DWQA QuestionsCategory: DatabaseUsing the burpsuite app, the data with unknown code appears
RUSSIAVK asked 1 month ago

I randomly input an account on my mobile phone and log in to catch the following request: what code is the post data???

`POST /resolve HTTP/1.1
host:httpdns.immomo.com
Accept: /
User-Agent:MomoChat/8.22.4 Android/5485 (unknown; Android 9; Gapps 1; zh_TW; 1; unknown)
Content-Length: 552
Content-Type: application/x-www-form-urlencoded
Connection: close
mzip=suJjy%2Bm5DUIusR7ZLs7a8yLbgalrHtw%2FBSHxDmMQyKB%2Fepgdqf5v5tXTHZmCowQsNwybsor%2F38Wedj%2FmD1ORsQtSCD1ahc%2FR3zLwoeCLBaJGbu2HZqOu3WxXt5DWk6NKdMkmWOZJN1s5zI4gcrijIpmh4Yb9BS4ZZsQQpzum5yDEeeJvZEaCvb2AR4w5QyF3tZhTaR1dbdcZX%2B1WqiXPuzgAcn04vY4Qh4YWsAq9W8kwRwSCgoKTKPaHfZ27VPhCaXGvLkGt%2BbKx%2FoLivuGkoshGcovofMoCxjTx4dzh72O0vXZGivc%2FaqOEnSdBKybz0S28mI2whx6nIsB57j2W0Q%3D%3D&msc=cCCqlFdp6LL7zIdN2Izc4uFGBwjDtpRiW9si2pZ2gM1Y5rxZPrhyI2e0llieVMcuXAfmp7Hbxhs94dwr0j60jh2Yr0Fc15dvlfza5eyYniMXSlxm91HH3uQn35Gb0KAtHhhpbBQZ4DzbraPr3O7brKj7QSBjT6xXMcAJtKHuz7o%3D`

I decompile through classes-dex2jar and search “mzip” globally to find the file “d” efaultMMFileUploader.java ”The source code is as follows, can you help us analyze it

`package com.cosmos.mmfile;
import android.text.TextUtils;
import j.aa.a;
import j.ab;
import j.ac;
import j.ad;
import j.e;
import j.v;
import j.w;
import j.w.a;
import j.x;
import j.x.a;
import java.io.File;
import java.util.concurrent.TimeUnit;
import org.json.JSONObject;
public class DefaultMMFileUploader
implements IMMFileUploader
{
private static final int TIMEOUT_READ = 5;
private static final int TIMEOUT_WRITE = 15;
private static final x client = new x.a().c(15L, TimeUnit.SECONDS).b(5L, TimeUnit.SECONDS).a();
private String appId;
private String deviceId;
public DefaultMMFileUploader(String paramString1, String paramString2)
{

this.appId = paramString2;
this.deviceId = paramString1;

}
private boolean uploadLogFile(File paramFile)

throws Exception

{

boolean bool2 = TextUtils.isEmpty(this.deviceId);
boolean bool1 = false;
if (!bool2)
{
  if (TextUtils.isEmpty(this.appId))
    return false;
  Object localObject1 = new JSONObject();
  ((JSONObject)localObject1).put("deviceId", this.deviceId);
  ((JSONObject)localObject1).put("appId", this.appId);
  ((JSONObject)localObject1).put("timestamp", System.currentTimeMillis());
  Object localObject2 = ENCUtils.random(16);
  String str = Base64.encode(ENCUtils.RSAEncode(((String)localObject2).getBytes()));
  localObject1 = ENCUtils.getInstance().encrypt(((JSONObject)localObject1).toString(), (String)localObject2);
  localObject2 = new w.a("---------------------------7da2137580612");
  ((w.a)localObject2).a(w.e);
  v localv = v.b("application/octet-stream");
  paramFile = ((w.a)localObject2).a("msc", str).a("mzip", (String)localObject1).a("logFile", paramFile.getName(), ab.create(localv, paramFile)).a();
  paramFile = new aa.a().a("https://cosmos-api.immomo.com/v2/log/client/upload").a(paramFile).d();
  paramFile = client.a(paramFile).b();
  if (paramFile.d())
  {
    if (new JSONObject(new String(paramFile.h().bytes(), "UTF-8")).optInt("ec", -1) == 0)
      bool1 = true;
    return bool1;
  }
  return false;
}
return false;

}
public boolean upload(String paramString)
{

try
{
  boolean bool = uploadLogFile(new File(paramString));
  return bool;
}
catch (Exception paramString)
{
  paramString.printStackTrace();
}
return false;

}
}
`

2 Answers
Then go hiking answered 1 month ago

In terms of format, it is the result of Base64 and URLEncode for byte stream.
As for the byte stream itself is obviously encrypted or compressed data, if you do not know the decryption or decompression algorithm, then there is no way.

[for supplement]
From the RSA algorithm and Base64, we can see from the class name. Then you want to solve the problem is impossible, this is asymmetric encryption, public key encryption can only be decrypted with the private key, the private key is stored on the server.

lysS answered 1 month ago

It seems that it is not a common code, but it should be encrypted by its own algorithm; it is impossible to break it. Generally, we encounter this kind of APP decompiler to see how to do it