微信逆向之——静态分析利用微信源码解析field_lvbuff字段(blob类型)

准备:

工具:jadx

目标app:微信6.3.31 版本

静态分析:

用jadx工具全文搜索field_lvbuff



逐一排除,定位到






这下好了,我们只要把这部分代码copy出来稍做修改即可帮我们解析了。

需要有2个文件实现1:WechatByteBufferUtil.java 和Rcontactlvbuff.java

copy处理并整理代码

=========代码分割线==============

package hd.com.xposeddemo.utils;

import java.nio.ByteBuffer;

/**

* @author:牵手生活

* @date:2017/3/26

* @description:

*/

public class WechatByteBufferUtil {

private ByteBuffer mqn;

private boolean mqo;

public final int be(byte[] bArr) {

boolean z = (bArr == null || bArr.length == 0) ? true : bArr[0] != (byte) 123 ? true : bArr[bArr.length + -1] != (byte) 125 ? true : false;

if (z) {

this.mqn = null;

return -1;

}

this.mqn = ByteBuffer.wrap(bArr);

this.mqn.position(1);

this.mqo = false;

return 0;

}

public final int getInt() throws Exception {

if (!this.mqo) {

return this.mqn.getInt();

}

throw new Exception("Buffer For Build");

}

public final long getLong() throws Exception {

if (!this.mqo) {

return this.mqn.getLong();

}

throw new Exception("Buffer For Build");

}

public final byte[] getBuffer() throws Exception {

if (this.mqo) {

throw new Exception("Buffer For Build");

}

short s = this.mqn.getShort();

if (s > (short) 2048) {

this.mqn = null;

throw new Exception("Buffer String Length Error");

} else if (s == (short) 0) {

return new byte[0];

} else {

byte[] bArr = new byte[s];

this.mqn.get(bArr, 0, s);

return bArr;

}

}

public final String getString() throws Exception {

if (this.mqo) {

throw new Exception("Buffer For Build");

}

short s = this.mqn.getShort();

if (s > (short) 2048) {

this.mqn = null;

throw new Exception("Buffer String Length Error");

} else if (s == (short) 0) {

return "";

} else {

byte[] bArr = new byte[s];

this.mqn.get(bArr, 0, s);

return new String(bArr, "UTF-8");

}

}

public final void tL(int i) {

this.mqn.position(this.mqn.position() + i);

}

public final void bmK() throws Exception {

if (this.mqo) {

throw new Exception("Buffer For Build");

}

short s = this.mqn.getShort();

if (s > (short) 2048) {

this.mqn = null;

throw new Exception("Buffer String Length Error");

} else if (s != (short) 0) {

this.mqn.position(s + this.mqn.position());

}

}

public final boolean bmL() {

return this.mqn.limit() - this.mqn.position() <= 1;

}

}

==============代码分割线===============

package hd.com.xposeddemo.utils;

import android.database.Cursor;

import android.util.Log;

import org.apache.mina.util.Base64;

import hd.com.xposeddemo.bean.FriendInfo;

/**

* @author:牵手生活

* @date:2017/3/26

* @description:

*/

public class Rcontactlvbuff {

// private static final int bAh = "alias".hashCode();

// private static final int bAi = "conRemark".hashCode();

// private static final int bAj = "domainList".hashCode();

// private static final int bAk = "pyInitial".hashCode();

// private static final int bAl = "quanPin".hashCode();

// private static final int bAm = "showHead".hashCode();

// private static final int bAn = "weiboFlag".hashCode();

// private static final int bAo = "weiboNickname".hashCode();

// private static final int bAp = "conRemarkPYFull".hashCode();

// private static final int bAq = "conRemarkPYShort".hashCode();

// private static final int bAr = "verifyFlag".hashCode();

// private static final int bAs = "encryptUsername".hashCode();

// private static final int bAt = "chatroomFlag".hashCode();

// private static final int bAu = "deleteFlag".hashCode();

// private static final int bAv = "contactLabelIds".hashCode();

// public static final String[] brH = new String[]{"CREATE INDEX IF NOT EXISTS deleteflag_index ON Contact(deleteFlag)"};

// private static final int brQ = "rowid".hashCode();

// private static final int bvK = "lvbuff".hashCode();

// private static final int byd = "username".hashCode();

// private static final int byy = "nickname".hashCode();

public String bAA;

public int bAB;

public int bAC;

public String bAD;

public String bAE;

public int bAF;

public int bAG;

public String bAH;

private String bAI; //省份

private String bAJ; //省市

public String bAK;

public int bAL;

public String bAM;

public String bAN;

public String bAO;

public int bAP;

public int bAQ;

public String bAR;

public String bAS;

public String bAT;

public String bAU;

public String bAV;

public String bAW;

public String bAX;

private boolean bAa = false;

private boolean bAb = false;

private boolean bAc = false;

private boolean bAd = false;

private boolean bAe = false;

private boolean bAf = false;

private boolean bAg = false;

public int bAw;

public int bAx; //手机号码

public String bAy;

public long bAz;

public int bbt;

public String bhc;

private boolean bsz = false;

private boolean bvo = false;

private boolean bxO = false;

private boolean byu = false;

private boolean bzS = false;

private boolean bzT = false;

private boolean bzU = false;

private boolean bzV = false;

private boolean bzW = false;

private boolean bzX = false;

private boolean bzY = false;

private boolean bzZ = false;

private String field_alias;

public int field_chatroomFlag;

public String field_conRemark;

public String field_conRemarkPYFull;

public String field_conRemarkPYShort;

public String field_contactLabelIds;

public int field_deleteFlag;

public String field_domainList;

public String field_encryptUsername;

public byte[] field_lvbuff;//==========

public String field_nickname;

private String field_pyInitial;

private String field_quanPin;

public int field_showHead;

public int field_type;

public String field_username;

public int field_verifyFlag;

public int field_weiboFlag;

public String field_weiboNickname;

public int uin;

public long muj = -1; //rowid

public void setUsername(String str) {

this.field_username = str;

this.bxO = true;

}

public final String getUsername() {

return this.field_username;

}

public void bO(String str) {

this.field_alias = str;

this.bzS = true;

}

public String pF() {

return this.field_alias;

}

public void bP(String str) {

this.field_conRemark = str;

this.bzT = true;

}

public void bQ(String str) {

this.field_domainList = str;

this.bzU = true;

}

public void bR(String str) {

this.field_nickname = str;

this.byu = true;

}

public void bS(String str) {

this.field_pyInitial = str;

this.bzV = true;

}

public String pG() {

return this.field_pyInitial;

}

public void bT(String str) {

this.field_quanPin = str;

this.bzW = true;

}

public String pH() {

return this.field_quanPin;

}

public void cM(int i) {

this.field_showHead = i;

this.bzX = true;

}

public void setType(int i) {

this.field_type = i;

this.bsz = true;

}

public void cN(int i) {

this.field_weiboFlag = i;

this.bzY = true;

}

public void bU(String str) {

this.field_weiboNickname = str;

this.bzZ = true;

}

public void bV(String str) {

this.field_conRemarkPYFull = str;

this.bAa = true;

}

public void bW(String str) {

this.field_conRemarkPYShort = str;

this.bAb = true;

}

public void u(byte[] bArr) {

this.field_lvbuff = bArr;

this.bvo = true;

}

public void cO(int i) {

this.field_verifyFlag = i;

this.bAc = true;

}

public void bX(String str) {

this.field_encryptUsername = str;

this.bAd = true;

}

public void cP(int i) {

this.field_chatroomFlag = i;

this.bAe = true;

}

public void cQ(int i) {

this.field_deleteFlag = i;

this.bAf = true;

}

public void bY(String str) {

this.field_contactLabelIds = str;

this.bAg = true;

}

public void b_byRcontract(FriendInfo friendInfo) {

this.field_username = friendInfo.getUsername();

this.bxO = true;

this.field_alias = friendInfo.getAlias();

this.field_conRemark = friendInfo.getConRemark();

this.field_domainList = friendInfo.getDomainList();

this.field_nickname = friendInfo.getNickName();

this.field_pyInitial = friendInfo.getPyInitial();

this.field_quanPin = friendInfo.getQuanPin();

this.field_showHead = friendInfo.getShowHead();

this.field_type = friendInfo.getType();

this.field_weiboFlag = friendInfo.getWeiboFlag();

this.field_weiboNickname = friendInfo.getWeiboNickname();

this.field_conRemarkPYFull = friendInfo.getConRemarkPYFull();

this.field_conRemarkPYShort = friendInfo.getConRemarkPYShort();

this.field_lvbuff = Base64.decodeBase64(friendInfo.getLvbuff().getBytes()); //

this.field_verifyFlag = friendInfo.getVerifyFlag();

this.field_encryptUsername = friendInfo.getEncryptUsername();

this.field_chatroomFlag = friendInfo.getChatroomFlag();

this.field_deleteFlag = friendInfo.getDeleteFlag();

this.field_contactLabelIds = friendInfo.getContactLabelIds();

this.muj = friendInfo.getRowid();

pI();

}

public void b(Cursor cursor) {

this.field_username = cursor.getString(cursor.getColumnIndex("username"));

this.bxO = true;

this.field_alias = cursor.getString(cursor.getColumnIndex("alias"));

this.field_conRemark = cursor.getString(cursor.getColumnIndex("conRemark"));

this.field_domainList = cursor.getString(cursor.getColumnIndex("domainList"));

this.field_nickname = cursor.getString(cursor.getColumnIndex("nickname"));

this.field_pyInitial = cursor.getString(cursor.getColumnIndex("pyInitial"));

this.field_quanPin = cursor.getString(cursor.getColumnIndex("quanPin"));

this.field_showHead = cursor.getInt(cursor.getColumnIndex("showHead"));

this.field_type = cursor.getInt(cursor.getColumnIndex("type"));

this.field_weiboFlag = cursor.getInt(cursor.getColumnIndex("weiboFlag"));

this.field_weiboNickname = cursor.getString(cursor.getColumnIndex("weiboNickname"));

this.field_conRemarkPYFull = cursor.getString(cursor.getColumnIndex("conRemarkPYFull"));

this.field_conRemarkPYShort = cursor.getString(cursor.getColumnIndex("conRemarkPYShort"));

this.field_lvbuff = cursor.getBlob(cursor.getColumnIndex("lvbuff"));

String s =new String(Base64.encodeBase64(field_lvbuff));

Log.i("TAG",s);

//new String(Base64.encodeBase64(blob_lvbuff))

this.field_verifyFlag = cursor.getInt(cursor.getColumnIndex("verifyFlag"));

this.field_encryptUsername = cursor.getString(cursor.getColumnIndex("encryptUsername"));

this.field_chatroomFlag = cursor.getInt(cursor.getColumnIndex("chatroomFlag"));

this.field_deleteFlag = cursor.getInt(cursor.getColumnIndex("deleteFlag"));

this.field_contactLabelIds = cursor.getString(cursor.getColumnIndex("contactLabelIds"));

this.muj = cursor.getLong(cursor.getColumnIndex("rowid"));

pI();

}

public void cR(int i) {

this.bAw = i;

this.bvo = true;

}

public void cS(int i) {

this.bAx = i;

this.bvo = true;

}

public void bZ(String str) {

this.bAy = str;

this.bvo = true;

}

public void t(long j) {

this.bAz = j;

this.bvo = true;

}

public void cT(int i) {

this.uin = i;

this.bvo = true;

}

public void ca(String str) {

this.bAA = str;

this.bvo = true;

}

public void cb(String str) {

this.bhc = str;

this.bvo = true;

}

public void cU(int i) {

this.bAB = i;

this.bvo = true;

}

public void cV(int i) {

this.bAC = i;

this.bvo = true;

}

public void cc(String str) {

this.bAD = str;

this.bvo = true;

}

public void cd(String str) {

this.bAE = str;

this.bvo = true;

}

public void cW(int i) {

this.bAF = i;

this.bvo = true;

}

public void cX(int i) {

this.bAG = i;

this.bvo = true;

}

public void ce(String str) {

this.bAH = str;

this.bvo = true;

}

public String getProvince() {

return this.bAI;

}

public void cf(String str) {

this.bAI = str;

this.bvo = true;

}

public String getCity() {

return this.bAJ;

}

public void cg(String str) {

this.bAJ = str;

this.bvo = true;

}

public void ch(String str) {

this.bAK = str;

this.bvo = true;

}

public void cY(int i) {

this.bAL = i;

this.bvo = true;

}

public void setSource(int i) {

this.bbt = i;

this.bvo = true;

}

public void ci(String str) {

this.bAM = str;

this.bvo = true;

}

public void cj(String str) {

this.bAN = str;

this.bvo = true;

}

public void ck(String str) {

this.bAO = str;

this.bvo = true;

}

public void cZ(int i) {

this.bAP = i;

this.bvo = true;

}

public void da(int i) {

this.bAQ = i;

this.bvo = true;

}

public void cl(String str) {

this.bAR = str;

this.bvo = true;

}

public void cm(String str) {

this.bAS = str;

this.bvo = true;

}

public void cn(String str) {

this.bAT = str;

this.bvo = true;

}

public void co(String str) {

this.bAU = str;

this.bvo = true;

}

public void cp(String str) {

this.bAV = str;

this.bvo = true;

}

public void cq(String str) {

this.bAW = str;

this.bvo = true;

}

public void cr(String str) {

this.bAX = str;

this.bvo = true;

}

public final void pI() {

try {

if (this.field_lvbuff != null && this.field_lvbuff.length != 0) {

WechatByteBufferUtil wechatByteBufferUtilVar = new WechatByteBufferUtil();

int be = wechatByteBufferUtilVar.be(this.field_lvbuff);

if (be != 0) {

// v.e("MicroMsg.SDK.BaseContact", "parse LVBuffer error:" + be);

Log.e("BaseContact","parse LVBuffer error:" + be);

return;

}

this.bAw = wechatByteBufferUtilVar.getInt();

this.bAx = wechatByteBufferUtilVar.getInt();

this.bAy = wechatByteBufferUtilVar.getString();

this.bAz = wechatByteBufferUtilVar.getLong();

this.uin = wechatByteBufferUtilVar.getInt();

this.bAA = wechatByteBufferUtilVar.getString();

this.bhc = wechatByteBufferUtilVar.getString();

this.bAB = wechatByteBufferUtilVar.getInt();

this.bAC = wechatByteBufferUtilVar.getInt();

this.bAD = wechatByteBufferUtilVar.getString();

this.bAE = wechatByteBufferUtilVar.getString();

this.bAF = wechatByteBufferUtilVar.getInt();

this.bAG = wechatByteBufferUtilVar.getInt();

this.bAH = wechatByteBufferUtilVar.getString();

this.bAI = wechatByteBufferUtilVar.getString();

this.bAJ = wechatByteBufferUtilVar.getString();

this.bAK = wechatByteBufferUtilVar.getString();

this.bAL = wechatByteBufferUtilVar.getInt();

this.bbt = wechatByteBufferUtilVar.getInt();

this.bAM = wechatByteBufferUtilVar.getString();

this.field_verifyFlag = wechatByteBufferUtilVar.getInt();

this.bAN = wechatByteBufferUtilVar.getString();

if (!wechatByteBufferUtilVar.bmL()) {

this.bAO = wechatByteBufferUtilVar.getString();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAP = wechatByteBufferUtilVar.getInt();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAQ = wechatByteBufferUtilVar.getInt();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAR = wechatByteBufferUtilVar.getString();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAS = wechatByteBufferUtilVar.getString();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAT = wechatByteBufferUtilVar.getString();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAU = wechatByteBufferUtilVar.getString();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAV = wechatByteBufferUtilVar.getString();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAW = wechatByteBufferUtilVar.getString();

}

if (!wechatByteBufferUtilVar.bmL()) {

this.bAX = wechatByteBufferUtilVar.getString();

}

}

} catch (Exception e) {

// v.e("MicroMsg.SDK.BaseContact", "get value failed");

//Log.e("BaseContact","get value failed" );

System.out.println("get value failed");

}

}

}


有兴趣了解微信更多逆向请关注我的今日头条号“牵手生活”

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 214,377评论 6 496
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 91,390评论 3 389
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 159,967评论 0 349
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 57,344评论 1 288
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 66,441评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,492评论 1 292
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,497评论 3 412
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 38,274评论 0 269
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,732评论 1 307
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,008评论 2 328
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,184评论 1 342
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,837评论 4 337
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,520评论 3 322
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,156评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,407评论 1 268
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 47,056评论 2 365
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,074评论 2 352

推荐阅读更多精彩内容