Unidbg + web = unidbg server will teach you how to build a signature server

1, Target

Burst the liver + stay up late, and finally run so with unidbg. You can't put it in the hard disk and get moldy. We have to use it in a generation environment.

The most convenient way is to rent a cloud server and deploy Unidbg to provide cloud signature services for our worker programs.

  • unidbg
  • Unidbg-server

2, Steps

Unidbg-server

You have to be an old java artist to play unidbg. The czapython boss provides a solution for running unidbg with springboot:

https://github.com/cxapython/unidbg-server

git clone and import it into idea

Then, compile, run

ffMac:unidbgweb fenfei$ python3 send.py
{'X-Khronos': '1627183488', 'X-Gorgon': '0401007008006c494547b54e36413a81b1a8118d238f2dffd9b3'}

Run the example provided by the author

I'll go and run smoothly. Now open source bosses are fighting like this? It's out of the box.

Where's Unidbg

We only downloaded the Unidbg server code, not the Unidbg code? Why can you run directly?

The mystery is in POM In XML, the online unidbg module is loaded, so you can run directly.

Add some material

Through the previous study, we are already familiar with Unidbg, so we may maintain a customized modification. In this way, the problem arises. Can we load our locally modified version instead of loading the online Unidbg code?

  • First, compile our customized unidbg into a jar package. Refer to http://91fans.com.cn/post/unidbgone/

  • Create a new libs directory under the root directory of the unidbg server project (the same level as pom.xml directory)

Copy in a pile of jar packages generated by the customized unidbg compilation

  • Modify POM xml
// Delete these two segments without using the unidbg on the line
<dependency>
	<groupId>com.github.zhkl0228</groupId>
    <artifactId>unidbg-api</artifactId>
    <version>0.9.0</version>
</dependency>
<dependency>
	<groupId>com.github.zhkl0228</groupId>
    <artifactId>unidbg-android</artifactId>
    <version>0.9.0</version>
</dependency>

// Add this segment and use the local unidbg
<dependency>
	<groupId>unidbg</groupId>
	<artifactId>unidbg</artifactId>
    <version>0.9.5</version>
    <scope>system</scope>
    <systemPath>${project.basedir}/libs/unidbg-parent.jar</systemPath>
</dependency>
  • Then right click Maven - > reload project in the left project window

  • Recompile. If I made a mistake, I knew it wouldn't go so well.

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instanceiate [com .damei.xhs.xhsshield.controller.Xhs668Controller]: Constructor throws an exception; Nested exception is java.lang.NoSuchFieldError: OSX_ARM64
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:225)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
at org .springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1308)
... 18 more
 Cause: java.lang.NoSuchFieldError: OSX_ARM64
  • Why? I can't think of my sister. Forget it, ask brother Gu.

On the github of Unidbg, a brother raised an issue, which is the same as the problem we encountered. At present, the author still has a solution. But the man said: I didn't have this problem with the previous 0.9.2, but this problem occurred with 0.9.3

Take a closer look at the play of the author of Unidbg server. He uses version 0.9.0 of Unidbg.

Well, the current expedient is to download the 0.9.2 version of Unidbg code and add our custom code. Compile again and run smoothly.

A little slow? One more optimization

The performance bottleneck in the production environment may be the simulator initialization of unidbg. We can only initialize one simulator, and then we only need to call the specified function every time we make a signature.

Create a fenfeicontroller in the controller directory java

public class FenfeiController {
    public static DouyinSign instance;

    static {
        instance = new DouyinSign();
    }

    @RequestMapping(value="dySignEx",method =  {RequestMethod.GET,RequestMethod.POST})
    @ResponseBody
    public String dySign(@RequestParam("url") String url) {
        Map<String,String> result= instance.crack(url);
        String jsonString = JSON.toJSONString(result);

        return jsonString;
    }
}

In this way, the simulator is initialized only once, which makes it feel faster.

However, a new problem is introduced. Simulators are shared, and there will be problems during concurrency. It's not difficult for us to add a lock

public String dySign(@RequestParam("url") String url) {
        synchronized (this) {
            Map<String, String> result = instance.crack(url);
            String jsonString = JSON.toJSONString(result);

            return jsonString;
        }
    }

Perfect finish, fresh beer.

3, Summary

You can use application Properties modify the address and port of the service. At present, the result I use is to change only the port, and keep the ip address 0.0.0.0.

The version matching of open source programs is also very important. When you find that it is incompatible with the latest code, you can study and fallback one or two versions.

Unpacking is the result of the efforts of the big guys. However, we can't just be satisfied with using it out of the box. We still need to understand the general principle. Or you'll be blind with a little customization.

Compile unidbg server into jar package, please refer to http://91fans.com.cn/post/unidbgone/

We were born hesitating

Keywords: security

Added by cyh123 on Fri, 14 Jan 2022 11:40:45 +0200