清楚缓存，重新打开app, 点击同意按钮，会触发设备注册；

很明显是一个post包，device_register
可以看到请求体加密了 那么 请求体是什么呢？

很老版本思路：都是直接明文注册
较老版本思路：在反编译后请求体通过一个bool来判断，是否走，ttencrypt；
这个地方可以hook明文也可以直接修改bool值，让抓包直接抓到明文；

正常情况下，是将请求体压缩后，走ttencrypt，进行密文注册；

我们接着往下走，看新版是否有变化；

---

看下params参数：

cdid:

只找到个从SharedPreferences xml拿，没有就uuid;

openudid:

---

x_ss_stub：

这个值就很普通了，java层，post包的时候会把data转成字符串进行md5的一个值；

---

搜出来个这玩意，兄弟们想想这是干啥，注册，激活。。

ttencrypt：

搜一下：/service/2/device_register/

private boolean LIZ(String str, JSONObject jSONObject) {String[] strArr;boolean z;Throwable th;ChangeQuickRedirect changeQuickRedirect;String str2;ChangeQuickRedirect changeQuickRedirect2;ChangeQuickRedirect changeQuickRedirect3;l4Z l4z;String C;boolean z2;ChangeQuickRedirect changeQuickRedirect4 = LIZ;if (PatchProxy.isEnable(changeQuickRedirect4)) {PatchProxyResult proxy = PatchProxy.proxy(new Object[]{str, jSONObject}, this, changeQuickRedirect4, false, 5);if (proxy.isSupported) {return ((Boolean) proxy.result).booleanValue();}}try {byte[] bytes = str.getBytes("UTF-8");System.currentTimeMillis();ChangeQuickRedirect changeQuickRedirect5 = l5V.LIZ;if (PatchProxy.isEnable(changeQuickRedirect5)) {PatchProxyResult proxy2 = PatchProxy.proxy(PatchProxy.getEmptyArgs(), null, changeQuickRedirect5, true, 1);if (proxy2.isSupported) {strArr = (String[]) proxy2.result;if (strArr == null) {for (String str3 : strArr) {byte[] bArr = (byte[]) bytes.clone();if (!StringUtils.isEmpty(str3)) {Logger.debug();if (TextUtils.isEmpty(jSONObject.optString("device_id")) || TextUtils.isEmpty(jSONObject.optString("install_id"))) {z = true;} else {z = false;}try {ChangeQuickRedirect changeQuickRedirect6 = LIZ;if (PatchProxy.isEnable(changeQuickRedirect6)) {PatchProxyResult proxy3 = PatchProxy.proxy(PatchProxy.getEmptyArgs(), this, changeQuickRedirect6, false, 7);if (proxy3.isSupported) {z2 = ((Boolean) proxy3.result).booleanValue();}}ChangeQuickRedirect changeQuickRedirect7 = l5V.LIZ;if (PatchProxy.isEnable(changeQuickRedirect7)) {PatchProxyResult proxy4 = PatchProxy.proxy(PatchProxy.getEmptyArgs(), null, changeQuickRedirect7, true, 4);if (proxy4.isSupported) {z2 = ((Boolean) proxy4.result).booleanValue();}}if (l5V.LIZJ != null) {z2 = l5V.LIZJ.LIZ();}try {if (str3.indexOf(63) < 0) {new StringBuilder();C = O.C(str3, "?");} else {new StringBuilder();C = O.C(str3, "&");}str2 = NetUtil.sendEncryptLog(C, bArr, this.LIZJ.LJIILL, false, (String[]) null, (Map) null, (String) null, z, false);} catch (RuntimeException unused) {l4Q.LIZ(Monitor.Key.register, Monitor.State.f_to_bytes);try {str2 = NetUtil.doPost(str3, bytes, true, "application/json; charset=utf-8", false, (Map) null, z, false);String C2 = O.C("device_register response: ", str2);changeQuickRedirect2 = l4T.LIZ;if (PatchProxy.isEnable(changeQuickRedirect2)) {}changeQuickRedirect3 = l4T.LIZ;if (PatchProxy.isEnable(changeQuickRedirect3)) {}l4z = l4T.LIZIZ;if (l4z != null) {}if (str2 != null) {}l4Q.LIZ(Monitor.Key.register, Monitor.State.f_resp_error);} catch (Throwable th2) {th = th2;l4Q.LIZ(Monitor.Key.register, Monitor.State.f_net);l5O l5o = this.LIZJ;changeQuickRedirect = l5O.LIZIZ;if (PatchProxy.isEnable(changeQuickRedirect)) {}if (th instanceof CommonHttpException) {}}}String C22 = O.C("device_register response: ", str2);changeQuickRedirect2 = l4T.LIZ;if (PatchProxy.isEnable(changeQuickRedirect2) || !PatchProxy.proxy(new Object[]{C22}, null, changeQuickRedirect2, true, 1).isSupported) {changeQuickRedirect3 = l4T.LIZ;if (PatchProxy.isEnable(changeQuickRedirect3)) {try {} catch (Throwable th3) {th = th3;l4Q.LIZ(Monitor.Key.register, Monitor.State.f_net);l5O l5o2 = this.LIZJ;changeQuickRedirect = l5O.LIZIZ;if (PatchProxy.isEnable(changeQuickRedirect)) {PatchProxyResult proxy5 = PatchProxy.proxy(new Object[]{th}, l5o2, changeQuickRedirect, false, 21);if (proxy5.isSupported) {if (!((Boolean) proxy5.result).booleanValue()) {throw th;}}}if (th instanceof CommonHttpException) {int responseCode = ((CommonHttpException) th).getResponseCode();if (l5o2.LJJIIJ) {continue;} else if (responseCode < 200) {continue;} else if (responseCode == 301) {continue;} else if (responseCode != 302) {throw th;}} else {continue;}}}l4z = l4T.LIZIZ;if (l4z != null) {l4z.LIZ(C22, null);}}if (str2 != null || str2.length() == 0) {l4Q.LIZ(Monitor.Key.register, Monitor.State.f_resp_error);} else if (LIZ(new JSONObject(str2))) {return true;}} catch (Throwable th4) {th = th4;l4Q.LIZ(Monitor.Key.register, Monitor.State.f_net);l5O l5o22 = this.LIZJ;changeQuickRedirect = l5O.LIZIZ;if (PatchProxy.isEnable(changeQuickRedirect)) {}if (th instanceof CommonHttpException) {}}}}return false;}throw new IllegalArgumentException("url is null");}}strArr = (l5V.LIZIZ == null || l5V.LIZIZ.length <= 0 || StringUtils.isEmpty(l5V.LIZIZ[0])) ? new String[]{O.C("https://", l5V.LIZLLL, "/service/2/device_register/"), O.C("https://", l5V.LIZLLL, "/service/2/device_register/")} : l5V.LIZIZ;if (strArr == null) {}} catch (Throwable unused2) {l4Q.LIZ(Monitor.Key.register, Monitor.State.f_exception);return false;}}

可以看到整个注册这个接口的流程；

这一段代码是核心，看到是发请求去了；

import com.ss.android.common.applog.NetUtil;

str2 = NetUtil.sendEncryptLog(C, bArr, this.LIZJ.LJIILL, false, (String[]) null, (Map) null, (String) null, z, false);str2 = NetUtil.doPost(str3, bytes, true, "application/json; charset=utf-8", false, (Map) null, z, false);

这个时候，我们看出来已经和老版本有区别了，没有一个bool值来控制是否请求加密，而是直接去加密，若报错才会进行明文注册； 这是一点不同的地方；

doPost： 确实没啥东西；

sendEncryptLog：


如果包含str.contains(“/service/2/app_log/”）就去走ttEncrypt 加密，目前走else

else: 也是压缩 ttEncrypt 加密

ttEncrypt 该加密方式so层，libEncryptor.so

我们在看下，整体接口：

看到确实是发了很多接口，注册，激活，日志包等等；而且必须是六神注册，密文注册，这样设备才可用；

很明显的，device_register，app_alert ，app_log等等

为了权重更好，甚至注册完之后还需要发一些日志包，过一些验证码，提高设备权重；