[color=]在此拜谢大佬
[color=]报错信息
[Java] 纯文本查看 复制代码[13:40:43 876] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:412) - handleInterrupt intno=2, NR=-130528, svcNumber=0x119, PC=unidbg@0xfffe0224, LR=RX@0x400ba150[libfekit.so]0xba150, syscall=null
java.lang.UnsupportedOperationException: com/tencent/mobileqq/sign/QQSecuritySign$SignResult->()V
at com.github.unidbg.linux.android.dvm.AbstractJni.newObjectV(AbstractJni.java:803)
at com.github.unidbg.linux.android.dvm.AbstractJni.newObjectV(AbstractJni.java:758)
at com.github.unidbg.linux.android.dvm.DvmMethod.newObjectV(DvmMethod.java:214)
at com.github.unidbg.linux.android.dvm.DalvikVM64$26.handle(DalvikVM64.java:420)
at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:121)
at com.github.unidbg.arm.backend.Unicorn2Backend$11.hook(Unicorn2Backend.java:352)
at com.github.unidbg.arm.backend.unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:109)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Unicorn.java:312)
at com.github.unidbg.arm.backend.Unicorn2Backend.emu_start(Unicorn2Backend.java:389)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378)
at com.github.unidbg.thread.Function64.run(Function64.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:175)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:99)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341)
at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethodObject(DvmObject.java:93)
at com.mobileqq.Dandelion.getSign(Dandelion.java:96)
at com.mobileqq.Dandelion.main(Dandelion.java:69)
[13:40:43 876] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:417) - emulate RX@0x40096f1c[libfekit.so]0x96f1c exception sp=unidbg@0xbfffebc0, msg=com/tencent/mobileqq/sign/QQSecuritySign$SignResult->()V, offset=0ms @ Runnable|Function64 address=0x40096f1c, arguments=[unidbg@0xfffe1640[libjnigraphics.so]0x640, 2027775614, 282821294, 1344199921, 2025269734, 1800031768, 667447085]
[color=]在java代码中找到QQSecurit
ySign类
[Java] 纯文本查看 复制代码package com.tencent.mobileqq.sign;
import android.text.TextUtils;
import com.tencent.mobileqq.p3122fe.EventCallback;
import com.tencent.mobileqq.qfix.redirect.IPatchRedirector;
import com.tencent.mobileqq.qsec.qsecurity.QSec;
/* compiled from: P */
/* loaded from: classes2.dex */
public class QQSecuritySign {
static IPatchRedirector $redirector_ = null;
private static final String TAG = "QQSecuritySDK";
private static QQSecuritySign sInstance;
private String mExtra;
/* compiled from: P */
/* loaded from: classes2.dex */
public static class SignResult {
static IPatchRedirector $redirector_;
public byte[] extra;
public byte[] sign;
public byte[] token;
public SignResult() {
IPatchRedirector iPatchRedirector = $redirector_;
if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 1)) {
return;
}
iPatchRedirector.redirect((short) 1, (Object) this);
}
}
QQSecuritySign() {
IPatchRedirector iPatchRedirector = $redirector_;
if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 1)) {
return;
}
iPatchRedirector.redirect((short) 1, (Object) this);
}
public static synchronized QQSecuritySign getInstance() {
QQSecuritySign qQSecuritySign;
synchronized (QQSecuritySign.class) {
if (sInstance == null) {
sInstance = new QQSecuritySign();
}
qQSecuritySign = sInstance;
}
return qQSecuritySign;
}
private native SignResult getSign(QSec qSec, String str, String str2, byte[] bArr, byte[] bArr2, String str3);
public native void dispatchEvent(String str, String str2, EventCallback eventCallback);
public native void dispatchEventPB(String str, String str2, byte[] bArr, EventCallback eventCallback);
public SignResult getSign(QSec qSec, String str, byte[] bArr, byte[] bArr2, String str2) {
IPatchRedirector iPatchRedirector = $redirector_;
if (iPatchRedirector != null && iPatchRedirector.hasPatch((short) 10)) {
return (SignResult) iPatchRedirector.redirect((short) 10, this, qSec, str, bArr, bArr2, str2);
}
if (bArr != null && bArr.length > 0) {
if (TextUtils.isEmpty(str)) {
return new SignResult();
}
if (TextUtils.isEmpty(this.mExtra)) {
this.mExtra = "";
}
return getSign(qSec, this.mExtra, str, bArr, bArr2, str2);
}
return new SignResult();
}
public void init(String str) {
IPatchRedirector iPatchRedirector = $redirector_;
if (iPatchRedirector == null || !iPatchRedirector.hasPatch((short) 2)) {
this.mExtra = str;
} else {
iPatchRedirector.redirect((short) 2, (Object) this, (Object) str);
}
}
public native void initSafeMode(boolean z);
public native void notifyCamera(String str, String str2, String str3, String str4, String str5, String str6, EventCallback eventCallback);
public native void notifyFaceDetect(String str, String str2, String str3, EventCallback eventCallback);
public native void requestToken();
public native void safeUiReport(String str, String str2, String str3, EventCallback eventCallback);
}
[color=]IPatchRedirector类
[Java] 纯文本查看 复制代码package com.tencent.mobileqq.qfix.redirect;
import androidx.annotation.Keep;
@Keep
/* loaded from: classes.dex */
public interface IPatchRedirector {
boolean hasPatch(short s);
Object redirect(short s);
Object redirect(short s, Object obj);
Object redirect(short s, Object obj, int i2);
Object redirect(short s, Object obj, int i2, Object obj2);
Object redirect(short s, Object obj, long j2);
Object redirect(short s, Object obj, Object obj2);
Object redirect(short s, Object obj, Object obj2, int i2);
Object redirect(short s, Object obj, Object obj2, Object obj3);
Object redirect(short s, Object obj, Object obj2, Object obj3, Object obj4);
Object redirect(short s, Object obj, boolean z);
Object redirect(short s, Object... objArr);
}
[color=]这是我补的环境代码
[Java] 纯文本查看 复制代码@Override
public DvmObject newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
switch (signature) {
case "com/tencent/mobileqq/sign/QQSecuritySign$SignResult->()V": {
return vm.resolveClass("com/tencent/mobileqq/sign/QQSecuritySign$SignResult").newObject(null);
}
}
throw new UnsupportedOperationException(signature);
}
[color=]继续报错
[Java] 纯文本查看 复制代码[13:43:48 042] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:412) - handleInterrupt intno=2, NR=-130528, svcNumber=0x119, PC=unidbg@0xfffe0224, LR=RX@0x400ba150[libfekit.so]0xba150, syscall=null
java.lang.UnsupportedOperationException: java/lang/String->([BLjava/lang/String;)V
at com.mobileqq.Dandelion.newObjectV(Dandelion.java:116)
at com.github.unidbg.linux.android.dvm.AbstractJni.newObjectV(AbstractJni.java:758)
at com.github.unidbg.linux.android.dvm.DvmMethod.newObjectV(DvmMethod.java:214)
at com.github.unidbg.linux.android.dvm.DalvikVM64$26.handle(DalvikVM64.java:420)
at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:121)
at com.github.unidbg.arm.backend.Unicorn2Backend$11.hook(Unicorn2Backend.java:352)
at com.github.unidbg.arm.backend.unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:109)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Unicorn.java:312)
at com.github.unidbg.arm.backend.Unicorn2Backend.emu_start(Unicorn2Backend.java:389)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378)
at com.github.unidbg.thread.Function64.run(Function64.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:175)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:99)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341)
at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.LinuxModule.callFunction(LinuxModule.java:262)
at com.github.unidbg.linux.LinuxSymbol.call(LinuxSymbol.java:27)
at com.github.unidbg.linux.android.dvm.DalvikModule.callJNI_OnLoad(DalvikModule.java:33)
at com.mobileqq.Dandelion.(Dandelion.java:48)
at com.mobileqq.Dandelion.main(Dandelion.java:62)
[13:43:48 042] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:417) - emulate RX@0x4006bd2c[libfekit.so]0x6bd2c exception sp=unidbg@0xbfffe800, msg=java/lang/String->([BLjava/lang/String;)V, offset=78ms @ Runnable|Function64 address=0x4006bd2c, arguments=[unidbg@0xfffe0080, null]
Exception in thread "main" java.lang.IllegalStateException: Illegal JNI version: 0xffffffff
at com.github.unidbg.linux.android.dvm.BaseVM.checkVersion(BaseVM.java:228)
at com.github.unidbg.linux.android.dvm.DalvikModule.callJNI_OnLoad(DalvikModule.java:39)
at com.mobileqq.Dandelion.(Dandelion.java:48)
at com.mobileqq.Dandelion.main(Dandelion.java:62)
[color=]继续补环境
[Java] 纯文本查看 复制代码@Override
public DvmObject newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
switch (signature) {
case "com/tencent/mobileqq/sign/QQSecuritySign$SignResult->()V": {
return vm.resolveClass("com/tencent/mobileqq/sign/QQSecuritySign$SignResult").newObject(null);
}
case "java/lang/String->([BLjava/lang/String;)V": {
ByteArray array = vaList.getObjectArg(0);
assert array != null;
StringObject charsetName = vaList.getObjectArg(1);
assert charsetName != null;
try {
return new StringObject(vm, new String(array.getValue(), charsetName.getValue()));
} catch (UnsupportedEncodingException e) {
throw new IllegalStateException(e);
}
}
}
throw new UnsupportedOperationException(signature);
}
[color=]还是报错
[Java] 纯文本查看 复制代码[13:44:55 099] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:412) - handleInterrupt intno=2, NR=-128400, svcNumber=0x19e, PC=unidbg@0xfffe0a74, LR=RX@0x40097b00[libfekit.so]0x97b00, syscall=null
java.lang.NullPointerException
at java.base/java.util.Objects.requireNonNull(Objects.java:233)
at com.github.unidbg.linux.android.dvm.DalvikVM64$159.handle(DalvikVM64.java:2610)
at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:121)
at com.github.unidbg.arm.backend.Unicorn2Backend$11.hook(Unicorn2Backend.java:352)
at com.github.unidbg.arm.backend.unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:109)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Unicorn.java:312)
at com.github.unidbg.arm.backend.Unicorn2Backend.emu_start(Unicorn2Backend.java:389)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378)
at com.github.unidbg.thread.Function64.run(Function64.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:175)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:99)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341)
at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethodObject(DvmObject.java:93)
at com.mobileqq.Dandelion.getSign(Dandelion.java:96)
at com.mobileqq.Dandelion.main(Dandelion.java:69)
[13:44:55 099] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:417) - emulate RX@0x40096f1c[libfekit.so]0x96f1c exception sp=unidbg@0xbfffece0, msg=java.lang.NullPointerException, offset=0ms @ Runnable|Function64 address=0x40096f1c, arguments=[unidbg@0xfffe1640[libjnigraphics.so]0x640, 2027775614, 282821294, 1344199921, 2025269734, 1800031768, 667447085]
