,38,52,-44,80,-57,28,9,65,-66,118,91,100,-122,-112,74,80,-16,-122,-37,102,-36,-34,105,-105,-114,-112,-78,43,-128,-53,-114,119,-51,-59,62,90,78,118,-60,-65,64,-99,53,36,61,12,115,-82,-126,115,10,80,-37,25,-88,-53,-87,-66,-47,-14,88,57,48,-40,44,-31,-98,65,-1,-35,-14,-45,-91,53,103,-7,-54,-76,109,11,15,-44,51,-73,20,-113,-20,118,63,-121,3,43,77,-123,6,-64,30,-64,116,-29,-83,-24,-111,-26,-46,-77,123,-25,-97,-77,-118,-16,-17,-101,-71,96,-8,-29,-94,-127,-93,98,-8,105,66,25,101,-39,-99,-69,-19,101,-89,45,-35,-80,45,-40,123,58,42,9,-2,60,62,-68,-38,5,-62,48,90,37,-6,99,32,-85,20,16,126,-70,-79,-86,46,115,119,85,-17,121,-47,48,97,24,-26,116,-69,125,-99,-66,-36,-77,121,89,-70,74,-96,8,100,-61,-105,-76,24,-98,-53,104,-44,-88,-118,83,-18,89,-23,4,58,-70,85,-86,62,-89,-111,43,-9,3,-29,108,125,4,-114,-74,-60,69,-42,17,79,71,63,-108,-64,-102,-78,-61,85,23,-37,-71,40,-42,122,78,-50,-13,-70,37,58,-47,48,41,13,-128,-70,100,34,108,-89,-48,-36,124,-55,-70,72,83,36,126,2,84,-56,123,119,90,-98,17,-54,33,18,7,77,-69,91,48,123,45,80,-105,-20,-65,35,-80,7,5,-9,-53,78,57,40,125,116,-42,-38,27,-126,-96,-79,-103,106,-76,55,-84,-33,-3,-52,117,92,-111,-8,-13,-19,-46,28,-9,8,31,-86,115,74,80,-63,-80,61,121,97,63,89,111,66,109,37,-25,106,-17,-64,-56,-121,41,-70,21,118,17,-105,26,98,-122,-21,-68,-73,-42,-39,17,104,2,-58,2,-52,85,114,-81,-105,38,-41,17,-82,25,48,99,50,113,-94,-112,-29,-79,-17,-126,48,-93,-69,54,95,93,8,67,52,64,40,119,-84,-62,-83,127,-29,8,83,37,87,103,-50,34,79,-45,122,96,-109,19,90,110,-113,-72,60,32,24,14,14,-95,57,56,-128,75,-122,-91,-118,59,44,-20,-73,9,38,69,-10,64,32,-58,42,82,33,-44,-94,-17,43,-59,102,-99,25,104,-105,-46,76,43,-81,27,-55,-77,-15,-101,-74,112,52,31,52,-5,41,7,65,-109,-62,91,85,100,1,-3,11,-115,80,65,-85,-107,-67,59,119,26,5,-93,15,123,35,14,103,-99,-87,-45,-90,71,34,-72,-30,92,-81,112,75,26,30,32,-20,123,-41,87,34,113,-38,80,-86,-6,-47,16,-118,-76,18,-79,-46,69,99,78,88,-119,16,44,39,71,-75,120,10,11,-12,-45,53,-54,-46,-103,115,90,-88,18,-35,109,-58,117,33,24,-31,-13,83,60,-60,-70,-61,-21,126,73,22,112,64,107,-74,-42,60,44,51,89,-14,82,21,19,-40,55,-79,-71,105,-87,38,79,100,80,-85,104,-47,-47,-6,-107,-13,-60,-81,69,124,-114,-81,-31,75,123,92,0,54,-118,-7,29,-120,-88,1,91,-88,20,-27,5,-113,-35,118,12,105,32,-37,-123,-23,60,-40,-49,-120,13,50,-58,14,68,-94,-10,28,-100,22,96,102,121,79,-100,-93,28,-29,98,-53,62,-121,-127,80,-57,100,96,-69,-54,96,-68,-98,27,-37,33,101,117,25,-58,-30,51,56,114,-106,-5,-86,78,12,61,-69,-23,118,-100,-52,-47,91,12,96,53,-128,5,10,0,-113,-121,-36,66,-23,-32,81,111,-120,-100,-5,-57,-83,32,-81,-113,36,22,103,-1,27,63,-66,-50,-14,-23,120,-37,-30,27,34,88,-52,125,-96,0,-117,-102,80,-16,68,-36,40,-128,91,-116,-24,30,-11,-59,61,64,-127,-47,4,-5,110,78,107,123,44,20,79,56,-101,107,121,46,9,57,-116,13,116,-100,-46,16,-26,65,-125,-23,30,68,41,-64,-25,90,-56,-42,-76,-117,45,111,93,127,-87,111,-99,78,50,-100,-77,-57,-31,16,52,-16,123,-11,61,72,-103,-31,-85,-123,0,-89,69,-94,97,-40,-65,-124,-24,38,85,48,10,97,-14,48,24,52,54,-2,73,-127,51,124,-77,100,3,-63,-111,-18,-100,103,-46,-128,56,-63,93,45,-117,52,5,-87,32,24,108,7,11,114,-80,-79,-10,-84,60,-111,60,88,-68,-87,-101,6,41,-90,-120,-78,-40,-26,115,69,25,-117,107,76,127,-98,-71,-97,-96,-46,-94,-58,4,119,-84,55,113,11,-30,-4,106,95,-121,-8,73,-105,-79,9,-29,51,-52,36,110,31,-31,-115,-126,86,-127,101,46,6,-98,-92,-68,-110,42,-34,-16,-36,65,-40,-93,-104,119,61,-37,-88,109,112,-116,-102,-72,-115,59,29,-81,29,-112,-22,-49,-56,71,21,-68,73,-61,-89,119,25,-28,16,-113,-124,81,-107,46,46,85,-70,95,-114,35,18,19,-39,-118,72,39,-102,37,-45,-99,33,-37,-124,-122,-28,92,19,-15,-73,-68,-46,96,71,-43,-29,62,-71,-67,-61,-121,-107,32,71,-111,15,25,-94,-64,10,79,104,-96,74,-103,-34,5,-114,45,25,-122,-4,57,27,-29,29,122,61,22,96,127,-85,107,30,-32,39,39,78,35,-63,-22,36,-18,70,53,-23,122,113,50,-38,4,-89,-117,12,126,-53,-57,31,-42,-87,109,19,-44,-27,-54,-121,-112,-77,-96,58,-92,-25,-11,-69,4,41,50,25,36,84,-71,-70,114,-9,93,14,2,94,-14,116,-20,-95,19,3,17,-52,106,8,-51,-125,48,67,89,82,17,90,12,96,63,-86,69,85,-44,-33,70,-27,-116,-4,-58,85,-41,120,10,-27,17,-21,96,50,-78,-92,-49,-71,80,-79,43,-73,-9,-25,-38,-5,7,127,71,82,-91,-77,-58,-21,64,18,54,-74,-51,100,-20,-56,-109,121,-106,-74,50,112,77,-50,-112,72,86,4,67,-40,-39,-96,-8,-15,-128,-37,17,4,-106,-71,117,-115,-97,96,-82,49,-5,58,46,-4,-35,-41,105,0,-122,-32,107,38,-22,-3,-2,86,-10,-43,-13,118,-28,105,-119,100,82,27,-118,-60,-97,-100,13,-2,-38,16,-75,75,-4,-85,-33,-19,39,6,-1,-106,-31,-93,-126,-7,48,-116,-51,122,-109,47,86,-123,13,-98,103,24,-58,107,-17,-98,36,120,-16,60,-78,65,-25,118,-1,76,-81,-7,92,-2,-93,-110,-68,54,33,-4,-78,-22,70,21,-119,-91,-95,-121,26,-39,5,105,52,-128,-6,78,31,67,57,101,-13,-20,-68,56,-24,-43,-27,-17,80,122,49,99,100,6,-82,-120,13,-2,44,-5,-21,-87,-51,120,46,57,69,-71,51,60,78,-113,-3,-72,-77,33,-42,-111,-88,-74,-34,-82,-100,47,-39,-76,-26,-59,105,-19,49,-7,80,-84,29,-127,103,-102,67,-16,127,-26,-20,-61,44,34,97,-116,-38,-93,71,-83,-39,-81,-120,49,44,111,-67,103,76,21,-49,93,-65,-125,68,-75,-80,-65,63,-82,-37,117,53,96,-39,-78,-54,116,2,53,47,43,-86,25,3,77,-24,-96,-50,85,-97,33,-33,26,-94,-39,-62,112,-102,52,67,-43,39,121,62,-117,24,78,66,-45,115,-74,-42,-111,-82,-91,98,83,-123,10,-121,-94,-48,-64,119,-81,61,-80,-128,-110,121,11,-113,-17,24,27,26,-64,-53,101,59,-70,97,-74,-123,-20,127,-27,-28,-35,47,107,106,110,123,46,13,34,4,-119,-31,-24,77,74,-94,-100,21,-70,17,-90,97,110,125,112,-80,-111,50,71,68,-84,52,-106,20,-83,-32,-36,-124,-92,126,-37,-36,28,-97,-4,92,55,-16,4,62,-98,-50,57,-72,10,-44,85,-50,27,-4,117,64,12,-49,6,-68,-34,33,-124,49,-112,-28,8,52,-44,47,56,16,-63,85,71,64,119,89,-104,45,107,-118,-96,-28,-66,127,6,31,0,47,56,99,-13,-123,-25,57,-126,49,-39,-6,-106,60,-63,-64,46,16,-69,23,85,-66,-126,28,93,-70,-40,97,-3,114,118,-2,-34,-125,-97,-89,-107,-27,-122,-14,75,85,-86,-15,5,-35,71,-34,69,57,8,45,46,-5,40,-56,122,-41,-27,23,100,-81,-7,-35,92,-114,-71,-54,-51,-42,80,-71,-44,68,-37,54,119,120,-66,-9,125,89,98,-25,3,65,-41,-26,67,45,126,-63,109,127,-23,14,104,103,-93,30,-6,7,35,-86,-28,105,-119,-18,-117,-47,-8,52,40,-60,-89,11,-116,93,-68,32,-122,-48,82,-62,75,111,52,71,57,-33,-39,-27,107,-4,60,-46,95,31,-13,-11,108,-98,-20,-46,-12,61,-62,117,-128,109,109,-106,51,-56,-125,-58,-90,-30,60,-77,77,-62,0,-105,108,36,-73,-46,-119,70,-89,24,-123,-103,-80,-104,33,-106,113,48,62,-44,-120,36,-73,-60,-33,51,-45,-46,0,-126,-37,70,2,-64,99,-102,-48,17,-39,-78,-9,111,-118,85,10,-96,96,-20,-100,117,106,90,72,64,45,-52,-95,-67,20,23,76,-50,-45,-84,-77,122,24,-22,-33,-39,-60,92,-50,-22,-16,-26,50,-65,14,-122,-79,-29,-9,-11,-30,-34,14,74,3,111,-16,-83,-2,-101,37,49,46,90,-104,-66,-49,18,-66,106,61,-69,102,-3,116,25,-112,7,43,-100,-87,-91,32,-6,-38,-48,30,-3,83,-71,100,84,66,-69,41,94,110,10,3,-20,101,-106,-55,10,-48,83,92,88,29,38,69,13,-33,-91,-3,-75,113,-57,-70,-25,-49,-115,-128,-71,112,70,44,-71,-4,26,68,108,6,-94,-95,-64,95,-50,6,49,-94,43,-90,35,39,-13,11,-25,-79,-16,22,88,113,-16,39,24,-82,126,-61,-54,4,-1,-56,62,118,44,-86,-69,1,99,92,56,-33,110,-33,-42,7,-105,93,9,-40,-40,-48,43,-50,123,105,-2,-54,88,35,49,-53,77,-29,-2,-74,25,-33,61,78,-104,-79,-75,19,-108,-42,-18,46,18,81,-104,18,-82,-24,-84,32,-52,-35,-52,68,-95,-9,40,33,73,-50,-3,27,-76,-13,-61,62,-26,80,-118,111,87,-58,-116,22,49,51,-22,115,106,53,107,-10,-64,55,106,-116,94,52,43,80,25,114,117,119,78,2,-114,3,30,68,-122,66,125,-51,45,49,59,18,-112,-54,-53,19,-69,-39,-17,-22,84,29,-82,43,127,87,96,-7,29,-24,-86,-39,-47,-57,-95,-99,68,-42,-59,-56,-13,-90,-121,-32,-128,39,69,39,12,-19,-105,-99,11,-120,49,-110,106,-91,-26,107,18,39,87,-75,-53,61,-85,-25,25,-65,-116,7,115,26,23,-119,62,-32,76,77,110,3,80,119,-19,65,-22,109,-126,24,12,-58,5,-116,27,48,-18,29,89,31,-21,92,-15,85,-69,-92,-68,-43,60,-27,-118,72,39,45,105,55,-95,-117,74,79,-59,-29,75,11,-68,114,52,-2,75,106,118,27,-40,-94,119,12,-26,65,12,-73,-48,-118,-128,-67,-51,-98,72,-109,-124,17,52,73,109,-39,27,94,69,-92,-28,118,-76,-46,-22,-10,-29,-107,77,11,26,-54,-34,-7,121,-122,-78,20,-47,61,44,-27,-34,125,74,100,-105,13,-72,-109,78,38,35,-79,-15,114,-128,86,112,37,78,72,16,-65,-105,82,40,57,41,-52,-95,66,-35,89,-86,-110,-112,-66,42,122,-58,86,-69,-122,-43,-22,-9,-58,-18,-49,8,83,59,-18,-91,46,-67,-84,-56,-74,91,-11,80,-62,-121,55,61,-86,73,119,68,-55,92,39,97,28,-106,-27,-9,-50,9,-63,-79,-11,-101,115,127,98,40,-87,-58,-107,-91,-46,78,107,-44,-9,118,106,-30,-55,84,-1,72,-16,4,90,21,36,-11,58,99,-65,-112,-58,102,84,114,-26,-5,53,110,86,50,-45,-120,121,-38,15,1,40,100,-61,-57,-27,14,-83,49,-1,102,60,75,-3,-77,-105,-37,-64,26,28,-126,-122,-67,-63,98,-104,11,-119,105,-94,1,-115,18,78,-3,-96,-93,105,-52,-4,25,-118,16,-83,-5,32,-41,29,24,90,45,62,3,-122,60,-74,-99,-119,0,104,108,-122,11,110,0,-8,79,-42,-2,2,115,-16,-4,-21,-50,-90,-69,10,-12,19,16,28,-4,21,-80,69,-111,95,-103,-83,-4,-45,121,27,91,-62,-123,-104,104,63,-62,-77,-9,-78,-99,-109,42,88,-69,-30,29,-54,-44,8,-44,61,82,84,-115,13,-72,-23,-51,-42,55,-79,59,16,-9,-82,12,-63,21,-37,-42,102,19,126,-46,-126,-126,13,-64,61,-97,7,-110,-48,-47,-22,75,-83,-44,45,-115,4,-81,-41,-103,119,-46,107,68,-58,-106,66,-45,-70,90,114,95,95,21,-60,58,-53,114,84,42,66,-85,-34,-64,16,117,34,75,50,89,127,-55,-110,-58,-52,51,120,-73,97,72,65,-79,-24,19,68,-37,-26,-95,3,2,-30,-57,76,36,44,86,15,108,-42,-43,7,101,56,-77,-34,-62,-58,-87,90,12,-50,95,80,-82,-31,79,-103,-3,36,99,-39,108,-3,-87,-1,-96,-18,121,-66,1,99,120,27,-44,-1,-83,107,22,-43,-120,111,25,-15,71,-17,-37,80,3,86,-12,-99,-80,-87,59,14,108,-69,108,102,14,-12,-12,70,-10,-70,38,35,22,36,10,57,63,29,76,-98,124,-118,28,24,-97,-18,-80,23,-16,-67,68,40,-22,-85,-13,-31,-54,34,51,65,115,-12,61,86,124,80,-35,20,126,-46,125,21,-108,-80,-59,-75,-18,-47,21,-61,60,91,33,76,-4,-123,80,91,-71,27,-125,116,-28,-29,-27,17,127,59,-106,-67,73,-66,16,-56,-17,-47,-40,-97,-8,71,-69,36,60,84,-93,116,103,0,115,73,-62,-100,49,-5,125,123,-4,-42,58,14,-24,46,39,-39,22,-46,-84,95,-34,-96,81,68,-92,37,120,-128,-66,86,14,-73,37,25,99,-101,-108,-88,-38,-62,-97,-86,39,44,34,9,76,-84,-25,-69,-121,-58,-31,-10,55,29,-19,2,7,-39,-14,121,94,89,111,56,-117,71,90,-74,-17,-15,-68,-68,-37,83,35,62,-77,-84,-67,-105,58,-89,-86,24,43,-53,76,78,-25,-28,-118,2,-26,-91,34,104,54,117,-74,-61,66,65,-28,31,-93,-117,-70,11,93,56,11,20,-117,28,-117,-89,54,66,118,-30,-106,-20,-105,64,-14,101,-66,-42,28,-34,91,-121,18,-47,-49,-101,57,-122,63,-83,29,63,56,-35,-33,-51,72,69,-6,4,-49,-20,54,-82,-19,-36,20,-60,-66,90,51,16,-55,-70,-35,76,43,99,4,38,123,5,-91,84,11,80,-128,-43,53,-48,-84,-37,105,-62,6,77,-14,62,-56,-44,23,-52,121,54,21,116,-74,-9,27,8,-69,120,-55,67,73,-85,-3,-74,7,108,-21,40,-71,105,-82,-47,6,34,117,-46,59,-108,-112,-94,-84,-30,-54,-91,125,-34,99,-37,58,-53,97,-35,-45,-72,-107,-55,83,113,86,-108,72,106,-109,42,-128,96,-93,-111,-64,39,71,43,-98,-93,-10,-101,115,-21,-117,-97,118,-20,-60,112,100,-16,124,-8,125,113,19,80,-28,-114,-68,-123,-117,111,110,-28,-73,-101,-118,-66,14,-94,-16,46,-38,-120,101,68,-104,57,-27,-104,-56,28,-60,-11,-57,87,125,70,-93,116,90,-20,121,23,99,92,-56,-96,-121,-98,-2,-110,74,112,105,53,-57,100,-32,-122,-62,92,-97,39,107,29,100,23,77,-112,-107,-77,-53,-38,1,-37,49,63,18,73,83,-106,92,-77,77,-65,53,111,-105,-124,53,-107,-46,96,95,44,19,-114,-15,33,45,-76,-127,-104,-106,-60,71,53,-96,-27,36,-48,39,-118,14,-91,-113,28,43,87,-105,100,115,-52,39,-52,76,-80,-85,82,-50,-48,94,7,-17,16,19,-103,31,-14,-1,-79,51,57,76,-41,-63,-55,33,-106,62,12,-33,103,-16,49,-65,-111,9,-14,-17,-46,-8,86,33,44,-99,38,-105,-43,-8,-93,26,-120,27,86,53,90,86,94,113,113,70,64,78,108,27,10,-27,78,-58,85,-99,103,88,-95,-86,108,95,124,-37,68,-51,-76,-126,21,-105,-14,5,-39,-101,26,-112,-85,102,83,97,5,-125,-28,-25,45,-100,55,40,-55,-111,-77,126,35,-68,37,49,-101,106,-92,121,76,46,-22,-100,-97,38,-48,103,125,83,78,71,-77,-101,-111,-118,-50,-7,69,-99,-51,8,-44,-27,101,19,94,108,-42,54,63,79,78,42,-93,-119,-22,-18,44,-56,15,-1,-43,-79,117,72,-38,-122,27,12,30,95,32,-87,-75,41,-65,4,51,10,-98,-103,95,-24,100,-67,100,113,69,85,116,-19,51,-122,-3,125,-74,87,-17,62,18,57,-24,59,126,102,-57,-102,-76,11,16,112,-109,75,79,125,-23,-97,-85,-80,-85,-111,85,66,127,66,105,-96,125,-16,25,23,62,62,-50,100,-34,-78,82,69,-25,41,-108,89,71,20,60,32,50,-70,-44,-42,27,0,121,43,-72,86,70,-108,121,74,105,-80,25,-62,54,40,-47,-35,33,-66,-116,45,112,-115,-18,-67,-101,-69,61,-20,31,-16,9,11,28,97,114,67,97,123,91,-47,-69,87,65,91,63,-43,14,-12,77,99,86,10,92,58,-71,32,102,28,122,-92,-29,-120,22,42,1,-31,74,6,-124,-47,98,-95,31,48,20,115,-40,109,81,23,87,95,38,38,-104,-115,-121,26,101,-106,113,-89,54,124,-59,49,40,5,-77,61,76,-69,119,-94,69,81,20,25,-23,-35,23,-55,64,-65,73,-25,-76,-26,-119,80,66,-25,-113,-92,72,-103,10,106,88,111,-54,-40,41,101,14,88,-115,-52,-127,43,117,-105,-23,-84,21,3,30,52,-99,39,-124,-95,6,-61,-78,-97,84,100,-100,-1,95,38,93,86,121,116,-97,-99,-12,-126,113,-77,26,-72,19,37,1,112,110,-34,41,-126,80,66,51,10,81,-75,36,-73,109,-55,-3,107,-48,105,-83,-53,-109,63,-106,-56,93,103,115,74,-104,125,38,46,28,-66,-114,-30,-115,56,19,66,33,61,37,8,16,-119,70,-25,78,-87,1,44,27,65,32,74,-48,-58,-40,124,95,40,86,-64,-51,88,16,-115,79,-128,-50,100,-126,117,28,38,-71,-55,-122,-39,-71,-50,89,-86,37,21,-125,-38,-47,119,125,109,21,23,9,-36,38,123,81,-28,-13,52,120,100,106,-125,-63,-27,66,-2,-36,-57,30,37,-95,-43,-17,-72,-44,-113,29,21,-121,-17,37,-110,1,76,-72,3,-36,-84,-36,2,32,15,106,65,2,17,-61,25,-51,-58,-12,-74,-109,26,19,63,-85,72,-35,-53,102,31,57,-55,103,-111,-11,-44,77,-73,33,-25,75,7,-81,-100,-77,98,-20,93,86,111,98,-34,77,-76,-67,120,38,95,64,38,112,-42,-60,-103,-99,97,51,87,-19,-2,-15,122,-34,40,-109,-113,-36,125,-106,-124,-24,-92,-125,-6,27,-97};
        List list = new ArrayList<>(10);
        list.add(vm.getJNIEnv());
        list.add(0);
        list.add(vm.addLocalObject(new ByteArray(vm, data)));
        list.add(null);
        list.add(0);
        list.add(1);
        list.add(2);

        Number ret = module.callFunction(emulator, 0x28394+1, list.toArray());
        byte[] output = (byte[]) vm.getObject(ret.intValue()).getValue();
        System.out.println(Arrays.toString(output));
        System.out.println(new String(output));
    }
    
    public static void main(String[] args) {
        Boss test = new Boss();

        test.call_decode();
    }
}
 
 
然后就是日常的报错和补环境。
 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113150137551 
  
 
 
 
 
@Override
public DvmObject getStaticObjectField(BaseVM vm, DvmClass dvmClass, String signature) {
    switch (signature) {
        case "com/twl/signer/YZWG->gContext:Landroid/content/Context;": {
            return vm.resolveClass("android/content/Context").newObject(null);
        }
    }
    return super.getStaticObjectField(vm, dvmClass, signature);
}

 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113150802245 
  
 
 
 
 
@Override
public DvmObject callObjectMethod(BaseVM vm, DvmObject dvmObject, String signature, VarArg varArg) {
    switch (signature) {
        case "android/content/pm/PackageManager->getPackagesForUid(I)[Ljava/lang/String;": {
            StringObject[] arr = new StringObject[1];
            for (int i=0; i
 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113151024998 
  
 
 
 
 
@Override
public DvmObject getObjectField(BaseVM vm, DvmObject dvmObject, String signature) {
    switch (signature) {
        case "android/content/pm/PackageInfo->signatures:[Landroid/content/pm/Signature;": {
            PackageInfo packageInfo = (PackageInfo) dvmObject;
            CertificateMeta[] metas = vm.getSignatures();
            if (metas != null) {
                Signature[] signatures = new Signature[metas.length];
                for (int i = 0; i < metas.length; i++) {
                    signatures[i] = new Signature(vm, metas[i]);
                }
                return new ArrayObject(signatures);
            }
        }
    }
    return super.getObjectField(vm, dvmObject, signature);
}

 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113151113951 
  
 
 
 
 
@Override
public int callIntMethod(BaseVM vm, DvmObject dvmObject, String signature, VarArg varArg) {
    switch (signature) {
        case "java/lang/String->hashCode()I": {
            String str = (String) dvmObject.getValue();
            return str.hashCode();
        }
    }
    return super.callIntMethod(vm, dvmObject, signature, varArg);
}

 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113151918078 
  
 
 
 
 
结果就出来了。
 
 
其实除了补环境之外,还有另一种方法,就是patch。
 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113153052995 
  
 
 
 
 
在补android/content/pm/PackageManager->getPackagesForUid(I)[Ljava/lang/String;这个方法的时候,不知道怎么去补,直接跳转到0x27da5
 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113153234231 
  
 
 
 
 
可以看出,该函数的作用是做一个签名的校验,查看引用
 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113153550095 
  
 
 
 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113153534098 
  
 
 
 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113153625878 
  
 
 
 
 
我们直接patch掉这个函数,将其改为NOP,由于原指令长度是4,需要补两个NOP。同时由于该函数正常调用的返回值为30010568,因此我们需要把r0寄存器的值改为30010568
 
 
需要注意的是,该patch方法需要在callJNI_OnLoad之前调用。
 
 
public Boss() {
    // ...
    this.patch();
    dm.callJNI_OnLoad(emulator);   
}

 
 
public void patch() {
    emulator.getMemory().pointer(module.base + 0xa880).setInt(0, 0xBF00BF00); // NOP
    emulator.attach().addBreakPoint(module.base + 0xa883, new BreakPointCallback() {
        @Override
        public boolean onHit(Emulator emulator, long address) {
            emulator.getBackend().reg_write(ArmConst.UC_ARM_REG_R0, 30010568);
            return true;
        }
    });
}

 
 
 
  
 
   
  
   
 
  
 
  

    image-20220113154218365 
  
 
 
 
 
同样运行成功。
 
 
Update 2022-01-17
 
 
sub_A6F0是RC4加密,sub_B36Csub_B3B6这两个函数分别是初始化轮换表和字符轮换,更新decode函数如下
 
 
def rc4_crypt(data, key):
    """
    rc4 encrypt/decrypt data with key
    Args:
        data: data to encrypt/decrypt
        key: rc4 key
    """
    S = list(range(256))
    j = 0
    for i in range(256):
        j = (j + S[i] + key[i % len(key)]) & 0xff
        S[i], S[j] = S[j], S[i]

    bucket = []
    i = 0
    j = 0
    for c in data:
        i = (i + 1) & 0xff
        j = (j + S[i]) & 0xff
        S[i], S[j] = S[j], S[i]
        k = c ^ S[(S[i] + S[j]) & 0xff]
        bucket.append(k)
    return bytes(bucket)

def decode(data, key=b''):
    # a1 = sub_B36C(_SALT.encode() + key)
    # ret = sub_B3B6(a1, data)
    ret = rc4_crypt(data, _SALT.encode() + key)
    if not ret.startswith(b'BZPBlock'):
        return ret.decode()

    print(ret[:50])
    compress_size = ret[12:16]
    decode_size = ret[16:20]
    checksum = ret[20:24]
    print(compress_size)
    print(decode_size)
    print(checksum)
    
    # lz4_header = bytes([0b01101000, 0b01000000]) + decode_size + b'\x00' * 4
    lz4_header = bytes([0b01100000, 0b01000000])
    lz4_header_checksum = (xxhash.xxh32_intdigest(lz4_header) >> 8) & 0xff

    data2 = b'\x04"M\x18' + lz4_header + bytes([lz4_header_checksum]) + compress_size + ret[24:] + b'\x00'*4
    data3 = lz4.frame.decompress(data2)
    return data3.decode()

 

                            
                        
                    
                    
                    

                    
                    
                    

                
                

                    
                

            
        
    
    

        
你可能感兴趣的:(boss直聘sig和响应数据逆向及unidbg实现)

        

            

                
    
                    
  • 情绪觉察日记第37天
                        露露_e800

                        
    今天是家庭关系规划师的第二阶最后一天,慧萍老师帮我做了个案,帮我处理了埋在心底好多年的一份恐惧,并给了我深深的力量!这几天出来学习,爸妈过来婆家帮我带小孩,妈妈出于爱帮我收拾东西,并跟我先生和婆婆产生矛盾,妈妈觉得他们没有照顾好我…。今晚回家见到妈妈,我很欣赏她并赞扬她,妈妈说今晚要跟我睡我说好,当我们俩躺在床上准备睡觉的时候,我握着妈妈的手对她说:妈妈这几天辛苦你了,你看你多利害把我们的家收拾得
    
                    
    • 
                    
  • 芦花鞋一四
                        许叶晗

                        
    又是在一个寒冷的夏日里,青铜和葵花决定今天一起去卖芦花鞋,奶奶亲手给他们做了一碗热乎乎的粥对他们说:“就靠你们两挣生活费了这碗粥赶紧趁热喝了吧!”于是青铜和葵花喝完了奶奶给她们做的粥,就准备去镇上卖卢花鞋,这回青铜和葵花穿着新的芦花鞋来到了镇上。青铜这回看到了很多人都在卖,用手势表达对葵花说:“这回有好多人在抢我们生意呢!我们必须得吆喝起来。”葵花点了点头。可是谁知他们也大声的叫,卖芦花喽!卖芦花
    
                    
    • 
                    
  • 关于沟通这件事,项目经理不需要每次都面对面进行
                        流程大师兄

                        
    很多项目经理都会遇到这样的问题,项目中由于事情太多,根本没有足够的时间去召开会议,那在这种情况下如何去有效地管理项目中的利益相关者?当然,不建议电子邮件也不需要开会的话,建议可以采取下面几种方式来形成有效的沟通,这几种方式可以帮助你努力的通过各种办法来保持和各方面的联系。项目经理首先要问自己几个问题,项目中哪些利益相关者是必须要进行沟通的?可以列出项目中所有的利益相关者清单,同时也整理出项目中哪些
    
                    
    • 
                    
  • 机器学习与深度学习间关系与区别
                        ℒℴѵℯ心·动ꦿ໊ོ꫞
人工智能学习深度学习python
                        
    一、机器学习概述定义机器学习(MachineLearning,ML)是一种通过数据驱动的方法,利用统计学和计算算法来训练模型,使计算机能够从数据中学习并自动进行预测或决策。机器学习通过分析大量数据样本,识别其中的模式和规律,从而对新的数据进行判断。其核心在于通过训练过程,让模型不断优化和提升其预测准确性。主要类型1.监督学习(SupervisedLearning)监督学习是指在训练数据集中包含输入
    
                    
    • 
                    
  • 铭刻于星(四十二)
                        随风至

                        
    69夜晚,绍敏同学做完功课后,看了眼房外,没听到动静才敢从书包的夹层里拿出那个心形纸团。折痕压得很深,都有些旧了,想来是已经写好很久了。绍敏同学慢慢地、轻轻地捏开折叠处,待到全部拆开后,又反复抚平纸张,然后仔细地一字字默看。只是开头的三个字是第一次看到,让她心漏跳了几拍。“亲爱的绍敏:从四年级的时候,我就喜欢你了,但是我一直不敢说,怕影响你学习。六年级的时候听说有人跟你表白,你接受了,我很难过,但
    
                    
    • 
                    
  • 随笔 | 仙一般的灵气
                        海思沧海

                        
    仙岛今天,我看了你全部,似乎已经进入你的世界我不知道,这是否是梦幻,还是你仙一般的灵气吸引了我也许每一个人都要有一份属于自己的追求,这样才能够符合人生的梦想,生活才能够充满着阳光与快乐我不知道,我为什么会这样的感叹,是在感叹自己的人生,还是感叹自己一直没有孜孜不倦的追求只感觉虚度了光阴,每天活在自己的梦中,活在一个不真实的世界是在逃避自己,还是在逃避周围的一切有时候我嘲笑自己,嘲笑自己如此的虚无,
    
                    
    • 
                    
  • 【iOS】MVC设计模式
                        Magnetic_h
iosmvc设计模式objective-c学习ui
                        
    MVC前言如何设计一个程序的结构,这是一门专门的学问,叫做"架构模式"(architecturalpattern),属于编程的方法论。MVC模式就是架构模式的一种。它是Apple官方推荐的App开发架构,也是一般开发者最先遇到、最经典的架构。MVC各层controller层Controller/ViewController/VC(控制器)负责协调Model和View,处理大部分逻辑它将数据从Mod
    
                    
    • 
                    
  • 一百九十四章. 自相矛盾
                        巨木擎天

                        
    唉!就这么一夜,林子感觉就像过了很多天似的,先是回了阳间家里,遇到了那么多不可思议的事情儿。特别是小伙伴们,第二次与自己见面时,僵硬的表情和恐怖的气氛,让自己如坐针毡,打从心眼里难受!还有东子,他现在还好吗?有没有被人欺负?护城河里的小鱼小虾们,还都在吗?水不会真的干枯了吧?那对相亲相爱漂亮的太平鸟儿,还好吧!春天了,到了做窝、下蛋、喂养小鸟宝宝的时候了,希望它们都能够平安啊!虽然没有看见家人,也
    
                    
    • 
                    
  • UI学习——cell的复用和自定义cell
                        Magnetic_h
ui学习
                        
    目录cell的复用手动(非注册)自动(注册)自定义cellcell的复用在iOS开发中,单元格复用是一种提高表格(UITableView)和集合视图(UICollectionView)滚动性能的技术。当一个UITableViewCell或UICollectionViewCell首次需要显示时,如果没有可复用的单元格,则视图会创建一个新的单元格。一旦这个单元格滚动出屏幕,它就不会被销毁。相反,它被添
    
                    
    • 
                    
  • element实现动态路由+面包屑
                        软件技术NINI
vue案例vue.js前端
                        
    el-breadcrumb是ElementUI组件库中的一个面包屑导航组件,它用于显示当前页面的路径,帮助用户快速理解和导航到应用的各个部分。在Vue.js项目中,如果你已经安装了ElementUI,就可以很方便地使用el-breadcrumb组件。以下是一个基本的使用示例:安装ElementUI(如果你还没有安装的话):你可以通过npm或yarn来安装ElementUI。bash复制代码npmi
    
                    
    • 
                    
  • 地推话术,如何应对地推过程中家长的拒绝
                        校师学

                        
    相信校长们在做地推的时候经常遇到这种情况:市场专员反馈家长不接单,咨询师反馈难以邀约这些家长上门,校区地推疲软,招生难。为什么?仅从地推层面分析,一方面因为家长受到的信息轰炸越来越多,对信息越来越“免疫”;而另一方面地推人员的专业能力和营销话术没有提高,无法应对家长的拒绝,对有意向的家长也不知如何跟进,眼睁睁看着家长走远;对于家长的疑问,更不知道如何有技巧地回答,机会白白流失。由于回答没技巧和专业
    
                    
    • 
                    
  • 谢谢你们,爱你们!
                        鹿游儿

                        
    昨天家人去泡温泉,二个孩子也带着去,出发前一晚,匆匆下班,赶回家和孩子一起收拾。饭后,我拿出笔和本子(上次去澳门时做手帐的本子)写下了1\2\3\4\5\6\7\8\9,让后让小壹去思考,带什么出发去旅游呢?她在对应的数字旁边画上了,泳衣、泳圈、肖恩、内衣内裤、tapuy、拖鞋……画完后,就让她自己对着这个本子,将要带的,一一带上,没想到这次带的书还是这本《便便工厂》(晚上姑婆发照片过来,妹妹累得
    
                    
    • 
                    
  • C语言如何定义宏函数?
                        小九格物
c语言
                        
    在C语言中,宏函数是通过预处理器定义的,它在编译之前替换代码中的宏调用。宏函数可以模拟函数的行为,但它们不是真正的函数,因为它们在编译时不会进行类型检查,也不会分配存储空间。宏函数的定义通常使用#define指令,后面跟着宏的名称和参数列表,以及宏展开后的代码。宏函数的定义方式:1.基本宏函数:这是最简单的宏函数形式,它直接定义一个表达式。#defineSQUARE(x)((x)*(x))2.带参
    
                    
    • 
                    
  • 微服务下功能权限与数据权限的设计与实现
                        nbsaas-boot
微服务java架构
                        
    在微服务架构下,系统的功能权限和数据权限控制显得尤为重要。随着系统规模的扩大和微服务数量的增加,如何保证不同用户和服务之间的访问权限准确、细粒度地控制,成为设计安全策略的关键。本文将讨论如何在微服务体系中设计和实现功能权限与数据权限控制。1.功能权限与数据权限的定义功能权限:指用户或系统角色对特定功能的访问权限。通常是某个用户角色能否执行某个操作,比如查看订单、创建订单、修改用户资料等。数据权限:
    
                    
    • 
                    
  • 理解Gunicorn:Python WSGI服务器的基石
                        范范0825
ipythonlinux运维
                        
    理解Gunicorn:PythonWSGI服务器的基石介绍Gunicorn,全称GreenUnicorn,是一个为PythonWSGI(WebServerGatewayInterface)应用设计的高效、轻量级HTTP服务器。作为PythonWeb应用部署的常用工具,Gunicorn以其高性能和易用性著称。本文将介绍Gunicorn的基本概念、安装和配置,帮助初学者快速上手。1.什么是Gunico
    
                    
    • 
                    
  • 学点心理知识,呵护孩子健康
                        静候花开_7090

                        
    昨天听了华中师范大学教育管理学系副教授张玲老师的《哪里才是学生心理健康的最后庇护所,超越教育与技术的思考》的讲座。今天又重新学习了一遍,收获匪浅。张玲博士也注意到了当今社会上的孩子由于心理问题导致的自残、自杀及伤害他人等恶性事件。她向我们普及了一个重要的命题,她说心理健康的一些基本命题,我们与我们通常的一些教育命题是不同的,她还举了几个例子,让我们明白我们原来以为的健康并非心理学上的健康。比如如果
    
                    
    • 
                    
  • 2021年12月19日,春蕾教育集团团建活动感受——黄晓丹
                        黄错错加油

                        
    感受:1.从陌生到熟悉的过程。游戏环节让我们在轻松的氛围中得到了锻炼,也增长了不少知识。2.游戏过程中,我们贡献的是个人力量,展现的是团队的力量。它磨合的往往不止是工作的熟悉,更是观念上契合度的贴近。3.这和工作是一样的道理。在各自的岗位上,每个人摆正自己的位置、各司其职充分发挥才能,并团结一致劲往一处使,才能实现最大的成功。新知:1.团队精神需要不断地创新。过去,人们把创新看作是冒风险,现在人们
    
                    
    • 
                    
  • Cell Insight | 单细胞测序技术又一新发现,可用于HIV-1和Mtb共感染个体诊断
                        尐尐呅

                        
    结核病是艾滋病合并其他疾病中导致患者死亡的主要原因。其中结核病由结核分枝杆菌(Mycobacteriumtuberculosis,Mtb)感染引起,获得性免疫缺陷综合症(艾滋病)由人免疫缺陷病毒(Humanimmunodeficiencyvirustype1,HIV-1)感染引起。国家感染性疾病临床医学研究中心/深圳市第三人民医院张国良团队携手深圳华大生命科学研究院吴靓团队,共同研究得出单细胞测序
    
                    
    • 
                    
  • c++ 的iostream 和 c++的stdio的区别和联系
                        黄卷青灯77
c++算法开发语言iostreamstdio
                        
    在C++中,iostream和C语言的stdio.h都是用于处理输入输出的库,但它们在设计、用法和功能上有许多不同。以下是两者的区别和联系:区别1.编程风格iostream(C++风格):C++标准库中的输入输出流类库,支持面向对象的输入输出操作。典型用法是cin(输入)和cout(输出),使用>操作符来处理数据。更加类型安全,支持用户自定义类型的输入输出。#includeintmain(){in
    
                    
    • 
                    
  • 《投行人生》读书笔记
                        小蘑菇的树洞

                        
    《投行人生》----作者詹姆斯-A-朗德摩根斯坦利副主席40年的职业洞见-很短小精悍的篇幅,比较适合初入职场的新人。第一部分成功的职业生涯需要规划1.情商归为适应能力分享与协作同理心适应能力,更多的是自我意识,你有能力识别自己的情并分辨这些情绪如何影响你的思想和行为。2.对于初入职场的人的建议,细节,截止日期和数据很重要截止日期,一种有效的方法是请老板为你所有的任务进行优先级排序。和老板喝咖啡的好
    
                    
    • 
                    
  • Long类型前后端数据不一致
                        igotyback
前端
                        
    响应给前端的数据浏览器控制台中response中看到的Long类型的数据是正常的到前端数据不一致前后端数据类型不匹配是一个常见问题,尤其是当后端使用Java的Long类型(64位)与前端JavaScript的Number类型(最大安全整数为2^53-1,即16位)进行数据交互时,很容易出现精度丢失的问题。这是因为JavaScript中的Number类型无法安全地表示超过16位的整数。为了解决这个问
    
                    
    • 
                    
  • Linux下QT开发的动态库界面弹出操作(SDL2)
                        13jjyao
QT类qt开发语言sdl2linux
                        
    需求:操作系统为linux,开发框架为qt,做成需带界面的qt动态库,调用方为java等非qt程序难点:调用方为java等非qt程序,也就是说调用方肯定不带QApplication::exec(),缺少了这个,QTimer等事件和QT创建的窗口将不能弹出(包括opencv也是不能弹出);这与qt调用本身qt库是有本质的区别的思路:1.调用方缺QApplication::exec(),那么我们在接口
    
                    
    • 
                    
  • 绘本讲师训练营【24期】8/21阅读原创《独生小孩》
                        1784e22615e0

                        
    24016-孟娟《独生小孩》图片发自App今天我想分享一个蛮特别的绘本,讲的是一个特殊的群体,我也是属于这个群体,80后的独生小孩。这是一本中国绘本,作者郭婧,也是一个80厚。全书一百多页,均为铅笔绘制,虽然为黑白色调,但并不显得沉闷。全书没有文字,犹如“默片”,但并不影响读者对该作品的理解,反而显得神秘,梦幻,給读者留下想象的空间。作者在前蝴蝶页这样写到:“我更希望父母和孩子一起分享这本书,使他
    
                    
    • 
                    
  • 店群合一模式下的社区团购新发展——结合链动 2+1 模式、AI 智能名片与 S2B2C 商城小程序源码
                        说私域
人工智能小程序
                        
    摘要:本文探讨了店群合一的社区团购平台在当今商业环境中的重要性和优势。通过分析店群合一模式如何将互联网社群与线下终端紧密结合,阐述了链动2+1模式、AI智能名片和S2B2C商城小程序源码在这一模式中的应用价值。这些创新元素的结合为社区团购带来了新的机遇,提升了用户信任感、拓展了营销渠道,并实现了线上线下的完美融合。一、引言随着互联网技术的不断发展,社区团购作为一种新兴的商业模式,在满足消费者日常需
    
                    
    • 
                    
  • 我校举行新老教师师徒结对仪式暨名师专业工作室工作交流活动
                        李蕾1229

                        
    为促进我校教师专业发展,发挥骨干教师的引领带头作用,11月6日下午,我校举行新老教师师徒结对仪式暨名师专业工作室工作交流活动。图片发自App会议由教师发展处李蕾主任主持,首先,由范校长宣读新老教师结对名单及双方承担职责。随后,两位新调入教师陈玉萍、莫正杰分别和他们的师傅鲍元美、刘召彬老师签订了师徒结对协议书。图片发自App图片发自App师徒拥抱、握手。有了师傅就有了目标有了方向,相信两位新教师在师
    
                    
    • 
                    
  • 向内而求
                        陈陈_19b4

                        
    10月27日,阴。阅读书目:《次第花开》。作者:希阿荣博堪布,是当今藏传佛家宁玛派最伟大的上师法王,如意宝晋美彭措仁波切颇具影响力的弟子之一。多年以来,赴海内外各地弘扬佛法,以正式授课、现场开示、发表文章等多种方法指导佛学弟子修行佛法。代表作《寂静之道》、《生命这出戏》、《透过佛法看世界》自出版以来一直是佛教类书籍中的畅销书。图片发自App金句:1.佛陀说,一切痛苦的根源在于我们长期以来对自身及外
    
                    
    • 
                    
  • 消息中间件有哪些常见类型
                        xmh-sxh-1314
java
                        
    消息中间件根据其设计理念和用途,可以大致分为以下几种常见类型:点对点消息队列(Point-to-PointMessagingQueues):在这种模型中,消息被发送到特定的队列中,消费者从队列中取出并处理消息。队列中的消息只能被一个消费者消费,消费后即被删除。常见的实现包括IBM的MQSeries、RabbitMQ的部分使用场景等。适用于任务分发、负载均衡等场景。发布/订阅消息模型(Pub/Sub
    
                    
    • 
                    
  • ArcGIS栅格计算器常见公式(赋值、0和空值的转换、补充栅格空值)
                        研学随笔
arcgis经验分享
                        
    我们在使用ArcGIS时通常经常用到栅格计算器,今天主要给大家介绍我日常中经常用到的几个公式,供大家参考学习。将特定值(-9999)赋值为0,例如-9999.Con("raster"==-9999,0,"raster")2.给空值赋予特定的值(如0)Con(IsNull("raster"),0,"raster")3.将特定的栅格值(如1)赋值为空值,其他保留原值SetNull("raster"==
    
                    
    • 
                    
  • 高级编程--XML+socket练习题
                        masa010
java开发语言
                        
    1.北京华北2114.8万人上海华东2,500万人广州华南1292.68万人成都华西1417万人(1)使用dom4j将信息存入xml中(2)读取信息,并打印控制台(3)添加一个city节点与子节点(4)使用socketTCP协议编写服务端与客户端,客户端输入城市ID,服务器响应相应城市信息(5)使用socketTCP协议编写服务端与客户端,客户端要求用户输入city对象,服务端接收并使用dom4j
    
                    
    • 
                    
  • 那个抄袭的大张伟
                        猫小努

                        
    最近一直在追《即刻电音》这个综艺,除了觉得出场节目的音乐制作人有意思之外,也觉得有两个导师挺有趣的(另外一个就忽略了吧)。孙艺兴在上一篇文章里面已经说过了,那么这篇就说说我们的大老师,大张伟吧。其实在节目刚开始大张伟出来的时候,我以为他是属于导师里面来活跃气氛负责搞笑的,毕竟孙艺兴属于卖萌卖傻卖老实的,尚雯婕一般负责装逼耍狠的,而大张伟一贯以来上综艺的形象基本上都是蹦蹦跳跳带动气氛的。谁知道,两期
    
                    
    • 
                                
  • PHP,安卓,UI,java,linux视频教程合集
                                    cocos2d-x小菜
javaUIPHPandroidlinux
                                    
    ╔-----------------------------------╗┆                           
    
                                
    • 
                                
  • 各表中的列名必须唯一。在表 'dbo.XXX' 中多次指定了列名 'XXX'。
                                    bozch
.net.net mvc
                                    
    在.net mvc5中,在执行某一操作的时候,出现了如下错误: 
      各表中的列名必须唯一。在表 'dbo.XXX' 中多次指定了列名 'XXX'。 
经查询当前的操作与错误内容无关,经过对错误信息的排查发现,事故出现在数据库迁移上。 
回想过去: 在迁移之前已经对数据库进行了添加字段操作,再次进行迁移插入XXX字段的时候,就会提示如上错误。  
&
    
                                
    • 
                                
  • Java 对象大小的计算
                                    e200702084
java
                                    
                              Java对象的大小 
 
如何计算一个对象的大小呢? 
 
 
   
    
                                
    • 
                                
  • Mybatis Spring
                                    171815164
mybatis
                                    
    ApplicationContext ac = new ClassPathXmlApplicationContext("applicationContext.xml");
CustomerService userService = (CustomerService) ac.getBean("customerService");
Customer cust
    
                                
    • 
                                
  • JVM 不稳定参数
                                    g21121
jvm
                                    
            -XX 参数被称为不稳定参数,之所以这么叫是因为此类参数的设置很容易引起JVM 性能上的差异,使JVM 存在极大的不稳定性。当然这是在非合理设置的前提下,如果此类参数设置合理讲大大提高JVM 的性能及稳定性。        可以说“不稳定参数”
    
                                
    • 
                                
  • 用户自动登录网站
                                    永夜-极光
用户
                                    
    1.目标:实现用户登录后,再次登录就自动登录,无需用户名和密码 
2.思路:将用户的信息保存为cookie 
           每次用户访问网站,通过filter拦截所有请求,在filter中读取所有的cookie,如果找到了保存登录信息的cookie,那么在cookie中读取登录信息,然后直接
    
                                
    • 
                                
  • centos7 安装后失去win7的引导记录
                                    程序员是怎么炼成的
操作系统
                                    
    1.使用root身份(必须)打开 /boot/grub2/grub.cfg 2.找到 ### BEGIN /etc/grub.d/30_os-prober ###   在后面添加    menuentry "Windows 7 (loader) (on /dev/sda1)" { 
    
                                
    • 
                                
  • Oracle 10g 官方中文安装帮助文档以及Oracle官方中文教程文档下载
                                    aijuans
oracle
                                    
    Oracle 10g 官方中文安装帮助文档下载:http://download.csdn.net/tag/Oracle%E4%B8%AD%E6%96%87API%EF%BC%8COracle%E4%B8%AD%E6%96%87%E6%96%87%E6%A1%A3%EF%BC%8Coracle%E5%AD%A6%E4%B9%A0%E6%96%87%E6%A1%A3 Oracle 10g 官方中文教程
    
                                
    • 
                                
  • JavaEE开源快速开发平台G4Studio_V3.2发布了
                                    無為子
AOPoraclemysqljavaeeG4Studio
                                    
      
我非常高兴地宣布,今天我们最新的JavaEE开源快速开发平台G4Studio_V3.2版本已经正式发布。大家可以通过如下地址下载。 
  
访问G4Studio网站  
http://www.g4it.org      
G4Studio_V3.2版本变更日志 
功能新增 
(1).新增了系统右下角滑出提示窗口功能。 
(2).新增了文件资源的Zip压缩和解压缩
    
                                
    • 
                                
  • Oracle常用的单行函数应用技巧总结
                                    百合不是茶
日期函数转换函数(核心)数字函数通用函数(核心)字符函数
                                    
    单行函数;   字符函数,数字函数,日期函数,转换函数(核心),通用函数(核心) 
一:字符函数: 
   .UPPER(字符串) 将字符串转为大写
   .LOWER (字符串) 将字符串转为小写 
   .INITCAP(字符串) 将首字母大写
   .LENGTH (字符串) 字符串的长度
   .REPLACE(字符串,'A','_') 将字符串字符A转换成_

    
                                
    • 
                                
  • Mockito异常测试实例
                                    bijian1013
java单元测试mockito
                                    
    Mockito异常测试实例: 
package com.bijian.study;

import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import org.junit.Assert;
import org.junit.Test;

import org.mockito.
    
                                
    • 
                                
  • GA与量子恒道统计
                                    Bill_chen
JavaScript浏览器百度Google防火墙
                                    
    前一阵子,统计**网址时,Google Analytics(GA) 和量子恒道统计(也称量子统计),数据有较大的偏差,仔细找相关资料研究了下,总结如下: 
  
为何GA和量子网站统计(量子统计前身为雅虎统计)结果不同? 
首先:没有一种网站统计工具能保证百分之百的准确出现该问题可能有以下几个原因:(1)不同的统计分析系统的算法机制不同;(2)统计代码放置的位置和前后
    
                                
    • 
                                
  • 【Linux命令三】Top命令
                                    bit1129
linux命令
                                    
    Linux的Top命令类似于Windows的任务管理器,可以查看当前系统的运行情况,包括CPU、内存的使用情况等。如下是一个Top命令的执行结果: 
  
  
top - 21:22:04 up 1 day, 23:49, 1 user, load average: 1.10, 1.66, 1.99
Tasks: 202 total,   4 running, 198 sl
    
                                
    • 
                                
  • spring四种依赖注入方式
                                    白糖_
spring
                                    
       平常的java开发中,程序员在某个类中需要依赖其它类的方法,则通常是new一个依赖类再调用类实例的方法,这种开发存在的问题是new的类实例不好统一管理,spring提出了依赖注入的思想,即依赖类不由程序员实例化,而是通过spring容器帮我们new指定实例并且将实例注入到需要该对象的类中。依赖注入的另一种说法是“控制反转”,通俗的理解是:平常我们new一个实例,这个实例的控制权是我
    
                                
    • 
                                
  • angular.injector
                                    boyitech
AngularJSAngularJS API
                                    
    angular.injector 
   描述:   创建一个injector对象, 调用injector对象的方法可以获得angular的service, 或者用来做依赖注入.        使用方法:   angular.injector(modules, [strictDi])        参数详解:      Param Type Details   mod
    
                                
    • 
                                
  • java-同步访问一个数组Integer[10],生产者不断地往数组放入整数1000,数组满时等待;消费者不断地将数组里面的数置零,数组空时等待
                                    bylijinnan
Integer
                                    
    

public class PC {

	/**
	 * 题目:生产者-消费者。
	 * 同步访问一个数组Integer[10],生产者不断地往数组放入整数1000,数组满时等待;消费者不断地将数组里面的数置零,数组空时等待。
	 */
	
	private static final Integer[] val=new Integer[10];
	private static
    
                                
    • 
                                
  • 使用Struts2.2.1配置
                                    Chen.H
apachespringWebxmlstruts
                                    
    Struts2.2.1 需要如下 jar包: commons-fileupload-1.2.1.jar commons-io-1.3.2.jar commons-logging-1.0.4.jar freemarker-2.3.16.jar javassist-3.7.ga.jar ognl-3.0.jar spring.jar 
struts2-core-2.2.1.jar struts2-sp
    
                                
    • 
                                
  • [职业与教育]青春之歌
                                    comsci
教育
                                    
     
 
       每个人都有自己的青春之歌............但是我要说的却不是青春... 
 
       大家如果在自己的职业生涯没有给自己以后创业留一点点机会,仅仅凭学历和人脉关系,是难以在竞争激烈的市场中生存下去的.... 
 
  &nbs
    
                                
    • 
                                
  • oracle连接(join)中使用using关键字
                                    daizj
JOINoraclesqlusing
                                    
    在oracle连接(join)中使用using关键字 
34. View the Exhibit and examine the structure of the ORDERS and ORDER_ITEMS tables. 
Evaluate the following SQL statement: 
SELECT oi.order_id, product_id, order_date 
FRO
    
                                
    • 
                                
  • NIO示例
                                    daysinsun
nio
                                    
    NIO服务端代码: 
 

public class NIOServer {
	
	private Selector selector;

	
	public void startServer(int port) throws IOException {

		ServerSocketChannel serverChannel = ServerSocketChannel.open(
    
                                
    • 
                                
  • C语言学习homework1
                                    dcj3sjt126com
chomework
                                    
    0、 课堂练习做完 
1、使用sizeof计算出你所知道的所有的类型占用的空间。 
int x; 
sizeof(x); 
  
sizeof(int); 
  
# include <stdio.h>

int main(void)
{
	int x1;
	char x2;
	double x3;
	float x4;

	printf(&quo
    
                                
    • 
                                
  • select in order by , mysql排序
                                    dcj3sjt126com
mysql
                                    
    If i select like this: 
SELECT id FROM users WHERE id IN(3,4,8,1); 
This by default will select users in this order 
1,3,4,8, 
I would like to select them in the same order that i put IN() values so: 
    
                                
    • 
                                
  • 页面校验-新建项目
                                    fanxiaolong
页面校验
                                    
    $(document).ready(
	function() {
			var flag = true;
		$('#changeform').submit(function() {
			var projectScValNull = true;
			var s ="";
			var parent_id = $("#parent_id").v
    
                                
    • 
                                
  • Ehcache(02)——ehcache.xml简介
                                    234390216
ehcacheehcache.xml简介
                                    
    ehcache.xml简介 
  
       ehcache.xml文件是用来定义Ehcache的配置信息的,更准确的来说它是定义CacheManager的配置信息的。根据之前我们在《Ehcache简介》一文中对CacheManager的介绍我们知道一切Ehcache的应用都是从CacheManager开始的。在不指定配置信
    
                                
    • 
                                
  • junit 4.11中三个新功能
                                    jackyrong
java
                                    
    junit 4.11中两个新增的功能,首先是注解中可以参数化,比如 
 
 


import static org.junit.Assert.assertEquals;
 
import java.util.Arrays;
 
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runn
    
                                
    • 
                                
  • 国外程序员爱用苹果Mac电脑的10大理由
                                    php教程分享
windowsPHPunixMicrosoftperl
                                    
    Mac 在国外很受欢迎,尤其是在 设计/web开发/IT 人员圈子里。普通用户喜欢 Mac 可以理解,毕竟 Mac 设计美观,简单好用,没有病毒。那么为什么专业人士也对 Mac 情有独钟呢?从个人使用经验来看我想有下面几个原因: 
1、Mac OS X 是基于 Unix 的 
这一点太重要了,尤其是对开发人员,至少对于我来说很重要,这意味着Unix 下一堆好用的工具都可以随手捡到。如果你是个 wi
    
                                
    • 
                                
  • 位运算、异或的实际应用
                                    wenjinglian
位运算
                                    
    一. 位操作基础,用一张表描述位操作符的应用规则并详细解释。 
      二. 常用位操作小技巧,有判断奇偶、交换两数、变换符号、求绝对值。 
      三. 位操作与空间压缩,针对筛素数进行空间压缩。 
   &n
    
                                
    • 
                                
  • weblogic部署项目出现的一些问题(持续补充中……)
                                    Everyday都不同
weblogic部署失败
                                    
    好吧,weblogic的问题确实…… 
  
问题一: 
org.springframework.beans.factory.BeanDefinitionStoreException: Failed to read candidate component class: URL [zip:E:/weblogic/user_projects/domains/base_domain/serve
    
                                
    • 
                                
  • tomcat7性能调优(01)
                                    toknowme
tomcat7
                                    
      
    
Tomcat优化:   1、最大连接数最大线程等设置    
<Connector port="8082" protocol="HTTP/1.1" 
               useBodyEncodingForURI="t
    
                                
    • 
                                
  • PO VO DAO DTO BO TO概念与区别
                                    xp9802
javaDAO设计模式bean领域模型
                                    
    O/R Mapping 是 Object Relational Mapping(对象关系映射)的缩写。通俗点讲,就是将对象与关系数据库绑定,用对象来表示关系数据。在O/R Mapping的世界里,有两个基本的也是重要的东东需要了解,即VO,PO。 
它们的关系应该是相互独立的,一个VO可以只是PO的部分,也可以是多个PO构成,同样也可以等同于一个PO(指的是他们的属性)。这样,PO独立出来,数据持
    
                                
    •