好友
阅读权限10
听众
最后登录1970-1-1
|
本帖最后由 THB211 于 2014-5-7 21:41 编辑
小白学习专帖第一帖。后续有空会续集,敬请期待!
软件名com.sanyinchen.lock_face_3.apk
编译打开AndroidManifest.xml
[Asm] 纯文本查看 复制代码 <?xml version="1.0" encoding="utf-8"?>
<manifest android:versionCode="3" android:versionName="1.1" package="com.sanyinchen.lock_face"
xmlns:android="http://schemas.android.com/apk/res/android">
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.RESTART_PACKAGES" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.DISABLE_KEYGUARD" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-feature android:name="android.hardware.camera" />
<uses-feature android:name="android.hardware.camera.autofocus" />
<supports-screens android:anyDensity="true" android:smallScreens="true" android:normalScreens="true" android:largeScreens="true" android:resizeable="true" />
<application android:theme="@style/AppTheme" android:label="@string/app_name" android:icon="@drawable/lock" android:allowBackup="true">
<activity android:theme="@android:style/Theme.Translucent" android:label="@string/app_name" android:name="com.sanyinchen.lock_face.MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
从上面的代码可以知道activity Main为:[Asm] 纯文本查看 复制代码 <activity android:theme="@android:style/Theme.Translucent" android:label="@string/app_name" android:name="com.sanyinchen.lock_face.MainActivity">
接着找到MainActivity.smali发现里面没有积分提示的窗口,同理我们再打开MainActivity$4.smali,发现提示积分的内容在此文件调用,代码如下[Asm] 纯文本查看 复制代码 # virtual methods
.method public onClick(Landroid/view/View;)V
.locals 6
.param p1, "v" # Landroid/view/View;
.prologue
const/4 v5, 0x1
const/4 v3, 0x0
.line 212
iget-object v1, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;
iget v1, v1, Lcom/sanyinchen/lock_face/MainActivity;->points:I
const/16 v2, 0x32
if-gt v1, v2, :cond_0
.line 215
const-string v0, " \u4eb2~\u79ef\u5206\u4e0d\u8db3\u54e6\uff0c\u83b7\u53d650\u79ef\u5206\u5373\u53ef\u5f00\u542f\u70ab\u9177\u7684\u4eba\u8138\u8bc6\u522b\u9501\u5c4f\uff0c\u8d76\u5feb\u884c\u52a8\u5427^v^\nPS:\u4eb2\uff0c\u4e0b\u8f7d\u65f6\u8bf7\u52ff\u6709\u4efb\u4f55\u64cd\u4f5c\uff0c\u4e0b\u8f7d\u5b8c\u6210\u540e\u9700\u8981<\u5b89\u88c5>\u4e4b\u540e\u624d\u80fd\u83b7\u53d6\u79ef\u5206\u54e6\uff0c\u611f\u8c22\u4eb2\u7684\u652f\u6301\uff01\"\n\n(\u4e0b\u8f7d+\u5b89\u88c5=\u70ab\u9177\u7684\u4eba\u8138\u8bc6\u522b\u9501\u5c4f) ========================== unicode 积分不足获取50积分XXX"
.line 216
.local v0, "message":Ljava/lang/String;
new-instance v1, Landroid/app/AlertDialog$Builder;
iget-object v2, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;
invoke-direct {v1, v2}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V
.line 217
const-string v2, "\u6e29\u99a8\u63d0\u793a =================================[/size][/color][/font][size=2][color=#ff00][font=宋体]unicode[/font][/color] [/size][font=宋体][color=#ff0000][size=2]温馨提示"
invoke-virtual {v1, v2}, Landroid/app/AlertDialog$Builder;->setTitle(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder;
move-result-object v1
不知道大家看到了 if-gt v1, v2, :cond_0 没有,看到了知道是什么意思木有?(意思就是v1大于v2就转到:cond_0代码处)
:cond_0的代码如下[Asm] 纯文本查看 复制代码 :cond_0
iget-object v1, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;
iget-object v1, v1, Lcom/sanyinchen/lock_face/MainActivity;->serect:Ljava/lang/String; #判断是否初次使用不然设置密码
if-nez v1, :cond_1
.line 247
iget-object v1, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;
new-instance v2, Landroid/widget/EditText; #新建[/size][/font][/color][size=2][color=#ff00][font=宋体]EditText;[/font][/color] [color=#ff0000]用于用户输入创建使用的密码[/color][/size][color=#ff00][font=宋体][size=2]
iget-object v3, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;
invoke-direct {v2, v3}, Landroid/widget/EditText;-><init>(Landroid/content/Context;)V
iput-object v2, v1, Lcom/sanyinchen/lock_face/MainActivity;->text:Landroid/widget/EditText; #输入密码的窗口
.line 248
new-instance v1, Landroid/app/AlertDialog$Builder;
iget-object v2, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;
invoke-direct {v1, v2}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V
.line 249
const-string v2, "\u521d\u6b21\u4f7f\u7528,\u8bbe\u7f6e\u5bc6\u7801----- ------------------unicode 初次使用设置密码"
invoke-virtual {v1, v2}, Landroid/app/AlertDialog$Builder;->setTitle(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder;
到此如果我们把 if-gt v1, v2, :cond_0 改为if-lt v1, v2, :cond_0或者无条件 的goto :cond_0亦可以 ,
修改的代码如下
[Asm] 纯文本查看 复制代码 # virtual methods[/color][/size]
[size=2][color=#ff00].method public onClick(Landroid/view/View;)V[/color][/size]
[size=2][color=#ff00] .locals 6[/color][/size]
[size=2][color=#ff00] .param p1, "v" # Landroid/view/View;[/color][/size]
[size=2][color=#ff00] .prologue[/color][/size]
[size=2][color=#ff00] const/4 v5, 0x1[/color][/size]
[size=2][color=#ff00] const/4 v3, 0x0[/color][/size]
[size=2][color=#ff00] .line 212[/color][/size]
[size=2][color=#ff00] iget-object v1, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;[/color][/size]
[size=2][color=#ff00] iget v1, v1, Lcom/sanyinchen/lock_face/MainActivity;->points:I[/color][/size]
[size=2][color=#ff00] const/16 v2, 0x32[/color][/size]
[size=4][color=#ff00ff] if-lt v1, v2, :cond_0 或者改为 goto :cond_0[/color][/size]
[size=2][color=#ff00] .line 215[/color][/size]
[size=2][color=#ff00] const-string v0, " \u4eb2~\u79ef\u5206\u4e0d\u8db3\u54e6\uff0c\u83b7\u53d650\u79ef\u5206\u5373\u53ef\u5f00\u542f\u70ab\u9177\u7684\u4eba\u8138\u8bc6\u522b\u9501\u5c4f\uff0c\u8d76\u5feb\u884c\u52a8\u5427^v^\nPS:\u4eb2\uff0c\u4e0b\u8f7d\u65f6\u8bf7\u52ff\u6709\u4efb\u4f55\u64cd\u4f5c\uff0c\u4e0b\u8f7d\u5b8c\u6210\u540e\u9700\u8981<\u5b89\u88c5>\u4e4b\u540e\u624d\u80fd\u83b7\u53d6\u79ef\u5206\u54e6\uff0c\u611f\u8c22\u4eb2\u7684\u652f\u6301\uff01\"\n\n(\u4e0b\u8f7d+\u5b89\u88c5=\u70ab\u9177\u7684\u4eba\u8138\u8bc6\u522b\u9501\u5c4f)"[/color][/size]
[size=2][color=#ff00] .line 216[/color][/size]
[size=2][color=#ff00] .local v0, "message":Ljava/lang/String;[/color][/size]
[size=2][color=#ff00] new-instance v1, Landroid/app/AlertDialog$Builder;[/color][/size]
[size=2][color=#ff00] iget-object v2, p0, Lcom/sanyinchen/lock_face/MainActivity$4;->this$0:Lcom/sanyinchen/lock_face/MainActivity;[/color][/size]
[size=2][color=#ff00] invoke-direct {v1, v2}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V[/color][/size]
[size=2][color=#ff00] .line 217[/color][/size]
[size=2][color=#ff00] const-string v2, "\u6e29\u99a8\u63d0\u793a"[/color][/size]
[size=2][color=#ff00] invoke-virtual {v1, v2}, Landroid/app/AlertDialog$Builder;->setTitle(Ljava/lang/CharSequence;)Landroid/app/AlertDialog$Builder;[/color][/size]
[size=2][color=#ff00] move-result-object v1
另一破解方法
[Asm] 纯文本查看 复制代码 iget v1, v1, Lcom/sanyinchen/lock_face/MainActivity;->points:I
const/16 v2, 0x32 改为 const/16 v2, 0x0
也可以破解
好了软件破解完成。。。
|
免费评分
-
查看全部评分
|
[复制链接]
发表于 2014-5-7 19:53
{:1_931:}
