From a4cbf60213660f11ab37726e5fe285c09e01c23b Mon Sep 17 00:00:00 2001
From: wangpengpeng <ppwang06@163.com>
Date: Mon, 23 Jun 2025 15:38:59 +0800
Subject: [PATCH] =?UTF-8?q?[fixed]=20add=20gzip=20python=20=E7=89=88?=
 =?UTF-8?q?=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/gouwudang/gowudang.js  | 83 +++++++++++++++++++++++++++++++++++++
 apps/gouwudang/java_gzip.py | 34 +++++++++++++++
 2 files changed, 117 insertions(+)
 create mode 100644 apps/gouwudang/gowudang.js
 create mode 100644 apps/gouwudang/java_gzip.py

diff --git a/apps/gouwudang/gowudang.js b/apps/gouwudang/gowudang.js
new file mode 100644
index 0000000..c3f6f2f
--- /dev/null
+++ b/apps/gouwudang/gowudang.js
@@ -0,0 +1,83 @@
+
+console.log("frida start into lvzhou ...")
+
+// # frida -U  -f com.gwdang.app -l gowudang.js
+function gowudang() {
+    Java.perform(function other() {
+        // let ParamsInterceptor = Java.use("com.gwdang.core.net.interceptors.ParamsInterceptor");
+        // ParamsInterceptor["allSign"].implementation = function (map) {
+        //     console.log(`ParamsInterceptor.allSign is called: map=${map}`);
+        //     let result = this["allSign"](map);
+        //     console.log(`ParamsInterceptor.allSign result=${result}`);
+        //     return result;
+        // };
+        //
+        let EasyAES = Java.use("com.gwdang.core.util.EasyAES");
+        EasyAES["encrypt"].overload('java.lang.String').implementation = function (str) {
+            console.log(`EasyAES.encrypt is called: str=${str}`);
+            let result = this["encrypt"](str);
+            console.log(`EasyAES.encrypt result=${result}`);
+            return result;
+        };
+
+        let GZIPUtils = Java.use("com.gwdang.core.util.GZIPUtils");
+        GZIPUtils["compress"].implementation = function (str) {
+            console.log(`GZIPUtils.compress is called: str=${str}`);
+            let result = this["compress"](str);
+            console.log(`GZIPUtils.compress result=${result}`);
+            return result;
+        };
+
+        EasyAES["getHash"].overload('java.lang.String', 'java.lang.String').implementation = function (str, str2) {
+            console.log(`EasyAES.getHash is called: str=${str}, str2=${str2}`);
+            let result = this["getHash"](str, str2);
+            console.log(`EasyAES.getHash result=${result}`);
+            return result;
+        };
+
+        let Md5Utils = Java.use("com.gwdang.core.util.Md5Utils");
+        Md5Utils["getVal_UTF8"].implementation = function (str) {
+            // console.log(`Md5Utils.getVal_UTF8 is called: str=${str}`);
+            console.log("传入字符串为:", str)
+            let result = this["getVal_UTF8"](str);
+            console.log(`Md5Utils.getVal_UTF8 result=${result}`);
+            return result;
+        };
+
+        EasyAES["getHash"].overload('java.lang.String', 'java.lang.String').implementation = function (str, str2) {
+            console.log(`EasyAES.getHash is called: str=${str}, str2=${str2}`);
+            let result = this["getHash"](str, str2);
+            console.log(`EasyAES.getHash result=${result}`);
+            return result;
+        };
+    })
+
+}
+
+
+function f() {
+    
+}
+
+function call(){
+    Java.perform(function (){
+        let Md5Utils = Java.use("com.gwdang.core.util.Md5Utils");
+        var str0 = 'zzwrPss0F8B0IVSW_arg=wFasi1pUT5RdREpx1yYvvZSOOrtjnCDzLB2RpSYQ3z3bUau+7SK2d2W/XdiBzZqh6IcjhViE49NKyI6NBn+oUccReCWy8P0+CQVWoqMdPURuRDuzBSZM9Y7DK4mJnoSE66L6uyhqnkvdedDjRJgkkNafa/TROjBQdaus4KzIP6AOW/VHBkMB0A0Chf4a0QRsNSsBx8cMsefW68FpxNsIzpZRyob2oVV6Asey9L3oAPMmMN+NbxWCz7gG6erVWSpYj+uv9HZcuT+DL8LPjcB9PUTXvtYKbfRDRopz8RRTt9D/ZAQi1eiNBFwPC8xr/E3fUDG0Msr7rRX4M1VCr1S6MftS+LubzYchmUsjzpimFjt/m86lsiOP0oqNagtwSj7r2vRRT3hKSMW36bWanaMg/6RAF0xmj9nCBSENJ3ir2PnSq8JAQ0u9a9MF+cz0kuhGPkaHQG2nzBXYA+nyJYh0jMdBk6mv/syRaaUBx+J9E46SWEtVzeqvCPyYmICXoGkA9H8P6IgBvFKqFen3ZcQcvURy7zv2jWAejX2wd/pVWm3rgyIXpaWuThMtFRt+d6lXyU9WoscUdyPxlfR7PtMoR1Tf12FiEWPNvgp5idd4W2inFaM9AXF+wCk3IgxyY+Cgiy4duKrSdSGoIP2B8Tz3R5H+kcxRFvgtfHOoJXIeDcXcew0dmfmyqwk04+Pf+V04Vz2WQ8zQ4c2gN65857bfS1oLKZacfIgjeINFvTYJqNQ2H4tquMaqctTuGN4i9Z+ZTQRjLcU04ENap+l/yeVhXX8WMEzJE+aR4GPBdSLgEHmAYsR6ias/mA5eom+09wx5WoY6dA5hRx/OjRPoJIwewIJc+Ctax4Wf7c8cEYfDOdzjTh5m3Cx8Sp9coc6V76u+_channel=XiaoMiMarket_timestamp=1749542652556_tof=1749539548751app_platform=androidapp_version=25052904device=1080*2029dp_id=70115700013-3p=defaultscene=urluniq-id=456816211911099uniq-id2=67cbaf5df5bdeba9wr=1zzwrPss0F8B0IVSW'
+        let result = Md5Utils["getVal_UTF8"](str0);
+        console.log("res:",result)
+    })
+}
+
+function call1(){
+    Java.perform(function (){
+        let Md5Utils = Java.use("com.gwdang.core.util.EasyAES");
+        var str0 = 'zzwrP'
+        let result = Md5Utils["encrypt"](str0);
+        console.log("res:",result)
+    })
+}
+
+
+setImmediate(function() {
+    setTimeout(gowudang, 5000);
+});
diff --git a/apps/gouwudang/java_gzip.py b/apps/gouwudang/java_gzip.py
new file mode 100644
index 0000000..731a204
--- /dev/null
+++ b/apps/gouwudang/java_gzip.py
@@ -0,0 +1,34 @@
+import zlib
+import struct
+import base64
+
+
+def gzip_compress_exact_match(data):
+    compressor = zlib.compressobj(
+        6,
+        zlib.DEFLATED,
+        -zlib.MAX_WBITS,
+        8,
+        zlib.Z_DEFAULT_STRATEGY
+    )
+    compressed = compressor.compress(data)
+    compressed += compressor.flush(zlib.Z_FINISH)
+
+    header = b'\x1f\x8b'
+    header += b'\x08'
+    header += b'\x00'
+    header += b'\x00\x00\x00\x00'
+    header += b'\x00'
+    header += b'\x00'
+
+    crc32 = zlib.crc32(data) & 0xFFFFFFFF
+    isize = len(data) & 0xFFFFFFFF
+    trailer = struct.pack('<I', crc32)
+    trailer += struct.pack('<I', isize)
+    gzip_data = header + compressed + trailer
+    return base64.b64encode(gzip_data).decode('ascii')
+
+
+if __name__ == '__main__':
+    res = gzip_compress_exact_match("abc".encode())
+    print(res)
\ No newline at end of file