(android)如何破解多盟广告sdk (一)
来源:互联网 发布:七星彩复式计算器软件 编辑:程序博客网 时间:2024/05/22 03:28
工具
1.网络抓包工具
广告sdk要和服务器通讯,想破解网络抓包自然少不了。我使用的tcpdump和wireshark。前者负责在android手机上抓包,后者负责分析包的内容。
tcpdump的使用:
a.root手机
b.下载tcpdump,安装到手机
adb push c:\wherever_you_put\tcpdump /data/local/tcpdump
c.修改文件属性adb shellsuchmod 6755 /data/local/tcpdumpd.命令行抓包
/data/local/tcpdump -p -vv -s 0 -w/sdcard/capture.pcape.将抓到的包数据copy到电脑上分析
adb pull /sdcard/capture.pcap最好配合android手机上的流量控制软件(比如Lbe安全大师)一起使用,这样限制好网络流量,使抓的包是目标应用产生的流量信息。
wireshark的使用:
这里我就不赘叙了,大家自己研究啦
2.jar包查看工具
本人使用jd-gui来分析经过反编译之后jar包的源码。源码尽管是经过混淆的,但是想找出其中的逻辑还没有蜀道难。
分析
分析数据包,了解广告sdk与服务器的通讯方式,这里仅仅展示一部分分析结果,因为涉及一些私人信息,具体的就不公布了。
以下是多盟广告sdk与服务器通讯的状态,我们模拟点击的时候,需要记录这些内容。
final static int ad_Request = 1; final static int ad_Click_Report = 2; final static int ad_Download_Start_Report = 3; final static int ad_Download_finish_Report = 4; final static int ad_Install_Success_Report = 5; final static int ad_Head_Request = 6; final static int ad_Report_Download = 7; final static int ad_Download = 8; final static int ad_Requested = 11; final static int ad_Click_Reported = 22; final static int ad_Download_finish_Reported = 44; final static int ad_Install_Success_Reported = 55; final static int ad_Downloaded = 88; final static int no_Ad = 0; final static int get_task_list = -1; final static int get_task_listed = -11;int status = no_Ad; boolean toHttps=true;//有可能使用https通讯,这时候多盟可以遥控广告sdk,让它做一些见不得人的事情。public Request requestApkHead() { return new Request(null, this.getDownloadUrl(), null, null, "HEAD", androidBuild.getUserAgent(), null, true, 20000); } public Request requestDownloadApk() { String range = "bytes=0-" + (this.content_length - 1); return new Request(null, this.getDownloadUrl(), null, range, "GET", androidBuild.getUserAgent(), null, false, 20000); } public Request reportEvent(String eventType) { return new Request(null, this.getAdEvent_tracker(), reportEventContent(eventType), null, "POST", androidBuild.getUserAgent(), null, true, 20000); } public Request httpsGetTaskList() { return new Request(null, "https://api.domob.cn/d", httpsContent("get_task_list", null, null), null, "DOMOB.HTTPS", androidBuild.getUserAgent(), null, true, 10000); } public Request reportClick() { return new Request(null, this.getAdClick_tracker(), reportClickContent(), null, "POST", androidBuild.getUserAgent(), null, true, 20000); } Long lastRequestTs = null; public Request requestAd() { if (lastRequestTs == null || System.currentTimeMillis() - ControlParams.adRefreshSpan > lastRequestTs) { lastRequestTs = System.currentTimeMillis(); return new Request(null, "http://r.domob.cn/a/", requestAdContent(), null, "POST", androidBuild.getUserAgent(), null, true, 20000); } return null; } public boolean apkHeadResponse(Response response) { if (response.code != HttpURLConnection.HTTP_OK) return false; if (response.contentLength != null) { this.setContent_length(Integer.parseInt(response.contentLength)); return true; } else return false; } public boolean clickReportResponse(Response response) { if (response.code != HttpURLConnection.HTTP_OK) return false; return true; } public boolean eventReportResponse(Response response) { if (response.code != HttpURLConnection.HTTP_OK) return false; return true; } public boolean apkDownloadResponse(Response response) { if (response.code != HttpURLConnection.HTTP_OK) return false; return true; } public boolean adResponse(Response response) { if (response.code == null || response.code != HttpURLConnection.HTTP_OK) return false; String jsonRes = response.getResponseContent(); try { JSONObject responseContent = new JSONObject(new JSONTokener(jsonRes)); this.setSid(responseContent.optString("sid", null)); if (responseContent.optString("cid") != null) this.setCid(responseContent.optString("cid")); JSONObject adJSON = responseContent.optJSONObject("ad"); JSONObject errorJSON = responseContent.optJSONObject("error"); JSONObject controlJSON = responseContent.optJSONObject("control"); if (errorJSON != null) return false; if (adJSON != null) { String pkg, click_tracker, content, event_tracker, tracker; pkg = adJSON.optString("pkg", null); click_tracker = adJSON.optString("click_tracker", null); content = adJSON.optString("content", null); event_tracker = adJSON.optString("event_tracker", null); tracker = adJSON.optString("tracker", null); if (pkg != null && click_tracker != null && content != null && event_tracker != null && tracker != null) { this.setAdApkName(pkg); this.setAdClick_tracker(click_tracker); this.setAdContent(content); String[] parts = content.split("\""); URI uri; for (String part : parts) { if (part.startsWith("domob")) { uri = URI.create(part); String schema = uri.getScheme(); String host = uri.getHost(); if (schema.equals("domob")) { if (host.equals("inapp")) { ; } else if (host.equals("download")) { Map<String, String> maps = Utils.UrlString2Map(uri.getQuery()); this.setVn(maps.remove("vn")); this.setVc((maps.get("vc") == null) ? "1" : maps.remove("vc")); this.setName(maps.remove("name")); this.setAuto_run((maps.get("auto_run") == null) ? false : Boolean.valueOf(maps.remove("auto_run")).booleanValue()); this.setAdApkName(maps.remove("pkg")); String url = maps.remove("url"); String odi = maps.remove("odi"); this.setDownloadUrl(url + Utils.map2UrlString(maps) + odi); } else if (host.equals("report")) { String str2 = uri.getPath(); if ((str2 == null) || (str2.indexOf("/") == -1)) break; str2 = str2.substring(1); if (str2.equals("imp")) { ; } else if (str2.equals("clk")) { ; } else if (str2.equals("event")) { ; } } } } } this.setAdEvent_tracker(event_tracker); this.setTracker(tracker); return true; } else return false; } return false; } catch (Exception e) { e.printStackTrace(); } return false; } public boolean httpsResponse(Response response) { if (response.code != HttpURLConnection.HTTP_OK) return false; if (response.responseContent != null) { String[] pairs = response.getResponseContent().split("="); if (pairs.length == 2) { Long det = Long.parseLong(pairs[1]); next_time_https = System.currentTimeMillis() + det; logger.info(String.format("det:%s next_time:%s", det.toString(), next_time_https.toString())); } else return false; } return true; }public List<Request> getRequest() {} //这里就不黏贴源码了,涉及我的模拟广告点击行为。
- (android)如何破解多盟广告sdk (一)
- 一招破解Android SDk 更新问题
- cocos2dx-3.1 接入多盟广告sdk+Android (1)
- cocos2dx-3.1 接入多盟广告sdk+Android (2)
- cocos2dx-3.1 接入多盟广告sdk+Android (3)
- cocos2dx-3.1 接入多盟广告sdk+Android
- Android接入多盟广告SDK--让你的APP通过广告平台赚钱
- Android广告SDK接入:
- android广告平台SDK研发日志(一)
- Android广告SDK的Package
- [Android]1518占卜破解,无广告
- Android逆向小试牛刀(破解阅读软件广告)
- Android APP破解去广告研究
- Android中广告渠道SDK接入方法
- unity3d接入有米广告SDK----android
- Android中广告渠道SDK接入方法
- unity3d接入有米广告SDK----android
- 某android广告SDK逆向分析总结
- 把十进制转化为二进制的一种方法
- Axis2 WebService Client
- JDK 更新ResultSet
- springMVC上传文件
- Android 面试题
- (android)如何破解多盟广告sdk (一)
- 致2013年的站长朋友的一封信
- [原创]在Oracle 10g,Number、Char和Varchar2类型作为主键,查询效率分析
- 做SEO一定要能说能写废话且重复
- POJ 1410 几何 浙大模板
- 字符集笔记
- 位图算法排序与查找
- showModalDialog 跨域
- 1030 Knight Moves:BFS