受朋友所托破解这个哈批玩意儿
本来想拖进od一顿操作改个判断完事,一查壳发现加了壳,虽然不是特别难的壳但也懒得搞
所以从另一种骚角度入手解决
打开wireshark抓包
抓到
返回的是一串json,格式化后
{
"status": true,
"msg": "暂未开通会员",
"code": 200,
"key": "3fea6ca6c1cc671bec611e8cc188d99e824c0f01",
"userInfo": {
"userId": 752352946,
"userName": "null",
"avatarUrl": "http://thirdwx.qlogo.cn/mmopen/ZpPSzNHesg59lAQ7GHk4HgzFHpVXjvSEhpDrXWcOhKp3PspCibBUVB5NhrkZBVZZXBV7aLCV5gWUkFH1XbxWKvwHHS5jJocxU/132",
"vipStatus": -2,
"vipExpTime": "暂未开通会员",
"level": 0,
"tryCount": 3,
"doNums": 0
}
}
猜测level应该是vip等级,vipStatus为vip状态,修改这两个返回就行了
用springboot写了个方法返回假的数据(用spring boot只是因为顺手)
@ResponseBody
@RequestMapping("/api/user/aixz/get_user_info.php")
public String FakeServer(){
// return "{\"status\":true,\"msg\":\"\\u6682\\u672a\\u5f00\\u901a\\u4f1a\\u5458\",\"code\":200,\"key\":\"b007cf088854c23c0fc89aa569c90c5b4753a76c\",\"userInfo\":{\"userId\":752352946,\"userName\":\"null(假服务端测试)\",\"avatarUrl\":\"http:\\/\\/thirdwx.qlogo.cn\\/mmopen\\/ZpPSzNHesg59lAQ7GHk4HgzFHpVXjvSEhpDrXWcOhKp3PspCibBUVB5NhrkZBVZZXBV7aLCV5gWUkFH1XbxWKvwHHS5jJocxU\\/132\",\"vipStatus\":-2,\"vipExpTime\":\"\\u6682\\u672a\\u5f00\\u901a\\u4f1a\\u5458\",\"level\":0,\"tryCount\":3,\"doNums\":0}}";
return "{\n" +
"\t\"status\": true,\n" +
"\t\"msg\": \"\\u8be5\\u8f6f\\u4ef6\\u514d\\u8d39\\u4f7f\\u7528\",\n" +
"\t\"code\": 200,\n" +
"\t\"key\": \"b007cf088854c23c0fc89aa569c90c5b4753a76c\",\n" +
"\t\"userInfo\": {\n" +
"\t\t\"userId\": 752352946,\n" +
"\t\t\"userName\": \"null\",\n" +
"\t\t\"avatarUrl\": \"http: //thirdwx.qlogo.cn/mmopen/ZpPSzNHesg59lAQ7GHk4HgzFHpVXjvSEhpDrXWcOhKp3PspCibBUVB5NhrkZBVZZXBV7aLCV5gWUkFH1XbxWKvwHHS5jJocxU/132\",\n" +
"\t\t\"vipStatus\": 1,\n" +
"\t\t\"vipExpTime\": \"\\u8be5\\u8f6f\\u4ef6\\u514d\\u8d39\\u4f7f\\u7528\",\n" +
"\t\t\"level\": 1,\n" +
"\t\t\"tryCount\": 3,\n" +
"\t\t\"doNums\": 0\n" +
"\t}\n" +
"}";
}
然后运行起来 在hosts指定api.soft.xbw0.com到本地
前后对比
