吾爱汇编

 找回密码
 立即注册

QQ登录

绑定QQ避免忘记帐号

查看: 4877|回复: 27

[安卓逆向图文] 熊出没2分析逆向

  [复制链接]
234150476 发表于 2017-6-21 11:03 | 显示全部楼层 |阅读模式

1运行游戏寻找关键代码
2.png
3.png
4.png
2.apk载入AndroidKiller,搜索关键字支付失败
1.png
2.png
3.png
4.png
.class Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;
.super Ljava/lang/Object;
.source "PlatformCM150.java"
# interfaces
.implements Lcn/cmgame/billing/api/GameInterface$IPayCallback;
# annotations
.annotation system Ldalvik/annotation/EnclosingMethod;
    value = Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->run()V
.end annotation
.annotation system Ldalvik/annotation/InnerClass;
    accessFlags = 0x0
    name = null
.end annotation
# instance fields
.field final synthetic this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
.field private final synthetic val$callback:Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;
.field private final synthetic val$chargeIndex:Ljava/lang/String;
.field private final synthetic val$goodsPrice:Ljava/lang/String;
# direct methods
.method constructor <init>(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;Ljava/lang/String;Ljava/lang/String;)V
    .locals 0
    .prologue
    .line 1
    iput-object p1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    iput-object p2, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$callback:Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;
    iput-object p3, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$chargeIndex:Ljava/lang/String;
    iput-object p4, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$goodsPrice:Ljava/lang/String;
    .line 342
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V
    return-void
.end method
.method static synthetic access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;)Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    .locals 1
    .prologue
    .line 342
    iget-object v0, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    return-object v0
.end method
# virtual methods
.method public onResult(ILjava/lang/String;Ljava/lang/Object;)V
    .locals 6
    .param p1, "resultCode"    # I
    .param p2, "billingIndex"    # Ljava/lang/String;
    .param p3, "obj"    # Ljava/lang/Object;
    .prologue
    const/4 v5, 0x0
    .line 345
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    # getter for: Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->this$0:Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;)Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    move-result-object v1
    iget-object v1, v1, Lcom/joym/PaymentSdkV2/model/PlatformCM150;->dialog:Landroid/app/ProgressDialog;
    if-eqz v1, :cond_0
    .line 347
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    # getter for: Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->this$0:Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;)Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    move-result-object v1
    iget-object v1, v1, Lcom/joym/PaymentSdkV2/model/PlatformCM150;->dialog:Landroid/app/ProgressDialog;
    invoke-virtual {v1}, Landroid/app/ProgressDialog;->dismiss()V
    .line 349
    :cond_0
    new-instance v1, Ljava/lang/StringBuilder;
    const-string v2, "resultCode="
    invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
    invoke-virtual {v1, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    move-result-object v1
    const-string v2, ", billingIndex="
    invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v1
    invoke-virtual {v1, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v1
    const-string v2, ", obj="
    invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v1
    invoke-virtual {v1, p3}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
    move-result-object v1
    invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    move-result-object v1
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/Log/FALog;->i(Ljava/lang/String;)V
    .line 351
    packed-switch p1, :pswitch_data_0
    .line 383
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    # getter for: Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->this$0:Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;)Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    move-result-object v1
    invoke-virtual {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150;->getActivity()Landroid/app/Activity;
    move-result-object v1
    const-string v2, "\u652f\u4ed8\u5931\u8d25"
                    支付失败
    invoke-static {v1, v2}, Lcom/fxlib/util/android/FAToast;->show(Landroid/content/Context;Ljava/lang/String;)V
    .line 384
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$callback:Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;
    const/16 v2, 0x66
    new-instance v3, Ljava/lang/StringBuilder;
    const-string v4, "\u8d2d\u4e70\u9053\u5177\uff1a["
购买道具
    invoke-direct {v3, v4}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
    invoke-virtual {v3, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v3
    const-string v4, "] \u53d6\u6d88\uff01"
                     取消
    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v3
    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    move-result-object v3
    invoke-virtual {v1, v2, v3, v5}, Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;->onCallback(ILjava/lang/String;Ljava/lang/String;)V
    .line 388
    :goto_0
    return-void
    .line 354
    :pswitch_0
    const-string v1, "10"
    invoke-virtual {p3}, Ljava/lang/Object;->toString()Ljava/lang/String;
    move-result-object v2
    invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
    move-result v1
    if-eqz v1, :cond_1
    .line 355
    new-instance v0, Lcom/joym/PaymentSdkV2/model/CmDialog;
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    # getter for: Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->this$0:Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;)Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    move-result-object v1
    invoke-virtual {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150;->getActivity()Landroid/app/Activity;
    move-result-object v1
    new-instance v2, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1$1;
    iget-object v3, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$callback:Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;
    invoke-direct {v2, p0, v3}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1$1;-><init>(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;)V
    invoke-direct {v0, v1, v5, v2}, Lcom/joym/PaymentSdkV2/model/CmDialog;-><init>(Landroid/content/Context;Ljava/util/HashMap;Lcom/joym/PaymentSdkV2/model/CmDialog$Callback;)V
    .line 370
    .local v0, "dialog":Lcom/joym/PaymentSdkV2/model/CmDialog;
    invoke-virtual {v0}, Lcom/joym/PaymentSdkV2/model/CmDialog;->show()V
    goto :goto_0
    .line 372
    .end local v0    # "dialog":Lcom/joym/PaymentSdkV2/model/CmDialog;
    :cond_1
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    # getter for: Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->this$0:Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;)Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    move-result-object v1
    invoke-virtual {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150;->getActivity()Landroid/app/Activity;
    move-result-object v1
    const-string v2, "\u652f\u4ed8\u6210\u529f"
                       支付成功
    invoke-static {v1, v2}, Lcom/fxlib/util/android/FAToast;->show(Landroid/content/Context;Ljava/lang/String;)V
    .line 373
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$callback:Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;
    const/16 v2, 0x64
    new-instance v3, Ljava/lang/StringBuilder;
    const-string v4, "\u8d2d\u4e70\u9053\u5177\uff1a["   购买道具
    invoke-direct {v3, v4}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
    invoke-virtual {v3, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v3
    const-string v4, "] \u6210\u529f\uff01"
                       成功
    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v3
    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    move-result-object v3
    .line 374
    new-instance v4, Ljava/lang/StringBuilder;
    const-string v5, "{\"chargeIndex\":"
    invoke-direct {v4, v5}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
    iget-object v5, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$chargeIndex:Ljava/lang/String;
    invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v4
    const-string v5, ",\"goodsPrice\":"
    invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v4
    iget-object v5, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$goodsPrice:Ljava/lang/String;
    invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v4
    .line 375
    const-string v5, "}"
    invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v4
    .line 374
    invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    move-result-object v4
    .line 373
    invoke-virtual {v1, v2, v3, v4}, Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;->onCallback(ILjava/lang/String;Ljava/lang/String;)V
    goto :goto_0
    .line 379
    :pswitch_1
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    # getter for: Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->this$0:Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;)Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    move-result-object v1
    invoke-virtual {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150;->getActivity()Landroid/app/Activity;
    move-result-object v1
    const-string v2, "\u652f\u4ed8\u5931\u8d25"
                   支付失败
    invoke-static {v1, v2}, Lcom/fxlib/util/android/FAToast;->show(Landroid/content/Context;Ljava/lang/String;)V
    .line 380
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->val$callback:Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;
    const/16 v2, 0x65
    new-instance v3, Ljava/lang/StringBuilder;
    const-string v4, "\u8d2d\u4e70\u9053\u5177\uff1a["
购买道具
    invoke-direct {v3, v4}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
    invoke-virtual {v3, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v3
    const-string v4, "] \u5931\u8d25\uff01"
                        失败
    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    move-result-object v3
    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    move-result-object v3
    invoke-virtual {v1, v2, v3, v5}, Lcom/joym/PaymentSdkV2/Logic/PaymentCallback;->onCallback(ILjava/lang/String;Ljava/lang/String;)V
    goto/16 :goto_0
    .line 351
    nop
    :pswitch_data_0
    .packed-switch 0x1
        :pswitch_0
        :pswitch_1
    .end packed-switch
.end method
请注意红色字是注释
goto :
goto加目标代表无条件跳转
   :cond_1
    iget-object v1, p0, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4$1;->this$1:Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;
    # getter for: Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->this$0:Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    invoke-static {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;->access$0(Lcom/joym/PaymentSdkV2/model/PlatformCM150$4;)Lcom/joym/PaymentSdkV2/model/PlatformCM150;
    move-result-object v1
    invoke-virtual {v1}, Lcom/joym/PaymentSdkV2/model/PlatformCM150;->getActivity()Landroid/app/Activity;
    move-result-object v1
    const-string v2, "\u652f\u4ed8\u6210\u529f"        支付成功
支付成功在 cond_1中
goto :cond_1



1.png
在取消前面的line句前加入无条件跳转
2.png
在支付失败前面的line句前加入无条件跳转
4.保存编译
3.png
4.png




评分

参与人数 23威望 +1 HB +43 THX +8 收起 理由
虚心学习 + 1 [吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩!
yexing + 2
行行行行行行 + 1
消逝的过去 + 1
禽大师 + 1
冷亦飞 + 1
wangy0528 + 1
小菜虫 + 1
273641837 + 1
我是好人 + 1 [吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守!
kway + 1
weiran324 + 1 [吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩!
叶落花开 + 2
liugu0hai + 1 + 1 [吾爱汇编论坛52HB.COM]-感谢楼主热心分享,小小评分不成敬意!
lies + 1
1790987877 + 1 [快捷评语] - 分享精神,是最值得尊敬的!
海天一色001 + 2 + 1 [快捷评语] - 评分=感恩!简单却充满爱!感谢您的作品!
青白Pallor + 1 [快捷评语] - 2017,让我们17学破解!
长江水 + 1 + 1 [快捷评语] - 2017,让我们17学破解!
ningzhonghui + 1 + 1 [快捷评语] - 2017,让我们17学破解!
adime + 1 [快捷评语] - 2017,让我们17学破解!
Anewbie + 1 + 1 屌炸天
Shark恒 + 1 + 20 + 1 [快捷评语] - 2017,让我们17学破解!

查看全部评分

吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
Shark恒 发表于 2017-6-21 11:18 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
 楼主| 234150476 发表于 2017-6-21 17:00 | 显示全部楼层

Shark恒 发表于 2017-6-21 11:18
移动端是以后的大趋势,大家要赶上大部队的节奏~

谢谢版主了
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
 楼主| 234150476 发表于 2017-6-21 17:01 | 显示全部楼层

Shark恒 发表于 2017-6-21 11:18
移动端是以后的大趋势,大家要赶上大部队的节奏~

从吾爱开始就一直看你教程,感觉贼6

点评

Shark恒”点评说:
感谢捧场,学破解论坛欢迎你~  详情 回复 发表于 2017-6-21 17:33
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
Shark恒 发表于 2017-6-21 17:33 | 显示全部楼层

234150476 发表于 2017-6-21 17:01
从吾爱开始就一直看你教程,感觉贼6

感谢捧场,吾爱汇编论坛欢迎你~
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
Hk微笑 发表于 2017-6-21 18:35 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
52bug 发表于 2017-6-21 23:48 | 显示全部楼层

支付成功的截图在哪里?SO不用解密吗?
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
阿九九九 发表于 2017-6-22 12:14 | 显示全部楼层

谢谢楼楼分享教程。全程改两个地方吗。
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
 楼主| 234150476 发表于 2017-6-22 12:34 | 显示全部楼层

Scorpio 发表于 2017-6-21 23:48
支付成功的截图在哪里?SO不用解密吗?

...咪咕游戏MT管理器都可以修改而且我也是第一次尝试电脑逆向抱歉
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
ningzhonghui 发表于 2017-6-24 11:02 | 显示全部楼层

今天有空进来学习下移动类的知识,谢谢大牛分享过程
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

警告:本站严惩灌水回复,尊重自己从尊重他人开始!

1层
2层
3层
4层
5层
6层
7层
8层
9层
10层

免责声明

吾爱汇编(www.52hb.com)所讨论的技术及相关工具仅限用于研究学习,皆在提高软件产品的安全性,严禁用于不良动机。任何个人、团体、组织不得将其用于非法目的,否则,一切后果自行承担。吾爱汇编不承担任何因为技术滥用所产生的连带责任。吾爱汇编内容源于网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除。如有侵权请邮件或微信与我们联系处理。

站长邮箱:SharkHeng@sina.com
站长QQ:1140549900


QQ|RSS|手机版|小黑屋|帮助|吾爱汇编 ( 京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图

Powered by Discuz!

吾爱汇编 www.52hb.com

快速回复 返回顶部 返回列表