绕过建行生活设备账号数量限制

绕过建行生活设备账号数量限制

一个设备只能登录2个账号,如果再尝试登录新账号,会提示环境异常。

使用com.variable.apkhook_1.9.8.apk hook后,dFingerprint参数并没有变化。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
POST /clp_service/txCtrl?txcode=A3341U001 HTTP/2
Host: yunbusiness.ccb.com
Appversion: 2.1.6.001
Devicetype: Android
Zipversion: 1.0
Accept: application/json
Mbc_user_info: TUJDQ0IvKi8vKi8wMDAwMDAwMDAwMDAwMC8qLy8qL0FuZHJvaWQvKi8xMC8qL1hpYW9taSBNMjAwMko5RS8qLzEwODAqMjIwMS8qLzAyOjAwOjAwOjAwOjAwOjAwLyovLyovLyovMC8qLzAvKi8wLyovZ2NqMDI=
Deviceid: 8b8d6c402f705fe8
Mbskey_info: 
Nsdsid: a5fe3b30-c9a0-3b59-8703-d023f7725e08
Mbc-User-Agent: MBCLOUDCCB/Android/Android 10/2.16/2.00/8b8d6c402f705fe8/Decrypt-UTF8/1080*2201/
Clientinfo: {"osType":"Android","osVersion":"Android10","deviceId":"8b8d6c402f705fe8","deviceModel":"M2002J9E","appVersion":"2.1.6.001","resourseBundleVersion":"1.0","mac":"E0:CC:F8:F1:0B:86","dFingerprint":"a5fe3b30-c9a0-3b59-8703-d023f7725e08","gpsCityCode":"","cityCode":"110000"}
Token: 
Content-Type: application/json; charset=utf-8
Content-Length: 1120
Accept-Encoding: gzip, deflate
User-Agent: okhttp/3.10.0

3AJi7uWoJHeEDKdbd2MjhJ1GfbsUnY%2BkgH%2Fdd1ILNKdC3sfi2d4eNZmkcQiQbysWHl%2BpdeY%2BWJ3QIliDONlADtuTTwmpqa7HegLEc32YyX%2BX0NhMHjkIc4TBYyiEGOgRucL%2B9kyTq%2F35dbiSyNY2CQ3%2BB6dR7bn0xHqAgHDqyvSwycecv3Tdc5KlA2A5j8I34V5yWpJ9GBaO0B4xdnNo%2BOsKTsEZ5%2Bp8%2Fk0cc96jssLYWzmnCITMTH0g%2BLV9zKF66VAgsWarkZahgyn7xEwseB5ot512tHDij0GieJX0NWTaqhcHcw%2BvWRe1Ts16yvkCL05u0WLWePe3VukauzeINKRLFL%2B0XjY7vk3lVxMEdtqxJE8ocv88DMTl%2BLR4DbxAUmNruDKzMaSxFi2WdrZzPt7%2F95nteYMmbq%2FlVzVXN3QgAgxBjBzuPr0%2F2ydo%2FN56H0KI%2BcksXYkgZVAULECAI1X%2FOHd7AzPIUXz6suKWMSNSLssrW%2BqdT2OcdpZHx%2BT%2B8jUnMKOmAG4rhoA6y37yM%2FunY6nTjOxft16jaBTIJAWnz3LeeCQaYHyt5KBD3LbHVeJ8klmC1cexb1n6iy9G%2BV5I4QmYLNeXraagnw1eqhKJlgJ%2F9DlR5jzMfsJfMKB290%2B5tXlR026LwcMeEehP67EGWR2QbbI0bJbiBIjJogpJ8sHdtLzwNKANHIVcvbVsbu1Xxpk65T68M537CPQSoO6%2FZHvO617EAWwdqFjBrgQe3DQK8vV0eqXKoA6h6%2F56W%2BXk9kNHpY8mlZnUWw2VoCvJ%2FETMuTQdnCYiyI0a7LMoiZwDM42ZG0C1hIWABwmpc55mCloTR2A9JW%2BOLubnUpSWOPpD7tiVxb%2Frm%2BS%2FPaABM9E4biu%2B15RBTPQ7dctgVFshFMIT1lcSWoa4PwUlFsplymtIP6Wjp%2BES%2BfIfxIkQodfqMPZ5gjtXqEIw9iAwnNox7zPDq6Tjg4365ONSyVaOKF5775%2FzWv4lyUWIyNKpDz5eggLJm%2FtXTU5ScriQGuTowG9aEII%3D
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
HTTP/2 487 
Date: Mon, 24 Jun 2024 02:10:11 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 160
Server: nginx
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Protocol: 0
X-Frame-Options: DENY
Reqflowno: 1051000491719195011613390
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,clientInfo,functionId,mbc_user_info,skey,mbskey,applet_info,encryType

{"data":"","reqFlowNo":"1051000491719195011613390","errCode":"YBLA3341E05S","errMsg":"当前登录环境存在异常,该手机号不允许在本设备登录"}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
POST /clp_service/txCtrl?txcode=A3341U001 HTTP/2
Host: yunbusiness.ccb.com
Appversion: 2.1.6.001
Devicetype: Android
Zipversion: 1.0
Accept: application/json
Mbc_user_info: TUJDQ0IvKi8vKi84NjcwMzU5MjQ3MDQzNDcvKi8vKi9BbmRyb2lkLyovNC40dy8qL0xlbm92byBMZW5vdm8gTDc4MDUxLyovMTA4MCoyMjAxLyovMDA6MTk6RDI6MjU6Mzk6QjUvKi8vKi8vKi8wLyovMC8qLzAvKi9nY2owMg==
Deviceid: r2ya998xze08u95
Mbskey_info: 
Nsdsid: a5fe3b30-c9a0-3b59-8703-d023f7725e08
Mbc-User-Agent: MBCLOUDCCB/Android/Android 4.4w/2.16/2.00/r2ya998xze08u95/Decrypt-UTF8/1080*2201/
Clientinfo: {"osType":"Android","osVersion":"Android4.4w","deviceId":"r2ya998xze08u95","deviceModel":"Lenovo L78051","appVersion":"2.1.6.001","resourseBundleVersion":"1.0","mac":"30:30:3A:31:39:3A:44:32:3A:32:35:3A:33:39:3A:42:35","dFingerprint":"a5fe3b30-c9a0-3b59-8703-d023f7725e08","gpsCityCode":"","cityCode":"110000"}
Token: 
Content-Type: application/json; charset=utf-8
Content-Length: 1154
Accept-Encoding: gzip, deflate
User-Agent: okhttp/3.10.0

3AJi7uWoJHeEDKdbd2MjhJ1GfbsUnY%2BkgH%2Fdd1ILNKdC3sfi2d4eNZmkcQiQbysWHl%2BpdeY%2BWJ3QIliDONlADtuTTwmpqa7H2v8JRlnHEZCU0KdQ8uogpGxldc3uc2AtsD4kTvLKsdSOARBgbXa8wFaWkuTVOxwnc9z8nL3W3PGWGtXxtzB6XiksmpC195rLgEw%2FhCxJ1Qi4loNI9DS7%2FTMLOpKYyMtTuP2lybAyYgbxg6n73D2vMM5WvBxFTB7mPetW%2BYAZrGDBJBvHg3RHfqApUJJqQ5eHe4v%2BVb3QiUFu2lqBMIZ%2FMUHs9IwNAV1%2BlvrNhD0U%2FGAwPTbzRNX42KtYtX%2BARfpoM%2Fschb07gMoF555yvpvxUHnxHxn%2FHXiTCnrYHg9fnWGKN4mDd9JIGTR6nxd%2FeR0N2IEtbv9jlX1Gsg%2BB62f7kIvm51aPegBbB23wUEmxTh4YA0qOnVgFNw8W7vd374ul66gASW1W7fQVIwZW%2BqncotB%2BTNXiMxl5zDTSqYfZgRuT6%2FQxdXtlc125SQa0RvoMkqMTaYI9r98%2B7rNbJ4j7Q1wYfBadr5IsAmiCYGGLoie0Vt8TZCWyTQm69vR%2BvpSa0idVpPJ5J%2Frz1E54gicgJVif6bOEJNbUpaMnEPBiNpoS%2F9kSmfbjghhdQmvrc%2FlojWkwcckxWRdBFx3NZoHcfr3cUeJF2yvRER1faoN4BUc68CkrnVFXpC0tLsVc71CIDIZ4F4Qimzo4lRwuOuk1GexITgNY90UUfkvgiINzfGlZA4zrytnMQ4LAnVV2RkV2Z%2FbyB0AZpoSCNyH%2BM89cTqC0N5kCjk1ynohOUjJaYQ8YEiY2A32rEbgBzmO91i9IS5F0xBUnusR91Q5wMq%2FmCpXj813yfMXuhA67gnn1cqXkdMZOOXc9jpKv%2B7qM%2FmbRsk6ZQDIZQ0QbdbWQbExZdzCvktjtuKdPw4V%2BJ9A4uGfufrQ5bPbIbaVysd8am1k%2BehqnulHc192f0swWoav2AtqzTviTLCxnyQO81siy5iQ%2Bo9UINSmN8GqW4i21H4vgv9y7%2FlgQ2aHZRdwm5scn2dasDEvrbEqq
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
HTTP/2 487 
Date: Mon, 24 Jun 2024 02:12:16 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 123
Server: nginx
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Oracle-Dms-Rid: 0
X-Content-Type-Options: nosniff
X-Oracle-Dms-Ecid: 635fb5ed-bca4-4aeb-b00a-020e0487ebf2-000528f5
Protocol: 0
X-Xss-Protection: 1; mode=block
X-Frame-Options: DENY
Reqflowno: 1051000621719195136802910
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,clientInfo,functionId,mbc_user_info,skey,mbskey,applet_info,encryType

{"data":"","reqFlowNo":"1051000621719195136802910","errCode":"YBLA0042EW12","errMsg":"登录失败,请致电95533核实"}

反编译

com.ccb.cloudmerchant.utils.PhoneUtils.getMfpClientInfo() 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
public static String getMfpClientInfo() {
    CcbApplication ccbApplication0 = CcbApplication.getInstance();
    JSONObject jSONObject0 = new JSONObject();
    try {
        jSONObject0.put("osType", PhoneUtils.getOsType());
        jSONObject0.put("osVersion", PhoneUtils.getOsVersion());
        jSONObject0.put("deviceId", PhoneUtils.getId());
        jSONObject0.put("deviceModel", PhoneUtils.getSystemModel());
        jSONObject0.put("appVersion", "2.1.0.002");
        jSONObject0.put("resourseBundleVersion", SPUtils.get("cloud_merchant_app_version", "1.0"));
        jSONObject0.put("mac", NetWorkUtils.getMac(ccbApplication0));
        jSONObject0.put("dFingerprint", PhoneUtils.getRiskUDID());
        jSONObject0.put("gpsCityCode", SPUtils.get("city_code", ""));
    }
    catch(Exception exception0) {
        exception0.printStackTrace();
    }

    return jSONObject0.toString();
}

com.ccb.cloudmerchant.utils.PhoneUtils.getRiskUDID()

1
2
3
4
public static String getRiskUDID() {
    String s = EsafeProbeOffline.getInstance().getRiskResult().optString("udid");
    return s.isEmpty() ? "" : s;
}

dFingerprint生成

高版本Android并不能正常生成这个值,所以实际可能是空字符串,于是修改Android版本,hook获取dFingerprint的方法,使其返回空字符串。

findAndHookMethod("com.ccb.cloudmerchant.utils.PhoneUtils", classLoader, "getOsVersion", new XC_MethodHook() {
    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
        param.setResult("Android12");
    }
});

findAndHookMethod("com.ccb.cloudmerchant.utils.PhoneUtils", classLoader, "getRiskUDID", new XC_MethodHook() {
     @Override
     protected void afterHookedMethod(MethodHookParam param) throws Throwable {
         super.afterHookedMethod(param);
         param.setResult("");
     }
 });