通过买单吧 app 进行校园卡提额时需要填写家长的手机号等信息,而填写 166 号段手机号会提示手机号格式有误(下图).
怀疑是验证手机号的正则表达式没有考虑到 166 号段的情况.
写一个 xposed 模块拦截买单吧 app 的 webview 资源加载:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| @Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.bankcomm.maidanba")) {
return;
}
XposedHelpers.findAndHookMethod(WebViewClient.class, "shouldInterceptRequest", WebView.class, WebResourceRequest.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
WebResourceRequest request = (WebResourceRequest) param.args[1];
XposedBridge.log(request.getUrl().toString());
super.beforeHookedMethod(param);
}
});
|
查看 xposed log,发现有如下几条资源加载 log:
1
2
3
4
5
6
7
| 11-20 16:23:28.604 I/Xposed (26381): https://creditcardapp.bankcomm.com/cbwsFfwbCrliWeb/mobile/resource/css/pui.bankcomm.min.css?v=2019101822
11-20 16:23:28.605 I/Xposed (26381): https://creditcardapp.bankcomm.com/cbwsFfwbCrliWeb/mobile/resource/css/schoolraiselimit/schoolCard.css?v=2019101822
11-20 16:23:28.605 I/Xposed (26381): https://creditcardapp.bankcomm.com/cbwsFfwbCrliWeb/mobile/resource/js/schoolraiselimit/jquery-2.2.4.min.js?v=2019101822
11-20 16:23:28.608 I/Xposed (26381): https://creditcardapp.bankcomm.com/cbwsFfwbCrliWeb/mobile/resource/js/schoolraiselimit/schoolCard.js?v=2019101822
11-20 16:23:29.103 I/Xposed (26381): https://track.bankcomm.com:8443/nctrack/js/nctrack10.js
11-20 16:23:29.107 I/Xposed (26381): https://creditcard.bankcomm.com/tdsdk/js/td-h5-hybrid-sdk-event.js
11-20 16:23:29.527 I/Xposed (26381): https://creditcardapp.bankcomm.com/favicon.ico
|
其中,schoolCard.js 比较可疑,查看下源码(截取部分):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
$(".next-btn").on("click", function(e){
var _this = $(this);
if(_this.hasClass("disabled")){
return false;
}
else if (pcccValid.formSubmit(e, pcccValid.nullval)){
if(pcccValid.validForm()){
var parentName = $("#parentName").val();
var parentCertNo = $("#parentCertNo").val();
var parentPhoneNumber = $("#parentPhoneNumber").val();
$.ajax({
type: 'post',
url: base+'/member/adjust/limit/schoolResult.json',
data:{"cardNo":cardNo,"parentName":parentName,"parentCertNo":parentCertNo,"parentPhoneNumber":parentPhoneNumber},
dataType: 'json',
success: function(result){
if (result.code=="0") {
$("#creditPop").show();
}else{
window.location.href = base+"/member/adjust/limit/parent/raise/failureJump.html?code="+result.code+"&cdaRsnCode="+result.CdaRsnCode;
}
}
});
}
}
});
|
应该是判断输入是否合法的函数,注释掉这一行.后用 xposed 模块拦截此 js,替换成注释后的源码:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| ```java
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.bankcomm.maidanba")) {
return;
}
XposedHelpers.findAndHookMethod(WebViewClient.class, "shouldInterceptRequest", WebView.class, WebResourceRequest.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
WebResourceRequest request = (WebResourceRequest) param.args[1];
XposedBridge.log(request.getUrl().toString());
if (request.getUrl().toString().contains("schoolCard.js")) {
param.setResult(replacePage());
XposedBridge.log("replace ok");
}
super.beforeHookedMethod(param);
}
});
|
1
2
3
4
5
| private WebResourceResponse replacePage() {
InputStream inputStream = new ByteArrayInputStream(CONTENT.getBytes());
return new WebResourceResponse("", "utf-8", inputStream);
}
|
重启手机,重新提交提额申请,成功.
家长的 166 手机号收到短信后,成功提额.
其他
我在这篇文章编写前数次致电交行客服,说明无法验证手机号的情况.而客服给到的回复却是”无法验证 166 号段少是正常的,建议我换一个手机号验证”.这就很有趣了,明明是自身的问题,却让用户自行想办法解决.这就是所谓的解决不了问题,就解决提出问题的人吗?
更新
额度下来了,1k…emmm.