【最后被吓尿了】菜鸟操刀破解内购--单机麻将(给新手朋友提供另一种思路)
本帖最后由 wlpkcheng 于 2018-3-6 19:34 编辑别说我标题党,仔细看,后面还真把我吓一跳,尿倒是没尿{:1_925:}
家里的老爷子最新迷上了打单机麻将,说自己在手机下载的不是广告多就是得花钱才能玩,让我帮他找一个不闹心的麻将,父命难违!最近正好迷上了安卓的破解,于是有了今天的教程!
https://static.52pojie.cn/static/image/hrline/1.gif
软件还是MT管理器,个人用的比较顺手,感觉简单点
有很多新手朋友们想学习破解,但是找不到工具,正好今天在论坛看到 @qqqmj https://www.52pojie.cn/thread-639291-1-1.html 安卓APK修改器(合集)可以去看一下
https://static.52pojie.cn/static/image/hrline/1.gif
开始今天的破解之旅
1、找到是欢乐单人麻将,首先还是先安装上看看什么样的内购方式
2、上面提供了付费异常,没有什么提示性的东西,按正常套路来度试试-----打开游戏APP存放目录--查看
3、选择Classes.dex
4、选择第一个,Dex编辑器
5、搜索常量
6、搜索支付失败,试一下
7、没有???
8、搜索支付成功再试一下
9、还是没有?怪了?
10、支付取消
11、还是没有?难道是某个运营商的游戏?(我还真不知道,我是某荚下的)
12、进字符常量池里看看,这里或许能给提供一些思路
13、下拉着找找看
14、有一个模拟支付成功,试一下
15、搜索常量
16、有2个,点第一个试试
17、方法列表
18、发现2个带有PAY的,这回应该有戏了
19、先看PAY,一般的文件都会放这里面---打开一看,没有判断句,这只是个显示代码,心里凉了半截了,希望另一个是
20、哇,是它,是它,就是它!!!
21、改完后,保存,就成功了。。。
22、我想去看看支付成功后存放的文件,如果找到这个文件,按照原来的做法,把支付成功的代码复制到支付失败还有取消里去,购买会直接购不会弹窗!
23、返回到5那步再搜索常量
24、出现了好几个,看不出来是哪一个,一个一个试,我这里试出来是第二个
25、就是这3个文件了
26、把支付成功的代码复制到支付失败和支付取消里面,记得保存!!!记得保存!!!记得保存!!!
27、退出保存--更新文件---记得给文件签名
28、安装测试
成功了。。。按正常来说这样就能完美结束了,可是在我拷的时候,我的火绒小宝贝弹出来个信息
1、有木马???这是弄啥咧,要是发了论坛,论坛大神不得直接拉我外面抢毙5分钟?
2、我得先去搜一下,这个东东是个啥,一搜吓坏我了,破解还没学好,木马俺更不会啊{:1_889:}
3、在论坛上也没有搜索到相关的东西,在大神群里问也没人给说。。。这不难不到做为菜鸟的我!反正APP上网都要通过APP目录下的那个.xml文件。直接把里面的上网的、短信的全部Kill试试
4、搜索过滤SMS、interne---统统Kill
t
5、用我的小宝贝杀一次试试
没有了!太好了!
TX的哈勃我也检测了一下,还是有风险
https://habo.qq.com/file/showdetail?pk=ADMGZF1lB2QIOls7
后来我想应该是这些读取手机信息啥的在安全软件眼里都不是安全的吧 。。。
最后放上原包和改过的包,大家用的时候如果出现杀毒软件报毒的话,你们想怎么办就怎么办吧。。。。。
原包: 链接: https://pan.baidu.com/s/1b9qeHLYbfoeGEB5Plr2RBQ 密码: vvnc
改过的:链接: https://pan.baidu.com/s/1gfle5qz 密码: 2333
大神勿喷!!!
END。。。
这个.....大佬帮我看看,谢谢了
.class Lcom/leyo/sdk/alipay/MyALipayUtils$1;
.super Landroid/os/Handler;
.source "MyALipayUtils.java"
# annotations
.annotation system Ldalvik/annotation/EnclosingClass;
value = Lcom/leyo/sdk/alipay/MyALipayUtils;
.end annotation
.annotation system Ldalvik/annotation/InnerClass;
accessFlags = 0x0
name = null
.end annotation
# instance fields
.field final synthetic this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
# direct methods
.method constructor <init>(Lcom/leyo/sdk/alipay/MyALipayUtils;)V
.registers 2
.line 1
iput-object p1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
.line 55
invoke-direct {p0}, Landroid/os/Handler;-><init>()V
return-void
.end method
# virtual methods
.method public handleMessage(Landroid/os/Message;)V
.registers 5
.line 61
:try_start_0
iget-object v0, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
iget-object v1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
invoke-static {v1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$0(Lcom/leyo/sdk/alipay/MyALipayUtils;)Ljava/lang/String;
move-result-object v1
invoke-static {v0, v1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$1(Lcom/leyo/sdk/alipay/MyALipayUtils;Ljava/lang/String;)V
:try_end_b
.catch Landroid/content/pm/PackageManager$NameNotFoundException; {:try_start_0 .. :try_end_b} :catch_c
goto :goto_10
:catch_c
move-exception v0
.line 64
invoke-virtual {v0}, Landroid/content/pm/PackageManager$NameNotFoundException;->printStackTrace()V
.line 76
:goto_10
new-instance v0, Lcom/leyo/sdk/alipay/AliPayResult;
iget-object p1, p1, Landroid/os/Message;->obj:Ljava/lang/Object;
check-cast p1, Ljava/util/Map;
invoke-direct {v0, p1}, Lcom/leyo/sdk/alipay/AliPayResult;-><init>(Ljava/util/Map;)V
const-string p1, "leyosdk"
.line 77
new-instance v1, Ljava/lang/StringBuilder;
const-string v2, "payResult.getResultStatus()= "
invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
invoke-virtual {v0}, Lcom/leyo/sdk/alipay/AliPayResult;->getResultStatus()Ljava/lang/String;
move-result-object v2
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v1
invoke-static {p1, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 78
invoke-virtual {v0}, Lcom/leyo/sdk/alipay/AliPayResult;->getResultStatus()Ljava/lang/String;
move-result-object p1
invoke-virtual {p1}, Ljava/lang/String;->hashCode()I
move-result v0
sparse-switch v0, :sswitch_data_ae
goto :goto_9c
:sswitch_3c
const-string v0, "9000"
invoke-virtual {p1, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result p1
if-nez p1, :cond_45
goto :goto_9c
.line 81
:cond_45
iget-object p1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
invoke-static {p1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$2(Lcom/leyo/sdk/alipay/MyALipayUtils;)Lcom/leyo/sdk/interfaces/PCallback;
move-result-object p1
const/4 v0, 0x0
iget-object v1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
invoke-static {v1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$0(Lcom/leyo/sdk/alipay/MyALipayUtils;)Ljava/lang/String;
move-result-object v1
invoke-interface {p1, v0, v1}, Lcom/leyo/sdk/interfaces/PCallback;->payResult(ILjava/lang/String;)V
goto :goto_ac
:sswitch_56
const-string v0, "8000"
.line 78
invoke-virtual {p1, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result p1
if-nez p1, :cond_ac
goto :goto_9c
:sswitch_5f
const-string v0, "6004"
invoke-virtual {p1, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result p1
if-nez p1, :cond_ac
goto :goto_9c
:sswitch_68
const-string v0, "6002"
invoke-virtual {p1, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result p1
if-nez p1, :cond_ac
goto :goto_9c
:sswitch_71
const-string v0, "6001"
invoke-virtual {p1, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result p1
if-nez p1, :cond_7a
goto :goto_9c
.line 94
:cond_7a
iget-object p1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
invoke-static {p1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$2(Lcom/leyo/sdk/alipay/MyALipayUtils;)Lcom/leyo/sdk/interfaces/PCallback;
move-result-object p1
const/4 v0, 0x2
iget-object v1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
invoke-static {v1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$0(Lcom/leyo/sdk/alipay/MyALipayUtils;)Ljava/lang/String;
move-result-object v1
invoke-interface {p1, v0, v1}, Lcom/leyo/sdk/interfaces/PCallback;->payResult(ILjava/lang/String;)V
goto :goto_ac
:sswitch_8b
const-string v0, "5000"
.line 78
invoke-virtual {p1, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result p1
if-nez p1, :cond_ac
goto :goto_9c
:sswitch_94
const-string v0, "4000"
invoke-virtual {p1, v0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result p1
if-nez p1, :cond_ac
.line 104
:goto_9c
iget-object p1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
invoke-static {p1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$2(Lcom/leyo/sdk/alipay/MyALipayUtils;)Lcom/leyo/sdk/interfaces/PCallback;
move-result-object p1
const/4 v0, 0x1
iget-object v1, p0, Lcom/leyo/sdk/alipay/MyALipayUtils$1;->this$0:Lcom/leyo/sdk/alipay/MyALipayUtils;
invoke-static {v1}, Lcom/leyo/sdk/alipay/MyALipayUtils;->access$0(Lcom/leyo/sdk/alipay/MyALipayUtils;)Ljava/lang/String;
move-result-object v1
invoke-interface {p1, v0, v1}, Lcom/leyo/sdk/interfaces/PCallback;->payResult(ILjava/lang/String;)V
:cond_ac
:goto_ac
return-void
nop
:sswitch_data_ae
.sparse-switch
0x185d7c -> :sswitch_94
0x18d1db -> :sswitch_8b
0x19463b -> :sswitch_71
0x19463c -> :sswitch_68
0x19463e -> :sswitch_5f
0x1a2ef8 -> :sswitch_56
0x1aa357 -> :sswitch_3c
.end sparse-switch
.end method
@wlpkcheng
DDMS抓包+正则过滤只有10条信息
0x6edc8408 com/snowfish/cn/ganga/offline/sf/d pay (Landroid/content/Context;Ljava/lang/String;Lcom/snowfish/cn/ganga/offline/helper/SFIPayResultListener;)V (null) -1
0x6ed7fb38 com/snowfish/cn/ganga/offline/helper/SFCommonSDKInterface pay (Landroid/app/Activity;Ljava/lang/String;Lcom/snowfish/cn/ganga/offline/helper/SFIPayResultListener;)V (null) -1
0x6ed82540 com/snowfish/cn/ganga/offline/basic/SFNativeAdapter pay (Ljava/lang/String;)V (null) -1
0x6ed80ee0 com/snowfish/android/ahelper/APayment pay (Landroid/content/Context;Ljava/lang/String;Lcom/snowfish/a/a/p/IPaymentResultListener;Landroid/os/Handler;Ljava/util/Map;)V APayment.java 65
0x6edcd480 com/snowfish/a/a/M pay (Landroid/content/Context;Ljava/lang/String;Lcom/snowfish/a/a/p/IPaymentResultListener;Landroid/os/Handler;Ljava/util/Map;)V (null) -1
0x6ed74930 com/snowfish/cn/ganga/offline/a/a createPayAdapter (Landroid/content/Context;Ljava/lang/String;)Lcom/snowfish/cn/ganga/offline/basic/SFPayAdapter; (null) -1
0x6ed7fdd0 com/snowfish/cn/ganga/offline/a/c a (Landroid/app/Activity;Ljava/lang/String;Lcom/snowfish/cn/ganga/offline/helper/SFIPayResultListener;)V (null) -1
0x6edc81f0 com/snowfish/cn/ganga/offline/a/d <init> (Landroid/app/Activity;Ljava/lang/String;Lcom/snowfish/cn/ganga/offline/helper/SFIPayResultListener;)V (null) -1
0x6ed74d80 com/snowfish/cn/ganga/offline/sf/SFChannelAdapterAHelper createPayAdapter (Landroid/content/Context;Ljava/lang/String;)Lcom/snowfish/cn/ganga/offline/basic/SFPayAdapter; (null) -1
瞬间就能找到核心点 过来学习学习! 学习了 啊哈 学习了,顶楼主 谢谢分享,楼主辛苦了 感谢分享,学习了{:301_997:}{:301_997:}{:301_997:} 已下成品,谢谢! 支持下同用火绒。 学习了 哈哈哈