四人麻将内购破解(电脑端和手机端对照)
本帖最后由 Rnling 于 2018-3-18 17:45 编辑其实不仅电脑端能够破解内购,从手机上也是可以的。在手机上破解需要MT管理器这个工具。下面分别从电脑端和手机上对《四人麻将》进行破解。
电脑:先把APK扔进Andriodkiller进行反编译,搜索关键字符如onresult:
http://img-blog.csdn.net/20180317144344251?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
出现许多
http://img-blog.csdn.net/20180317144454435?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
对其进行查找查看是否存在“支付成功”等关键字在AppActivity$2.smali中找到以下是具体代码:
view plain copy
[*].class Lcom/sihai/sirenmajiang/AppActivity$2;
[*].super Ljava/lang/Object;
[*].source "AppActivity.java"
[*]
[*]# interfaces
[*].implements Lcn/cmgame/billing/api/GameInterface$IPayCallback;
[*]
[*]
[*]# annotations
[*].annotation system Ldalvik/annotation/EnclosingMethod;
[*] value = Lcom/sihai/sirenmajiang/AppActivity;->yidongPay()V
[*].end annotation
[*]
[*].annotation system Ldalvik/annotation/InnerClass;
[*] accessFlags = 0x0
[*] name = null
[*].end annotation
[*]
[*]
[*]# instance fields
[*].field final synthetic this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*]
[*]# direct methods
[*].method constructor <init>(Lcom/sihai/sirenmajiang/AppActivity;)V
[*] .locals 0
[*]
[*] .prologue
[*] .line 1
[*] iput-object p1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] .line 184
[*] invoke-direct {p0}, Ljava/lang/Object;-><init>()V
[*]
[*] return-void
[*].end method
[*]
[*]
[*]# virtual methods
[*].method public onResult(ILjava/lang/String;Ljava/lang/Object;)V
[*] .locals 5
[*] .param p1, "resultCode" # I
[*] .param p2, "s" # Ljava/lang/String;
[*] .param p3, "obj" # Ljava/lang/Object;
[*]
[*] .prologue
[*] const/16 v3, 0x37a
[*]
[*] const/4 v4, 0x0
[*]
[*] .line 188
[*] const-string v0, ""
[*]
[*] .line 189
[*] .local v0, "result":Ljava/lang/String;
[*] packed-switch p1, :pswitch_data_0
[*]
[*] .line 215
[*] new-instance v1, Ljava/lang/StringBuilder;
[*]
[*] const-string v2, "\u8d2d\u4e70\u9053\u5177\uff1a["
[*]
[*] invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
[*]
[*] invoke-virtual {v1, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v1
[*]
[*] const-string v2, "] \u53d6\u6d88\uff01"
[*]
[*] invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v1
[*]
[*] invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
[*]
[*] move-result-object v0
[*]
[*] .line 216
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$1(Lcom/sihai/sirenmajiang/AppActivity;)Landroid/content/Context;
[*]
[*] move-result-object v1
[*]
[*] const-string v2, "\u652f\u4ed8\u53d6\u6d88"
[*]
[*] invoke-static {v1, v2, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
[*]
[*] move-result-object v1
[*]
[*] invoke-virtual {v1}, Landroid/widget/Toast;->show()V
[*]
[*] .line 218
[*] const-string v1, ""
[*]
[*] .line 217
[*] invoke-static {v3, v1}, Lcom/sihai/sirenmajiang/jniHelper;->JavaReturnCode(ILjava/lang/String;)V
[*]
[*] .line 219
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] iget-boolean v1, v1, Lcom/sihai/sirenmajiang/AppActivity;->isHaveThirdPay:Z
[*]
[*] if-eqz v1, :cond_0
[*]
[*] .line 220
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$1(Lcom/sihai/sirenmajiang/AppActivity;)Landroid/content/Context;
[*]
[*] move-result-object v1
[*]
[*] new-instance v2, Ljava/lang/StringBuilder;
[*]
[*] const-string v3, "\u6b63\u5728\u5207\u6362\u5230"
[*]
[*] invoke-direct {v2, v3}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
[*]
[*] iget-object v3, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v3}, Lcom/sihai/sirenmajiang/AppActivity;->access$2(Lcom/sihai/sirenmajiang/AppActivity;)Ljava/lang/String;
[*]
[*] move-result-object v3
[*]
[*] invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v2
[*]
[*] const-string v3, "\u652f\u4ed8"
[*]
[*] invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v2
[*]
[*] invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
[*]
[*] move-result-object v2
[*]
[*] invoke-static {v1, v2, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
[*]
[*] move-result-object v1
[*]
[*] .line 221
[*] invoke-virtual {v1}, Landroid/widget/Toast;->show()V
[*]
[*] .line 222
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$4(Lcom/sihai/sirenmajiang/AppActivity;)V
[*]
[*] .line 228
[*] :cond_0
[*] :goto_0
[*] sget-object v1, Ljava/lang/System;->out:Ljava/io/PrintStream;
[*]
[*] invoke-virtual {v1, v0}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V
[*]
[*] .line 229
[*] return-void
[*]
[*] .line 191
[*] :pswitch_0
[*] const-string v1, "10"
[*]
[*] .line 192
[*] invoke-virtual {p3}, Ljava/lang/Object;->toString()Ljava/lang/String;
[*]
[*] move-result-object v2
[*]
[*] .line 191
[*] invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
[*]
[*] move-result v1
[*]
[*] .line 192
[*] if-eqz v1, :cond_1
[*]
[*] .line 193
[*] const-string v0, "\u77ed\u4fe1\u8ba1\u8d39\u8d85\u65f6"
[*]
[*] .line 194
[*] goto :goto_0
[*]
[*] .line 195
[*] :cond_1
[*] new-instance v1, Ljava/lang/StringBuilder;
[*]
[*] const-string v2, "\u8d2d\u4e70\u9053\u5177\uff1a["
[*]
[*] invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
[*]
[*] invoke-virtual {v1, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v1
[*]
[*] const-string v2, "] \u6210\u529f\uff01"
[*]
[*] invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v1
[*]
[*] invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
[*]
[*] move-result-object v0
[*]
[*] .line 197
[*] invoke-static {}, Lcom/sihai/sirenmajiang/AppActivity;->access$0()I
[*]
[*] move-result v1
[*]
[*] const-string v2, ""
[*]
[*] invoke-static {v1, v2}, Lcom/sihai/sirenmajiang/jniHelper;->JavaReturnCode(ILjava/lang/String;)V
[*]
[*] .line 198
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$1(Lcom/sihai/sirenmajiang/AppActivity;)Landroid/content/Context;
[*]
[*] move-result-object v1
[*]
[*] const-string v2, "\u652f\u4ed8\u6210\u529f"
[*]
[*] invoke-static {v1, v2, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
[*]
[*] move-result-object v1
[*]
[*] .line 199
[*] invoke-virtual {v1}, Landroid/widget/Toast;->show()V
[*]
[*] goto :goto_0
[*]
[*] .line 203
[*] :pswitch_1
[*] new-instance v1, Ljava/lang/StringBuilder;
[*]
[*] const-string v2, "\u8d2d\u4e70\u9053\u5177\uff1a["
[*]
[*] invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
[*]
[*] invoke-virtual {v1, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v1
[*]
[*] const-string v2, "] \u5931\u8d25\uff01"
[*]
[*] invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v1
[*]
[*] invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
[*]
[*] move-result-object v0
[*]
[*] .line 204
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$1(Lcom/sihai/sirenmajiang/AppActivity;)Landroid/content/Context;
[*]
[*] move-result-object v1
[*]
[*] const-string v2, "\u652f\u4ed8\u5931\u8d25"
[*]
[*] invoke-static {v1, v2, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
[*]
[*] move-result-object v1
[*]
[*] invoke-virtual {v1}, Landroid/widget/Toast;->show()V
[*]
[*] .line 206
[*] const-string v1, ""
[*]
[*] .line 205
[*] invoke-static {v3, v1}, Lcom/sihai/sirenmajiang/jniHelper;->JavaReturnCode(ILjava/lang/String;)V
[*]
[*] .line 207
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] iget-boolean v1, v1, Lcom/sihai/sirenmajiang/AppActivity;->isHaveThirdPay:Z
[*]
[*] if-eqz v1, :cond_0
[*]
[*] .line 208
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$1(Lcom/sihai/sirenmajiang/AppActivity;)Landroid/content/Context;
[*]
[*] move-result-object v1
[*]
[*] new-instance v2, Ljava/lang/StringBuilder;
[*]
[*] const-string v3, "\u6b63\u5728\u5207\u6362\u5230"
[*]
[*] invoke-direct {v2, v3}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
[*]
[*] iget-object v3, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v3}, Lcom/sihai/sirenmajiang/AppActivity;->access$2(Lcom/sihai/sirenmajiang/AppActivity;)Ljava/lang/String;
[*]
[*] move-result-object v3
[*]
[*] invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v2
[*]
[*] const-string v3, "\u652f\u4ed8"
[*]
[*] invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
[*]
[*] move-result-object v2
[*]
[*] invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
[*]
[*] move-result-object v2
[*]
[*] invoke-static {v1, v2, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
[*]
[*] move-result-object v1
[*]
[*] .line 209
[*] invoke-virtual {v1}, Landroid/widget/Toast;->show()V
[*]
[*] .line 210
[*] const/4 v1, 0x1
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$3(Z)V
[*]
[*] .line 211
[*] iget-object v1, p0, Lcom/sihai/sirenmajiang/AppActivity$2;->this$0:Lcom/sihai/sirenmajiang/AppActivity;
[*]
[*] invoke-static {v1}, Lcom/sihai/sirenmajiang/AppActivity;->access$4(Lcom/sihai/sirenmajiang/AppActivity;)V
[*]
[*] goto/16 :goto_0
[*]
[*] .line 189
[*] nop
[*]
[*] :pswitch_data_0
[*] .packed-switch 0x1
[*] :pswitch_0
[*] :pswitch_0 #1
[*] .end packed-switch
[*].end method
view plain copy
[*]
http://img-blog.csdn.net/20180317145636957?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
可以看到是一个switch语句,我把它都改为switch_0这样都是成功。
也可以做标记直接从失败GOTO 到成功,因为有天然标记我就没有重做。
https://www.52pojie.cn/forum.php?mod=image&aid=1080610&size=300x300&key=cb47cf054c4c1980&nocache=yes&type=fixnone
这样就修改好了,对其保存回编就可以了。
下面主要说说如何用MT管理器对其破解
打开MT管理器找到data
http://img-blog.csdn.net/20180317160834788?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
打开data 找到App
http://img-blog.csdn.net/20180317160933801?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
打开App找到《四人麻将》并查看
http://img-blog.csdn.net/20180317161345728?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
http://img-blog.csdn.net/20180317161619389?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
找到classes.dex进行DEX编辑
http://img-blog.csdn.net/20180317161730171?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
http://img-blog.csdn.net/2018031716205539?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
点击右上角的地方进行搜索
http://img-blog.csdn.net/2018031716220060?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
会出现搜索结果
http://img-blog.csdn.net/20180317162302464?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
因为进行过电脑端的查询对最后一个进行分析和修改,都改为成功的switch
http://img-blog.csdn.net/20180317162422357?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
然后一路保存退出
http://img-blog.csdn.net/20180317162549639?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
http://img-blog.csdn.net/20180317162612217?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
完成后会生成副本
http://img-blog.csdn.net/20180317162645710?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
然后对其进行签名
http://img-blog.csdn.net/20180317162732962?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
成功后会生成新的APK ,然后对新的APK进行安装
http://img-blog.csdn.net/20180317162852422?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
http://img-blog.csdn.net/20180317162905362?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
然后进行测试是否成功
http://img-blog.csdn.net/20180317162943554?watermark/2/text/Ly9ibG9nLmNzZG4ubmV0L1JubGluZw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70
测试成功!
破解前:链接:https://pan.baidu.com/s/1GLa7Zl2KT3oIF9IEpGP5og 密码:os0h
破解后:链接:https://pan.baidu.com/s/1ciDfiSDZQIs3rL9XOj8bVw 密码:0n9s
mt管理器:链接:https://pan.baidu.com/s/108zHY31glcvjk9HSW2alKQ 密码:90gv 沙发!感谢楼主教程!楼主NB! 没安装SIM卡的手机,提示"未能获取到SIM卡信息" 总是卡在那里 ,不能购买成功 看看内购有什么买 谢谢分享
感谢分享,还不太会打麻将哈 有谁把mt也复制的举手!!! 谢谢分享 楼主辛苦 厉害,感谢分享 谢谢啦,辛苦啦。感谢感谢!