大咪直播APP逆向分析报告
zeroday
2017-07-23 17:49:27
276
0
0
##1、逆向源码基本信息 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f75) ##2、APP更新的URL是http://alnyun.com/admin/download.txt ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f82) ##3、访问http://alnyun.com ,看起来是正规的网站,不能排除这个网站的服务器是肉鸡的可能性,因为APP更新的地址和这个地址http://alnyun.com/admin/download.txt有关 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f84) ###3.1域名注册信息 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f7a) ###3.2 QQ号查找结果 ![](https://leanote.com/api/file/getImage?fileId=597471f4ab644106d5000f88) ##4、数据库更新地址http://www.alnyun.com/openapi_unsafe.php(现在可以猜测网站背后的服务器极有可能是肉鸡,APP和数据库都和这个网站有关系) ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f7b) ###4.1查看网站alnyun.com的mysql数据库的端口是否打开,是否为3306,扫描后发现mysql数据库的端口为3306,并且打开 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f7e) ##5、电子支付SDK使用了凡伟微信扫码支付 ![](https://leanote.com/api/file/getImage?fileId=597471f4ab644106d5000f8b) ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f76) ##6、创办凡伟微信支付的公司 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f7d) ##7、聚宝云计费 (http://www.jubaopay.com) ![](https://leanote.com/api/file/getImage?fileId=597471f4ab644106d5000f8a) ###7.1 点击注册页面,由于手机号不可信,只能查邮箱,因为需要邮箱验证 ![](https://leanote.com/api/file/getImage?fileId=597471f4ab644106d5000f85) ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f7f) 7.2进入登陆页面登陆进去 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f74) ##8、通信的公钥(所用算法是RSA) String mFanweiPubKey = "30820122300d06092a864886f70d01010105000382010f003082010a0282010100d382a1e93b08fe7e46c6643258f9110a8a72e23d75fecab5824c3ec1252a02c6ccc40c2cc62fccb63a2f7db4166679e17d1a877bee4298c177c4693ae88e0eacbb0a0413431d43b2afc1897532d719af785b6ec9559ec2dc2a3eecc12f91455949dbe8e31254881f5e9d578a75cdcf96a1a076ae19d76702b57ffcdea1b03261d99e38ac62bd80d91c6410194894f2525dda7933c2bf60e5fa6b1b7292053bfa9dcec916fc95e95028669184ab862a60f4d133edddd7ad14f5df5275478d58180cd7425080ca6fd39a336256989b89ffd200a1efe06df5c0ac72287dafef4c0afc92c27739bfa5a7476c927b5c180c27685bc01aa09406e439dd379e2f6b5fe10203010001"; ##9、APP的统计由友盟提供 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f78) ![](https://leanote.com/api/file/getImage?fileId=597471f4ab644106d5000f86) ##10、支付完成更新的数据库的网址 http://bbs.e4asoft.com/openapi_unsafe.php ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f83) ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f80) ###10.1查看网站bbs.e4asoft.com的mysql数据库的端口是否打开,是否为3306,扫描后发现mysql数据库的端口为3306,并且打开 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f77) ###10.2 域名信息查询,注册商为江苏邦宁科技有限公司 ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f7c) ![](https://leanote.com/api/file/getImage?fileId=597471f4ab644106d5000f87) ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f79) ##11、友盟的ID以及其他信息,主要是微信扫码支付的商户号(唯一的) ![](https://leanote.com/api/file/getImage?fileId=597471f3ab644106d5000f81) ##12、通信过程中文件用AES加密算法,密钥是KEY = "fanweikey0123455" ![](https://leanote.com/api/file/getImage?fileId=597471f4ab644106d5000f89)
立即体验
x