痞孑 发表于 2018-2-2 16:47

安卓内购之艾彼(Abi遗忘之都) 『适合新手』

本帖最后由 痞孑 于 2018-2-2 16:53 编辑


玩了一会需要付费解锁全部内容(心里咯噔了一下)但不要紧,看了看不需要联网(那就是单机了)接着我们用 Android Killer 来破了它下方帖子里边下载https://www.52pojie.cn/thread-319641-1-1.htmlhttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
破解流程如下
1. 把安装包下载到桌面接着把安装包拖进Android Killer反编译

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
2. 点击:工程搜索

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
3. 搜索字符:Notifydelivergoods(单机通用)(如果遇到加密或者加固的话是搜不到的)(只要是在4399下载的游戏都可以用和这个方法名来搜索)(当然如果是网游的话,就不要白费力气了)


https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
4. 搜索完毕之后得到的结果(如下图)

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
5. 点击:最下方的一个类(如下图)

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
6. 之后我们拉到最下方眨眼一看有一个U码

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png

7. 接着我们把U码解密一下看看是什么内容解密结果为:支付失败

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
8. 那么关键来了在NotifyDeliverGoods这个方法名下方有一个判断

.method public notifyDeliverGoods (ZLcn/m4399/recharge/RechargeOrder;)Z
    .locals 7
    .param p1, "b"    # Z
    .param p2, "rechargeOrder"    # Lcn/m4399/recharge/RechargeOrder;
    .prologue
    const/4 v6, 0x3
    const/4 v5, 0x2
    const/4 v1, 0x0
    const/4 v0, 0x1
    .line 42
    if-eqz p1, :cond_0(关键1)
    .line 43
    iget-object v2, p0, Lcom/lilith/singlegame/sisan/SingleGameSisanProxy$1;->this$0:Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;
    # getter for: Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;->mObserver:Lcom/lilith/singlegame/observer/BaseObservable;
    invoke-static {v2}, Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;->access$000(Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;)Lcom/lilith/singlegame/observer/BaseObservable;

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png

9. 为什么说这个判断是关键
我们看这个判断调用了谁
.method public notifyDeliverGoods(ZLcn/m4399/recharge/RechargeOrder;)Z
    .locals 7
    .param p1, "b"    # Z
    .param p2, "rechargeOrder"    # Lcn/m4399/recharge/RechargeOrder;
    .prologue
    const/4 v6, 0x3
    const/4 v5, 0x2
    const/4 v1, 0x0
    const/4 v0, 0x1
    .line 42
    if-eqz p1, :cond_0(关键1)
(这里我们可以运用Smali语法)
(if-eqz vA, :cond_**)
(如果vA等于0则跳转到:_**)
    .line 43
    iget-object v2, p0, Lcom/lilith/singlegame/sisan/SingleGameSisanProxy$1;->this$0:Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;
    # getter for: Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;->mObserver:Lcom/lilith/singlegame/observer/BaseObservable;
    invoke-static {v2}, Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;->access$000(Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;)Lcom/lilith/singlegame/observer/BaseObservable;
    move-result-object v2
    new-array v3, v6,
    .line 44
    invoke-static {v0}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
move-result-object v4
    aput-object v4, v3, v1   
.line 45
    invoke-static {v0}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
    move-result-object v4
    aput-object v4, v3, v0
    .line 46
    invoke-static {v1}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
    move-result-object v1
    aput-object v1, v3, v5
    .line 43
    invoke-virtual {v2, v3}, Lcom/lilith/singlegame/observer/BaseObservable;->notifyObservers(Ljava/lang/Object;)V
    .line 57
    :goto_0
    return v0
    .line 50
    :cond_0(关键2)
(如果vA等于0则跳转到关键2)
(而关键2就是支付失败)
    iget-object v2, p0, Lcom/lilith/singlegame/sisan/SingleGameSisanProxy$1;->this$0:Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;
    # getter for: Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;->mObserver:Lcom/lilith/singlegame/observer/BaseObservable;
    invoke-static {v2}, Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;->access$100(Lcom/lilith/singlegame/sisan/SingleGameSisanProxy;)Lcom/lilith/singlegame/observer/BaseObservable;
    move-result-object v2
    const/4 v3, 0x4
    new-array v3, v3,
    .line 51
    invoke-static {v0}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
    move-result-object v4
    aput-object v4, v3, v1
    .line 52
    invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
    move-result-object v4
    aput-object v4, v3, v0
    const/4 v0, -0x1
    .line 53
    invoke-static {v0}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
    move-result-object v0
    aput-object v0, v3, v5
    const-string v0, "\u652f\u4ed8\u5931\u8d25=支付失败"
    aput-object v0, v3, v6
    .line 50
    invoke-virtual {v2, v3}, Lcom/lilith/singlegame/observer/BaseObservable;->notifyObservers(Ljava/lang/Object;)V
    move v0, v1
    .line 57
    goto :goto_0

https://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.pnghttps://static.52pojie.cn/static/image/hrline/line6.png
1o. 那么这样一来思路就很清晰了我们把 if-eqz p1, :cond_0(关键1)删掉就可以绕过关键2直接达到我们的目的

如下图为测试结果



支付成功之后就可以愉快的玩耍啦本教程到此结束有不会的小伙伴跟帖,抽时间回复附成品:https://pan.baidu.com/s/1mj8ZA20 密码:bcr1

森林雪人 发表于 2018-3-8 16:42

huaisun 发表于 2018-2-5 18:32
前辈,为什么我下载的原版包,丢在Android Kiler 里面一直显示正在反编译apk源码,我反编译其他apk软件的时 ...

你下载的原版包版本太高,Android killer版本太低。我写的APP反编译时也出现这个问题。我暂时手动使用apktool反编译.

df4528 发表于 2018-3-6 09:30

感觉从开头直到搜索“支付失败”关键字之前都是非必要步骤。
直接在Android killer的工具里把“支付失败”转换为unicode(\u652F\u4ED8\u5931\u8D25)复制进搜索框就行了,当然,也可以试试“支付成功”“支付取消”。

SessionBest 发表于 2018-2-2 16:50

楼主辛苦,学习了.谢谢

wacwcc 发表于 2018-2-2 16:52

学习了 。

岁月不饶人 发表于 2018-2-2 17:04

新手路过,啥都不懂

天空之城i 发表于 2018-2-2 17:06

感谢楼主,

海神就是我 发表于 2018-2-2 17:08

楼主666 学习了非常感谢

aiaicao 发表于 2018-2-2 17:12

666,学习了,lz厉害

Colordog 发表于 2018-2-2 17:19

楼主666 学习了非常感谢

asdgff 发表于 2018-2-2 17:28

楼主高手,羡慕有技术的人{:1_893:}

神客op 发表于 2018-2-2 17:29

感谢正想玩
页: [1] 2 3 4 5 6 7 8
查看完整版本: 安卓内购之艾彼(Abi遗忘之都) 『适合新手』


免责声明:
吾爱破解所发布的一切破解补丁、注册机和注册信息及软件的解密分析文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如有侵权请邮件与我们联系处理。

Mail To:Service@52pojie.cn