hadesy

这个 key 应该跟用户身份绑定的吧，泄露问题不大？

怎么感觉是 AI 写的，丢了 Java 的深度，又学不到 AI 的核心

简单看了一下，似乎防虚拟机是通过 my_vm_detect_plugin_plugin.dll 判断了几个数据，没有内核对抗？

private static void HookLocation(ClassLoader classLoader) throws ClassNotFoundException {
//坐标拾取系统 https://lbs.qq.com/getPoint/
double latitude = 0.0;
double longitude = 0.0;

Class clazz = classLoader.loadClass(
"com.tencent.map.geolocation.sapp.TencentLocationManager");
XposedHelpers.findAndHookMethod(clazz, "requestLocationUpdates",
"com.tencent.map.geolocation.sapp.TencentLocationRequest",
"com.tencent.map.geolocation.sapp.TencentLocationListener", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("requestLocationUpdates");
Class tencentLocationListenerClass = param.args[1].getClass();
XposedHelpers.findAndHookMethod(tencentLocationListenerClass,
"onLocationChanged",
"com.tencent.map.geolocation.sapp.TencentLocation",
int.class, String.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Class tencentLocation = param.args[0].getClass();
XposedHelpers.findAndHookMethod(tencentLocation,
"getLatitude",
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("requestLocationUpdates.getLatitude:"+ param.getResult());
param.setResult(latitude);
}
});
XposedHelpers.findAndHookMethod(tencentLocation,
"getLongitude",
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("requestLocationUpdates.getLongitude:"+ param.getResult());
param.setResult(longitude);
}
});


}
});
}
}
);
}

(function () {
function createHandler() {
const globalObj = Object.getPrototypeOf(global) || global;
globalObj.chunkFileMap = globalObj.chunkFileMap || {
881: "crypto-js/cipher-core.js",
5624: "crypto-js/core.js",
8160: "crypto-js/md5.js",
5613: "crypto-js/aes.js",
2468: "crypto-js/evpkdf.js",
136: "crypto-js/enc-base64.js",
3139: "crypto-js/hmac.js",
9092: "crypto-js/sha1.js",
2120: "crypto-js/pad-pkcs7.js",
345: "crypto-js/enc-utf8.js",
8183: "dayjs/dayjs.min.js",
5634: "dayjs/plugin/isoWeek.js",
6700: "manifest.js",
5100: "cmps/em-request/index.js",
3375: "cmps/em-request/device.js",
2172: "global.js",
6425: "la.js"
};

const appPackages = [
{ appName: "拼多多", packageName: "com.xunmeng.pinduoduo", dp: "pddopen://" },
{ appName: "今日头条", packageName: "com.ss.android.article.news", dp: "snssdk141://" },
{ appName: "淘宝", packageName: "com.taobao.taobao", dp: "taobao://" },
{ appName: "京东", packageName: "com.jingdong.app.mall", dp: "openjd://" }
];

// 包加载工具函数
function requireModule(module) {
return module && module.__esModule ? module : { default: module };
}

const packageModule = requireModule($app_require$("@app-module/system.package"));
const routerModule = requireModule($app_require$("@app-module/system.router"));
const clipboardModule = requireModule($app_require$("@app-module/system.clipboard"));
const shortcutModule = requireModule($app_require$("@app-module/system.shortcut"));
const configModule = requireModule($app_require$("@app-module/system.configuration"));
const { getAdConfig } = $app_require$(6661);
const { getSimInfo } = $app_require$(9998);
const extraConfig = requireModule($app_require$(7388));

return {
private: {
backConfig: {},
backCount: 0,
hasJump: false,
taskUri: "",
attrUri: "",
hasEnter: false
},

async onInit(config) {
try {
this.$page.setSecure(true);
} catch (e) {}

try {
shortcutModule.default.systemPromptEnabled = false;
} catch (e) {}

setGlobalData("startType", 1);
setGlobalData("realizationType", "newbie");

const { pid, ckCode } = config || {};
track({ pageName: "redbox", eventType: "page_view", pid });
setGlobalData("hasReportStart", 1);

const adConfig = await getAdConfig();

if (adConfig.extraConfig?.stackMode) {
setGlobalData("stackMode", adConfig.extraConfig.stackMode);
}

if (adConfig.extraConfig?.clnMode) {
let selectedPackage = false;
if ((adConfig.extraConfig.clnMode === 1 || adConfig.extraConfig.clnMode === 4) && ckCode) {
selectedPackage = this.handleClnMode(ckCode, extraConfig.default);
}

if (!selectedPackage) {
this.handleClnModeRandom(adConfig.extraConfig.clnMode, extraConfig.default);
}
}

if (adConfig.extraConfig?.backConfig) {
try {
this.backConfig = JSON.parse(adConfig.extraConfig.backConfig);
} catch (e) {
this.backConfig = {};
}
}

const noAttrEntryPage = adConfig.noAttrEntryPage === "index" ? $manifest.router.entry : adConfig.noAttrEntryPage;
const { task = "", attr = "" } = adConfig.extraConfig?.jumpPage || {};

this.taskUri = noAttrEntryPage || task || "/task/base";
this.attrUri = attr || "/redbox/newbie";

if (!adConfig.extraConfig.disableYRouter) {
globalObj.routerPush = this.routerPush.bind(this, routerModule.default);
}

if (!adConfig.extraConfig.disableYInstall) {
globalObj.pkgInstall = this.pkgInstall.bind(this, packageModule.default);
}

const isAttr = getGlobalData("IsAttr");
const { canBack = 0 } = this.backConfig;

if (isAttr && canBack) {
this.hasJump = true;
this.hasEnter = true;
routerModule.default.push({ uri: this.attrUri, params: { pagefrom: "redbox" } });
} else {
this.hasEnter = true;
routerModule.default.replace({ uri: isAttr ? this.attrUri : this.taskUri, params: { pagefrom: "redbox" } });
}
},

onShow() {
if (this.hasJump) {
const { backNum = 0 } = this.backConfig;
if (backNum && this.backCount >= backNum) {
this.$app.exit();
return;
}
this.backCount++;
routerModule.default.push({ uri: this.attrUri, params: { pagefrom: "redbox", repeat: true, backCount: this.backCount } });
}
},

onReady() {
const stackElement = this.$element("stack");
if (stackElement) {
stackElement.requestFullscreen({ screenOrientation: "portrait" });
}
},

onDestroy() {},

onBackPress: () => true,

pageClick() {
if (!this.hasEnter) return;

track({ eventType: "redbox_action", eventName: "redbox_click" });

const isAttr = getGlobalData("IsAttr");
const { canBack = 0 } = this.backConfig;

if (isAttr && canBack) {
this.hasJump = true;
routerModule.default.push({ uri: this.attrUri, params: { pagefrom: "redbox" } });
} else {
routerModule.default.replace({ uri: isAttr ? this.attrUri : this.taskUri, params: { pagefrom: "redbox" } });
}
},

handleClnMode(ckCode, config) {
for (const key in config) {
if (key === ckCode && config[key].mode === 1) {
setGlobalData("laPackageName", config[key].name);
configModule.default.setLocale({ language: config[key].la, countryOrRegion: "" });
return true;
}
}
return false;
},

handleClnModeRandom(clnMode, config) {
const mode = clnMode === 3 ? 3 : 2;
const candidates = Object.values(config).filter(pkg => pkg.mode === mode);
if (candidates.length) {
const selected = candidates[Math.floor(Math.random() * candidates.length)];
setGlobalData("laPackageName", selected.name);
configModule.default.setLocale({ language: selected.la, countryOrRegion: "" });
}
},

routerPush(router, options) {
try {
router.push(options);
} catch (e) {
packageModule.default.open({ url: options.uri });
}
},

pkgInstall(packageModule, pkg) {
try {
const app = appPackages.find(app => app.packageName === pkg.package);
if (app) {
packageModule.install(pkg);
}
} catch (e) {
packageModule.install(pkg);
}
}
};
}

if (typeof window === "undefined") {
return createHandler();
}
window.createPageHandler = createHandler;
})();

正常启动后，虚拟机 dump 内存，然后在文件中中找 master key