ipad协议逆向分析实战篇-1
请使用dnspy环境进行学习研究,切勿用于非法操作
1.首先拿到得到的部署包进行逆向分析
2.解压部署包并找到bin这个文件夹
3.找到Wechat.Api.dll这个文件
4.这两个是协议的核心文件,破解了这个核心文件就可以得出逻辑源码
5.首先把Wechat.Api.dll这个文件进行dnspy反编译
6.拖进去后我们可以得到一些基本信息如下
// 时间戳: 64EF0B8D (2023/8/30 9:27:41)
using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Runtime.Versioning;
using System.Web;
using Wechat.Api;
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: CompilationRelaxations(8)]
[assembly: RuntimeCompatibility(WrapNonExceptionThrows = true)]
[assembly: Debuggable(DebuggableAttribute.DebuggingModes.IgnoreSymbolStoreSequencePoints)]
[assembly: AssemblyTitle("Wechat.Api")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Wechat.Api")]
[assembly: AssemblyCopyright("版权所有(C) 2019")]
[assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)]
[assembly: Guid("4aed2644-c334-4232-a14e-e2516be77451")]
[assembly: PreApplicationStartMethod(typeof(SwaggerConfig), "Register")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: TargetFramework(".NETFramework,Version=v4.8", FrameworkDisplayName = ".NET Framework 4.8")]
7.找到Logincontroller这个项目名称
using System;
using System.Net.Http;
using System.Runtime.CompilerServices;
using System.Threading.Tasks;
using System.Web.Http;
using micromsg;
using MMPro;
using Wechat.Api.Abstracts;
using Wechat.Api.Extensions;
using Wechat.Api.Filters;
using Wechat.Api.Helper;
using Wechat.Api.Request.Login;
using Wechat.Api.Response.Login;
using Wechat.Protocol;
using Wechat.Protocol.Andriod;
using Wechat.Util.Cache;
namespace Wechat.Api.Controllers
{
///
/// 登陆
///
// Token: 0x020000C8 RID: 200
public class LoginController : WebchatControllerBase
{
///
/// 生成二维码
///
///
// Token: 0x06000487 RID: 1159 RVA: 0x000074C4 File Offset: 0x000056C4
[HttpGet]
[NoRequestLog]
[Route("api/Login/GetQrCode")]
public Task
{
LoginController.
return
}
///
/// 获取登陆二维码
///
///
// Token: 0x06000488 RID: 1160 RVA: 0x00007508 File Offset: 0x00005708
[HttpPost]
[NoRequestLog]
[Route("api/Login/GetQrCode")]
public Task
{
ResponseBase
MM.GetLoginQRCodeResponse result = this.wechat.GetLoginQRcode(0, (getQrCode != null) ? getQrCode.ProxyIp : null, (getQrCode != null) ? getQrCode.ProxyUserName : null, (getQrCode != null) ? getQrCode.ProxyPassword : null, (getQrCode != null) ? getQrCode.DeviceId : null, (getQrCode != null) ? getQrCode.DeviceName : null);
if (result != null && result.baseResponse.ret == MM.RetConst.MM_OK)
{
response.Data = new QrCodeResponse
{
QrBase64 = "data:img/jpg;base64," + Convert.ToBase64String(result.qRCode.src),
Uuid = result.uuid,
ExpiredTime = DateTime.Now.AddSeconds(result.expiredTime)
};
}
else
{
response.Success = false;
response.Code = "501";
response.Message = "获取二维码失败";
}
return response.ToHttpResponseAsync();
}
///
/// 检查是否登陆
///
///
///
// Token: 0x06000489 RID: 1161 RVA: 0x000075F0 File Offset: 0x000057F0
[HttpPost]
[Route("api/Login/CheckLogin/{Uuid}")]
public Task
{
ResponseBase
CustomerInfoCache result = this.wechat.CheckLoginQRCode(uuid, 1);
CheckLoginResponse checkLoginResponse = new CheckLoginResponse();
checkLoginResponse.State = result.State;
checkLoginResponse.Uuid = result.Uuid;
checkLoginResponse.WxId = result.WxId;
checkLoginResponse.NickName = result.NickName;
checkLoginResponse.Device = result.Device;
checkLoginResponse.HeadUrl = result.HeadUrl;
checkLoginResponse.Mobile = result.BindMobile;
checkLoginResponse.Email = result.BindEmail;
checkLoginResponse.Alias = result.Alias;
checkLoginResponse.DeviceId = result.DeviceId;
checkLoginResponse.DeviceName = result.DeviceName;
if (result.WxId != null)
{
checkLoginResponse.Data62 = this.wechat.Get62Data(result.WxId);
}
response.Data = checkLoginResponse;
return response.ToHttpResponseAsync();
}
///
/// Data62登陆
///
///
///
// Token: 0x0600048A RID: 1162 RVA: 0x000076C8 File Offset: 0x000058C8
[HttpPost]
[Route("api/Login/Data62Login")]
public Task
{
ResponseBase
MM.ManualAuthResponse result = this.wechat.UserLogin(data62Login.UserName, data62Login.Password, data62Login.Data62, data62Login.ProxyIp, data62Login.ProxyUserName, data62Login.ProxyPassword, null, 1);
response.Data = result;
return response.ToHttpResponseAsync();
}
///
/// DataA16登陆
///
///
///
// Token: 0x0600048B RID: 1163 RVA: 0x0000771C File Offset: 0x0000591C
[HttpPost]
[Route("api/Login/DataA16Login")]
public Task
{
ResponseBase
MM.ManualAuthResponse result = this.wechat.AndroidManualAuth(dataA16Login.UserName, dataA16Login.Password, dataA16Login.DataA16, Guid.NewGuid().ToString(), dataA16Login.ProxyIp, dataA16Login.ProxyUserName, dataA16Login.ProxyPassword);
response.Data = result;
return response.ToHttpResponseAsync();
}
///
/// 62转A16
///
///
///
// Token: 0x0600048C RID: 1164 RVA: 0x00007780 File Offset: 0x00005980
[HttpPost]
[Route("api/Login/Data62ToA16")]
public Task
{
ResponseBase
MM.ManualAuthResponse result = this.wechat.UserLogin(data62Login.UserName, data62Login.Password, data62Login.Data62, data62Login.ProxyIp, data62Login.ProxyUserName, data62Login.ProxyPassword, null, 1);
Data62ToA16Response data62ToA16Response = new Data62ToA16Response();
data62ToA16Response.ManualAuthResponse = result;
response.Data = data62ToA16Response;
if (result.baseResponse.ret == MM.RetConst.MM_OK)
{
string a16 = Fun.GenDeviceID();
data62ToA16Response.A16 = a16;
WechatHelper.QRCode qrcode = this.wechat.A16LoginAndGetQRCode(data62Login.UserName, data62Login.Password, a16, data62Login.ProxyIp, data62Login.ProxyUserName, data62Login.ProxyPassword);
if (qrcode.status == 1)
{
response.Message = "转换A16成功";
return response.ToHttpResponseAsync();
}
if (!string.IsNullOrEmpty(qrcode.uuid))
{
string qrurl = "https://login.weixin.qq.com/q/" + qrcode.uuid;
MM.GetA8KeyResponse a8KeyResp = this.wechat.GetA8Key(result.accountInfo.wxid, "", qrurl, 2, null);
if (a8KeyResp.baseResponse.ret == MM.RetConst.MM_OK && a8KeyResp.fullURL != "")
{
HttpHelper httpHelper = new HttpHelper();
HttpItem httpItem4 = new HttpItem
{
URL = a8KeyResp.fullURL,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
};
HttpResult httpResult4 = httpHelper.GetHtml(httpItem4);
string urlConfirm = HttpHelper.GetBetweenHtml(httpResult4.Html, "confirm=1", ">");
string relaUrl = "https://login.weixin.qq.com/confirm?confirm=1" + urlConfirm.Replace("\"", "");
string cookies = HttpHelper.GetSmallCookie(httpResult4.Cookie);
httpItem4 = new HttpItem
{
URL = relaUrl,
Method = "POST",
ContentType = "application/x-www-form-urlencoded",
Cookie = cookies,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
};
httpResult4 = httpHelper.GetHtml(httpItem4);
string returl = string.Concat(new string[]
{
"https://login.weixin.qq.com/cgi-bin/mmwebwx-bin/login?uuid=",
qrcode.uuid,
"&r=",
((DateTime.Now.ToUniversalTime().Ticks - 621355968000000000L) / 10000000L).ToString(),
"&t=simple_auth/w_qrcode_show&&ticket=",
qrcode.ticket,
"&wechat_real_lang=zh_CN&idc=2&qrcliticket=",
qrcode.qrcliticket
});
httpItem4 = new HttpItem
{
URL = returl,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "*/*"
};
httpResult4 = httpHelper.GetHtml(httpItem4);
string redirect_uri = HttpHelper.GetBetweenHtml(httpResult4.Html, "window.redirect_uri=", ";").Replace("\"", "").Trim();
httpItem4 = new HttpItem
{
URL = redirect_uri,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "*/*"
};
httpResult4 = httpHelper.GetHtml(httpItem4);
MM.ManualAuthResponse ret = this.wechat.AndroidManualAuth(data62Login.UserName, data62Login.Password, a16, Guid.NewGuid().ToString(), data62Login.ProxyIp, data62Login.ProxyUserName, data62Login.ProxyPassword);
if (ret.baseResponse.ret == MM.RetConst.MM_OK)
{
data62ToA16Response.A16 = a16;
data62ToA16Response.ManualAuthResponse = ret;
response.Data = data62ToA16Response;
response.Message = "转换A16成功";
return response.ToHttpResponseAsync();
}
}
}
}
response.Data = data62ToA16Response;
response.Message = "转换A16失败";
response.Success = false;
return response.ToHttpResponseAsync();
}
///
/// A16转62
///
///
///
// Token: 0x0600048D RID: 1165 RVA: 0x00007B18 File Offset: 0x00005D18
[HttpPost]
[Route("api/Login/A16ToData62")]
public Task
{
ResponseBase
MM.ManualAuthResponse result = this.wechat.AndroidManualAuth(dataA16Login.UserName, dataA16Login.Password, dataA16Login.DataA16, Guid.NewGuid().ToString(), dataA16Login.ProxyIp, dataA16Login.ProxyUserName, dataA16Login.ProxyPassword);
DataA16To62Response dataA16To62Response = new DataA16To62Response();
dataA16To62Response.ManualAuthResponse = result;
if (result.baseResponse.ret == MM.RetConst.MM_OK)
{
string wxnew62 = Util.SixTwoData(Guid.NewGuid().ToString("N"));
WechatHelper.QRCode qrcode = this.wechat.UserLoginQRCode(dataA16Login.UserName, dataA16Login.Password, wxnew62, dataA16Login.ProxyIp, dataA16Login.ProxyUserName, dataA16Login.ProxyPassword, null, 1);
if (!string.IsNullOrEmpty(qrcode.uuid))
{
string qrurl = "https://login.weixin.qq.com/q/" + qrcode.uuid;
MM.GetA8KeyResponse rsult = this.wechat.GetA8Key(result.accountInfo.wxid, "", qrurl, 2, null);
if (!string.IsNullOrEmpty(rsult.fullURL))
{
HttpHelper httpHelper = new HttpHelper();
HttpItem httpItem4 = new HttpItem
{
URL = rsult.fullURL,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
};
HttpResult httpResult4 = httpHelper.GetHtml(httpItem4);
string urlConfirm = HttpHelper.GetBetweenHtml(httpResult4.Html, "confirm=1", ">");
string relaUrl = "https://login.weixin.qq.com/confirm?confirm=1" + urlConfirm.Replace("\"", "");
string cookies = HttpHelper.GetSmallCookie(httpResult4.Cookie);
httpItem4 = new HttpItem
{
URL = relaUrl,
Method = "POST",
ContentType = "application/x-www-form-urlencoded",
Cookie = cookies,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
};
httpResult4 = httpHelper.GetHtml(httpItem4);
string returl = string.Concat(new string[]
{
"https://login.weixin.qq.com/cgi-bin/mmwebwx-bin/login?uuid=",
qrcode.uuid,
"&r=",
((DateTime.Now.ToUniversalTime().Ticks - 621355968000000000L) / 10000000L).ToString(),
"&t=simple_auth/w_qrcode_show&&ticket=",
qrcode.ticket,
"&wechat_real_lang=zh_CN&idc=2&qrcliticket=",
qrcode.qrcliticket
});
httpItem4 = new HttpItem
{
URL = returl,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "*/*"
};
httpResult4 = httpHelper.GetHtml(httpItem4);
string redirect_uri = HttpHelper.GetBetweenHtml(httpResult4.Html, "window.redirect_uri=", ";").Replace("\"", "").Trim();
httpItem4 = new HttpItem
{
URL = redirect_uri,
UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
Accept = "*/*"
};
httpResult4 = httpHelper.GetHtml(httpItem4);
MM.ManualAuthResponse datalogin = this.wechat.UserLogin(dataA16Login.UserName, dataA16Login.Password, wxnew62, null, null, null, null, 1);
if (datalogin.baseResponse.ret == MM.RetConst.MM_OK)
{
response.Message = "转换62成功";
dataA16To62Response.Data62 = wxnew62;
dataA16To62Response.ManualAuthResponse = datalogin;
response.Data = dataA16To62Response;
return response.ToHttpResponseAsync();
}
}
}
}
response.Data = dataA16To62Response;
response.Message = "转换62失败";
response.Success = false;
return response.ToHttpResponseAsync();
}
///
/// 二次登陆
///
///
///
// Token: 0x0600048E RID: 1166 RVA: 0x00007E78 File Offset: 0x00006078
[HttpPost]
[Route("api/Login/TwiceLogin/{wxId}")]
public Task
{
ResponseBase
MM.ManualAuthResponse result = this.wechat.TwiceLogin(wxId, 1);
if (result == null || result.baseResponse.ret != MM.RetConst.MM_OK)
{
response.Success = false;
response.Code = "501";
response.Message = (result.baseResponse.errMsg.@string ?? "登陆失败");
}
else
{
response.Data = result;
response.Message = "登陆成功";
}
return response.ToHttpResponseAsync();
}
///
/// 二维码唤醒登录
///
///
///
// Token: 0x0600048F RID: 1167 RVA: 0x00007EF4 File Offset: 0x000060F4
[HttpPost]
[Route("api/Login/TwiceQrCodeLogin/{wxId}")]
public Task
{
ResponseBase
MM.PushLoginURLResponse result = this.wechat.TwiceQrCodeLogin(wxId);
if (result == null || result.baseResponse.ret != MM.RetConst.MM_OK)
{
response.Success = false;
response.Code = "501";
response.Message = (result.baseResponse.errMsg.@string ?? "登陆失败");
}
else
{
response.Data = result;
response.Message = "登陆成功";
}
return response.ToHttpResponseAsync();
}
///
/// 退出登录
///
///
///
// Token: 0x06000490 RID: 1168 RVA: 0x00007F70 File Offset: 0x00006170
[HttpPost]
[Route("api/Login/Logout/{wxId}")]
public Task
{
ResponseBase
LogOutResponse result = this.wechat.logOut(wxId);
if (result == null || result.BaseResponse.Ret != 0)
{
response.Success = false;
response.Code = "501";
response.Message = (result.BaseResponse.ErrMsg.String ?? "退出失败");
}
else
{
response.Message = "退出成功";
}
return response.ToHttpResponseAsync();
}
///
/// 扫码登录其他设备(A16或者62登录的账号可用)
///
///
///
// Token: 0x06000491 RID: 1169 RVA: 0x00007FE4 File Offset: 0x000061E4
[HttpPost]
[Route("api/Login/ExtDeviceLoginConfirmGet")]
public Task
{
ResponseBase
ExtDeviceLoginConfirmGetResponse result = this.wechat.ExtDeviceLoginConfirmGet(extDeviceLoginConfirmOK.WxId, extDeviceLoginConfirmOK.LoginUrl);
response.Data = result;
return response.ToHttpResponseAsync();
}
///
/// 确认登录其他设备
///
///
///
// Token: 0x06000492 RID: 1170 RVA: 0x0000801C File Offset: 0x0000621C
[HttpPost]
[Route("api/Login/ExtDeviceLoginConfirmOK")]
public Task
{
ResponseBase
ExtDeviceLoginConfirmOKResponse result = this.wechat.ExtDeviceLoginConfirmOK(extDeviceLoginConfirmOK.WxId, extDeviceLoginConfirmOK.LoginUrl);
response.Data = result;
return response.ToHttpResponseAsync();
}
///
/// 获取登陆Url
///
///
///
// Token: 0x06000493 RID: 1171 RVA: 0x00008054 File Offset: 0x00006254
[HttpPost]
[Route("api/Login/GetLoginUrl")]
public Task
{
ResponseBase
GetLoginURLResponse result = this.wechat.GetLoginURL(getLoginUrl.WxId, getLoginUrl.Uuid);
response.Data = result;
return response.ToHttpResponseAsync();
}
///
/// 获取62数据
///
///
///
// Token: 0x06000494 RID: 1172 RVA: 0x0000808C File Offset: 0x0000628C
[HttpPost]
[Route("api/Login/Get62Data/{wxId}")]
public Task
{
ResponseBase
string result = this.wechat.Get62Data(wxId);
response.Data = result;
return response.ToHttpResponseAsync();
}
///
/// 辅助登录新手机设备
///
///
///
// Token: 0x06000495 RID: 1173 RVA: 0x000080BC File Offset: 0x000062BC
[HttpPost]
[Route("api/Login/PhoneDeviceLogin")]
public Task
{
ResponseBase responseBase = new ResponseBase();
MM.GetA8KeyResponse a8Key = this.wechat.GetA8Key(phoneLogin.WxId, "", phoneLogin.Url, 2, null);
bool flag = a8Key.fullURL.Contains("https://login.weixin.qq.com");
if (flag)
{
SeleniumHelper seleniumHelper = new SeleniumHelper(Browsers.Chrome);
try
{
seleniumHelper.GoToUrl(a8Key.fullURL);
seleniumHelper.ClickElement(seleniumHelper.FindElementByXPath("/html/body/form/div[3]/p/button"));
responseBase.Message = "辅助成功,请在手机再次登录";
}
catch (Exception ex)
{
responseBase.Success = false;
responseBase.Code = "501";
responseBase.Message = "登录失败,二维码已过期-" + ex.Message;
}
seleniumHelper.Cleanup();
}
else
{
responseBase.Success = false;
responseBase.Code = "501";
responseBase.Message = "登录失败";
}
return responseBase.ToHttpResponseAsync();
}
///
/// 辅助登录其他应用(https://open.weixin.qq.com/)
///
///
///
// Token: 0x06000496 RID: 1174 RVA: 0x0000819C File Offset: 0x0000639C
[HttpPost]
[Route("api/Login/OtherDeviceLogin")]
public Task
{
ResponseBase responseBase = new ResponseBase();
MM.GetA8KeyResponse a8Key = this.wechat.GetA8Key(phoneLogin.WxId, "", phoneLogin.Url, 2, null);
bool flag = a8Key.fullURL.Contains("https://open.weixin.qq.com/");
if (flag)
{
SeleniumHelper seleniumHelper = new SeleniumHelper(Browsers.Chrome);
try
{
seleniumHelper.GoToUrl(a8Key.fullURL);
seleniumHelper.ClickElement(seleniumHelper.FindElementByXPath("//*[@id=\"js_allow\"]"));
responseBase.Message = "登录成功";
}
catch (Exception ex)
{
responseBase.Success = false;
responseBase.Code = "501";
responseBase.Message = "登录失败,二维码已过期-" + ex.Message;
}
seleniumHelper.Cleanup();
}
else
{
responseBase.Success = false;
responseBase.Code = "501";
responseBase.Message = "登录失败";
}
return responseBase.ToHttpResponseAsync();
}
///
/// 验证身份证
///
///
///
// Token: 0x06000497 RID: 1175 RVA: 0x0000827C File Offset: 0x0000647C
[Route("api/user/VerifyIdCard")]
public Task
{
ResponseBase
VerifyPersonalInfoResp result = this.wechat.VerifyPersonalInfo(verifyIdCard.WxId, verifyIdCard.RealName, verifyIdCard.IdCardType, verifyIdCard.IDCardNumber);
response.Data = result;
return response.ToHttpResponseAsync();
}
}
}
得到核心信息以及请求详细参数也可以进行修改
8.结束(仅供学习参考使用)