乐淘淘企业版过红红的签名
本帖最后由 冥界3大法王 于 2020-9-4 12:22 编辑我就随便修改了下,就出来个这东东
困扰了好久不知如何去搞
于是论坛涛之雨大神就给我发了个MHT的存档 《一触即发之:手过签名(非一键)》
于是我就一个字一个字的,一行一行的慢慢研究。
搜索下这个
大神经常说,先优先看看包名的,当然就是图中红圈圈所示地方了,随便点一个过去
method private d()Ljava/lang/String;
.registers 5
.prologue
const/4 v1, 0x0
.line 54
invoke-static {}, Lcom/hpplay/happyplay/ent/util/p;->k()Landroid/content/Context;
move-result-object v0
invoke-virtual {v0}, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v0
.line 58
invoke-static {}, Lcom/hpplay/happyplay/ent/util/p;->k()Landroid/content/Context;
move-result-object v2
invoke-virtual {v2}, Landroid/content/Context;->getPackageName()Ljava/lang/String;
move-result-object v2
.line 61
const/16 v3, 0x40
.line 67
:try_start_13
invoke-virtual {v0, v2, v3}, Landroid/content/pm/PackageManager;->getPackageInfo(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;
:try_end_16
.catch Landroid/content/pm/PackageManager$NameNotFoundException; {:try_start_13 .. :try_end_16} :catch_25
move-result-object v0
.line 72
:goto_17
if-eqz v0, :cond_22
iget-object v2, v0, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature;先来到这里
if-eqz v2, :cond_22
iget-object v2, v0, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature;
array-length v2, v2
if-nez v2, :cond_2d
.line 73
:cond_22
const-string v0, ""
.line 126
:goto_24
return-object v0
.line 68
:catch_25
move-exception v0
.line 69
const-string v2, "SignCheckTool"
invoke-static {v2, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
goto :goto_17
.line 77
:cond_2d
iget-object v0, v0, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature;
.line 78
const/4 v2, 0x0
aget-object v0, v0, v2
invoke-virtual {v0}, Landroid/content/pm/Signature;->toByteArray()[B
move-result-object v0
.line 81
new-instance v2, Ljava/io/ByteArrayInputStream;
invoke-direct {v2, v0}, Ljava/io/ByteArrayInputStream;-><init>([B)V
.line 87
:try_start_3b
const-string v0, "X509"
invoke-static {v0}, Ljava/security/cert/CertificateFactory;->getInstance(Ljava/lang/String;)Ljava/security/cert/CertificateFactory;
:try_end_40
.catch Ljava/lang/Exception; {:try_start_3b .. :try_end_40} :catch_46
move-result-object v0
.line 92
:goto_41
if-nez v0, :cond_4e
.line 93
const-string v0, ""
goto :goto_24
.line 88
:catch_46
move-exception v0
.line 89
const-string v3, "SignCheckTool"
invoke-static {v3, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
goto :goto_41
.line 100
:cond_4e
:try_start_4e
invoke-virtual {v0, v2}, Ljava/security/cert/CertificateFactory;->generateCertificate(Ljava/io/InputStream;)Ljava/security/cert/Certificate;
move-result-object v0
check-cast v0, Ljava/security/cert/X509Certificate;
:try_end_54
.catch Ljava/lang/Exception; {:try_start_4e .. :try_end_54} :catch_59
.line 105
:goto_54
if-nez v0, :cond_61
.line 106
const-string v0, ""
goto :goto_24
.line 101
:catch_59
move-exception v0
.line 102
const-string v2, "SignCheckTool"
invoke-static {v2, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
goto :goto_54
.line 113
:cond_61
:try_start_61
const-string v2, "SHA1"
invoke-static {v2}, Ljava/security/MessageDigest;->getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;
move-result-object v2
.line 116
invoke-virtual {v0}, Ljava/security/cert/X509Certificate;->getEncoded()[B
move-result-object v0
invoke-virtual {v2, v0}, Ljava/security/MessageDigest;->digest([B)[B
move-result-object v0
.line 119
invoke-direct {p0, v0}, Lcom/hpplay/happyplay/ent/util/l;->a([B)Ljava/lang/String;
:try_end_72
.catch Ljava/security/NoSuchAlgorithmException; {:try_start_61 .. :try_end_72} :catch_74
.catch Ljava/security/cert/CertificateEncodingException; {:try_start_61 .. :try_end_72} :catch_7c
move-result-object v0
goto :goto_24
.line 121
:catch_74
move-exception v0
.line 122
const-string v2, "SignCheckTool"
invoke-static {v2, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
转成 java看一下
method private d()Ljava/lang/String;
.registers 5
.prologue
const/4 v1, 0x0
.line 54
invoke-static {}, Lcom/hpplay/happyplay/ent/util/p;->k()Landroid/content/Context;
move-result-object v0
invoke-virtual {v0}, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v0
.line 58
invoke-static {}, Lcom/hpplay/happyplay/ent/util/p;->k()Landroid/content/Context;
move-result-object v2
invoke-virtual {v2}, Landroid/content/Context;->getPackageName()Ljava/lang/String;
move-result-object v2
.line 61
const/16 v3, 0x40
.line 67
:try_start_13
invoke-virtual {v0, v2, v3}, Landroid/content/pm/PackageManager;->getPackageInfo(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;
:try_end_16
.catch Landroid/content/pm/PackageManager$NameNotFoundException; {:try_start_13 .. :try_end_16} :catch_25
move-result-object v0
.line 72
:goto_17
if-eqz v0, :cond_22
iget-object v2, v0, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature;
if-eqz v2, :cond_22
iget-object v2, v0, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature;
array-length v2, v2
if-nez v2, :cond_2d
.line 73
:cond_22
const-string v0, ""
.line 126
:goto_24
return-object v0
.line 68
:catch_25
move-exception v0
.line 69
const-string v2, "SignCheckTool"
invoke-static {v2, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
goto :goto_17
.line 77
:cond_2d
iget-object v0, v0, Landroid/content/pm/PackageInfo;->signatures:[Landroid/content/pm/Signature;
.line 78
const/4 v2, 0x0
aget-object v0, v0, v2
invoke-virtual {v0}, Landroid/content/pm/Signature;->toByteArray()[B
move-result-object v0
.line 81
new-instance v2, Ljava/io/ByteArrayInputStream;
invoke-direct {v2, v0}, Ljava/io/ByteArrayInputStream;-><init>([B)V
.line 87
:try_start_3b
const-string v0, "X509"
invoke-static {v0}, Ljava/security/cert/CertificateFactory;->getInstance(Ljava/lang/String;)Ljava/security/cert/CertificateFactory;
:try_end_40
.catch Ljava/lang/Exception; {:try_start_3b .. :try_end_40} :catch_46
move-result-object v0
.line 92
:goto_41
if-nez v0, :cond_4e
.line 93
const-string v0, ""
goto :goto_24
.line 88
:catch_46
move-exception v0
.line 89
const-string v3, "SignCheckTool"
invoke-static {v3, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
goto :goto_41
.line 100
:cond_4e
:try_start_4e
invoke-virtual {v0, v2}, Ljava/security/cert/CertificateFactory;->generateCertificate(Ljava/io/InputStream;)Ljava/security/cert/Certificate;
move-result-object v0
check-cast v0, Ljava/security/cert/X509Certificate;
:try_end_54
.catch Ljava/lang/Exception; {:try_start_4e .. :try_end_54} :catch_59
.line 105
:goto_54
if-nez v0, :cond_61
.line 106
const-string v0, ""
goto :goto_24
.line 101
:catch_59
move-exception v0
.line 102
const-string v2, "SignCheckTool"
invoke-static {v2, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
goto :goto_54
.line 113
:cond_61
:try_start_61
const-string v2, "SHA1"
invoke-static {v2}, Ljava/security/MessageDigest;->getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;
move-result-object v2
.line 116
invoke-virtual {v0}, Ljava/security/cert/X509Certificate;->getEncoded()[B
move-result-object v0
invoke-virtual {v2, v0}, Ljava/security/MessageDigest;->digest([B)[B
move-result-object v0
.line 119
invoke-direct {p0, v0}, Lcom/hpplay/happyplay/ent/util/l;->a([B)Ljava/lang/String;
:try_end_72
.catch Ljava/security/NoSuchAlgorithmException; {:try_start_61 .. :try_end_72} :catch_74
.catch Ljava/security/cert/CertificateEncodingException; {:try_start_61 .. :try_end_72} :catch_7c
move-result-object v0
goto :goto_24
.line 121
:catch_74
move-exception v0
.line 122
const-string v2, "SignCheckTool"
invoke-static {v2, v0}, Lcom/hpplay/happyplay/ent/util/i;->b(Ljava/lang/String;Ljava/lang/Throwable;)V
move-object v0, v1
我去,满眼全是 SignCheckTool ,我眼都花了。
再往下一段看
.method public b()Z
.registers 5
.prologue
const/4 v0, 0x1
.line 152
iget-object v1, p0, Lcom/hpplay/happyplay/ent/util/l;->d:Ljava/lang/String; 这里发现1个d: 我就想是不是这里调用上一段呢?
invoke-static {v1}, Landroid/text/TextUtils;->isEmpty(Ljava/lang/CharSequence;)Z
move-result v1
if-nez v1, :cond_36
.line 153
iget-object v1, p0, Lcom/hpplay/happyplay/ent/util/l;->d:Ljava/lang/String;
invoke-virtual {v1}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v1
iput-object v1, p0, Lcom/hpplay/happyplay/ent/util/l;->d:Ljava/lang/String;
.line 154
iget-object v1, p0, Lcom/hpplay/happyplay/ent/util/l;->d:Ljava/lang/String;
const-string v2, "EC:72:2B:2E:41:17:24:ED:5C:7C:A5:28:E8:67:2C:D1:1C:33:72:A8"
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-eqz v1, :cond_1c
.line 166
:cond_1b
:goto_1b
return v0
.line 157
:cond_1c
const-string v1, "SignCheckTool"
new-instance v2, Ljava/lang/StringBuilder;
invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V
const-string v3, "cer: "
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v2
iget-object v3, p0, Lcom/hpplay/happyplay/ent/util/l;->d:Ljava/lang/String;
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v2
invoke-static {v1, v2}, Lcom/hpplay/happyplay/ent/util/i;->f(Ljava/lang/String;Ljava/lang/String;)V
.line 160
:cond_36
invoke-static {}, Lcom/hpplay/happyplay/ent/util/m;->m()Z
move-result v1
if-nez v1, :cond_1b
.line 166
const/4 v0, 0x0
goto :goto_1b
.end method
再转java看一下
public boolean b() {
if (!TextUtils.isEmpty(this.d)) {
this.d = this.d.trim();
if (this.d.equals("EC:72:2B:2E:41:17:24:ED:5C:7C:A5:28:E8:67:2C:D1:1C:33:72:A8")) {
return true;
}
i.f("SignCheckTool", "cer: " + this.d);
}
if (!m.m()) {
return false; 这有一个返回假
}
return true; 这有一个返回真
}
}
无论如何,程序都会执行到
:goto_1b
========《=====我在这里加上一句const v0, 1会不会成功呢?
return v0
最终革命胜利了。为今后的过签名检测提高了信心和折腾动力。
本帖最后由 417788939 于 2020-9-4 09:19 编辑
这跟我之前发的几个过签名校验一样的套路。
const-string v2, "EC:72:2B:2E:41:17:24:ED:5C:7C:A5:28:E8:67:2C:D1:1C:33:72:A8"
这明显就是签名的MD5值,还有对比字符串的代码。直接把这串改成你的签名MD5,如果别人二改了就会报红字{:17_1068:}
补:是SHA1。之前我发的帖子是md5。用开发助手可以看签名值。 话说我喜欢在0后面直接加上1
const/4 v0, 0x01
goto :goto_1b
.end method 楼主是个小姐姐这么厉害……。 动手能力真强。 涛之雨 发表于 2020-9-3 16:29
话说我喜欢在0后面直接加上1
const/4 v0, 0x01
沙发总能找到简单高效解决方法 java层的直接转成java代码,肉眼可见。 真是高手阿 这可真是太辛苦了! 是什么企业版
页:
[1]
2