一、解密主要逻辑代码
即将
assets\src
下的cocos2d-jsb.jsc
转main.js
1、解密工具:jsc解密v1.44
2、获取秘钥hook
function main() {
Java.perform(function () {
var coco = Java.use("org.cocos2dx.lib.Cocos2dxActivity");
coco.onLoadNativeLibraries.implementation = function(){
var onLoadNativeLibraries = this.onLoadNativeLibraries();
hook_key();
}
})
}
function hook_key(){
Interceptor.attach(Module.findExportByName('libcocos2djs.so','xxtea_decrypt'),{
onEnter: function(args){
console.log(Memory.readUtf8String(args[2]));
},onLeave: function(retval){
}
}
);
}
setTimeout(main,100);
3、解出来的js代码格式化一下,然后搜索关键词:“ws://”,“send”,“sendmessage”,“encrypt”,“encode”,找到加密逻辑然后分析解密。
二、直接分析coco2djs.so
如果上面步骤分析出不了什么,直接so层hook试试,搜
WebSocket::send
function get_module_address(soname,pianyi)
{
var module_address = Module.findBaseAddress(soname);
return module_address.add(pianyi);
}
function main()
{
Java.perform(function () {
Interceptor.attach(get_module_address("libcocos2djs.so",0x6B8F20),{
onEnter: function (args) {
//console.log(new Uint8Array(args[1].readByteArray(args[2].toInt32())).buffer);
console.log(args[1].readByteArray(args[2].toInt32()));
},
onLeave: function (retval) {
}
});
});
}
setTimeout(() => {
main()
}, 200);