版本9.16.0
直接搜索x-sign,找到InnerProtocolParamBuilderImpl
smali
可以发现是调用了pha的 a方法
找到pha的子类phb
直接调用它的a方法
public void getSignStr2(Object instance) {
Map<String, Object> map1 = new HashMap<>();
map1.put("data", "{}");
map1.put("api", "mtop.mediaplatform.live.channel.list");
map1.put("lng", "116.494988");
map1.put("lat", "39.990174");
map1.put("utdid", "XqAA0BugnloDAJBCLRn35KVF");
map1.put("extdata", "openappkey=DEFAULT_AUTH");
map1.put("deviceId", "GP58YEmf-0aRSjIuWvb8XnFq6OWPDoAJvH-jrHuDIiI-ES6w6EVkNtZ2QSZzWxTd");
map1.put("ttid", "1582098636457@taobao_android_9.16.0");
map1.put("sid", "192f8bea0a5eb72da2cb52a4f9ee8c9a");
map1.put("uid", "1985086041");
map1.put("x-features", "27");
long time = System.currentTimeMillis() / 1000;
map1.put("t", time + "");
map1.put("v", "1.0");
map1.put("appKey", "21646297");
Map<String, String> map2 = new HashMap<>();
map2.put("pageId", "http://h5.m.taobao.com/taolive/main.html");
map2.put("pageName", "com.taobao.taolivehome.TaoLiveHomepageActivity");
Map<String, String> o = (Map<String, String>) XposedHelpers.callMethod(instance, "a", map1, map2, "21646297", null, false);
for (Map.Entry<String, String> entry : o.entrySet()) {
Log.e(TAG, "getSignStr: " + entry.getKey() + "====" + URLEncoder.encode(entry.getValue()));
}
Log.e(TAG, "end: " + time);
Log.e(TAG, "getXSign: " + JSONObject.toJSON(o));
}
得到sign
{"x-sgext":"JAGWdLmgVgJGoPobXJyvqXSnRKRAp1enRqdEoVenQg==","x-umt":"UFkAy1lLPAgOPgJ7xKyqZgNhxRBj6kVp","x-mini-wua":"HHnB_/ZmfPjuklN5OTc72jjO6kc8Kw9WIKMyuulIoYgbIoI/XNXqtVj6zeDEVM6m+vS9rsWPZPsOiB61uwrD8xg2SO48opMvwngnTLiuS4o1Y9Im359Dj9r++YYbdy6/vy0iK/kAxzDDCWEyIOP+B6IjNdTetJHQ9bFDh+rFtgzAvBpE=","x-sign":"azYBCM003xAALz7AB+pJm6R7EKn/zz7PO/ucOSlR8eZryq7Di1uND74s3uiChfRpXvkinjjxmpmthTrDbv56e5+Ln18+3z7PPt8+zz"}
网友评论