头条 ocpc sdk 数据上报 gap 问题处理方案
|
apson Li
|
144
|
0
|
游戏 sdk

1301 字
|
19 分钟
本文最后更新于 1035 天前,其中的信息可能已经有所发展或是发生改变。

目前存在头条 sdk 在vivo 手机以及 华为手机上获取不到 oaid 的问题 影响头条数据归因 进而 影响转化模型

当前头条 ocpc sdk 版本:5.3.0

技术处理方案

  1. 根据头条给的处理方案,找到目前sdk中是否有不合规的地方进行修改

不支持在 Docs 外粘贴 block 需要在 smali 代码中加入 oaid 1.0.13 相关资源,以上是资源zip ,需要在母包中动态打入

无法解决 华为的问题,目前调试发现部分 vivo 手机也还是获取不到 oaid 或者 imei

  1. 找到 头条 sdk 中获取 oaid 的接口,hook 这个接口传入买量 sdk 获取到的 oaid
  • 找到头条 sdk 获取oaid 的逻辑
通用的破解思路,先看 log,再动态调试 smali,如果逻辑在 so 中则调试so

简单看代码 在头条的 jar 包下路径为com.bytedance.applog.g2.java 这里有 oaid 相关的log

摘取部分代码如下:


.method public static a(Landroid/content/Context;)Ljava/util/Map;
    .locals 11
    .annotation system Ldalvik/annotation/Signature;
        value = {
            "(",
            "Landroid/content/Context;",
            "Landroid/content/SharedPreferences;",
            ")",
            "Ljava/util/Map<",
            "Ljava/lang/String;",
            "Ljava/lang/String;",
            ">;"
        }
    .end annotation

    invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J

    move-result-wide v0

    sget-object v2, Lcom/bytedance/applog/g2;->b:Lcom/bytedance/applog/c2;

    const/4 v3, 0x1

    new-array v3, v3, [Ljava/lang/Object;

    const/4 v4, 0x0

    aput-object p0, v3, v4

    invoke-virtual {v2, v3}, Lcom/bytedance/applog/c2;->b([Ljava/lang/Object;)Ljava/lang/Object;

    move-result-object p0

    check-cast p0, Lcom/bytedance/applog/p2;

    .line 4
    iget-boolean v2, p0, Lcom/bytedance/applog/p2;->c:Z

    const-string v3, " ms"

    const/4 v5, 0x0

    if-nez v2, :cond_0

    move-object p0, v5

    goto/16 :goto_3

    :cond_0
    invoke-virtual {p0}, Lcom/bytedance/applog/p2;->a()V

    sget-object v2, Lcom/bytedance/applog/p2;->j:Ljava/lang/String;

    new-instance v6, Ljava/lang/StringBuilder;

    invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V

    const-string v7, "Oaid#getOaid timeoutMills="

    invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-wide/16 v7, 0x64

    invoke-virtual {v6, v7, v8}, Ljava/lang/StringBuilder;->append(J)Ljava/lang/StringBuilder;

    invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v6

    invoke-static {v2, v6}, Lcom/bytedance/applog/h2;->a(Ljava/lang/String;Ljava/lang/String;)V

    iget-object v2, p0, Lcom/bytedance/applog/p2;->g:Ljava/util/Map;

    if-nez v2, :cond_2

    invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J

    move-result-wide v9

    :try_start_0
    iget-object v2, p0, Lcom/bytedance/applog/p2;->a:Ljava/util/concurrent/locks/ReentrantLock;

    sget-object v6, Ljava/util/concurrent/TimeUnit;->MILLISECONDS:Ljava/util/concurrent/TimeUnit;

    invoke-virtual {v2, v7, v8, v6}, Ljava/util/concurrent/locks/ReentrantLock;->tryLock(JLjava/util/concurrent/TimeUnit;)Z

    move-result v4

    sget-object v2, Lcom/bytedance/applog/p2;->j:Ljava/lang/String;

    new-instance v6, Ljava/lang/StringBuilder;

    invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V

    const-string v7, "Oaid#getOaid locked="

    invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v6, v4}, Ljava/lang/StringBuilder;->append(Z)Ljava/lang/StringBuilder;

    const-string v7, ", took "

    invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J

    move-result-wide v7

    sub-long/2addr v7, v9

    invoke-virtual {v6, v7, v8}, Ljava/lang/StringBuilder;->append(J)Ljava/lang/StringBuilder;

    invoke-virtual {v6, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v6

    .line 5
    invoke-static {v2, v6, v5}, Lcom/bytedance/applog/h2;->a(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)V
    :try_end_0
    .catch Ljava/lang/InterruptedException; {:try_start_0 .. :try_end_0} :catch_0
    .catchall {:try_start_0 .. :try_end_0} :catchall_0

    if-eqz v4, :cond_2

    goto :goto_0

    :catchall_0
    move-exception v0

    goto :goto_1

    :catch_0
    move-exception v2

    .line 6
    :try_start_1
    invoke-virtual {v2}, Ljava/lang/InterruptedException;->printStackTrace()V
    :try_end_1
    .catchall {:try_start_1 .. :try_end_1} :catchall_0

    if-eqz v4, :cond_2

    :goto_0
    iget-object v2, p0, Lcom/bytedance/applog/p2;->a:Ljava/util/concurrent/locks/ReentrantLock;

    invoke-virtual {v2}, Ljava/util/concurrent/locks/ReentrantLock;->unlock()V

    goto :goto_2

    :goto_1
    if-eqz v4, :cond_1

    iget-object p0, p0, Lcom/bytedance/applog/p2;->a:Ljava/util/concurrent/locks/ReentrantLock;

    invoke-virtual {p0}, Ljava/util/concurrent/locks/ReentrantLock;->unlock()V

    :cond_1
    throw v0

    :cond_2
    :goto_2
    sget-object v2, Lcom/bytedance/applog/p2;->j:Ljava/lang/String;

    const-string v4, "Oaid#getOaid return apiMap="

    invoke-static {v4}, Lcom/bytedance/applog/a;->a(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v4

    iget-object v6, p0, Lcom/bytedance/applog/p2;->g:Ljava/util/Map;

    invoke-virtual {v4, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

    invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v4

    invoke-static {v2, v4}, Lcom/bytedance/applog/h2;->a(Ljava/lang/String;Ljava/lang/String;)V

    iget-object p0, p0, Lcom/bytedance/applog/p2;->g:Ljava/util/Map;

    .line 7
    :goto_3
    new-instance v2, Ljava/lang/StringBuilder;

    invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V

    sget-object v4, Lcom/bytedance/applog/g2;->a:Ljava/lang/String;

    invoke-virtual {v2, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v4, "getOaid takes "

    invoke-virtual {v2, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J

    move-result-wide v6

    sub-long/2addr v6, v0

    invoke-virtual {v2, v6, v7}, Ljava/lang/StringBuilder;->append(J)Ljava/lang/StringBuilder;

    invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v0

    const-string v1, "TrackerDr"

    .line 8
    invoke-static {v1, v0, v5}, Lcom/bytedance/applog/h2;->a(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)V

    return-object p0
.end method
  • 看到有字符串字样里面有 oaid 相关的(201 行 ;172 行),这个 log 是单独打印的不会再 logger 设置的 tag 里面,所以直接全局过滤log
adb shell logcat  | grep Oaid 
或者
adb shell logcat | grep p2# (这里的p2是log 的最终tag)
  • 分析 log 发现在 拿不到 oaid 的设备(最直观的设备比如 模拟器 mumu,联调是没有oaid的)中 打印的 p0 为null,那么分析头条整个逻辑,oaid很明显是string类型他返回null ,那么他肯定有一个静态函数作为辅助函数获取 oaid 具体值(目前只是存在 map 里面)
  • 到这里思路就很清晰,找一下返回值为 string 的函数(思路清晰,代码怎么混淆都能破解,混淆是没意义的)
  • 简单分析之后,看到就在 g2.smali 第126行 有一个返回值为 string 的静态函数
.method public static a(Lorg/json/JSONObject;)Ljava/lang/String;
    .locals 2

    const/4 v0, 0x0

    if-eqz p0, :cond_0

    const-string v1, "id"

    invoke-virtual {p0, v1, v0}, Lorg/json/JSONObject;->optString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

    move-result-object v0

    :cond_0
    return-object v0
.end method
  • 他这个逻辑是传进来一个 JSONOBJECT 对象 ,然后从对象里面获取对应 key 为 “id” 的value到这里我们不能确定这个函数返回的是不是oaid,那么静态调试工具上一下,注入log 打印这个 返回的 v0 ,很好,测试结果没问题,返回的就是 oaid
.method public static a(Lorg/json/JSONObject;)Ljava/lang/String;
 .locals 4#寄存器要 +1
const/4 v0, 0x0

if-eqz p0, :cond_0

const-string v1, "id"

invoke-virtual {p0, v1, v0}, Lorg/json/JSONObject;->optString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

move-result-object v0

#注入代码 打log
const-string v2,"ZKHOOK"
inovke-static {v2,v0}, Lcom/android/util/Log->d(Ljava/lang/String;Ljava/lang/String;)V
#注入代码
:cond_0
return-object v0
.end method
  • 到这里处理方案就很简单了,修改这个函数,固定获取ziwan的 oaid 即可,修改处理如下
.method public static a(Lorg/json/JSONObject;)Ljava/lang/String;
    .locals 2
       #begin 注释掉原有逻辑
       
    #const/4 v0, 0x0

    #if-eqz p0, :cond_0

    #const-string v1, "id"

   # invoke-virtual {p0, v1, v0}, Lorg/json/JSONObject;->optString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

   # move-result-object v0

    #:cond_0
    #end 注释掉原有逻辑
    #获取ziwan的 oaid 静态变量 ,(专门修改了 ziwan sdk代码新增 mediaOaid 这个静态变量)
    sget-object v0, Lcom/ziwan/core/common/bean/DeviceInfo;->mediaOaid:Ljava/lang/String;
   
    return-object v0
.end method

到此为止修改逻辑完成 头条获取的 oaid 将永远从 ziwan sdk 中获取

方案的优劣

  1. 能处理问题的方案就是好方案
  2. 从 技术角度来看,第二个处理方式更加简单,不需要管头条是什么逻辑,为什么头条拿不到我们能拿到,我直接让头条拿的和我们拿的一模一样,强制他获取的 oaid 和我一样,这样还可以专门传自定义的 uniqueid ,在获取不到 imei 也获取不到 oaid的设备,也可以成功归因
  3. 第二个方案也有局限性,就是你头条这样处理了,你其他 sdk 怎么办,也这样处理,那技术成本就会上升(技术看别人代码看的头发都掉了,毕竟大厂 sdk 都有混淆),还有就算你破解了hook好了,万一媒体要你强制更新 sdk ,你就又要看新的(不过 强制更新的情况比较少,回传没问题可能一年才更一次)
  4. 老老实实根据头条的建议修改sdk接入合规,是最好的。
  5. 第二个方案,头条对我们的修改是不可能有任何感知的,因为我们修改的代码他是不可能说审核投放的时候还扫一遍包里每个头条相关函数的 md5。
暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇