安卓QQ5.8协议分析

　

安卓qq

TLV格式及编码

https://blog.csdn.net/defeny/article/details/53144535

/* renamed from: oicq.wlogin_sdk.request.l */

​image.png​

GetStwithPasswd 这个函数比较关键

抓包数据分析

tlv18

​

1

package oicq.wlogin_sdk.p036b;

2

import oicq.wlogin_sdk.tools.C0487util;

3

/* renamed from: oicq.wlogin_sdk.b.bt /

4

public class tlv_t18 extends tlv_t {

5

/ renamed from: h /

6

int f40079h;

7

/ renamed from: i /

8

int f40080i;

9

/ renamed from: j /

10

int f40081j;

11

public tlv_t18() {

12

this.f40079h = 22;

13

this.f40080i = 1;

14

this.f40081j = 1536;

15

this.f40038g = 24;

16

}

17

/ renamed from: a */

18

public byte[] mo14594a(long j, int i, long j2, int i2) {

19

byte[] bArr = new byte[this.f40079h];

20

C0487util.int16_to_buf(bArr, 0, this.f40080i);

21

C0487util.int32_to_buf(bArr, 2, this.f40081j);

22

C0487util.int32_to_buf(bArr, 6, (int) j);

23

C0487util.int32_to_buf(bArr, 10, i);

24

C0487util.int32_to_buf(bArr, 14, (int) j2);

25

C0487util.int16_to_buf(bArr, 18, i2);

26

C0487util.int16_to_buf(bArr, 20, 0);

27

mo14520a(this.f40038g);

28

mo14525b(bArr, this.f40079h);

29

mo14529d();

30

return mo14523a();

31

}

32

}

​

包数据:

0018001600010000060000000010000000000da7879600000000

0018 //类型标识为18，24的16进制 固定

0016 //22的16进制 长度 固定

0001 //1 固定

00000600 //1536的16进制 固定

00000010 //第一个参数

00000000 //第二个参数

0da78796 //第三个参数 qq 229083030 16进制

0000 //第四个参数

0000 //固定值

tlv1

包数据:

0001001400011631295c0da787965cd16264000000000000

0001 // 类型标识，1的16进制 固定

0014 //20的16进制 长度

0001 //1 固定

1631295c //32位随机

0da78796 //第一个参数 qq 229083030 16进制

5cd16264 //当前系统时间

0000 //固定值

00000000//不足补零

tlv106

包数据:

01060070e3a65aac803c00a2709b9bee365e797c911f14379e0a0b7ac9e5d868fb4755a528f05695905b93f34526f335a22db1604a3670d71fec1abf131c695d613e32d607bcb6d62236e5720a64473afb9fd00bf86d18ee9b77e647eca93df498d5fb6257d6ffc9500726198bed8eb1087bbaac

0106 //类型标识为106(10进制262) 固定

0070 //112 长度 求出来的

后面需要解密

加密算法qqtea

key = MD5_ (到字节集 (“@”)) ＋ { 0, 0, 0, 0 } ＋ 十六进制文本到字节集 (“0da78796”))

key = md5(md5(密码) + { 0, 0, 0, 0 } + qq号字节集)

解密前

e3a65aac803c00a2709b9bee365e797c911f14379e0a0b7ac9e5d868fb4755a528f05695905b93f34526f335a22db1604a3670d71fec1abf131c695d613e32d607bcb6d62236e5720a64473afb9fd00bf86d18ee9b77e647eca93df498d5fb6257d6ffc9500726198bed8eb1087bbaac

解密后:

00036937db65000000050000001000000000000000000da787965cd162640000000001518ed29525738cebdac49c49e60ea9d3359ae3d0058e68f5a84e36c062329d0300000000017726d5e6a4a16a00aefeb9eb89cfff6420029f53000000010000

分析解密后数据

0003 //固定值

6937db65 //随机四位

00000005 //固定值 5

00000010 // 16 暂不明白含义 第一个参数 j

00000000 // 暂不明白含义 第三个参数 i

00000000 // 暂不明白含义 第四个参数 j3

//

0da78796 //qq 229083030 16进制

5cd1284e //时间

0000000001 //未知

518ed29525738cebdac49c49e60ea9d3//密码md5

359ae3d0058e68f5a84e36c062329d03// TGTKey 貌似随经过md5后的值 ?

00 00 00 00 01 //

7726d5e6a4a16a00aefeb9eb89cfff64//没有imei就mac地址的md5,E4:58:E7:70:08:2D

20029f53 //APPid 537042771 ,16进制

00000001//未知

0000 //未知

参数log

tlv106 long param0:16

tlv106 long param1:537042771

tlv106 long param3:229083030

tlv106 long param8:0

tlv106 int param2:0

tlv106 int param6:1

tlv106 int param10:1

tlv106 int param12:1

tlv106 bytes param4: 5cd16264

tlv106 bytes param5: 00000000

tlv106 bytes param7: 518ed29525738cebdac49c49e60ea9d3

tlv106 bytes param9: 359ae3d0058e68f5a84e36c062329d03

tlv106 bytes param11: 7726d5e6a4a16a00aefeb9eb89cfff64

tlv100

包数据:010000160001000000050000001020029f5300000000021e10e0

0100 //类型标识为100(10进制256) 固定

0016 //22 固定长度

0001 //固定

00000005 //固定

00000010 //固定

20029f53 //appid 537042771 ,16进

00000000 //固定

021e10e0 //这个参数未知 35524832

tlv107

包数据:01070006000000000001

0107 //类型标识为107(10进制263) 固定

0006 //固定长度

0000 //固定 _pic_type

00 //固定

0000 //固定

01 //

tlv116

包数据:0116000a000001ff7c0001040000

0116 //类型标识为116(10进制278) 固定

000a //求出来的 长度

00

0001ff7c //未知 130940

00010400 //未知 66560

00

tlv145

包数据:014500107726d5e6a4a16a00aefeb9eb89cfff64

0145 //类型标识为145(10进制325) 固定

0010 //长度

7726d5e6a4a16a00aefeb9eb89cfff64 //imei

tlv154

包数据:0154000400013540

0154 //类型标识为145(10进制325) 固定

0004 //长度

00013540 //this._g._sso_seq 不确定,79168

tlv141

包数据:0141000c000100000002000477696669

0141 //类型标识为141(10进制321) 固定

000c //长度

0001 // this._version=1 固定

0000 // request_global._sim_operator_name

0002 //request_global._network_type 2表示WiFi

0004 // 长度

77696669 //wifi 字节集

tlv8

包数据:000800080000000008040000

0008 //类型标识为8

0008 //长度 8 固定

0000 // 0

00000804 // request_global._local_id 2052

0000 //0

tlv147

包数据:0147001d000000100005352e382e300010a6b745bf24a2c277527716f6f36eb68d

0147 //类型标识为147,327

001d //长度 29

00000010 //appid

0005 //后面长度

352e382e30 // request_global._apk_v 5.8.0

0010 //apk_sig

a6b745bf24a2c277527716f6f36eb68d // 经过md5后,getPkgSigFromApkName 固定

tlv177

包数据:0177000e0155a3232e0007352e342e302e37

0177 //类型标识为177,375

000e //长度

01 //

55a3232e//发布时间

0007 // request_global._apk_v 5.8.0

352e342e302e37 //5.4.0.7

tlv187

发包： 018700107726d5e6a4a16a00aefeb9eb89cfff64

0187 //类型标识为187,391

0010 //长度 16

7726d5e6a4a16a00aefeb9eb89cfff64 // E4:58:E7:70:08:2D md5(mac地址)

tlv188

发包： 0188001081ac547f8c712d482cbee108aa1b8b0d

0188 //类型标识为188,392

0010 //长度 16

81ac547f8c712d482cbee108aa1b8b0d // 5bd9580f402f0393 md5(Android_id)

tlv202

发包： 02020023001036889c4071ff20b603cb4eb061f7a444000f22616c69626162612d677565737422

0202 //类型标识为202,514

0023 //长度 35

0010 //长度 16

36889c4071ff20b603cb4eb061f7a444//0a:74:9c:9c:2e:5e md5(bssid_addr)

000f //长度15

22616c69626162612d677565737422 // “alibaba-guest”

tlv109

发包： 01090000

0109 //类型标识为0109,265

0000 //长度0

tlv124

发包： 0124001c0007616e64726f69640005342e342e32000200000000000477696669

0124 //类型标识为0124,292

001c //28

0007 //os_type 长度

616e64726f6964 //android

0005 //os_version 长度

342e342e32 //4.4.2

0002 //_network_type

0000 //_sim_operator_name

0000 //0

0004 //_apn

77696669// wifi字节集

tlv128

发包： 0128002d0000000100010000000007534d2d5433333000107726d5e6a4a16a00aefeb9eb89cfff64000773616d73756e67

0128 //类型标识为0128,296

002d //长度 不固定

0000 //0

00 //request_global._new_install

01 //request_global._read_guid

00 //request_global._guid_chg

01000000 //request_global._dev_report

0007 //长度

534d2d54333330 //SM-T330 型号

0010// 16 长度

7726d5e6a4a16a00aefeb9eb89cfff64//E4:58:E7:70:08:2D md5 (有imei就是imei的值)

0007 //长度

73616d73756e67// 品牌 samsung

tlv16e

发包： 016e0007534d2d54333330

016e //类型标识为016e,366

0007 //长度 不固定

534d2d54333330 //SM-T330 型号

tlv144

发包： 01440070cad87583316ce56b6b1201d82d42acaac024707f3fd776524c5d5c9e889a4433095ddada91099e1a4e514dc91a5e4b4fc6b839ce643fd4753324e079308147800a30f751c574c593957f31a3603dcd782b359acf7b4d5090a8a203592a10beded2d9f0839d489c289bc45ad251ad7cb1

0144 //类型标识为0144,324

0070 //长度 112

此有数据加密 qqtea

key: 359ae3d0058e68f5a84e36c062329d03 TGTKey

解密后:

0004010900000124001c0007616e64726f69640005342e342e320002000000000004776966690128002d0000000100010000000007534d2d5433333000107726d5e6a4a16a00aefeb9eb89cfff64000773616d73756e67016e0007534d2d54333330

分析:

0004 //get_tlv_144四个参数byte[]都有数据

0109 //tlv-109

0000 //0109中的数据

0124 //tlv-124

001c0007616e64726f69640005342e342e32000200000000000477696669//124中的数据

0128 //tlv-128

002d0000000100010000000007534d2d5433333000107726d5e6a4a16a00aefeb9eb89cfff64000773616d73756e67//0128中的数据

016e //tlv-16e

016e0007534d2d54333330//016e中的数据

tlv142

发包： 0142001800000014636f6d2e74656e63656e742e6d6f62696c657171

0142 //类型标识为0142,322

0018 //长度 不固定

0000 // 0

0014//长度 21

636f6d2e74656e63656e742e6d6f62696c657171// com.tencent.mobileqq _apk_id

tlv16b

发包： 016b001c0002000b67616d652e71712e636f6d000b6d61696c2e71712e636f6d

016b //类型标识为016b,363

001c //长度28

0002

000b//长度 11

67616d652e71712e636f6d//game.qq.com

000b//长度 11

6d61696c2e71712e636f6d//mail.qq.com

tlv191

发包： 0191000101

0191 //类型标识为0191,366

0001 //长度1

01 //

登录包

整个登录包数据:

000900130018001600010000060000000010000000000da78796000000000001001400011631295c0da787965cd1626400000000000001060070e3a65aac803c00a2709b9bee365e797c911f14379e0a0b7ac9e5d868fb4755a528f05695905b93f34526f335a22db1604a3670d71fec1abf131c695d613e32d607bcb6d62236e5720a64473afb9fd00bf86d18ee9b77e647eca93df498d5fb6257d6ffc9500726198bed8eb1087bbaac0116000a000001ff7c0001040000010000160001000000050000001020029f5300000000021e10e00107000600000000000101440070cad87583316ce56b6b1201d82d42acaac024707f3fd776524c5d5c9e889a4433095ddada91099e1a4e514dc91a5e4b4fc6b839ce643fd4753324e079308147800a30f751c574c593957f31a3603dcd782b359acf7b4d5090a8a203592a10beded2d9f0839d489c289bc45ad251ad7cb10142001800000014636f6d2e74656e63656e742e6d6f62696c657171014500107726d5e6a4a16a00aefeb9eb89cfff6401540004000135400141000c000100000002000477696669000800080000000008040000016b001c0002000b67616d652e71712e636f6d000b6d61696c2e71712e636f6d0147001d000000100005352e382e300010a6b745bf24a2c277527716f6f36eb68d0177000e0155a3232e0007352e342e302e37018700107726d5e6a4a16a00aefeb9eb89cfff640188001081ac547f8c712d482cbee108aa1b8b0d019100010102020023001036889c4071ff20b603cb4eb061f7a444000f22616c69626162612d677565737422

分析:

0009

0013 //下面tlv个数 19

0018001600010000060000000010000000000da7879600000000//tlv18数据

0001001400011631295c0da787965cd16264000000000000//tlv1数据01060070e3a65aac803c00a2709b9bee365e797c911f14379e0a0b7ac9e5d868fb4755a528f05695905b93f34526f335a22db1604a3670d71fec1abf131c695d613e32d607bcb6d62236e5720a64473afb9fd00bf86d18ee9b77e647eca93df498d5fb6257d6ffc9500726198bed8eb1087bbaac //tlv106数据

0116000a000001ff7c0001040000 //tlv116数据

010000160001000000050000001020029f5300000000021e10e0//tlv100数据

01070006000000000001//tlv107数据

01440070cad87583316ce56b6b1201d82d42acaac024707f3fd776524c5d5c9e889a4433095ddada91099e1a4e514dc91a5e4b4fc6b839ce643fd4753324e079308147800a30f751c574c593957f31a3603dcd782b359acf7b4d5090a8a203592a10beded2d9f0839d489c289bc45ad251ad7cb1//tlv144数据0142001800000014636f6d2e74656e63656e742e6d6f62696c657171//tlv142数据

014500107726d5e6a4a16a00aefeb9eb89cfff64//tlv145数据

0154000400013540//tlv154数据

0141000c000100000002000477696669//tlv141数据

000800080000000008040000 //tlv8数据

016b001c0002000b67616d652e71712e636f6d000b6d61696c2e71712e636f6d //tlv16b数据

0147001d000000100005352e382e300010a6b745bf24a2c277527716f6f36eb68d //tlv147数据0177000e0155a3232e0007352e342e302e37 //tlv177数据

018700107726d5e6a4a16a00aefeb9eb89cfff64 //tlv187数据

0188001081ac547f8c712d482cbee108aa1b8b0d //tlv188数据

0191000101 //tlv191数据

02020023001036889c4071ff20b603cb4eb061f7a444000f22616c69626162612d677565737422///tlv202数据

第一次加密算法

ecdh share_key： 9ab5c43657d67a5a7d7527b810524b4e

接着

ecdh public_key加密

关键请求文件

/* renamed from: oicq.wlogin_sdk.request.u */

public class request_global {

}

接口返回的二进制数据:

000000e70000000802000000000d32323930383330333025740558ee822a66c96cc86b92c8a5ea5c4da5a7471de7cab49f5a548eea123301c7173ea1e47fdfb5379b182dfb59b16c6761eae51ba3d8dc1a646397bd8e12222cc19315e15b13cab425ecad42eced13daa649e551603e46f052379262f50bfa5bb351eccf5a6cba291db21a17a639f7769a5001194159aa45d220f312bba7b5fe1084000bf700ff312cb016b4dd28abf38dd67e97d667eb3e2defde5165678559a2b5cac55db9aa9c024c62a2111ce549133130c6f7cf74b305ed0ba987076c6a8d594e3dbd9a6caf2fb642894548

qqtea解密 是 16个字节0

0000002d0000271000000000000000040000001177746c6f67696e2e6c6f67696e00000008fd438ed700000000000000950200911f41081000010da787960000016397ec798e6985a2dd6be5fd70633d1ac3c59cb54f8a67ced87f87fe6da8e54f0857597268637650b6adb7cb07f75d48a193908373295eaeb93ffc355ecbf5c9e643c74ef66c7078d4d0e5f7d7fe8b65d7caa67a60cab731cebd3059824a257bc6ea4db728aae76d445ad439f7a4b2dfe64129141b64ccbc80ea3d37ca1d9fd503

前面45个字节头

0000002d //长度

00002710 //sso

00000000 //

00000004 //

00000011//长度

77746c6f67696e2e6c6f67696e //wtlogin.login serviceCmd

00000008fd438ed700000000 //未知

body部分:

000000950200911f41081000010da787960000016397ec798e6985a2dd6be5fd70633d1ac3c59cb54f8a67ced87f87fe6da8e54f0857597268637650b6adb7cb07f75d48a193908373295eaeb93ffc355ecbf5c9e643c74ef66c7078d4d0e5f7d7fe8b65d7caa67a60cab731cebd3059824a257bc6ea4db728aae76d445ad439f7a4b2dfe64129141b64ccbc80ea3d37ca1d9fd503

00000095//长度

02 //

0091 //

1f4108100001 //

0da78796 //qq号

0000 //

01 // 密码错误 ret

qq.shareKey解密这李解密(末尾03可有可无)

余下数据解密

C0487util.LOGI(“use ecdh decrypt_body failed”, “”);

00090100020146004200000001000ce799bbe5bd95e5a4b1e8b4a5002ae5b890e58fb7e68896e5af86e7a081e99499e8afafefbc8ce8afb7e9878de696b0e8be93e585a5e3808200000000050800220100000bb8001b020000001020029f53081000000001000000000da7879600000001

000c //长度

e799bbe5bd95e5a4b1e8b4a5 //到小写 (删全部空 (Xbin.Bin2Hex (iconv.AnsiToUtf8 (“登录失败”)))) 会多一个字节

002a//长度

e5b890e58fb7e68896e5af86e7a081e99499e8afafefbc8ce8afb7e9878de696b0e8be93e585a5e3808200

//到小写 (删全部空 (Xbin.Bin2Hex (iconv.AnsiToUtf8 (“帐号或密码错误，请重新输入。”))))

unpack.SetData (bin)

unPack.GetShort ()

unPack.GetByte ()

unPack.GetInt ()

unPack.GetShort ()

type ＝ unPack.GetInt ()

title ＝ iconv.Utf8ToAnsi (unPack.GetBin (unPack.GetShort ()) ＋ { 0 })

message ＝ iconv.Utf8ToAnsi (unPack.GetBin (unPack.GetShort ()) ＋ { 0 })

“登录失败” | “帐号或密码错误，请重新输入。

static String[] f40183x = new String[]{“183.60.18.138”, “112.90.85.191”, “112.90.85.193”, “183.60.18.150”, “120.196.212.233”, “120.204.200.34”, “27.115.124.244”};

/* renamed from: y */

static String[] f40184y = new String[]{“112.90.141.41”, “112.90.141.48”, “113.108.11.157”, “113.108.11.159”, “120.196.212.232”};

receiveMessageFromMSF//从服务端获得数据

​

1

/* renamed from: a /

2

​

3

public int mo14941a(long j, long j2, int i, long j3, int i2, byte[] bArr, byte[] bArr2, int i3, byte[] bArr3, int i4, int i5, int i6, long[] jArr, int i7, long j4, int i8, int i9, int i10, int i11, int i12, byte[] bArr4, WUserSigInfo wUserSigInfo) {

4

tlv_t104 tlv_t104;

5

int i13 = request_global.f40276u;

6

async_context b = request_global.m18574b(this.f40207w.f40289h);

7

b._tgtgt_key = C0487util.get_rand_16byte(request_global.f40281z);

8

byte[] bArr5 = b._tgtgt_key;

9

tlv_t104 tlv_t1042 = b._t104;

10

if (tlv_t1042 == null) {

11

tlv_t104 = new tlv_t104();

12

} else {

13

tlv_t104 = tlv_t1042;

14

}

15

int i14 = 0;

16

while (true) {

17

int i15 = i14;

18

byte[] a = mo14943a(j, j2, i13, j3, i2, bArr, bArr2, i3, bArr3, bArr5, i4, i5, i6, jArr, i7, j4, i13, i9, i10, i11, i12, bArr4, tlv_t104.mo14526b(), request_global.f40239C, wUserSigInfo._domains);

19

mo14874a(this.f40192h, this.f40203s, this.f40193i, j3, this.f40196l, this.f40197m, i13, this.f40199o, a);

20

i14 = mo14866a(String.valueOf(this.f40207w.f40287f), false, wUserSigInfo);

21

if (i14 != 0) {

22

return i14;

23

}

24

int b2 = mo14887b();

25

C0487util.LOGI(“retry num:” + i15 + " ret:" + b2, “” + j3);

26

if (b2 != 180) {

27

return b2;

28

}

29

i14 = i15 + 1;

30

if (i15 >= 1) {

31

return b2;

32

}

33

}

34

}

35

​

36

public class async_context {

37

/ renamed from: _G */

38

public byte[] f40211_G = new byte[16];

39

public long _appid = 0;

40

DevlockInfo _devlock_info = new DevlockInfo();

41

public byte[] _dpwd = new byte[16];

42

boolean _isSmslogin = false;

43

ErrMsg _last_err_msg = new ErrMsg();

44

public int _last_flowid = 0;

45

public int _login_bitmap = 0;

46

public int _main_sigmap = 0;

47

String _mpasswd = “”;

48

long _msalt = 0;

49

public long _sappid = 0;

50

public boolean _sec_guid_flag = false;

51

String _smslogin_msg = “”;

52

int _smslogin_msgcnt = 0;

53

int _smslogin_timelimit = 0;

54

public long _sub_appid = 0;

55

public long[] _sub_appid_list = new long[0];

56

public tlv_t104 _t104 = new tlv_t104();

57

public tlv_t105 _t105 = new tlv_t105();

58

public tlv_t126 _t126 = new tlv_t126();

59

public tlv_t165 _t165 = new tlv_t165();

60

public tlv_t174 _t174 = new tlv_t174();

61

public tlv_t17b _t17b = new tlv_t17b();

62

public tlv_t402 _t402 = new tlv_t402();

63

public tlv_t403 _t403 = new tlv_t403();

64

public byte[] _tgtgt_key = new byte[16];

65

public byte[] _tmp_no_pic_sig = new byte[0];

66

public byte[] _tmp_pwd = new byte[16];

67

public int _tmp_pwd_type = 0;

68

}

​

/* renamed from: oicq.wlogin_sdk.request.l */

public class request_TGTGT extends oicq_request {

}

GetStWithPasswd(this.mUserAccount, this.mDwAppid, this.mDwMainSigMap, this.mDwSubDstAppid, this.mDwSubAppidList, this.mPwdMd5, this.mUserPasswd, this.mUserSigInfo, this.mST, this.mIsSmslogin, 1);

public static int m13676a(WUserSigInfo wUserSigInfo, String str, String str2, byte[] bArr, int i, boolean z, WtloginMsfListener wtloginMsfListener) {

   ToServiceMsg toServiceMsg;

   Msfcommand msfCommand;

   C0261k c0261k;

   if (QLog.iscolorLevel()) {

       QLog.m16165d(f29919a, 2, "SendData uin:" + str + " serviceCmd:" + str2 + " timeout:" + i + " isWTSendSelf:" + z + " wUserSigInfo:" + HexUtil.bytes2HexStr(wUserSigInfo._reserveData));

   }

   if (z) {

       toServiceMsg = new ToServiceMsg("", str, str2);

       toServiceMsg.setAppId(WTLoginCenter.f29911d.getMsfAppid());

       toServiceMsg.setRequestSsoSeq(MsfCore.getNextSeq());

       toServiceMsg.settimeout((long) i);

       MsfSdkUtils.addToMsgProcessName(Msfconstants.ProcessNameAll, toServiceMsg);

       msfCommand = MsfCommand.wt_other;

       toServiceMsg.setMsfCommand(msfCommand);

       WtProviderImpl.m13683a(toServiceMsg);

       WtProviderImpl.m13677a(WTLoginCenter.f29911d, toServiceMsg);

       c0261k = (C0261k) f29920b.get(integer.valueOf(toServiceMsg.getRequestSsoSeq()));

       c0261k.f29927c = wtloginMsfListener;

   } else {

       int c = WtProviderImpl.m13689c(wUserSigInfo);

       c0261k = (C0261k) f29920b.get(Integer.valueOf(c));

       if (c0261k == null) {

           QLog.m16167e(f29919a, 1, "can not find Wtloginwrapper sendData for " + c);

           return -1;

       }

       c0261k.f29927c = wtloginMsfListener;

       toServiceMsg = c0261k.f29928d;

       if (toServiceMsg.getMsfCommand() == MsfCommand.wt_name2uin && str2.equals(BaseConstants.CMD_WT_LOGIN_AUTH)) {

           c0261k.f29929e.getAccountCenter().mo8360a(toServiceMsg.getUin(), str);

       }

       msfCommand = toServiceMsg.getMsfCommand();

       if (!(msfCommand == MsfCommand.wt_CheckSMSVerifyLoginAccount || msfCommand == MsfCommand.wt_RefreshSMSVerifyLoginCode || msfCommand == MsfCommand.wt_VerifySMSVerifyLoginCode)) {

           if (str2.equals(BaseConstants.CMD_WT_LOGIN_AUTH)) {

               msfCommand = MsfCommand.wt_loginAuth;

           } else if (str2.equals(BaseConstants.CMD_WT_LOGIN_NAME2UIN)) {

               msfCommand = MsfCommand.wt_name2uin;

           }

       }

   }

   int length = bArr.length + 4;

   ByteBuffer allocate = ByteBuffer.allocate(length);

   allocate.order(ByteOrder.BIG_ENDIAN);

   allocate.putInt(length);

   allocate.put(bArr);

   toServiceMsg.setUin(str);

   toServiceMsg.setServiceCmd(str2);

   toServiceMsg.setMsfCommand(msfCommand);

   toServiceMsg.putWupBuffer(allocate.array());

   return c0261k.f29929e.sendSsoMsg(toServiceMsg);

this.f29929e = msfCore;

}

public int sendSsoMsg(ToServiceMsg toServiceMsg) {

   if (toServiceMsg == null) {

       return -1;

   }

   this.sender.mo8821b(toServiceMsg);

   try {

       if (BaseConstants.CMD_MSG_PBSENDMSG.equals(toServiceMsg.getServiceCmd())) {

           WeakNetworkStat.m14394b(this, toServiceMsg);

       } else if (BaseConstants.CMD_REGPRXYSVC_INFOLOGIN.equals(toServiceMsg.getServiceCmd())) {

           WeakNetworkStat.m14387a(this, toServiceMsg);

       }

   } catch (throwable th) {

       th.printstacktrace();

   }

   return toServiceMsg.getRequestSsoSeq();

}

public int mo8821b(com.tencent.qphone.base.remote.ToServiceMsg r15) {

   /*

   r14 = this;

end

 public byte[] _tgtgt_key = new byte[16];

public byte[] _tmp_no_pic_sig = new byte[0];

public byte[] _tmp_pwd = new byte[16];

public int _tmp_pwd_type = 0;

未完待续

相关阅读

微信通讯录备份在哪里？安卓手机的备份方法介绍

由于科技的发展，只能手机也在不断的更新换代，一个品牌每年都会推出好几款机型，所以用户在使用这些科技产品的时候更新换代的速度也是

【干货】iOS和安卓商店ASO怎么做？看完这5000字就够了！

什么是ASO？Aso原意是app在iOS端的优化，后来慢慢演变成了app在iOS、安卓的各个渠道的 优化。在iOS端，因为苹果的App Store霸占了绝大

干货贴：如何设置灵活可配置的安卓升级机制？

安卓App升级机制该如何设计才能灵活可配置？作者对此分享了几点看法，一起来学习下。为什么要做“非传统的”升级提示框如果是经常用

优化安卓APP网络流量

优化安卓APP网络流量 套餐虽然优惠，流量还是很贵，对用户而言网络流量就是钱呐！用户习惯打开系统自带 APP 流量统计功能（如下），从 APP 的

安卓App存在“应用克隆”风险，行业如何应对？

“洪水来临的时候没有一滴雨滴是无辜的。”1电影《看不见的客人》让我们领略了，一个细节的不留神，整个故事会有另外一幅面貌。男主