简单破解某TV软件
本帖最后由 风绕柳絮轻敲雪 于 2019-12-31 19:06 编辑刚刚无意间看到一个内购破解的教程,也就是下面这贴
https://www.52pojie.cn/thread-1083258-1-1.html
随便看了一下,出一个挺简单的直接破解教程
直接搜VIP这个字符串,出现好几个,都可以当作突破口,随便点一个进去看看,我点了VIP才能下载视频进去看看,代码如下
.method public onLongClick(Landroid/view/View;)Z
.registers 5
.line 1
sget-boolean p1, Lcom/cz/babySister/activity/MainActivity;->l:Z//判断来源
const/4 v0, 0x1
if-eqz p1, :cond_33
.line 2
iget-object p1, p0, Lcom/cz/babySister/a/m;->a:Lcom/cz/babySister/javabean/TvBean;
invoke-virtual {p1}, Lcom/cz/babySister/javabean/TvBean;->getUrl()Ljava/lang/String;
move-result-object p1
const-string v1, ".mp4"
invoke-virtual {p1, v1}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z
move-result p1
if-eqz p1, :cond_23
.line 3
invoke-static {}, Lcom/cz/babySister/service/NetService;->b()Lcom/cz/babySister/service/NetService;
move-result-object p1
iget-object v1, p0, Lcom/cz/babySister/a/m;->a:Lcom/cz/babySister/javabean/TvBean;
invoke-virtual {v1}, Lcom/cz/babySister/javabean/TvBean;->getUrl()Ljava/lang/String;
move-result-object v1
iget-object v2, p0, Lcom/cz/babySister/a/m;->b:Ljava/lang/String;
invoke-virtual {p1, v1, v2}, Lcom/cz/babySister/service/NetService;->a(Ljava/lang/String;Ljava/lang/String;)V
goto :goto_42
.line 4
:cond_23
iget-object p1, p0, Lcom/cz/babySister/a/m;->c:Lcom/cz/babySister/a/n;
invoke-static {p1}, Lcom/cz/babySister/a/n;->b(Lcom/cz/babySister/a/n;)Landroid/content/Context;
move-result-object p1
const-string v1, "不是MP4格式无法下载"
invoke-static {p1, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object p1
invoke-virtual {p1}, Landroid/widget/Toast;->show()V
goto :goto_42
.line 5
:cond_33
iget-object p1, p0, Lcom/cz/babySister/a/m;->c:Lcom/cz/babySister/a/n;
invoke-static {p1}, Lcom/cz/babySister/a/n;->b(Lcom/cz/babySister/a/n;)Landroid/content/Context;
move-result-object p1
const-string v1, "VIP才能下载视频"
invoke-static {p1, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object p1
invoke-virtual {p1}, Landroid/widget/Toast;->show()V
:goto_42
return v0
.end method
VIP才能下载视频来源于I这个变量,也就是开头的那句代码,是false就跳转到这里,是true就开始判断下载,跳转过去看看,代码如下
.field public static l:Z = false
默认就是false,修改为true就行了,当然,你还可以找到为这个变量赋值的地方去修改赋值也行,只是这个步骤相对简单,
因为是修改了变量的默认值,所以上面的方法不怎么稳定,因为有些地方会导致被赋值为false,导致失效,所以提供另外的修改方法
下图我们可以看见,这是一个网页地址的拼凑结构,搜索一下,点进去看看
method public run()V
.registers 12
const-string v0, "date"
const-string v1, "http://39.108.64.125/WebRoot/superMaster/Server"
const-string v2, "name="
const-string v3, ""
const-wide/16 v4, 0x0
.line 1
:try_start_a
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
invoke-virtual {v6, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
iget-object v7, p0, Lcom/cz/babySister/activity/F;->a:Ljava/lang/String;
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
const-string v7, "&pass="
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
iget-object v7, p0, Lcom/cz/babySister/activity/F;->b:Ljava/lang/String;
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
.line 2
invoke-static {v1, v6}, Lcom/cz/babySister/c/a;->a(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v6
if-eqz v6, :cond_171
.line 3
invoke-virtual {v3, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v7
if-nez v7, :cond_171
.line 4
invoke-static {v6}, Lcom/cz/babySister/utils/ParseJson;->parseRegisterName(Ljava/lang/String;)Ljava/util/List;
move-result-object v6
if-eqz v6, :cond_162
.line 5
invoke-interface {v6}, Ljava/util/List;->size()I
move-result v7
if-lez v7, :cond_162
const/4 v7, 0x0
.line 6
invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v8
check-cast v8, Lcom/cz/babySister/javabean/UserInfo;
invoke-virtual {v8}, Lcom/cz/babySister/javabean/UserInfo;->getPass()Ljava/lang/String;
move-result-object v8
.line 7
iget-object v9, p0, Lcom/cz/babySister/activity/F;->b:Ljava/lang/String;
invoke-virtual {v8, v9}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v8
if-eqz v8, :cond_153
.line 8
iget-object v8, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v8}, Lcom/cz/babySister/activity/MainActivity;->l(Lcom/cz/babySister/activity/MainActivity;)Landroid/content/SharedPreferences;
move-result-object v8
invoke-interface {v8}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;
move-result-object v8
const-string v9, "name"
.line 9
invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v10
check-cast v10, Lcom/cz/babySister/javabean/UserInfo;
invoke-virtual {v10}, Lcom/cz/babySister/javabean/UserInfo;->getName()Ljava/lang/String;
move-result-object v10
invoke-interface {v8, v9, v10}, Landroid/content/SharedPreferences$Editor;->putString(Ljava/lang/String;Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;
.line 10
invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v9
check-cast v9, Lcom/cz/babySister/javabean/UserInfo;
invoke-virtual {v9}, Lcom/cz/babySister/javabean/UserInfo;->getIsvip()Ljava/lang/String;
move-result-object v9
.line 11
invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v10
check-cast v10, Lcom/cz/babySister/javabean/UserInfo;
invoke-virtual {v10}, Lcom/cz/babySister/javabean/UserInfo;->getToday()Ljava/lang/String;
move-result-object v10
sput-object v10, Lcom/cz/babySister/application/MyApplication;->a:Ljava/lang/String;
const-string v10, "true"
.line 12
invoke-virtual {v10, v9}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v9
const/4 v10, 0x1
if-eqz v9, :cond_9b //比较 getIsvip()返回的字符串和true这个字符串是否相等
.line 13
sput-boolean v10, Lcom/cz/babySister/activity/MainActivity;->l:Z //相等就为I赋值为v10,也就是true,也就是说只要getIsvip返回的字符串为true,那就是VIP,所以就是修改getIsvip的返回值就行了
.line 14
invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v1
check-cast v1, Lcom/cz/babySister/javabean/UserInfo;
invoke-virtual {v1}, Lcom/cz/babySister/javabean/UserInfo;->getVipday()Ljava/lang/String; //返回天数的字符串
move-result-object v1
.line 15
invoke-static {v1}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I
move-result v1
.line 16
sput v1, Lcom/cz/babySister/application/MyApplication;->d:I
goto :goto_b4
.line 17
:cond_9b
new-instance v9, Ljava/lang/StringBuilder;
invoke-direct {v9}, Ljava/lang/StringBuilder;-><init>()V
invoke-virtual {v9, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
iget-object v2, p0, Lcom/cz/babySister/activity/F;->a:Ljava/lang/String;
invoke-virtual {v9, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
const-string v2, "&vip=vip"
invoke-virtual {v9, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v9}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v2
.line 18
invoke-static {v1, v2}, Lcom/cz/babySister/c/a;->a(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
:goto_b4
const-string v1, "pass"
.line 19
invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v2
check-cast v2, Lcom/cz/babySister/javabean/UserInfo;
invoke-virtual {v2}, Lcom/cz/babySister/javabean/UserInfo;->getPass()Ljava/lang/String;
move-result-object v2
invoke-interface {v8, v1, v2}, Landroid/content/SharedPreferences$Editor;->putString(Ljava/lang/String;Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;
.line 20
invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v1
check-cast v1, Lcom/cz/babySister/javabean/UserInfo;
invoke-virtual {v1}, Lcom/cz/babySister/javabean/UserInfo;->getJifen()Ljava/lang/String;
move-result-object v1
:try_end_cd
.catch Ljava/lang/Exception; {:try_start_a .. :try_end_cd} :catch_180
if-eqz v1, :cond_ec
.line 21
:try_start_cf
invoke-virtual {v3, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v2
if-nez v2, :cond_ec
const-string v2, "[^0-9]"
.line 22
invoke-virtual {v1, v2, v3}, Ljava/lang/String;->replaceAll(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v1
.line 23
invoke-virtual {v3, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v2
if-nez v2, :cond_ec
.line 24
invoke-static {v1}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I
move-result v1
.line 25
sput v1, Lcom/cz/babySister/application/MyApplication;->c:I
:try_end_e7
.catch Ljava/lang/Exception; {:try_start_cf .. :try_end_e7} :catch_e8
goto :goto_ec
:catch_e8
move-exception v1
.line 26
:try_start_e9
invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V
.line 27
:cond_ec
:goto_ec
invoke-interface {v8}, Landroid/content/SharedPreferences$Editor;->apply()V
.line 28
sput-boolean v10, Lcom/cz/babySister/application/MyApplication;->b:Z
.line 29
iget-object v1, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v1}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;
move-result-object v1
new-instance v2, Lcom/cz/babySister/activity/A;
invoke-direct {v2, p0}, Lcom/cz/babySister/activity/A;-><init>(Lcom/cz/babySister/activity/F;)V
invoke-virtual {v1, v2, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z
.line 30
iget-object v1, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v1}, Lcom/cz/babySister/activity/MainActivity;->n(Lcom/cz/babySister/activity/MainActivity;)Landroid/content/SharedPreferences;
move-result-object v1
const-string v2, "0"
invoke-interface {v1, v0, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v1
.line 31
sget-object v2, Lcom/cz/babySister/application/MyApplication;->a:Ljava/lang/String;
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-nez v1, :cond_18e
.line 32
iget-object v1, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v1}, Lcom/cz/babySister/activity/MainActivity;->n(Lcom/cz/babySister/activity/MainActivity;)Landroid/content/SharedPreferences;
move-result-object v1
invoke-interface {v1}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;
move-result-object v1
.line 33
sget-object v2, Lcom/cz/babySister/application/MyApplication;->a:Ljava/lang/String;
invoke-interface {v1, v0, v2}, Landroid/content/SharedPreferences$Editor;->putString(Ljava/lang/String;Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;
.line 34
invoke-interface {v1}, Landroid/content/SharedPreferences$Editor;->apply()V
.line 35
iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
const v1, 0x7f0d005d
invoke-virtual {v0, v1}, Landroid/app/Activity;->getString(I)Ljava/lang/String;
move-result-object v0
invoke-static {v0}, Lcom/cz/babySister/c/a;->a(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
if-eqz v0, :cond_18e
.line 36
invoke-virtual {v3, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-nez v1, :cond_18e
.line 37
invoke-static {v0}, Lcom/cz/babySister/utils/ParseJson;->parseJiFen(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
if-eqz v0, :cond_18e
.line 38
invoke-virtual {v3, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
:try_end_144
.catch Ljava/lang/Exception; {:try_start_e9 .. :try_end_144} :catch_180
if-nez v1, :cond_18e
.line 39
:try_start_146
invoke-static {v0}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I
move-result v0
.line 40
invoke-static {v0}, Lcom/cz/babySister/service/NetService;->a(I)V
:try_end_14d
.catch Ljava/lang/Exception; {:try_start_146 .. :try_end_14d} :catch_14e
goto :goto_18e
:catch_14e
move-exception v0
.line 41
:try_start_14f
invoke-virtual {v0}, Ljava/lang/Exception;->printStackTrace()V
goto :goto_18e
.line 42
:cond_153
iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;
move-result-object v0
new-instance v1, Lcom/cz/babySister/activity/B;
invoke-direct {v1, p0}, Lcom/cz/babySister/activity/B;-><init>(Lcom/cz/babySister/activity/F;)V
invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z
goto :goto_18e
.line 43
:cond_162
iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;
move-result-object v0
new-instance v1, Lcom/cz/babySister/activity/C;
invoke-direct {v1, p0}, Lcom/cz/babySister/activity/C;-><init>(Lcom/cz/babySister/activity/F;)V
invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z
goto :goto_18e
.line 44
:cond_171
iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;
move-result-object v0
new-instance v1, Lcom/cz/babySister/activity/D;
invoke-direct {v1, p0}, Lcom/cz/babySister/activity/D;-><init>(Lcom/cz/babySister/activity/F;)V
invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z
:try_end_17f
.catch Ljava/lang/Exception; {:try_start_14f .. :try_end_17f} :catch_180
goto :goto_18e
.line 45
:catch_180
iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;
invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;
move-result-object v0
new-instance v1, Lcom/cz/babySister/activity/E;
invoke-direct {v1, p0}, Lcom/cz/babySister/activity/E;-><init>(Lcom/cz/babySister/activity/F;)V
invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z
:cond_18e
:goto_18e
return-void
.end method
上面的代码就是拼凑一个网页链接,这个我们不管,修改的时候直接搜getIsvip和getVipday这两个方法,修改如下就行了
.method public getIsvip()Ljava/lang/String;
.registers 2
.line 1
iget-object v0, p0, Lcom/cz/babySister/javabean/UserInfo;->isvip:Ljava/lang/String;
const-string v0, "true"
return-object v0
.end method
.method public getVipday()Ljava/lang/String;
.registers 2
.line 1
iget-object v0, p0, Lcom/cz/babySister/javabean/UserInfo;->vipday:Ljava/lang/String;
const-string v0, "99999"
return-object v0
.end method
效果图如下,完工
这个教程简单易懂,不错不错。 alittlebear 发表于 2020-1-1 01:29
大大,这个俺也有,可以做出这种效果吗
可以在编辑图片那里 谢谢大佬 {:301_1009:}真的好简单,俺一个啥都没接触的小白都会做...估计把。。第一个图片的效果是咋做的呀厉害的楼主大大 我也破解好了。哈哈。 好方法,学习了 多谢分享,学习一下。 服务器端 验证怎么搞 谢谢分享 谢谢大佬,马上去试试 本帖最后由 浮生不够记 于 2019-12-31 17:36 编辑
Y DTV?