{"id":9781,"date":"2019-12-27T01:46:09","date_gmt":"2019-12-27T01:46:09","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=9781"},"modified":"2026-04-17T18:07:50","modified_gmt":"2026-04-17T18:07:50","slug":"communication-data-decryption-based-frida","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/communication-data-decryption-based-frida\/","title":{"rendered":"Communication Data Decryption Based on Frida"},"content":{"rendered":"<p><!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\"><br \/>\n<html><body><\/p>\n<p>After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has no lack of data encryption. Initially, I handle it in the usual way: figure out the entire encryption process and write a Burp plug-in or mitm proxy script for data encryption and decryption.<!--more--><\/p>\n<p>However, after a whole day&#8217;s analysis of the encryption algorithm, I found that it wasn&#8217;t as easy as I had thought.\n<\/p>\n<ol>\n<li>\n<h2><strong> Background<\/strong><\/h2>\n<\/li>\n<\/ol>\n<p>At the beginning of this year, the author received a bank code audit project, which included part of Android and iOS client code (excluding the encapsulation package) of three systems developed by a Beijing vendor and Erlang code of the background system. Erlang, as the intermediate platform to communicate with the core system of the bank, acts as the role of data forwarding. After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has no lack of data encryption. Initially, I handle it in the usual way: figure out the entire encryption process and write a Burp plug-in or mitm proxy script for data encryption and decryption.<\/p>\n<p>However, after a whole day&#8217;s analysis of the encryption algorithm, I found that it wasn&#8217;t as easy as I had thought.<\/p>\n<p>(1) The encryption algorithm itself, namely AES_CBC_128, is not complicated, but the algorithm to generate the key and IV is very sophisticated.<\/p>\n<p>(2) The key and IV value are updated about every 10 minutes, and RSA is used for encryption during the update process.<\/p>\n<p>(3) The encryption logic is encapsulated in the third-party library, with code obfuscated. This secures the complicated algorithm logic, making it difficult to crack it.<\/p>\n<p>(4) Don&#8217;t spend too much time analyzing and reproducing the logic and writing plug-ins. Instead, I treat like this: handling data in plaintext before encryption and decryption and displaying data after decryption.<\/p>\n<ol start=\"2\">\n<li>\n<h2><strong> LUA &amp; Data Sending<\/strong><\/h2>\n<\/li>\n<\/ol>\n<p>Generally, Android-supported executables include ARM programs, third-party libraries, and files in the DEX format. However, APK programs have a large number of Lua script files for interaction, they cannot be interpreted by the Android system and can only be interpreted by the third-party library used by the current program.<\/p>\n<p>From the libluajava.so file, we can use IDA Pro to locate the following function<\/p>\n<p>GetMethodId(env, claz, &acirc;&euro;&oelig;postAsyn&acirc;&euro;, &acirc;&euro;&oelig;(Lcom\/xxxxxx\/emp\/lua\/java\/CLEntity;Ljava\/lang\/String;Ljava\/lang\/String;III)V&acirc;&euro;)<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-1.jpg\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-9782\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"432\" height=\"211\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-1.jpg 432w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-1-300x147.jpg 300w\" sizes=\"(max-width: 432px) 100vw, 432px\" \/><\/a><\/p>\n<p>Figure 1 Locate the Function<\/p>\n<p>Conducting a global search in jeb, we can easily locate Java function.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-3.jpg\"><img decoding=\"async\" class=\"alignnone size-full wp-image-9783\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-3.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"432\" height=\"188\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-3.jpg 432w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-3-300x131.jpg 300w\" sizes=\"(max-width: 432px) 100vw, 432px\" \/><\/a><\/p>\n<p>Figure 2 Locating the Java Function<\/p>\n<p>EW is a task, and doRun is the key point.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-2.jpg\"><img decoding=\"async\" class=\"alignnone size-full wp-image-9784\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-2.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"554\" height=\"154\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-2.jpg 554w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-2-300x83.jpg 300w\" sizes=\"(max-width: 554px) 100vw, 554px\" \/><\/a><\/p>\n<p>Figure 3 Key point for program running<\/p>\n<p>The post method in NetRequest invoked the sendPostRequest method, as shown in the following figure:<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-4.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9785\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-4.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"432\" height=\"226\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-4.jpg 432w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-4-300x157.jpg 300w\" sizes=\"(max-width: 432px) 100vw, 432px\" \/><\/a><\/p>\n<p>Figure 4 Calling SendPostRequest<\/p>\n<p>Since CryptoHttpManager inherits HttpManager, it includes the sendPostRequest method.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-5.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9786\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-5.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"432\" height=\"109\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-5.jpg 432w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-5-300x76.jpg 300w\" sizes=\"(max-width: 432px) 100vw, 432px\" \/><\/a><\/p>\n<p>Figure 5 HttpManager<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-6.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9787\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-6.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"432\" height=\"111\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-6.jpg 432w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-6-300x77.jpg 300w\" sizes=\"(max-width: 432px) 100vw, 432px\" \/><\/a><\/p>\n<p>Figure 6 SendPostRequest<\/p>\n<p>This.a first calls CryptoHttpManager which calls the a method of HttpManager to decrypts the returned content by AES, That is to say, the returned content is likely encrypted using the AES encryption algorithm.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-7.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9788\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-7.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"554\" height=\"226\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-7.jpg 554w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-7-300x122.jpg 300w\" sizes=\"(max-width: 554px) 100vw, 554px\" \/><\/a><\/p>\n<p>Figure 7 AES decryption<\/p>\n<p>First invoke the parent class, encrypt data with the method in the child class and perform the Post action. After getting a response, use the &#8220;a&#8221; method of the subclass to decrypt it.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-8.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9789\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-8.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"455\" height=\"291\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-8.jpg 455w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-8-300x192.jpg 300w\" sizes=\"(max-width: 455px) 100vw, 455px\" \/><\/a><\/p>\n<p>Figure 8 Encryption and decryption process<\/p>\n<ol start=\"3\">\n<li>\n<h2><strong> Hooking and Modification<\/strong><\/h2>\n<\/li>\n<\/ol>\n<p>Hook the &#8220;a&#8221; method (method to start requesting) of CryptoHttpManager and the decryption method (byte [], byte [], byte []) of AESAdapter (decryption method).<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/p>\n<p>6<\/td>\n<td>&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp; var cryptoHttpMgr = Java.use(&#8220;com.xxxxxx.emp.net.CryptoHttpManager&#8221;);<\/p>\n<p>var request_method = cryptoHttpMgr.a.overload(&#8216;java.lang.String&#8217;,&#8217;java.lang.Object&#8217;,&#8217;java.lang.String&#8217;,&#8217;java.lang.String&#8217;,&#8217;java.lang.String&#8217;,&#8217;java.util.Map&#8217;,&#8217;com.xxxxxx.emp.render.EMPThreadPool$Task&#8217;);<\/p>\n<p>var aesAdaptor = Java.use(&#8220;com.xxxxxx.emp.security.adapter.AESAdapter&#8221;);<\/p>\n<p>var decryptByte = aesAdaptor.decrypt.overload(&#8216;[B&#8217;, &#8216;[B&#8217;, &#8216;[B&#8217;);<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>To print data, we need to use JavaScript to send data out:<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/p>\n<p>6<\/p>\n<p>7<\/p>\n<p>8<\/p>\n<p>9<\/p>\n<p>10<\/p>\n<p>11<\/p>\n<p>12<\/p>\n<p>13<\/p>\n<p>14<\/p>\n<p>15<\/p>\n<p>16<\/p>\n<p>17<\/p>\n<p>18<\/p>\n<p>19<\/p>\n<p>20<\/p>\n<p>21<\/p>\n<p>22<\/p>\n<p>23<\/td>\n<td>request_method.implementation = function(url, param, rsq_method, contenttype,<\/p>\n<p>accept, headermap, task){<\/p>\n<p>send(&#8220;[+] Requesting &#8230;. &#8220;);<\/p>\n<p>&nbsp;<\/p>\n<p>send(&#8220;- Req Method: &#8221; + rsq_method);<\/p>\n<p>send(&#8220;- Req URL: &#8221; + url);<\/p>\n<p>send(&#8220;- Req Params: &#8221; + param.toString());<\/p>\n<p>&nbsp;<\/p>\n<p>return request_method.call(this, url, param, rsq_method, contenttype, accept, headermap, task);<\/p>\n<p>};<\/p>\n<p>&nbsp;<\/p>\n<p>decryptByte.implementation = function(content, key, iv){<\/p>\n<p>send(&#8220;[+] Decrypting &#8230;. &#8220;);<\/p>\n<p>&nbsp;<\/p>\n<p>send(&#8220;- AES key:\\\\n&#8221; + hexdump(b2s(key)));<\/p>\n<p>send(&#8220;- AES IV:\\\\n&#8221; + hexdump(b2s(iv)));<\/p>\n<p>&nbsp;<\/p>\n<p>var result = decryptByte.call(this, content, key, iv);<\/p>\n<p>&nbsp;<\/p>\n<p>send(&#8220;- out:\\\\n&#8221; + hexdump(b2s(result)));<\/p>\n<p>&nbsp;<\/p>\n<p>return result;<\/p>\n<p>};<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Frida receives and prints the data sent by the &#8220;send&#8221; function:<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/td>\n<td>def on_message(message, data):<\/p>\n<p>if message[&#8216;type&#8217;] == &#8216;send&#8217;:<\/p>\n<p>print message[&#8216;payload&#8217;]<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Format the output:<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/p>\n<p>6<\/p>\n<p>7<\/p>\n<p>8<\/p>\n<p>9<\/p>\n<p>10<\/p>\n<p>11<\/p>\n<p>12<\/p>\n<p>13<\/p>\n<p>14<\/p>\n<p>15<\/p>\n<p>16<\/p>\n<p>17<\/p>\n<p>18<\/p>\n<p>19<\/p>\n<p>20<\/p>\n<p>21<\/p>\n<p>22<\/p>\n<p>23<\/p>\n<p>24<\/p>\n<p>25<\/p>\n<p>26<\/p>\n<p>27<\/p>\n<p>28<\/p>\n<p>29<\/p>\n<p>30<\/p>\n<p>31<\/td>\n<td>function hexdump(buffer, blockSize) {<\/p>\n<p>blockSize = blockSize || 16;<\/p>\n<p>var lines = [];<\/p>\n<p>var hex = &#8220;0123456789ABCDEF&#8221;;<\/p>\n<p>for (var b = 0; b &lt; buffer.length; b += blockSize) {<\/p>\n<p>var block = buffer.slice(b, Math.min(b + blockSize, buffer.length));<\/p>\n<p>var addr = (&#8220;0000&#8243; + b.toString(16)).slice(-4);<\/p>\n<p>var codes = block.split(&#8221;).map(function(ch) {<\/p>\n<p>var code = ch.charCodeAt(0);<\/p>\n<p>return &#8221; &#8221; + hex[(0xF0 &amp; code) &gt;&gt; 4] + hex[0x0F &amp; code];<\/p>\n<p>}).join(&#8220;&#8221;);<\/p>\n<p>codes += &#8220;&Acirc;&nbsp;&Acirc;&nbsp; &#8220;.repeat(blockSize &#8211; block.length);<\/p>\n<p>var chars = block.replace(\/[^\\x20-\\x7E]\/g, &#8216;.&#8217;); \/\/ nonprinting characters<\/p>\n<p>if (chars.charAt(chars.length &#8211; 1) == &#8216;\\\\&#8217;){&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;chars += &#8216;\\\\&#8217;;<\/p>\n<p>}<\/p>\n<p>chars += &#8221; &#8220;.repeat(blockSize &#8211; block.length);<\/p>\n<p>lines.push(addr + &#8221; &#8221; + codes + &#8220;&Acirc;&nbsp;&Acirc;&nbsp;&#8221; + chars);<\/p>\n<p>}<\/p>\n<p>return lines.join(&#8220;\\\\n&#8221;);<\/p>\n<p>}<\/p>\n<p>function b2s(array) {<\/p>\n<p>var result = &#8220;&#8221;;<\/p>\n<p>for (var i = 0; i &lt; array.length; i++) {<\/p>\n<p>result += String.fromCharCode(modulus(array[i], 256));<\/p>\n<p>}<\/p>\n<p>return result;<\/p>\n<p>}<\/p>\n<p>function modulus(x, n) {<\/p>\n<p>return ((x % n) + n) % n;<\/p>\n<p>}<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The final output is shown in Figure 9.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-9.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9790\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-9.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"427\" height=\"286\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-9.jpg 427w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-9-300x201.jpg 300w\" sizes=\"(max-width: 427px) 100vw, 427px\" \/><\/a><\/p>\n<p>Figure 9 Logs to be printed<\/p>\n<p>Burpsuite is needed if we wants to tamper with data packets. We can do it like the following:<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-10.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9791\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-10.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"432\" height=\"90\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-10.jpg 432w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1227-10-300x63.jpg 300w\" sizes=\"(max-width: 432px) 100vw, 432px\" \/><\/a><\/p>\n<p>Figure 10 Packet tampering process<\/p>\n<p>However, we cannot send the tampered packet to a real server, but just need a simple server requesting data return.<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/p>\n<p>6<\/p>\n<p>7<\/p>\n<p>8<\/p>\n<p>9<\/p>\n<p>10<\/p>\n<p>11<\/p>\n<p>12<\/p>\n<p>13<\/p>\n<p>14<\/p>\n<p>15<\/p>\n<p>16<\/p>\n<p>17<\/p>\n<p>18<\/p>\n<p>19<\/p>\n<p>20<\/p>\n<p>21<\/p>\n<p>22<\/p>\n<p>23<\/p>\n<p>24<\/p>\n<p>25<\/p>\n<p>26<\/p>\n<p>27<\/td>\n<td>from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler<\/p>\n<p>from optparse import OptionParser<\/p>\n<p>&nbsp;<\/p>\n<p>ECHO_PORT = 2205<\/p>\n<p>&nbsp;<\/p>\n<p>class RequestHandler(BaseHTTPRequestHandler):<\/p>\n<p>&nbsp;<\/p>\n<p>def do_POST(self):<\/p>\n<p>request_path = self.path<\/p>\n<p>&nbsp;<\/p>\n<p>request_headers = self.headers<\/p>\n<p>content_length = request_headers.getheaders(&#8216;content-length&#8217;)<\/p>\n<p>length = int(content_length[0]) if content_length else 0<\/p>\n<p>&nbsp;<\/p>\n<p>self.send_response(200)<\/p>\n<p>self.end_headers()<\/p>\n<p>&nbsp;<\/p>\n<p>self.wfile.write(self.rfile.read(length))<\/p>\n<p>&nbsp;<\/p>\n<p>def main():<\/p>\n<p>print(&#8216;Listening on localhost:%d&#8217; % ECHO_PORT)<\/p>\n<p>server = HTTPServer((&#8221;, ECHO_PORT), RequestHandler)<\/p>\n<p>server.serve_forever()<\/p>\n<p>&nbsp;<\/p>\n<p>if __name__ == &#8220;__main__&#8221;:<\/p>\n<p>print(&#8220;[x] Starting echo server on port %d&#8221; % ECHO_PORT)<\/p>\n<p>main()<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>If the data can be printed out, the data has reached the Python layer and can be sent by the requests library.<\/p>\n<p>As for the received data, the server only processes the specific data contents, instead of other requests. Thus, we can set the following restrictions on requests:<\/p>\n<ul>\n<li>Request feature &#8211; id=<\/li>\n<li>Request length &acirc;&euro;&ldquo; must be greater than 14<\/li>\n<li>Transmission flag &#8211; Req Params<\/li>\n<\/ul>\n<p>Then use &#8220;post&#8221; in the framework to return content:<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/p>\n<p>6<\/p>\n<p>7<\/p>\n<p>8<\/p>\n<p>9<\/p>\n<p>10<\/p>\n<p>11<\/td>\n<td>def on_message(message, data):<\/p>\n<p>if message[&#8216;type&#8217;] == &#8216;send&#8217;:<\/p>\n<p>print(message[&#8216;payload&#8217;])<\/p>\n<p>payload = &#8221;<\/p>\n<p>if len(message[&#8216;payload&#8217;]) &gt; 14 and &#8216;id=&#8217; in message[&#8216;payload&#8217;] and &#8216;Req Params&#8217; in message[&#8216;payload&#8217;]:<\/p>\n<p>payload = message[&#8216;payload&#8217;][14:]<\/p>\n<p>r = requests.post(&#8220;http:\/\/&#8221; + BURP_HOST + &#8220;:&#8221; + str(BURP_PORT), data = payload, proxies = proxies);<\/p>\n<p>if r.status_code == 200:<\/p>\n<p>script.post({&#8220;type&#8221;: &#8220;modify&#8221;, &#8220;payload&#8221;: r.text})<\/p>\n<p>else:<\/p>\n<p>print(message)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>At the same time, obtain the returned data synchronously (not asynchronously):<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/td>\n<td>&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp;&Acirc;&nbsp; var op = recv(&#8216;modify&#8217;, function onMessage(modMessage) {<\/p>\n<p>send(&#8220;- Fix Params: &#8221; + modMessage[&#8216;payload&#8217;]);<\/p>\n<p>param = modMessage[&#8216;payload&#8217;];<\/p>\n<p>});<\/p>\n<p>op.wait();<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The decrypted content is also tampered in the same way, namely changing the value before returning data.<\/p>\n<ol start=\"4\">\n<li>\n<h2><strong> Repeating<\/strong><\/h2>\n<\/li>\n<\/ol>\n<p>In most cases, packet replay is also needed. Fortunately, the key can be used more than once. The user can easily realize data packet repeating by using tag:<\/p>\n<p>(1) Send a Burp request.<\/p>\n<p>(2) Wait for a response.<\/p>\n<ul>\n<li>If the response contains ASD (just a meaningless example), go to (3).<\/li>\n<li>If the response does not contain ASD, then break the loop and call the program method (one more call for breaking the loop).<\/li>\n<\/ul>\n<p>(3) Remove the ASD tag.<\/p>\n<p>(4) Call the program method.<\/p>\n<p>(5) Add the asd tag and then back to (1).<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/p>\n<p>6<\/p>\n<p>7<\/p>\n<p>8<\/p>\n<p>9<\/p>\n<p>10<\/p>\n<p>11<\/p>\n<p>12<\/p>\n<p>13<\/p>\n<p>14<\/p>\n<p>15<\/td>\n<td>while(1){<\/p>\n<p>send(&#8220;[*] Repeating &#8230;. &#8220;);<\/p>\n<p>send(&#8220;- Req params: &#8221; + param); \/\/ 1<\/p>\n<p>var op = recv(&#8216;mod_req&#8217;, function onMessage(modMessage) { \/\/2<\/p>\n<p>send(&#8220;- Fix Params: &#8221; + modMessage[&#8216;payload&#8217;]);<\/p>\n<p>param = modMessage[&#8216;payload&#8217;];<\/p>\n<p>});<\/p>\n<p>op.wait();<\/p>\n<p>&nbsp;<\/p>\n<p>if (param.indexOf(&#8216;asd&#8217;) &lt; 0) break; \/\/ 2.2<\/p>\n<p>\/\/2.1<\/p>\n<p>param = param.replace(\/asd\/,&#8221;&#8221;); \/\/ 3<\/p>\n<p>request_method.call(this, url, param, rsq_method, contenttype, accept, headermap, task); \/\/ 4<\/p>\n<p>param = param + &#8216;asd&#8217;; \/\/ 5<\/p>\n<p>}<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The information processing code in python is as follows:<\/p>\n<table>\n<tbody>\n<tr>\n<td>1<\/p>\n<p>2<\/p>\n<p>3<\/p>\n<p>4<\/p>\n<p>5<\/p>\n<p>6<\/p>\n<p>7<\/p>\n<p>8<\/p>\n<p>9<\/p>\n<p>10<\/p>\n<p>11<\/p>\n<p>12<\/p>\n<p>13<\/p>\n<p>14<\/td>\n<td>def on_message(message, data):<\/p>\n<p>global theflag<\/p>\n<p>global vericode<\/p>\n<p>if message[&#8216;type&#8217;] == &#8216;send&#8217;:<\/p>\n<p>print(message[&#8216;payload&#8217;].decode(&#8216;utf-8&#8217;))<\/p>\n<p>payload = &#8221;<\/p>\n<p>typestr = &#8216;mod_req&#8217;<\/p>\n<p>if len(message[&#8216;payload&#8217;]) &gt; 14 and &#8216;Req params:&#8217; in message[&#8216;payload&#8217;] and &#8216;id=&#8217; in message[&#8216;payload&#8217;]:<\/p>\n<p>payload = message[&#8216;payload&#8217;][14:]<\/p>\n<p>r = requests.post(&#8220;http:\/\/&#8221; + BURP_HOST + &#8220;:&#8221; + str(BURP_PORT), data = payload, proxies = proxies);<\/p>\n<p>if r.status_code == 200:<\/p>\n<p>script.post({&#8220;type&#8221;: typestr, &#8220;payload&#8221;: r.text})<\/p>\n<p>else:<\/p>\n<p>print(message)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>This is also another approach. It should be noted that the returned data is only one of parameters in the function and other parameters needs to be initialized or global variables needs to be set in this function.<\/p>\n<p>(1) Use SimpleHTTPServer to monitor a port that is used to receive requests from Burp.<\/p>\n<p>(2) Use asynchronous messaging to receive messages that are posted (data obtained from the listening port).<\/p>\n<p>(3) Call functions after receiving data.<\/p>\n<ol start=\"5\">\n<li>\n<h2><strong> Verification<\/strong><\/h2>\n<\/li>\n<\/ol>\n<p>Start the server and Burpsuite and run the program. The plaintext data will be modified when it arrives at Burpsuite. After reaching the program, the data will be replaced before being encrypted. In the wake of that, different results will be shown on the interface.<\/p>\n<ol start=\"6\">\n<li>\n<h2><strong> Summary<\/strong><\/h2>\n<\/li>\n<\/ol>\n<p>After the plaintext data is modified before hook-based encryption, the program be used for tests on Android and iOS systems of some banks, as well as tests on PCs.<\/p>\n<p>In general, the advantage of this approach is that there is no need to care about whether the certificate supports one-way or two-way authentication, whether the modification times out, or whether data irrelevant with business is generated or not.<\/p>\n<p>The encoding issue is a defect of this approach, which is difficult to solve. Due to a large number of Chinese characters exists in the returned packet, the packet, once being modified, cannot be used. Furthermore, the tool runs so slowly that it will be struck once too much data is processed or in the case of key exchange.<\/body><\/html><\/p>\n","protected":false},"excerpt":{"rendered":"<p>After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has no lack of data encryption. Initially, I handle it in the usual way: figure out the entire encryption process and write a Burp plug-in or mitm proxy script for data encryption and decryption.<\/p>\n","protected":false},"author":1,"featured_media":9738,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[5],"tags":[143],"class_list":["post-9781","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ddos-mitigation","tag-communication-data-decryption"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Communication Data Decryption Based on Frida - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Communication Data Decryption Based on Frida - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-27T01:46:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Communication Data Decryption Based on Frida - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Communication Data Decryption Based on Frida\",\"datePublished\":\"2019-12-27T01:46:09+00:00\",\"dateModified\":\"2026-04-17T18:07:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/\"},\"wordCount\":1747,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/1209-9.jpg\",\"keywords\":[\"Communication Data Decryption\"],\"articleSection\":[\"DDoS Mitigation\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/\",\"name\":\"Communication Data Decryption Based on Frida - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/1209-9.jpg\",\"datePublished\":\"2019-12-27T01:46:09+00:00\",\"dateModified\":\"2026-04-17T18:07:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/1209-9.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/1209-9.jpg\",\"width\":515,\"height\":219,\"caption\":\"Cityscape with digital padlock and circuit design.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/communication-data-decryption-based-frida\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Communication Data Decryption Based on Frida\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Communication Data Decryption Based on Frida - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/","og_locale":"pt_BR","og_type":"article","og_title":"Communication Data Decryption Based on Frida - NSFOCUS","og_description":"After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has","og_url":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/","og_site_name":"NSFOCUS","article_published_time":"2019-12-27T01:46:09+00:00","article_modified_time":"2026-04-17T18:07:50+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"Communication Data Decryption Based on Frida - NSFOCUS","twitter_description":"After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"9 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Communication Data Decryption Based on Frida","datePublished":"2019-12-27T01:46:09+00:00","dateModified":"2026-04-17T18:07:50+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/"},"wordCount":1747,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg","keywords":["Communication Data Decryption"],"articleSection":["DDoS Mitigation"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/","url":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/","name":"Communication Data Decryption Based on Frida - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg","datePublished":"2019-12-27T01:46:09+00:00","dateModified":"2026-04-17T18:07:50+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/12\/1209-9.jpg","width":515,"height":219,"caption":"Cityscape with digital padlock and circuit design."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/communication-data-decryption-based-frida\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Communication Data Decryption Based on Frida"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=9781"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9781\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/9738"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=9781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=9781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=9781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}