Sekiro + Xposed signature solution

Posted by m4rw3r on Mon, 07 Mar 2022 19:28:12 +0100

1, Target

Previously introduced Public network ip update scheme of android real machine signature However, many friends left a message saying that there is no public ip in their ADSL, so they can't play.

To solve this problem, another solution is to use frp intranet penetration, but it is not very stable in the actual use process.

sekiro, which we will introduce today, is an Android Private API exposure framework based on long links and code injection.

The workflow is as follows:

  • The client establishes a long connection with the server through TCP
  • user sends http request to server
  • The server forwards the request to the client through TCP according to the parameters of the http request sent by the user
  • The client receives the request and responds to the server
  • The server returns the request received from the client to the user

2, Steps

Install the server first

git clone

Execute the compile command in the current directory:/ gradlew sekiro-server:bootJar

It can be found in sekiro server / build / LIBS / sekiro server-0.0.1-snapshot Jar find the jar package of all in one

Use the command Java - jar sekiro-server-0.0.1-snapshot Jar to start the server

Tip: under Linux, the following commands can be used to execute in the background

nohup java -jar sekiro-server-0.0.1-SNAPSHOT.jar >/dev/null 2>&1 &

. description

The server side is in sekiro server / SRC / main / resources / application Three server ports can be configured in properties, and the three ports need to be opened at the entrance and exit of the main server security policy

#Port occupied by tomcat
#Port occupied by long link service
# Port occupied by asynchronous http
# Port occupied by websocket

Call selfclient.selfclient if necessary Start (string serverhost, int serverport, final string ClientID, string group)

App part

In app build Gradle adds dependency implementation 'com virjar:sekiro-api:1.0.1’

import java.util.UUID;
import com.virjar.sekiro.api.SekiroClient;
import com.virjar.sekiro.api.SekiroRequest;
import com.virjar.sekiro.api.SekiroRequestHandler;
import com.virjar.sekiro.api.SekiroResponse;

// connect sekiro
//Server host
String testHost = "";
//Client ID
String clientId = "googleEx"
//Interface group name
String groupName = "myTestApp";
//Exposed interface name
String actionName = "getsign";
//Take the classloader
// ClassLoader clzLoaderNet = loadPackageParam.classLoader;
//Connect to the server and register the handler for processing
SekiroClient.start(testHost, clientId, groupName)
.registerHandler(actionName, new SekiroRequestHandler(){
		public void handleRequest(SekiroRequest sekiroRequest, SekiroResponse sekiroResponse){
    // sekiroResponse.success(" now:"+System.currentTimeMillis()+ " your param1:" + sekiroRequest.getString("param1"));

    //When the server assigns a task, the logic is processed here and the result is returned to the server, which then returns it to the caller
    Class<?> clz = XposedHelpers.findClass("com.example.administrator.adddemo.MainActivity", loadPackageParam.classLoader);
	    int arg1  = sekiroRequest.getInt("arg1");
		int arg2  = sekiroRequest.getInt("arg2");
	    Log.i(TAG, String.format("arg1 : %d, arg2 : %d", arg1, arg2));
		Object result = XposedHelpers.callStaticMethod(clz, "Add", arg1, arg2);
    Log.i(TAG, "result : " + result);

// end

TIP: More than one file was found with OS independent path

//build. Add wrong path to android {} in gradle
packagingOptions {
    exclude 'META-INF/INDEX.LIST'
    exclude ('META-INF/')

Try to see if it's normal Display all groups registered in the current system

{"status":0,"message":null,"data":["myTestApp"],"clientId":null,"ok":true} Show which mobile phones have been registered under a specific group.


Call getsign interface of myTestApp interface group. Parameters param1 and get/post are supported

{"clientId":"googleEx","data":" now:1618384502944 your param1:testparam1","ok":true,"status":0}

3, Summary

For higher-order applications of Sekiro, please refer to the introduction in the author's github. Basically, 1-2 mobile phones can handle the work. Just get a public network ip by yourself. If the scale goes up, scheduling and load balancing are needed, Sekiro will be of great use.

When we were young, we all imagined that we were superheroes with masks. Who ever thought that when we grew up, we would become passers-by when monsters appeared.

TIP: the only purpose of this article is to learn more reverse skills and ideas. If someone uses this technology to carry out illegal business and obtain benefits, the legal responsibility is borne by the operator, which has nothing to do with this article and the author. The code projects involved in this article can be taken by the friends of Fenfei, Welcome to join the knowledge planet to learn and explore technology. If you have any questions, you can add me wx: fenfei331 to discuss them.

WeChat official account: flair safety, latest technology dry cargo push in real time

Topics: security