某宝APP接口抓包与X-sign教程,2025最新x-mini-wua纯算6.3

【更新时间:2025年08月11日 解决接口风控问题】

最近有在做某宝相关的业务研究,避免不了需要抓包抓接口分析数据,对于这类APP抓包需要安卓手机和抓包软件,我推荐使用:

Packet Capture(无root抓包): https://wwa.lanzoui.com/ik6SLttn0ef(蓝奏云)安卓手机(root + Android5.1版本左右)本人使用:小米4 android5.1(二手不到100)

Packet Capture使用:

下载安装证书

选择APP,监听抓包

抓取到我们想要的API接口和参数后,需要通过参数生成xsign值 ,获取xsign值有2种方法

1.一种是通过Xposed框架 Hook App关键函数,生成模块,在模块内搭建客户端,Springboot搭建服务端用于接收用户请求的参数数据,模块客户端接收到服务端传来的数据,通过CallMethod函数获取xsign,并返回给用户。缺点是需建立在模拟器上,资源消耗较大,多线程承受能力弱,容易受网络波动。

@Override

public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {

if (lpparam.packageName.contains("com.taobao.")) {

XposedHelpers.findAndHookMethod("mtopsdk.security.InnerSignImpl", lpparam.classLoader, "getUnifiedSign", new Object[]{HashMap.class, HashMap.class, String.class, String.class, Boolean.TYPE, new XC_MethodHook() {

@Override

protected void afterHookedMethod(MethodHookParam param) throws Throwable {

synchronized (this) {

AliHook.obj[0] = param.thisObject;

if (!AliHook.aBoolean) {

aBoolean =true;

start( UUID.randomUUID().toString());

}

}

}

@Override

protected void beforeHookedMethod(MethodHookParam param) throws Throwable {

HashMap hashMap = (HashMap) param.args[0];

for (String key : hashMap.keySet()) {

XposedBridge.log("[Map] " + key + " " + hashMap.get(key));

}

XposedBridge.log("[AppKey] " + param.args[2]);

XposedBridge.log("[AuthCode] " + param.args[3]);

XposedBridge.log("[boolean] " + param.args[4]);

}

}});

}

2.暴力扣出APP的生成Xsign的SO文件

int __stdcall xsign(const char* srcData, char* dest, uint32_t *dest_len)

{

if (dest == NULL || srcData == NULL || dest_len == NULL) {

return 1;

}

if (*dest_len < 60) {

return 2;

}

const char* white_iv = "6zi8tey4328TcUh1";

int srcSize = strlen(srcData);

const char * secret = "f2438a7500e0d6ac7535327b67b67b8e";

const char * prefix = "ab20380090";

vector out;

vector base64;

vector data;

vector encryptData;

uint8_t buffer[EVP_MAX_MD_SIZE];

unsigned int size = out.size();

size = data.size();

//string hashStr = byteToHexStr(data);

//print_bytes(&indexTable[0], 163438);

std::string temp(reinterpret_cast(&indexTable), sizeof(indexTable));

printf("strIndexTable = %s", temp);

data.resize(EVP_MAX_MD_SIZE);

HMAC(EVP_sha1(), secret, strlen(secret), (const unsigned char*)srcData, srcSize, &data.front(), &size);

data.resize(size);

string hashStr = byteToHexStr(data);

printf("hashStr = %s", hashStr);

hashStr += '&';

hashStr += secret;

data.assign(hashStr.begin(), hashStr.end());

encrypt(data, &encryptData, (uint8_t*)white_iv);

base64Encode(&encryptData.front(), encryptData.size(), &base64);

out.resize(EVP_MAX_MD_SIZE);

size = out.size();

HMAC(EVP_sha1(), secret, strlen(secret), &base64.front(), base64.size(), &out.front(), &size);

out.resize(size);

string str = byteToHexStr(out);

//vector outBase64;

//base64Encode(&out.front(), out.size(), &outBase64);

//string str;

//str.assign(outBase64.begin(), outBase64.end());

*dest_len = strlen(prefix);

memcpy(dest, prefix, *dest_len);

memcpy(dest + *dest_len, str.data(), str.size());

*dest_len += str.size();

dest[*dest_len] = 0;

return 0;

}

int main(int argc, char *argv[])

{

uint32_t len = 64;

char buf[64];

xsign(argv[1], buf, &len);

//cookie(argv[1], argv[2], argv[3], buf, len);

cout << buf;

return 0;

}

以易语言为例:

1.将C++代码生成DLL提供给易语言使用 优点:不依赖网络 直接调用 支持多线程

抓包工作抓包数据:

api:mtop.relationrecommend.wirelessrecommend.recommend

v:2.0

data:{"appId":"14658","params":"{\"area\":\"shouye_classifier\",\"type\":\"all\",\"industry_id\":\"\",\"catmap_version\":\"3.0\",\"sversion\":\"\"}"}

具体易语言代码

.版本 2

.支持库 dp1

.支持库 spec

xpv = “6.2”

t = 时间_取现行时间戳 (真)

xuid = 文本_取出中间文本 (cookie, “unb=”, “;”, , )

sid = 文本_取出中间文本 (cookie, “cookie2=”, “;”, , )

.如果真 (xuid = “”)

xuid = “0”

.如果真结束

.如果真 (sid = “”)

sid = “0”

.如果真结束

deviceId = 文本_取随机字符 (44)

utdid = 文本_取随机字符 (24)

appKey = “21646297”

lat = “39.916295”

lng = “116.410344”

ttid = “00407@taobaolive_android_1.8.23”

features = “27”

xsign拼接数据 = utdid + “&” + xuid + “&&” + appKey + “&” + 取数据摘要 (到字节集 (编码_gb2312到utf8 (data))) + “&” + t + “&” + api + “&” + v + “&” + sid + “&” + ttid + “&” + deviceId + “&” + lat + “&” + lng + “&” + features

.如果真 (xpv = “6.2”)

xsign拼接数据 = xsign拼接数据 + “&&&&&&&”

.如果真结束

buflen = 64

xsign (xsign拼接数据, buf, buflen)

xsign = 到文本 (buf)

调试输出 (xsign)

http.Auto ()

.如果 (method = 1)

http.Open (“POST”, “http://guide-acs.m.taobao.com/gw/” + api + “/” + v)

.否则

http.Open (“GET”, “http://guide-acs.m.taobao.com/gw/” + api + “/” + v + “/?data=” + 编码_URL编码 (data, 真, 真))

.如果结束

http.SetRequestHeader (“user-agent”, “MTOPSDK%2F3.0.4.7+%28Android%3B5.1.1%3Bxiaomi%3Bmi+pad%29”)

http.SetRequestHeader (“x-appkey”, appKey, )

http.SetRequestHeader (“x-t”, t, )

http.SetRequestHeader (“x-pv”, xpv, )

http.SetRequestHeader (“x-sign”, xsign, )

http.SetRequestHeader (“x-features”, features, )

http.SetRequestHeader (“x-location”, lng + “%2C” + lat, )

http.SetRequestHeader (“x-ttid”, ttid, )

http.SetRequestHeader (“x-utdid”, utdid, )

http.SetRequestHeader (“x-devid”, deviceId, )

http.SetRequestHeader (“x-uid”, xuid, )

http.SetRequestHeader (“x-sid”, sid, )

.如果真 (cookie ≠ “”)

http.SetCookie (cookie)

.如果真结束

.如果 (method = 1)

http.Send (“data=” + data)

.否则

http.Send ()

.如果结束

返回文本 = http.GetResponseTextU2A ()

返回 (返回文本)

本文章仅限参考研究,若违规可联系QQ:205468941 删除

本文章仅限参考研究,若违规可联系QQ:205468941 删除

本文章仅限参考研究,若违规可联系QQ:205468941 删除

生菜如何选购(教你几招挑选新鲜的生菜)
汽车溜坡现象究竟是由什么因素导致的