用Frida分析QQ浏览器

AppInfoHolder.getAppInfoByID(AppInfoID.APP_INFO_GUID);

Java.perform(function () {
    var AppInfoHolder = Java.use("com.tencent.mtt.AppInfoHolder");
    var AppInfoID = Java.use("com.tencent.mtt.AppInfoHolder$AppInfoID");
    var ret= AppInfoHolder.getAppInfoByID(AppInfoID.valueOf("APP_INFO_GUID"));
    send(ret);
});

79a0f38cfabccce3adf856d913b788cb

实际是调用 com.tencent.mtt.businesscenter.config.QBAppInfoProvider 的 public String getAppInfoById(AppInfoID arg4) {

case 6: {
v0 = d.a().e();
break;
}

也就是在 com.tencent.mtt.base.wup.d 中

GuidRsp g;

存在于

    public static File getQBSdcardGuidDir() {
        File v0 = new File(FileUtils.getSDcardDir().getAbsolutePath() + "/QQBrowser/.Application");
        if(v0 != null && !v0.exists()) {
            v0.mkdirs();
        }

        return v0;
    }

也就是 /storage/emulated/0/QQBrowser/.Application