溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點(diǎn)擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

基于xposed Hook框架實(shí)現(xiàn)個人免簽支付方案

發(fā)布時間:2020-07-11 19:39:19 來源:網(wǎng)絡(luò) 閱讀:604 作者:wx58d3e429755b6 欄目:編程語言

我的個人網(wǎng)站如何實(shí)現(xiàn)支付功能?

  想必很多程序員都有過想開發(fā)一個自己的網(wǎng)站來獲得一些額外的收入,但做這件事會遇到支付這個問題。目前個人網(wǎng)站是無法實(shí)現(xiàn)支付功能的。

  今天我就給大家分享一下我的實(shí)現(xiàn)方案:《基于xposed逆向微信、支付寶、云閃付來實(shí)現(xiàn)個人免簽支付方案》

測試頁面(點(diǎn)我)

  接下來給大家簡單分享一下實(shí)現(xiàn)過程,這個過程其實(shí)是非常復(fù)雜的,關(guān)鍵點(diǎn)在于如何逆向微信支付寶云閃付這些App,找到核心函數(shù)鉤子,然后寫一個hook程序來模擬調(diào)用這些方法,來實(shí)現(xiàn)根據(jù)服務(wù)端傳過來的金額,訂單號自動調(diào)用微信支付寶生成支付二維碼的函數(shù)得到相對應(yīng)的支付二維碼再傳給服務(wù)端,然后監(jiān)聽微信支付寶的支付成功消息最終回調(diào)給服務(wù)端實(shí)現(xiàn)支付成功通知。這里面用到的核心技術(shù)點(diǎn)有:xposed逆向框架、apk反編譯,網(wǎng)絡(luò)抓包,apk動態(tài)調(diào)試等技術(shù)。

  像微信支付寶這些apk反編譯后的代碼基本上都是天書一樣的,嚴(yán)重混淆過的代碼。想從中找到核心代碼并非易事,下面我貼一些核心代碼吧。

hook微信二維碼生成函數(shù)

private void hookQRCreat(final ClassLoader appClassLoader, final Context context) {
            Class<?> clazz = XposedHelpers.findClass("com.tencent.mm.plugin.collect.b.s", appClassLoader);
        XposedBridge.hookAllMethods(clazz, "a", new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param)
                    throws Throwable {
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) {
                try {
                    LogUtils.log("hookQRCreat start:");
                    QrBean qrBean = new QrBean();
                    qrBean.setChannel(QrBean.WECHAT);

                    Field moneyField = XposedHelpers.findField(param.thisObject.getClass(), "kcp");
                    Double money = (Double) moneyField.get(param.thisObject);
                    LogUtils.log("hookQRCreat money:"+money.toString());
                    Field markField = XposedHelpers.findField(param.thisObject.getClass(), "desc");
                    String mark = (String) markField.get(param.thisObject);
                    LogUtils.log("hookQRCreat mark:"+mark);
                    Field payurlField = XposedHelpers.findField(param.thisObject.getClass(), "kco");
                    String payurl = (String) payurlField.get(param.thisObject);
                    LogUtils.log("hookQRCreat payurl:"+payurl);

                    qrBean.setMark_sell(mark);
                    qrBean.setUrl(payurl);

                    LogUtils.log( "com.tencent.mm.plugin.collect.b.s qrBean:"+ JSON.toJSONString(qrBean));
                    Intent broadCastIntent = new Intent();
                    broadCastIntent.putExtra("data", qrBean.toString());
                    broadCastIntent.setAction(HookMain.RECEIVE_QR_WECHAT);
//                broadCastIntent.setComponent( new ComponentName( "com.sjk.tpay" ,
//                        "com.sjk.tpay.ReceiverMain") );
                    context.sendBroadcast(broadCastIntent);
                    LogUtils.log("hookQRCreat end:"+JSON.toJSONString(param));
                }catch (Exception e){
                    LogUtils.log("hookQRCreat exception:"+Log.getStackTraceString(e));
                }
            }
        });
    }

hook支付寶二維碼生成函數(shù)

private void hookQRCreat(final ClassLoader appClassLoader, final Context context) {
        XposedHelpers.findAndHookMethod("com.alipay.mobile.payee.ui.PayeeQRSetMoneyActivity", appClassLoader, "a",
                XposedHelpers.findClass("com.alipay.transferprod.rpc.result.ConsultSetAmountRes", appClassLoader), new XC_MethodHook() {
                    @Override
                    protected void afterHookedMethod(MethodHookParam param) throws Throwable {

                        Field moneyField = XposedHelpers.findField(param.thisObject.getClass(), "g");
                        String money = (String) moneyField.get(param.thisObject);

                        Field markField = XposedHelpers.findField(param.thisObject.getClass(), "c");
                        Object markObject = markField.get(param.thisObject);
                        String mark = (String) XposedHelpers.callMethod(markObject, "getUbbStr");

                        Object consultSetAmountRes = param.args[0];
                        Field consultField = XposedHelpers.findField(consultSetAmountRes.getClass(), "qrCodeUrl");
                        String payurl = (String) consultField.get(consultSetAmountRes);

                        Field consultField2 = XposedHelpers.findField(consultSetAmountRes
                                .getClass(), "printQrCodeUrl");
                        String payurloffline = (String) consultField2.get(consultSetAmountRes);

                        QrBean qrBean = new QrBean();
                        qrBean.setChannel(QrBean.ALIPAY);
                        qrBean.setMark_sell(mark);
                        qrBean.setUrl(payurl);

                        Intent broadCastIntent = new Intent()
                                .putExtra("data", qrBean.toString())
                                .setAction(RECEIVE_QR_ALIPAY);
                        context.sendBroadcast(broadCastIntent);
                    }
                });
    }

hook云閃付二維碼生成函數(shù)

public static void GenQrCode(final String paramString1, final String paramString2, final String bankName, final String bankNo) {
        new Thread(new Runnable() {
            public void run() {
                try {
                    Object obj1 = paramString2;
                    Object obj2 = new BigDecimal(paramString1);
                    obj2 = ((BigDecimal) obj2).setScale(2, RoundingMode.HALF_UP).toPlainString().replace(".", "");
//                    LogUtils.getInstance().saveLog("GenQrCode begin :" + obj1 + obj2);
                    Object obj3 = new StringBuilder();
                    ((StringBuilder) obj3).append("https://pay.95516.com/pay-web/restlet/qr/p2pPay/applyQrCode?txnAmt=");
                    ((StringBuilder) obj3).append(MainHook.Enc((String) obj2));
                    ((StringBuilder) obj3).append("&cityCode=");
                    ((StringBuilder) obj3).append(MainHook.Enc(MainHook.getcityCd()));
                    ((StringBuilder) obj3).append("&comments=");
                    ((StringBuilder) obj3).append(MainHook.Enc((String) obj1));
                    ((StringBuilder) obj3).append("&virtualCardNo=");
//                    ((StringBuilder) obj3).append(MainHook.encvirtualCardNo);
                    CardInfo cardInfo = getEncvirtualCardNo(bankName, bankNo);
                    if (cardInfo == null) {
                        throw new Exception("找不到對應(yīng)的下單卡");
                    }
                    cardInfo.setAccount(ysfAccount);
                    ((StringBuilder) obj3).append(Enc(cardInfo.getVirtualCardNo()));
                    obj1 = ((StringBuilder) obj3).toString();
                    obj2 = HttpHelper.getInstance().getOkHttpClient();
                    obj3 = new okhttp3.Request.Builder();
                    Request.Builder localBuilder = ((Request.Builder) obj3).url((String) obj1).header("X-Tingyun-Id", MainHook.getXTid());
//                    LogUtils.getInstance().saveLog("GenQrCode url:" + obj1);
                    obj3 = new StringBuilder();
                    ((StringBuilder) obj3).append("0;");
                    ((StringBuilder) obj3).append(System.currentTimeMillis());

                    obj3 = ((OkHttpClient) obj2).newCall(localBuilder.header("X-Tingyun-Lib-Type-N-ST", ((StringBuilder) obj3).toString())
                            .header("sid", MainHook.getSid()).header("urid", MainHook.geturid()).header("cityCd", MainHook.getcityCd())
                            .header("locale", "zh-CN").header("User-Agent", "Android CHSP").header("dfpSessionId", MainHook.getDfpSessionId())
                            .header("gray", MainHook.getgray()).header("key_session_id", "").header("Host", "pay.95516.com").build()).execute().body().string();
                    obj1 = MainHook.Dec((String) obj3);
                    obj2 = new StringBuilder();
                    ((StringBuilder) obj2).append("GenQrCode RSP=>");
                    ((StringBuilder) obj2).append((String) obj1);
                    MainHook.mlog(obj2.toString());
                    try {
                        obj2 = new JSONObject((String) obj1);
                        String certificate = ((JSONObject) obj2).getJSONObject("params").getString("certificate");
                        QRInfo qrInfo = new QRInfo(certificate, paramString2);
                        qrInfo.setRemark(JSON.toJSONString(cardInfo));
                        String body = JSON.toJSONString(qrInfo);
                        Intent localIntent = new Intent("websocket.sendmsg");
                        localIntent.putExtra("data", "qr:" + body);
                        MainHook.getContext().sendBroadcast(localIntent);
                    } catch (Exception ex) {
                        LogUtils.getInstance().saveLog("二維碼廣播發(fā)送異常:" + ex.getMessage());
                    }
                    return;
                } catch (Exception ex) {
                    LogUtils.getInstance().saveLog("GenQrCode異常:" + ex.getMessage());
                }
            }
        }).start();
    }

  有問題的朋友可以給我留言或者加我Q×××好友

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI