{"id":1443,"date":"2024-08-13T23:31:05","date_gmt":"2024-08-13T15:31:05","guid":{"rendered":"http:\/\/www.xiaosuigu.top\/?p=1443"},"modified":"2024-08-13T23:31:05","modified_gmt":"2024-08-13T15:31:05","slug":"python%e8%b0%83%e7%94%a8%e5%8a%a0%e5%af%86%e7%ae%97%e6%b3%95%e7%9a%84%e6%96%b9%e5%bc%8f","status":"publish","type":"post","link":"https:\/\/www.xiaosuigu.top\/index.php\/2024\/08\/13\/python%e8%b0%83%e7%94%a8%e5%8a%a0%e5%af%86%e7%ae%97%e6%b3%95%e7%9a%84%e6%96%b9%e5%bc%8f\/","title":{"rendered":"Python\u8c03\u7528\u52a0\u5bc6\u7b97\u6cd5\u7684\u65b9\u5f0f"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Java\u5c42\u52a0\u5bc6<\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li>\u5c06\u52a0\u5bc6\u7684java\u4ee3\u7801\u590d\u5236\u7c98\u8d34\u51fa\u6765\u5230\u81ea\u5df1\u5199\u7684java\u6587\u4ef6\u4e2d\uff0c\u8fd9\u91cc\u5047\u8bbejava\u6587\u4ef6\u4e3aSign.java<\/li><li>\u65b0\u5efa\u4e00\u4e2amanifest.txt\u6587\u4ef6\uff0c\u6587\u4ef6\u5185\u5bb9<code>Main-Class: Sign<\/code><\/li><li>\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u5c06java\u6587\u4ef6\u6253\u5305\u6210jar\u5305<ol><li><code>javac Sign.java<\/code><\/li><li><code>jar cvf Sign.jar Sign.class<\/code><\/li><\/ol><\/li><li>python\u4f7f\u7528<code>subprocess.run(['java', '-cp', '.;', '\u5305\u540d', '\u53c2\u6570'], capture_output=True, text=True)<\/code>\u8c03\u7528<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">So\u5c42\u52a0\u5bc6<\/h2>\n\n\n\n<p>\u4f7f\u7528unidbg\u5de5\u5177\u3002\u5728unidbg-android\/src\/main\/java\/com\u4e0b\u65b0\u5efa\u6587\u4ef6\u3002<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u4e3a\u793a\u4f8b\u4ee3\u7801<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>package com.yuanrenxue.match2022.fragment.challenge;\n\nimport com.github.unidbg.AndroidEmulator;\nimport com.github.unidbg.Module;\nimport com.github.unidbg.linux.android.AndroidEmulatorBuilder;\nimport com.github.unidbg.linux.android.AndroidResolver;\nimport com.github.unidbg.linux.android.dvm.*;\nimport com.github.unidbg.memory.Memory;\nimport com.github.unidbg.memory.MemoryBlock;\nimport com.github.unidbg.pointer.UnidbgPointer;\n\nimport java.io.File;\nimport java.io.IOException;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class ChallengeEightFragment {\n    private final AndroidEmulator emulator;\n    private final VM vm;\n    private final Module module;\n    private final DvmClass ChallengeEightFragment;\n    private final boolean logging;\n\n    public ChallengeEightFragment(boolean logging) {\n        this.logging = logging;\n        emulator = AndroidEmulatorBuilder.for64Bit().setProcessName(\"com.yuanrenxue.match2022\").build();\n        final Memory memory = emulator.getMemory();\n        memory.setLibraryResolver(new AndroidResolver(23));\n        \/*\n            \u521b\u5efaDalvikVM\uff0c\u53ef\u4ee5\u8f7d\u5165apk\uff0c\u4e5f\u53ef\u4ee5\u4e3anull\n            vm = emulator.createDalvikVM(new File(\"yuanrenxuem1010.apk\"));\n            vm = emulator.createDalvikVM((File) null);\n        *\/\n        vm = emulator.createDalvikVM((File) null);\n        vm.setVerbose(logging);\n\n        \/*\n            \u8f7d\u5165\u8981\u6267\u884c\u7684 so\uff0c\u53ef\u4ee5\u662f\u672c\u5730so\u6587\u4ef6\uff0c\u4e5f\u80fd\u662fapk\u4e2d\u7684so\u6587\u4ef6\n            DalvikModule dm = vm.loadLibrary(new File(\"libmatch08.so\"), false);\n            DalvikModule dm = vm.loadLibrary(\"match08\", true);\n        *\/\n        DalvikModule dm = vm.loadLibrary(new File(\"libmatch08.so\"), false);\n        dm.callJNI_OnLoad(emulator);\n        module = dm.getModule();\n        ChallengeEightFragment = vm.resolveClass(\"com\/yuanrenxue\/match2022\/fragment\/challenge\/ChallengeEightFragment\");\n    }\n\n    public void destroy() throws IOException {\n        emulator.close();\n    }\n\n    public static void main(String&#91;] args) throws Exception {\n        ChallengeEightFragment challengeEightFragment = new ChallengeEightFragment(true);\n        System.out.println(challengeEightFragment.getData(2));\n        challengeEightFragment.destroy();\n    }\n\n    \/*\n       \u4f7f\u7528\u65b9\u6cd5\u540d\u79f0\u8c03\u7528so\u6587\u4ef6\u5185\u7684\u65b9\u6cd5\n    *\/\n    public String getData(int page) {\n        StringObject data = ChallengeEightFragment.newObject(null).callJniMethodObject(\n                emulator,\n                \"data(I)Ljava\/lang\/String;\",\n                page\n        );\n        return data.getValue();\n    }\n\n    \/*\n       \u4f7f\u7528\u5730\u5740\u8c03\u7528\uff0c\u5e76\u4f20\u53c2\u6570\n    *\/\n    public String getDeviceId() {\n        \/*\n            \u7b2c\u4e00\u4e2a\u53c2\u6570\u662f\u968f\u673a\u503c\n            \u7b2c\u4e8c\u4e2a\u53c2\u6570\u662f\u65f6\u95f4\u6233\u52a0mac\u5730\u5740\n            \u7b2c\u4e09\u4e2a\u53c2\u6570\u662f\u7b2c\u4e8c\u4e2a\u53c2\u6570\u7684\u957f\u5ea6\n        *\/\n        String arg1 = \"C5A6D4F9B38E0721\";\n        String arg2 = System.currentTimeMillis() + \"$E6:CA:E3:4D:6A:08\";\n        int arg3 = arg2.getBytes().length;\n        \/*\n            emulator.getMemory().malloc(size, isZeroInitialized);\n            \u5728\u6a21\u62df\u5668\uff08\u200cemulator\uff09\u200c\u7684\u5185\u5b58\u4e2d\u5206\u914d\u4e00\u4e2a\u65b0\u7684\u5185\u5b58\u5757,\u5e76\u8bbe\u7f6e\u5176\u5927\u5c0f\u548c\u521d\u59cb\u5316\u662f\u5426\u4e3a0.\n\n            emulator.getMemory() \u83b7\u53d6\u6a21\u62df\u5668\u7684\u5185\u5b58\u64cd\u4f5c\u63a5\u53e3\n            .malloc(size, isZeroInitialized)\uff1a\u200c\u662f\u4e00\u4e2a\u5185\u5b58\u5206\u914d\u65b9\u6cd5\uff0c\u200c\u5176\u4e2dsize\u6307\u5b9a\u4e86\u8981\u5206\u914d\u7684\u5185\u5b58\u5757\u7684\u5927\u5c0f\uff0c\u200cisZeroInitialized\u6307\u5b9a\u4e86\u662f\u5426\u5c06\u5206\u914d\u7684\u5185\u5b58\u521d\u59cb\u5316\u4e3a\u96f6\u3002\u200c\n\n            UnidbgPointer input_ptr1 = memoryBlock1.getPointer(); \u4ecememoryBlock1\u5185\u5b58\u5757\u4e2d\u83b7\u53d6\u4e00\u4e2a\u6307\u9488input_ptr1\n            input_ptr1.write(arg1.getBytes());\u5c06arg1\u5b57\u7b26\u4e32\u7684\u5b57\u8282\u6570\u636e\u5199\u5165\u5230input_ptr1\u6307\u9488\u6240\u6307\u5411\u7684\u5185\u5b58\u5730\u5740\u4e2d\u3002\u200c\n        *\/\n        MemoryBlock memoryBlock1 = emulator.getMemory().malloc(arg1.getBytes().length, false);\n        UnidbgPointer input_ptr1 = memoryBlock1.getPointer();\n        input_ptr1.write(arg1.getBytes());\n\n        MemoryBlock memoryBlock2 = emulator.getMemory().malloc(arg3, false);\n        UnidbgPointer input_ptr2 = memoryBlock2.getPointer();\n        input_ptr2.write(arg2.getBytes());\n\n        MemoryBlock memoryBlock3 = emulator.getMemory().malloc(32, false);\n        UnidbgPointer output_buffer = memoryBlock3.getPointer();\n\n        \/*\n            \u5728so\u6587\u4ef6\u4e2d0x49E68\u65b9\u6cd5\u9700\u8981\u4f20\u51654\u4e2a\u53c2\u6570\uff0c\n            \u4ee5\u4e0b\u4ee3\u7801\u5c064\u4e2a\u53c2\u6570\u90fd\u6dfb\u52a0\u5230\u6570\u7ec4\u4e2d\uff0c\u5e76\u5b9e\u73b0\u4f20\u9012\n        *\/\n        List&lt;Object> list1 = new ArrayList&lt;>();\n        list1.add(input_ptr1);\n        list1.add(input_ptr2);\n        list1.add(arg3);\n        list1.add(output_buffer);\n        module.callFunction(emulator, 0x49E68, list1.toArray());\n\/\/        System.out.println(\"\u7ed3\u679c\u5b58\u653e\u5730\u5740\uff1a\" + output_buffer);\n\/\/        Inspector.inspect(output_buffer.getByteArray(0, 32), \"output\");\n        return byte2HexString(output_buffer.getByteArray(0, 32)) + arg1;\n    }\n\n    public static String byte2HexString(byte&#91;] b) {\n        String r = \"\";\n        for (int i = 0; i &lt; b.length; i++) {\n            String hex = Integer.toHexString(b&#91;i] &amp; 0xFF);\n            if (hex.length() == 1) {\n                hex = '0' + hex;\n            }\n            r += hex.toUpperCase();\n        }\n        return r;\n    }\n\n\n}\n<\/code><\/pre>\n\n\n\n<p>\u8c03\u8bd5\u597d\u4ee3\u7801\u540e\u4f7f\u7528IDEA\u5c06\u4ee3\u7801\u6253\u5305\u6210jar\u5305\u7ed9python\u8c03\u7528<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>\u70b9\u51fb   File&#8211;Project Structure&#8211;Artifacts<\/li><li>\u70b9\u51fb   \u6dfb\u52a0&#8211;JAR&#8211;From Modules<\/li><li>Module\u9009\u62e9unidbg-android<\/li><li>Main Class\u9009\u62e9\u4f60\u5199\u7684java\u6587\u4ef6<\/li><li>\u9009\u62e9 <code>extract to the target JAR<\/code><\/li><li>\u70b9\u51fbOK<\/li><li>\u8bb0\u4f4fOutput directory\u5730\u5740\uff0c\u8fd9\u662f\u6587\u4ef6\u8f93\u51fa\u76ee\u5f55<\/li><li>\u518d\u6b21\u70b9\u51fbOK<\/li><li>\u70b9\u51fb   Bulid&#8211;Bulid Artifacts&#8211;Bulid<\/li><\/ol>\n\n\n\n<p>python\u4ee3\u7801\u8c03\u7528   <code>pip install JPype1<\/code><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>import jpype\n# path\u540e\u9762\u662f\u5bfc\u51fa\u7684jar\u5305\njpype.startJVM(jpype.getDefaultJVMPath(), \"-ea\", \"-Djava.class.path=.\/unidbg-android.jar\")\n# JPackage\u7684\u53c2\u6570\u4e3ajava\u6587\u4ef6\u9876\u90e8\u7684package\u3002\u540e\u9762\u89e3\u7c7b\u540d\njclass = jpype.JPackage(\"com.yuanrenxue.match2022.fragment.challenge\").ChallengeEightFragment\nencrypt = jclass(False)\n# \u4f7f\u7528.\u65b9\u6cd5\u540d(\u53c2\u6570)\u7684\u65b9\u5f0f\u8fdb\u884c\u8c03\u7528\nprint(encrypt.getData(1))<\/code><\/pre>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Java\u5c42\u52a0\u5bc6 \u5c06\u52a0\u5bc6\u7684java\u4ee3\u7801\u590d\u5236\u7c98\u8d34\u51fa\u6765\u5230\u81ea\u5df1\u5199\u7684java\u6587\u4ef6\u4e2d\uff0c\u8fd9\u91cc\u5047\u8bbejava\u6587\u4ef6\u4e3aSign.ja [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1443","post","type-post","status-publish","format-standard","hentry","category-android"],"_links":{"self":[{"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/posts\/1443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/comments?post=1443"}],"version-history":[{"count":0,"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/posts\/1443\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/media?parent=1443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/categories?post=1443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xiaosuigu.top\/index.php\/wp-json\/wp\/v2\/tags?post=1443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}