风绕柳絮轻敲雪 发表于 2019-12-31 16:58

简单破解某TV软件

本帖最后由 风绕柳絮轻敲雪 于 2019-12-31 19:06 编辑

刚刚无意间看到一个内购破解的教程,也就是下面这贴
https://www.52pojie.cn/thread-1083258-1-1.html

随便看了一下,出一个挺简单的直接破解教程

直接搜VIP这个字符串,出现好几个,都可以当作突破口,随便点一个进去看看,我点了VIP才能下载视频进去看看,代码如下



.method public onLongClick(Landroid/view/View;)Z
   .registers 5

   .line 1
   sget-boolean p1, Lcom/cz/babySister/activity/MainActivity;->l:Z//判断来源

   const/4 v0, 0x1

   if-eqz p1, :cond_33

   .line 2
   iget-object p1, p0, Lcom/cz/babySister/a/m;->a:Lcom/cz/babySister/javabean/TvBean;

   invoke-virtual {p1}, Lcom/cz/babySister/javabean/TvBean;->getUrl()Ljava/lang/String;

   move-result-object p1

   const-string v1, ".mp4"

   invoke-virtual {p1, v1}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z

   move-result p1

   if-eqz p1, :cond_23

   .line 3
   invoke-static {}, Lcom/cz/babySister/service/NetService;->b()Lcom/cz/babySister/service/NetService;

   move-result-object p1

   iget-object v1, p0, Lcom/cz/babySister/a/m;->a:Lcom/cz/babySister/javabean/TvBean;

   invoke-virtual {v1}, Lcom/cz/babySister/javabean/TvBean;->getUrl()Ljava/lang/String;

   move-result-object v1

   iget-object v2, p0, Lcom/cz/babySister/a/m;->b:Ljava/lang/String;

   invoke-virtual {p1, v1, v2}, Lcom/cz/babySister/service/NetService;->a(Ljava/lang/String;Ljava/lang/String;)V

   goto :goto_42

   .line 4
   :cond_23
   iget-object p1, p0, Lcom/cz/babySister/a/m;->c:Lcom/cz/babySister/a/n;

   invoke-static {p1}, Lcom/cz/babySister/a/n;->b(Lcom/cz/babySister/a/n;)Landroid/content/Context;

   move-result-object p1

   const-string v1, "不是MP4格式无法下载"

   invoke-static {p1, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

   move-result-object p1

   invoke-virtual {p1}, Landroid/widget/Toast;->show()V

   goto :goto_42

   .line 5
   :cond_33
   iget-object p1, p0, Lcom/cz/babySister/a/m;->c:Lcom/cz/babySister/a/n;

   invoke-static {p1}, Lcom/cz/babySister/a/n;->b(Lcom/cz/babySister/a/n;)Landroid/content/Context;

   move-result-object p1

   const-string v1, "VIP才能下载视频"

   invoke-static {p1, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

   move-result-object p1

   invoke-virtual {p1}, Landroid/widget/Toast;->show()V

   :goto_42
   return v0
.end method


VIP才能下载视频来源于I这个变量,也就是开头的那句代码,是false就跳转到这里,是true就开始判断下载,跳转过去看看,代码如下

.field public static l:Z = false

默认就是false,修改为true就行了,当然,你还可以找到为这个变量赋值的地方去修改赋值也行,只是这个步骤相对简单,



因为是修改了变量的默认值,所以上面的方法不怎么稳定,因为有些地方会导致被赋值为false,导致失效,所以提供另外的修改方法

下图我们可以看见,这是一个网页地址的拼凑结构,搜索一下,点进去看看



method public run()V
   .registers 12

   const-string v0, "date"

   const-string v1, "http://39.108.64.125/WebRoot/superMaster/Server"

   const-string v2, "name="

   const-string v3, ""

   const-wide/16 v4, 0x0

   .line 1
   :try_start_a
   new-instance v6, Ljava/lang/StringBuilder;

   invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V

   invoke-virtual {v6, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

   iget-object v7, p0, Lcom/cz/babySister/activity/F;->a:Ljava/lang/String;

   invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

   const-string v7, "&pass="

   invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

   iget-object v7, p0, Lcom/cz/babySister/activity/F;->b:Ljava/lang/String;

   invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

   invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

   move-result-object v6

   .line 2
   invoke-static {v1, v6}, Lcom/cz/babySister/c/a;->a(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

   move-result-object v6

   if-eqz v6, :cond_171

   .line 3
   invoke-virtual {v3, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v7

   if-nez v7, :cond_171

   .line 4
   invoke-static {v6}, Lcom/cz/babySister/utils/ParseJson;->parseRegisterName(Ljava/lang/String;)Ljava/util/List;

   move-result-object v6

   if-eqz v6, :cond_162

   .line 5
   invoke-interface {v6}, Ljava/util/List;->size()I

   move-result v7

   if-lez v7, :cond_162

   const/4 v7, 0x0

   .line 6
   invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;

   move-result-object v8

   check-cast v8, Lcom/cz/babySister/javabean/UserInfo;

   invoke-virtual {v8}, Lcom/cz/babySister/javabean/UserInfo;->getPass()Ljava/lang/String;

   move-result-object v8

   .line 7
   iget-object v9, p0, Lcom/cz/babySister/activity/F;->b:Ljava/lang/String;

   invoke-virtual {v8, v9}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v8

   if-eqz v8, :cond_153

   .line 8
   iget-object v8, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v8}, Lcom/cz/babySister/activity/MainActivity;->l(Lcom/cz/babySister/activity/MainActivity;)Landroid/content/SharedPreferences;

   move-result-object v8

   invoke-interface {v8}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;

   move-result-object v8

   const-string v9, "name"

   .line 9
   invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;

   move-result-object v10

   check-cast v10, Lcom/cz/babySister/javabean/UserInfo;

   invoke-virtual {v10}, Lcom/cz/babySister/javabean/UserInfo;->getName()Ljava/lang/String;

   move-result-object v10

   invoke-interface {v8, v9, v10}, Landroid/content/SharedPreferences$Editor;->putString(Ljava/lang/String;Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;

   .line 10
   invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;

   move-result-object v9

   check-cast v9, Lcom/cz/babySister/javabean/UserInfo;

   invoke-virtual {v9}, Lcom/cz/babySister/javabean/UserInfo;->getIsvip()Ljava/lang/String;

   move-result-object v9

   .line 11
   invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;

   move-result-object v10

   check-cast v10, Lcom/cz/babySister/javabean/UserInfo;

   invoke-virtual {v10}, Lcom/cz/babySister/javabean/UserInfo;->getToday()Ljava/lang/String;

   move-result-object v10

   sput-object v10, Lcom/cz/babySister/application/MyApplication;->a:Ljava/lang/String;

   const-string v10, "true"

   .line 12
   invoke-virtual {v10, v9}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v9

   const/4 v10, 0x1

   if-eqz v9, :cond_9b   //比较 getIsvip()返回的字符串和true这个字符串是否相等

   .line 13
   sput-boolean v10, Lcom/cz/babySister/activity/MainActivity;->l:Z //相等就为I赋值为v10,也就是true,也就是说只要getIsvip返回的字符串为true,那就是VIP,所以就是修改getIsvip的返回值就行了

   .line 14
   invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;

   move-result-object v1

   check-cast v1, Lcom/cz/babySister/javabean/UserInfo;

   invoke-virtual {v1}, Lcom/cz/babySister/javabean/UserInfo;->getVipday()Ljava/lang/String; //返回天数的字符串

   move-result-object v1

   .line 15
   invoke-static {v1}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I

   move-result v1

   .line 16
   sput v1, Lcom/cz/babySister/application/MyApplication;->d:I

   goto :goto_b4

   .line 17
   :cond_9b
   new-instance v9, Ljava/lang/StringBuilder;

   invoke-direct {v9}, Ljava/lang/StringBuilder;-><init>()V

   invoke-virtual {v9, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

   iget-object v2, p0, Lcom/cz/babySister/activity/F;->a:Ljava/lang/String;

   invoke-virtual {v9, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

   const-string v2, "&vip=vip"

   invoke-virtual {v9, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

   invoke-virtual {v9}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

   move-result-object v2

   .line 18
   invoke-static {v1, v2}, Lcom/cz/babySister/c/a;->a(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

   :goto_b4
   const-string v1, "pass"

   .line 19
   invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;

   move-result-object v2

   check-cast v2, Lcom/cz/babySister/javabean/UserInfo;

   invoke-virtual {v2}, Lcom/cz/babySister/javabean/UserInfo;->getPass()Ljava/lang/String;

   move-result-object v2

   invoke-interface {v8, v1, v2}, Landroid/content/SharedPreferences$Editor;->putString(Ljava/lang/String;Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;

   .line 20
   invoke-interface {v6, v7}, Ljava/util/List;->get(I)Ljava/lang/Object;

   move-result-object v1

   check-cast v1, Lcom/cz/babySister/javabean/UserInfo;

   invoke-virtual {v1}, Lcom/cz/babySister/javabean/UserInfo;->getJifen()Ljava/lang/String;

   move-result-object v1
   :try_end_cd
   .catch Ljava/lang/Exception; {:try_start_a .. :try_end_cd} :catch_180

   if-eqz v1, :cond_ec

   .line 21
   :try_start_cf
   invoke-virtual {v3, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v2

   if-nez v2, :cond_ec

   const-string v2, "[^0-9]"

   .line 22
   invoke-virtual {v1, v2, v3}, Ljava/lang/String;->replaceAll(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

   move-result-object v1

   .line 23
   invoke-virtual {v3, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v2

   if-nez v2, :cond_ec

   .line 24
   invoke-static {v1}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I

   move-result v1

   .line 25
   sput v1, Lcom/cz/babySister/application/MyApplication;->c:I
   :try_end_e7
   .catch Ljava/lang/Exception; {:try_start_cf .. :try_end_e7} :catch_e8

   goto :goto_ec

   :catch_e8
   move-exception v1

   .line 26
   :try_start_e9
   invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V

   .line 27
   :cond_ec
   :goto_ec
   invoke-interface {v8}, Landroid/content/SharedPreferences$Editor;->apply()V

   .line 28
   sput-boolean v10, Lcom/cz/babySister/application/MyApplication;->b:Z

   .line 29
   iget-object v1, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v1}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;

   move-result-object v1

   new-instance v2, Lcom/cz/babySister/activity/A;

   invoke-direct {v2, p0}, Lcom/cz/babySister/activity/A;-><init>(Lcom/cz/babySister/activity/F;)V

   invoke-virtual {v1, v2, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z

   .line 30
   iget-object v1, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v1}, Lcom/cz/babySister/activity/MainActivity;->n(Lcom/cz/babySister/activity/MainActivity;)Landroid/content/SharedPreferences;

   move-result-object v1

   const-string v2, "0"

   invoke-interface {v1, v0, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

   move-result-object v1

   .line 31
   sget-object v2, Lcom/cz/babySister/application/MyApplication;->a:Ljava/lang/String;

   invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v1

   if-nez v1, :cond_18e

   .line 32
   iget-object v1, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v1}, Lcom/cz/babySister/activity/MainActivity;->n(Lcom/cz/babySister/activity/MainActivity;)Landroid/content/SharedPreferences;

   move-result-object v1

   invoke-interface {v1}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;

   move-result-object v1

   .line 33
   sget-object v2, Lcom/cz/babySister/application/MyApplication;->a:Ljava/lang/String;

   invoke-interface {v1, v0, v2}, Landroid/content/SharedPreferences$Editor;->putString(Ljava/lang/String;Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;

   .line 34
   invoke-interface {v1}, Landroid/content/SharedPreferences$Editor;->apply()V

   .line 35
   iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   const v1, 0x7f0d005d

   invoke-virtual {v0, v1}, Landroid/app/Activity;->getString(I)Ljava/lang/String;

   move-result-object v0

   invoke-static {v0}, Lcom/cz/babySister/c/a;->a(Ljava/lang/String;)Ljava/lang/String;

   move-result-object v0

   if-eqz v0, :cond_18e

   .line 36
   invoke-virtual {v3, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v1

   if-nez v1, :cond_18e

   .line 37
   invoke-static {v0}, Lcom/cz/babySister/utils/ParseJson;->parseJiFen(Ljava/lang/String;)Ljava/lang/String;

   move-result-object v0

   if-eqz v0, :cond_18e

   .line 38
   invoke-virtual {v3, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

   move-result v1
   :try_end_144
   .catch Ljava/lang/Exception; {:try_start_e9 .. :try_end_144} :catch_180

   if-nez v1, :cond_18e

   .line 39
   :try_start_146
   invoke-static {v0}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I

   move-result v0

   .line 40
   invoke-static {v0}, Lcom/cz/babySister/service/NetService;->a(I)V
   :try_end_14d
   .catch Ljava/lang/Exception; {:try_start_146 .. :try_end_14d} :catch_14e

   goto :goto_18e

   :catch_14e
   move-exception v0

   .line 41
   :try_start_14f
   invoke-virtual {v0}, Ljava/lang/Exception;->printStackTrace()V

   goto :goto_18e

   .line 42
   :cond_153
   iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;

   move-result-object v0

   new-instance v1, Lcom/cz/babySister/activity/B;

   invoke-direct {v1, p0}, Lcom/cz/babySister/activity/B;-><init>(Lcom/cz/babySister/activity/F;)V

   invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z

   goto :goto_18e

   .line 43
   :cond_162
   iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;

   move-result-object v0

   new-instance v1, Lcom/cz/babySister/activity/C;

   invoke-direct {v1, p0}, Lcom/cz/babySister/activity/C;-><init>(Lcom/cz/babySister/activity/F;)V

   invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z

   goto :goto_18e

   .line 44
   :cond_171
   iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;

   move-result-object v0

   new-instance v1, Lcom/cz/babySister/activity/D;

   invoke-direct {v1, p0}, Lcom/cz/babySister/activity/D;-><init>(Lcom/cz/babySister/activity/F;)V

   invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z
   :try_end_17f
   .catch Ljava/lang/Exception; {:try_start_14f .. :try_end_17f} :catch_180

   goto :goto_18e

   .line 45
   :catch_180
   iget-object v0, p0, Lcom/cz/babySister/activity/F;->c:Lcom/cz/babySister/activity/MainActivity;

   invoke-static {v0}, Lcom/cz/babySister/activity/MainActivity;->u(Lcom/cz/babySister/activity/MainActivity;)Landroid/os/Handler;

   move-result-object v0

   new-instance v1, Lcom/cz/babySister/activity/E;

   invoke-direct {v1, p0}, Lcom/cz/babySister/activity/E;-><init>(Lcom/cz/babySister/activity/F;)V

   invoke-virtual {v0, v1, v4, v5}, Landroid/os/Handler;->postDelayed(Ljava/lang/Runnable;J)Z

   :cond_18e
   :goto_18e
   return-void
.end method

上面的代码就是拼凑一个网页链接,这个我们不管,修改的时候直接搜getIsvip和getVipday这两个方法,修改如下就行了


.method public getIsvip()Ljava/lang/String;
   .registers 2

   .line 1
   iget-object v0, p0, Lcom/cz/babySister/javabean/UserInfo;->isvip:Ljava/lang/String;

   const-string v0, "true"

   return-object v0
.end method



.method public getVipday()Ljava/lang/String;
   .registers 2

   .line 1
   iget-object v0, p0, Lcom/cz/babySister/javabean/UserInfo;->vipday:Ljava/lang/String;

   const-string v0, "99999"

   return-object v0
.end method


效果图如下,完工


nyyuer 发表于 2019-12-31 21:04

这个教程简单易懂,不错不错。

风绕柳絮轻敲雪 发表于 2020-1-1 11:07

alittlebear 发表于 2020-1-1 01:29
大大,这个俺也有,可以做出这种效果吗

可以在编辑图片那里

z85787789 发表于 2019-12-31 17:00

谢谢大佬

alittlebear 发表于 2019-12-31 17:10

{:301_1009:}真的好简单,俺一个啥都没接触的小白都会做...估计把。。第一个图片的效果是咋做的呀厉害的楼主大大

boteli 发表于 2019-12-31 17:10

我也破解好了。哈哈。

kk1212 发表于 2019-12-31 17:11

好方法,学习了

Norton 发表于 2019-12-31 17:14

多谢分享,学习一下。

byyc 发表于 2019-12-31 17:20

服务器端 验证怎么搞

skyskyzoe 发表于 2019-12-31 17:21

谢谢分享

zkw008283 发表于 2019-12-31 17:33

谢谢大佬,马上去试试

浮生不够记 发表于 2019-12-31 17:34

本帖最后由 浮生不够记 于 2019-12-31 17:36 编辑

Y DTV?

页: [1] 2 3 4 5 6 7 8 9 10
查看完整版本: 简单破解某TV软件