可米网络电话 核心分析

’ 登录

' POST http://app.gekgek.com/callme/user.do?action=login&u=手机号&p=MD5(密码)HTTP/1.1
' Connection: Keep-Alive
' Content-Type: application/x-www-form-urlencoded
' User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; Lenovo K30-T Build/KTU84P)
' Host: app.gekgek.com
' Accept-Encoding: gzip
' Content-Length: 0

' 登陆成功返回 token=2056222||145709552222||OJ6fhsevsKsEcAddJ0222==

’ 拨打电话

' http://app.gekgek.com/callme/user.do?action=call&param=DES密码（）

============程序代码=====

localStringBuffer.append("http://app.gekgek.com/callme/user.do?action=call").append("&param=").append(URLEncoder.encode(h.a(((JSONStringer)localObject1).toString(), CallJni.a().getDesKey()), "utf-8"));

其实就是这段加密

URLEncoder.encode(h.a(((JSONStringer)localObject1).toString(), CallJni.a().getDesKey()), "utf-8")

—————————————–分析

URLEncoder.encode("***", "utf-8") utf8编码

————–localObject1—来源

this.d = paramHandler;  // 消息
this.c = paramString3; // Toekn
this.b = paramString2; // 密码
this.a = paramString1; // 账号

Object localObject1 = new JSONStringer().object().key("t").value(this.a).key("c").value(this.c).key("ca").value(this.b).endObject();

————-就剩—-localObject1—来源

h.a(((JSONStringer)localObject1).toString(), CallJni.a().getDesKey())

首先找到h.a方法

public class h
{
  private static byte[] a = { 1, 2, 3, 4, 5, 6, 7, 8 };

  public static String a(String paramString1, String paramString2)
  {
    IvParameterSpec localIvParameterSpec = new IvParameterSpec(a);
    paramString2 = new SecretKeySpec(paramString2.getBytes(), "DES");
    Cipher localCipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
    localCipher.init(1, paramString2, localIvParameterSpec);
    return a.a(localCipher.doFinal(paramString1.getBytes()));
  }
}

然后找到CallJni.a().getDesKey()

public class CallJni
{
  private static CallJni a;

  static
  {
    System.loadLibrary("call_jni");
  }

  public static CallJni a()
  {
    if (a == null) {
      a = new CallJni();
    }
    return a;
  }

  public native String getDesKey();
}

签到

' POST http://app.gekgek.com/callme/charge.do?action=sign&t=2056318||1457095500105||OJ6fhsevsKsEcAddJ0zjMw== HTTP/1.1
' Connection: Keep-Alive
' Content-Type: application/x-www-form-urlencoded
' User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; Lenovo K30-T Build/KTU84P)
' Host: app.gekgek.com
' Accept-Encoding: gzip
' Content-Length: 0

查询余额

' POST http://app.gekgek.com/callme/user.do?action=balance&t=2056318||1457095500105||OJ6fhsevsKsEcAddJ0zjMw== HTTP/1.1
' Connection: Keep-Alive
' Content-Type: application/x-www-form-urlencoded
' User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; Lenovo K30-T Build/KTU84P)
' Host: app.gekgek.com
' Accept-Encoding: gzip
' Content-Length: 0