可输入字符与QQ自带表情的映射关系

——tim.apk简单逆向

因为防撤回的一个需求: 屏幕上读取到的QQ表情, 存下来是一些无法显示的乱码,
比如 /呲牙 对应的是 0x1400.
因此我的防撤回在找上下文的时候, 如果遇到QQ表情就会GG.
曾经想用 判断是否是相似list 来纠正这些小不同, 结果写出来很麻烦, 性能不好,
于是尝试从tim.apk里寻找映射关系

开始逆向

首先 apktool d tim.apk 能够解出这个 apk 的资源文件和 smali 代码

我想要寻找的是表情图片与文字的对应关系, 所以我得先找到这个图片(的名字), 然后再搜哪些文件里出现过这些名字的

我一个个资源文件翻过去, 最后在 res/drawable-hdpi-v4 里发现了这些表情 命名为 f000.gif - f185.gif

mac自带的搜索功能很强大, 能索引并查找文件里面的内容. 当然 丢进 idea 里它也会帮你建立索引.
搜索 f000 发现有一条 name与资源id的值 id为 0x7f020100
再搜索 0x7f020100 ,很快就能找到与之有关的代码了, 在 Lcom/tencent/mobileqq/text/EmotcationConstants.smali

阅读这个smali 发现他在把一群 Unicode 存到一个数组里, 而这一群 Unicode 正是 {“呲牙”,”眨眼睛”,”流汗”,…}
同时我在这个smali里看到了一个静态常量, 值为 ‘\u0014’, 恰巧之前把表情转成hex的时候发现头上都会包含一个0x14

所以我猜测 0x14 后面跟的数字和这个数组索引有很大的关联, 拿一个验证, 发现正是如此

附上映射表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
public static String prefix = "\u0014";

public static String[] strings = {
            "/\u5472\u7259",
            "/\u8c03\u76ae",
            "/\u6d41\u6c57",
            "/\u5077\u7b11",
            "/\u518d\u89c1",
            "/\u6572\u6253",
            "/\u64e6\u6c57",
            "/\u732a\u5934",
            "/\u73ab\u7470",
            "/\u6d41\u6cea",
            "/\u5927\u54ed",
            "/\u5618...",
            "/\u9177",
            "/\u6293\u72c2",
            "/\u59d4\u5c48",
            "/\u4fbf\u4fbf",
            "/\u70b8\u5f39",
            "/\u83dc\u5200",
            "/\u53ef\u7231",
            "/\u8272",
            "/\u5bb3\u7f9e",
            "/\u5f97\u610f",
            "/\u5410",
            "/\u5fae\u7b11",
            "/\u53d1\u6012",
            "/\u5c34\u5c2c",
            "/\u60ca\u6050",
            "/\u51b7\u6c57",
            "/\u7231\u5fc3",
            "/\u793a\u7231",
            "/\u767d\u773c",
            "/\u50b2\u6162",
            "/\u96be\u8fc7",
            "/\u60ca\u8bb6",
            "/\u7591\u95ee",
            "/\u7761",
            "/\u4eb2\u4eb2",
            "/\u61a8\u7b11",
            "/\u7231\u60c5",
            "/\u8870",
            "/\u6487\u5634",
            "/\u9634\u9669",
            "/\u594b\u6597",
            "/\u53d1\u5446",
            "/\u53f3\u54fc\u54fc",
            "/\u62e5\u62b1",
            "/\u574f\u7b11",
            "/\u98de\u543b",
            "/\u9119\u89c6",
            "/\u6655",
            "/\u60a0\u95f2",
            "/\u53ef\u601c",
            "/\u8d5e",
            "/\u8e29",
            "/\u63e1\u624b",
            "/\u80dc\u5229",
            "/\u62b1\u62f3",
            "/\u51cb\u8c22",
            "/\u996d",
            "/\u86cb\u7cd5",
            "/\u897f\u74dc",
            "/\u5564\u9152",
            "/\u74e2\u866b",
            "/\u52fe\u5f15",
            "/OK",
            "/\u7231\u4f60",
            "/\u5496\u5561",
            "/\u94b1",
            "/\u6708\u4eae",
            "/\u7f8e\u5973",
            "/\u5200",
            "/\u53d1\u6296",
            "/\u5dee\u52b2",
            "/\u62f3\u5934",
            "/\u5fc3\u788e",
            "/\u592a\u9633",
            "/\u793c\u7269",
            "/\u8db3\u7403",
            "/\u9ab7\u9ac5",
            "/\u6325\u624b",
            "/\u95ea\u7535",
            "/\u9965\u997f",
            "/\u56f0",
            "/\u5492\u9a82",
            "/\u6298\u78e8",
            "/\u62a0\u9f3b",
            "/\u9f13\u638c",
            "/\u7cd7\u5927\u4e86",
            "/\u5de6\u54fc\u54fc",
            "/\u54c8\u6b20",
            "/\u5feb\u54ed\u4e86",
            "/\u5413",
            "/\u7bee\u7403",
            "/\u4e52\u4e53",
            "/NO",
            "/\u8df3\u8df3",
            "/\u6004\u706b",
            "/\u8f6c\u5708",
            "/\u78d5\u5934",
            "/\u56de\u5934",
            "/\u8df3\u7ef3",
            "/\u6fc0\u52a8",
            "/\u8857\u821e",
            "/\u732e\u543b",
            "/\u5de6\u592a\u6781",
            "/\u53f3\u592a\u6781",
            "/\u95ed\u5634",
            "/\u62db\u8d22\u8fdb\u5b9d",
            "/\u53cc\u559c",
            "/\u97ad\u70ae",
            "/\u706f\u7b3c",
            "/\u53d1\u8d22",
            "/K\u6b4c",
            "/\u8d2d\u7269",
            "/\u90ae\u4ef6",
            "/\u5e05",
            "/\u559d\u5f69",
            "/\u7948\u7977",
            "/\u7206\u7b4b",
            "/\u68d2\u68d2\u7cd6",
            "/\u559d\u5976",
            "/\u4e0b\u9762",
            "/\u9999\u8549",
            "/\u98de\u673a",
            "/\u5f00\u8f66",
            "/\u9ad8\u94c1\u5de6\u8f66\u5934",
            "/\u8f66\u53a2",
            "/\u9ad8\u94c1\u53f3\u8f66\u5934",
            "/\u591a\u4e91",
            "/\u4e0b\u96e8",
            "/\u949e\u7968",
            "/\u718a\u732b",
            "/\u706f\u6ce1",
            "/\u98ce\u8f66",
            "/\u95f9\u949f",
            "/\u6253\u4f1e",
            "/\u5f69\u7403",
            "/\u94bb\u6212",
            "/\u6c99\u53d1",
            "/\u7eb8\u5dfe",
            "/\u836f",
            "/\u624b\u67aa",
            "/\u9752\u86d9",
            "/\u4e0d\u5f00\u5fc3",
            "/\u554a",
            "/\u60f6\u6050",
            "/\u51b7\u6f20",
            "/\u5443",
            "/\u597d\u68d2",
            "/\u62dc\u6258",
            "/\u70b9\u8d5e",
            "/\u65e0\u804a",
            "/\u6258\u8138",
            "/\u5403",
            "/\u9001\u82b1",
            "/\u5bb3\u6015",
            "/\u82b1\u75f4",
            "/\u5c0f\u6837\u513f",
            "/\u8138\u7ea2",
            "/\u98d9\u6cea",
            "/\u6211\u4e0d\u770b",
            "/\u6258\u816e",
            "/\u54c7\u54e6",
            "/\u8336",
            "/\u7728\u773c\u775b",
            "/\u6cea\u5954",
            "/\u65e0\u5948",
            "/\u5356\u840c",
            "/\u5c0f\u7ea0\u7ed3",
            "/\u55b7\u8840",
            "/\u659c\u773c\u7b11",
            "/doge",
            "/\u60ca\u559c",
            "/\u9a9a\u6270",
            "/\u7b11\u54ed",
            "/\u6211\u6700\u7f8e",
            "/\u6cb3\u87f9",
            "/\u7f8a\u9a7c",
            "/\u6817\u5b50",
            "/\u5e7d\u7075",
            "/\u86cb",
            "/\u9a6c\u8d5b\u514b",
            "/\u83ca\u82b1",
            "/\u80a5\u7682",
            "/\u7ea2\u5305",
            "/\u5927\u7b11",
            "/\u5575\u5575",
            "/\u7cca\u8138",
            "/\u62cd\u5934",
            "/\u626f\u4e00\u626f",
            "/\u8214\u4e00\u8214",
            "/\u8e6d\u4e00\u8e6d",
            "/\u62fd\u70b8\u5929",
            "/\u9876\u5471\u5471"
    };

映射关系为:

1
prefix + i <=> strings[i]

比如 “/呲牙” 这个表情 也就是 “/\u5472\u7259” 也就是 strings 数组里的第0个,
它在手机屏幕上的 的内容以十六进制显示 就是 prefix + i 就是 0x1400