破解捕鱼XX2游戏的过程
本帖最后由 悲伤还是快乐 于 2014-7-31 22:43 编辑我用的是官网下载的包,官网地址是http://2.fishingjoy.com/index.html
签名校验破解的方法是借鉴本论坛落华无痕大神的。
启动的activity
.class public Lorg/cocos2dx/FishingJoy2/FishingJoy2;
.super Lorg/cocos2dx/FishingJoy2/y;
# direct methods
.method public constructor <init>()V
.locals 0
invoke-direct {p0},Lorg/cocos2dx/FishingJoy2/y;-><init>()V
return-void
.end method
# virtual methods
.method protected onCreate(Landroid/os/Bundle;)V
.locals 0
invoke-super {p0, p1},Lorg/cocos2dx/FishingJoy2/y;->onCreate(Landroid/os/Bundle;)V
return-void
.end method
java源码是
继续找y
继续找Cocos2dxActivity
找onCreate方法
OK,找到了,然后就改
修改前
.method public staticinit(Landroid/content/Context;Lorg/cocos2dx/lib/Cocos2dxHelper$Cocos2dxHelperListener;)V
.locals 2
invoke-virtual {p0},Landroid/content/Context;->getApplicationInfo()Landroid/content/pm/ApplicationInfo;
move-result-object v0
sput-object p1,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dxHelperListener:Lorg/cocos2dx/lib/Cocos2dxHelper$Cocos2dxHelperListener;
iget-object v1, v0,Landroid/content/pm/ApplicationInfo;->packageName:Ljava/lang/String;
sput-object v1,Lorg/cocos2dx/lib/Cocos2dxHelper;->sPackageName:Ljava/lang/String;
iget-object v1, v0,Landroid/content/pm/ApplicationInfo;->sourceDir:Ljava/lang/String;
invoke-static {v1},Lorg/cocos2dx/lib/Cocos2dxHelper;->nativeSetApkPath(Ljava/lang/String;)V
const-string v1, "assets/"
invoke-static {v0, v1}, Lorg/cocos2dx/lib/Cocos2dxHelper;->getAbsolutePathOnExternalStorage(Landroid/content/pm/ApplicationInfo;Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-static {v0},Lorg/cocos2dx/lib/Cocos2dxHelper;->nativeSetExternalAssetPath(Ljava/lang/String;)V
new-instance v0, Lorg/cocos2dx/lib/Cocos2dxAccelerometer;
invoke-direct {v0, p0},Lorg/cocos2dx/lib/Cocos2dxAccelerometer;-><init>(Landroid/content/Context;)V
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dxAccelerometer:Lorg/cocos2dx/lib/Cocos2dxAccelerometer;
new-instance v0, Lorg/cocos2dx/lib/Cocos2dxMusic;
invoke-direct {v0, p0},Lorg/cocos2dx/lib/Cocos2dxMusic;-><init>(Landroid/content/Context;)V
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dMusic:Lorg/cocos2dx/lib/Cocos2dxMusic;
new-instance v0, Lorg/cocos2dx/lib/Cocos2dxSound;
invoke-direct {v0, p0},Lorg/cocos2dx/lib/Cocos2dxSound;-><init>(Landroid/content/Context;)V
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dSound:Lorg/cocos2dx/lib/Cocos2dxSound;
invoke-virtual {p0},Landroid/content/Context;->getAssets()Landroid/content/res/AssetManager;
move-result-object v0
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sAssetManager:Landroid/content/res/AssetManager;
invoke-static {p0},Lorg/cocos2dx/lib/Cocos2dxBitmap;->setContext(Landroid/content/Context;)V
check-cast p0, Lorg/cocos2dx/lib/Cocos2dxActivity;
sput-object p0,Lorg/cocos2dx/lib/Cocos2dxHelper;->mActivity:Lorg/cocos2dx/lib/Cocos2dxActivity;
return-void
.end method
修改后
.method public staticinit(Landroid/content/Context;Lorg/cocos2dx/lib/Cocos2dxHelper$Cocos2dxHelperListener;)V
.locals 2
invoke-virtual {p0},Landroid/content/Context;->getApplicationInfo()Landroid/content/pm/ApplicationInfo;
move-result-object v0
sput-object p1,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dxHelperListener:Lorg/cocos2dx/lib/Cocos2dxHelper$Cocos2dxHelperListener;
iget-object v1, v0,Landroid/content/pm/ApplicationInfo;->packageName:Ljava/lang/String;
sput-object v1,Lorg/cocos2dx/lib/Cocos2dxHelper;->sPackageName:Ljava/lang/String;
iget-object v1, v0,Landroid/content/pm/ApplicationInfo;->sourceDir:Ljava/lang/String;
const-string v1, "/sdcard/1.apk"
invoke-static {v1}, Lorg/cocos2dx/lib/Cocos2dxHelper;->nativeSetApkPath(Ljava/lang/String;)V
const-string v1, "assets/"
invoke-static {v0, v1},Lorg/cocos2dx/lib/Cocos2dxHelper;->getAbsolutePathOnExternalStorage(Landroid/content/pm/ApplicationInfo;Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-static {v0},Lorg/cocos2dx/lib/Cocos2dxHelper;->nativeSetExternalAssetPath(Ljava/lang/String;)V
new-instance v0, Lorg/cocos2dx/lib/Cocos2dxAccelerometer;
invoke-direct {v0, p0}, Lorg/cocos2dx/lib/Cocos2dxAccelerometer;-><init>(Landroid/content/Context;)V
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dxAccelerometer:Lorg/cocos2dx/lib/Cocos2dxAccelerometer;
new-instance v0, Lorg/cocos2dx/lib/Cocos2dxMusic;
invoke-direct {v0, p0}, Lorg/cocos2dx/lib/Cocos2dxMusic;-><init>(Landroid/content/Context;)V
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dMusic:Lorg/cocos2dx/lib/Cocos2dxMusic;
new-instance v0, Lorg/cocos2dx/lib/Cocos2dxSound;
invoke-direct {v0, p0}, Lorg/cocos2dx/lib/Cocos2dxSound;-><init>(Landroid/content/Context;)V
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sCocos2dSound:Lorg/cocos2dx/lib/Cocos2dxSound;
invoke-virtual {p0},Landroid/content/Context;->getAssets()Landroid/content/res/AssetManager;
move-result-object v0
sput-object v0,Lorg/cocos2dx/lib/Cocos2dxHelper;->sAssetManager:Landroid/content/res/AssetManager;
invoke-static {p0},Lorg/cocos2dx/lib/Cocos2dxBitmap;->setContext(Landroid/content/Context;)V
check-cast p0, Lorg/cocos2dx/lib/Cocos2dxActivity;
sput-object p0,Lorg/cocos2dx/lib/Cocos2dxHelper;->mActivity:Lorg/cocos2dx/lib/Cocos2dxActivity;
return-void
.end method
把原版APK包重命名为1.apk然后放到sdcard根目录就可以了,具体可参照大神的帖子http://www.52pojie.cn/thread-279542-1-1.html
然后就是最简单的破解计费环节了
1 登陆总是给我弹更新窗口,觉得很烦。
找strNewVersionMessage
找0x7f05004d
.method public final run()V
.locals 4
const/4 v0, 0x1
sput-boolean v0, Lorg/cocos2dx/FishingJoy2/FishingJoyAutoUpdateNotifier;->a:Z
new-instance v0, Landroid/app/AlertDialog$Builder;
invoke-static {},Lorg/cocos2dx/lib/be;->b()Landroid/app/Activity;
move-result-object v1
invoke-direct {v0, v1},Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V
const v1, 0x7f02002d
invoke-virtual {v0, v1},Landroid/app/AlertDialog$Builder;->setIcon(I)Landroid/app/AlertDialog$Builder;
move-result-object v0
const v1, 0x7f05004d
invoke-virtual {v0, v1}, Landroid/app/AlertDialog$Builder;->setTitle(I)Landroid/app/AlertDialog$Builder;
move-result-object v0
const v1, 0x7f050054
new-instance v2, Lorg/cocos2dx/FishingJoy2/r;
iget-object v3, p0,Lorg/cocos2dx/FishingJoy2/q;->b:Landroid/app/Activity;
invoke-direct {v2, p0, v3},Lorg/cocos2dx/FishingJoy2/r;-><init>(Lorg/cocos2dx/FishingJoy2/q;Landroid/app/Activity;)V
invoke-virtual {v0, v1, v2},Landroid/app/AlertDialog$Builder;->setPositiveButton(ILandroid/content/DialogInterface$OnClickListener;)Landroid/app/AlertDialog$Builder;
move-result-object v0
const v1, 0x7f050055
new-instance v2, Lorg/cocos2dx/FishingJoy2/s;
invoke-direct {v2, p0},Lorg/cocos2dx/FishingJoy2/s;-><init>(Lorg/cocos2dx/FishingJoy2/q;)V
invoke-virtual {v0, v1, v2},Landroid/app/AlertDialog$Builder;->setNegativeButton(ILandroid/content/DialogInterface$OnClickListener;)Landroid/app/AlertDialog$Builder;
move-result-object v0
sget-object v1, Lorg/cocos2dx/lib/f;->d:Ljava/lang/String;
invoke-virtual {v0, v1},Landroid/app/AlertDialog$Builder;->setMessage(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder;
move-result-object v0
invoke-virtual {v0},Landroid/app/AlertDialog$Builder;->create()Landroid/app/AlertDialog;
move-result-object v0
invoke-virtual {v0}, Landroid/app/AlertDialog;->show()V
return-void
java源码
找FishingJoyAutoUpdateNotifier
.method public final a(I)V
.locals 6
const/4 v5, 0x0
new-instance v0, Ljava/lang/StringBuilder;
const-string v1, "onCheckVersionResponse: "
invoke-direct {v0, v1},Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
invoke-virtual {v0, p1},Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
move-result-object v0
invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v0
const-string v1, "FishingJoyAutoUpdateNotifier"
invoke-static {v1, v0},Lorg/cocos2dx/lib/be;->a(Ljava/lang/String;Ljava/lang/String;)V
invoke-static {}, Lorg/cocos2dx/lib/be;->b()Landroid/app/Activity;
move-result-object v0
invoke-static {},Lorg/cocos2dx/lib/be;->d()Landroid/os/Handler;
move-result-object v1
if-eqz v1, :cond_0
if-nez v0, :cond_1
:cond_0
:goto_0
return-void
:cond_1
if-nez p1, :cond_0
sget-object v2, Lorg/cocos2dx/lib/f;->a:Ljava/lang/String;
if-eqz v2, :cond_0
sget-object v2, Lorg/cocos2dx/lib/f;->c:Ljava/lang/String;
if-eqz v2, :cond_0
sget v2, Lorg/cocos2dx/lib/f;->b:I
invoke-static {}, Lorg/cocos2dx/lib/be;->i()I
move-result v3
if-gt v2, v3, :cond_2
sput-boolean v5,Lorg/cocos2dx/FishingJoy2/FishingJoyAutoUpdateNotifier;->a:Z
goto :goto_0
:cond_2
const-string v2, "New version(%s)(%d) available,url(%s)"
const/4 v3, 0x3
new-array v3, v3, [Ljava/lang/Object;
sget-object v4, Lorg/cocos2dx/lib/f;->a:Ljava/lang/String;
aput-object v4, v3, v5
const/4 v4, 0x1
sget v5, Lorg/cocos2dx/lib/f;->b:I
invoke-static {v5},Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
move-result-object v5
aput-object v5, v3, v4
const/4 v4, 0x2
sget-object v5, Lorg/cocos2dx/lib/f;->c:Ljava/lang/String;
aput-object v5, v3, v4
invoke-static {v2, v3},Ljava/lang/String;->format(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;
move-result-object v2
const-string v3, "FishingJoyAutoUpdateNotifier"
invoke-static {v3, v2},Lorg/cocos2dx/lib/be;->a(Ljava/lang/String;Ljava/lang/String;)V
new-instance v2, Lorg/cocos2dx/FishingJoy2/q;
invoke-direct {v2, p0, v0},Lorg/cocos2dx/FishingJoy2/q;-><init>(Lorg/cocos2dx/FishingJoy2/FishingJoyAutoUpdateNotifier;Landroid/app/Activity;)V
invoke-virtual {v1, v2},Landroid/os/Handler;->post(Ljava/lang/Runnable;)Z
goto :goto_0
关键的地方
显然这是检测到新版本号url了
第一个if很关键,只要跳到:cond_0就不会弹新版本了,方法有很多,eqz是 V1为0发生跳转,所以修改的方法有很多,我用的无条件跳转修改的。
然后就是修改计费,同样的方法
找strCTConfirm
然后0x7f050076换成十进制2131034230
打开java源码
很明显找SMS.class,但是java源码没法看
接着找同目录下的其他文件呗,很明显的一个文件出来了,短信监听
进去看一看后就基本没悬念了
找smsOK里面的东西复制到smsCancel
搞定了,无需开飞行模式点击购买后在取消就会发现东西已经到手了。
PS:短信发送的号码就在SMS.class里面,不过已经无关紧要了,因为根本不需要发送短信。
破解好的http://pan.baidu.com/s/1qW8sNZQ使用时必须去http://2.fishingjoy.com/index.html下载一个官方版的捕鱼XX2然后重命名为1.apk放到sdcard根目录
还有一种方式:
修改并重新编译dex之后
在libgame.so的下面字符改为修改后dex的MD5只亦可。
Classes的MD5校验:
const-string v1, "/sdcard/1234.apk"←只需将获取APK路径的v1转向原版的APK即可绕过程序的校验.
invoke-static {v1}, Lorg/cocos2dx/lib/Cocos2dxHelper;->nativeSetApkPath(Ljava/lang/String;)V
包修改后结构:路径
/sdcard/1234.apk←原版
/sdacrd/1234破解版.apk ←修改版
楼主!??什么都没有啊 为什么我没看懂呢,就一片雪白。 水贴?啥都没有啊
楼主!标题党么什么都木有 教程不出··学习到了很多 我擦,我也奇怪呢,怎么弄啊,为什么我能看到啊 dolphin震 发表于 2014-7-31 14:10
教程不出··学习到了很多
我写好了,不知道为什么没法显示,你等等 不玩游戏的飘过,,,, 看 雪上被和谐了
这里应该也发不出来