微信視頻號逆向分析+核心爬蟲代碼

基於微信7.0.12版本，請自尋下載對應微信版本。打開jadx反編譯工具自行比對，主要怕你以爲我騙你。至於這個爬蟲代碼如何運行，請關注我的逆向工作臺hooker項目：https://github.com/CreditTone/radar-frida，打開腦洞好好思考一下。題材過於敏感，這裏不多作介紹。

package gz.wxvideo;

import com.tencent.mm.plugin.finder.cgi.aa;
import com.tencent.mm.plugin.finder.search.FinderMixSearchUI;
import com.tencent.mm.plugin.finder.search.e;
import com.tencent.mm.ui.search.FTSEditTextView;
import java.lang.reflect.Field;


import gz.com.alibaba.fastjson.JSON;

/**
 * 微信視頻號爬蟲，逆向基於微信7.0.12版本
 * 作者:Guozhong
 * 基於逆向工作臺hooker完成逆向分析:https://github.com/CreditTone/radar-frida
 */
public class SearchUIMocker {

    //FinderMixSearchUI是微信視頻號搜索View
    private FinderMixSearchUI finderMixSearchUI;
    //finderMixSearchUI.pFF屬性內部封裝了EditText，就是輸入關鍵詞的那個框框
    private Field finderMixSearchUI_pFF;
    //finderMixSearchUI.pGf=com.tencent.mm.plugin.finder.search.e這個是主要網絡請求發起和回調的類
    private Field finderMixSearchUI_pGf;
    private Field finderMixSearchUI_pFF_FAg;
    //FTSEditTextView.a EditText接收到‘搜索’Action（EditorInfo.IME_ACTION_SEARCH）後會調用這個接口對象的bjl()方法進行搜索，其實最後還是會調用到com.tencent.mm.plugin.finder.search.e.UZ(String str)這個方法
    private Field fTSEditTextView_Fzz;
    //搜索結果LinkedList<FinderObject>的封裝類
    private Field pFMField = null;

    public SearchUIMocker(FinderMixSearchUI finderMixSearchUI) throws Exception {
        this.finderMixSearchUI = finderMixSearchUI;
        finderMixSearchUI_pFF = FinderMixSearchUI.class.getDeclaredField("pFF");
        finderMixSearchUI_pFF.setAccessible(true);
        finderMixSearchUI_pFF_FAg = com.tencent.mm.ui.search.a.class.getDeclaredField("FAg");
        finderMixSearchUI_pFF_FAg.setAccessible(true);
        fTSEditTextView_Fzz = FTSEditTextView.class.getDeclaredField("FzZ");
        fTSEditTextView_Fzz.setAccessible(true);
        finderMixSearchUI_pGf = FinderMixSearchUI.class.getDeclaredField("pGf");
        finderMixSearchUI_pGf.setAccessible(true);
        pFMField = e.class.getDeclaredField("pFM");
        pFMField.setAccessible(true);
    }

    private FTSEditTextView getFTSEditTextView() throws Exception {
        com.tencent.mm.ui.search.a pff = (com.tencent.mm.ui.search.a) finderMixSearchUI_pFF.get(finderMixSearchUI);
        FTSEditTextView fTSEditTextView = (FTSEditTextView) finderMixSearchUI_pFF_FAg.get(pff);
        return fTSEditTextView;
    }

    /**
     * 模擬輸入關鍵詞搜索
     * @param keyword
     * @throws Exception
     */
    public void search(final String keyword) throws Exception {
        finderMixSearchUI.runOnUiThread(new Runnable() {
            @Override
            public void run() {
                try {
                    FTSEditTextView fTSEditTextView = getFTSEditTextView();
                    fTSEditTextView.clearText();
                    fTSEditTextView.getEditText().setText(keyword);
                    fTSEditTextView.eKX();
                    finderMixSearchUI.hideVKB();
                    Thread.sleep(1000);
                    FTSEditTextView.a fzz = (FTSEditTextView.a) fTSEditTextView_Fzz.get(fTSEditTextView);
                    fzz.bjl();
                    //fTSEditTextView.getEditText().performAccessibilityAction(EditorInfo.IME_ACTION_SEARCH, null);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        });
    }

    /**
     * 獲取搜索關鍵詞
     * @return
     * @throws Exception
     */
    public String getSearchText() throws Exception {
        FTSEditTextView fTSEditTextView = getFTSEditTextView();
        return fTSEditTextView.getInEditTextQuery();
    }


    /**
     * 搜索結果，確保完成搜索後調用
     * @return
     * @throws Exception
     */
    public String getResultsJson() throws Exception {
        e searche = (e) finderMixSearchUI_pGf.get(finderMixSearchUI);
        aa pfm = (aa) pFMField.get(searche);
        return JSON.toJSONString(pfm.ppJ.pbk);
    }

}