|
|
本帖最后由 xkang 于 2018-8-28 15:04 编辑
原帖地址:
Android问题
https://www.52hb.com/thread-39443-1-1.html
(出处: 吾爱汇编论坛)
原本我是给出了解决方案得 但好像这位老哥没弄懂 帖子还在
索性重新讲一下这个过签名校验
毕竟搞Android的不多 我得留住这位老哥
直接开干 工具在我另外一个帖子里有
直通车:
安卓逆向-——实现内购以及HOOK法干掉签名校验
https://www.52hb.com/thread-39146-1-1.html
(出处: 吾爱汇编论坛)
安装正规APK获取签名
接下来准备替换
打开yc 找到 SignatureFake.smali 打开 替换刚刚得到的签名 保存
打开Android killer 搜索attachBaseContext 并在下一行添加
invoke-static {}, Lcom/yc/pm/SignatureKill;->kill()V
重新打包编译 搞定
搞都搞了 不如 搞到位 = =
内购关键代码
[Java] 纯文本查看 复制代码 class MainActivity$4$1
implements IPayResultCallback
{
MainActivity$4$1(MainActivity.4 param4, String paramString1, String paramString2, String paramString3, String paramString4, String paramString5) {}
public void onPayResult(int paramInt, String paramString1, String paramString2)
{
switch (paramInt)
{
case 1:
default:
Toast.makeText(this.this$1.this$0, paramString2, 1).show();
this.this$1.onPayFail(this.val$orderId, this.val$extra);
}
for (;;)
{
Log.i("Unity", "requestCode:" + paramInt + ",signvalue:" + paramString1 + ",resultInfo:" + paramString2);
return;
if (IAppPayOrderUtils.checkPayResult(paramString1, SdkConfig.getInstance().getAppParam("publicKey")))
{
Toast.makeText(this.this$1.this$0, "支付成功", 1).show();
double d = Double.parseDouble(this.val$price);
this.this$1.onPayCheckSuccess(this.val$orderId, this.val$productId, this.val$productName, d, this.val$extra);
}
else
{
Toast.makeText(this.this$1.this$0, "支付成功,但验签失败", 1).show();
continue;
this.this$1.onPayCancel(this.val$orderId, this.val$extra);
}
}
}
}
Smali 源码
[Java] 纯文本查看 复制代码 .class Lcom/chillyroomsdk/iapppay/MainActivity$4$1;
.super Ljava/lang/Object;
.source "MainActivity.java"
# interfaces
.implements Lcom/iapppay/interfaces/callback/IPayResultCallback;
# annotations
.annotation system Ldalvik/annotation/EnclosingMethod;
value = Lcom/chillyroomsdk/iapppay/MainActivity$4;->doPay(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V
.end annotation
.annotation system Ldalvik/annotation/InnerClass;
accessFlags = 0x0
name = null
.end annotation
# instance fields
.field final synthetic this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
.field final synthetic val$extra:Ljava/lang/String;
.field final synthetic val$orderId:Ljava/lang/String;
.field final synthetic val$price:Ljava/lang/String;
.field final synthetic val$productId:Ljava/lang/String;
.field final synthetic val$productName:Ljava/lang/String;
# direct methods
.method constructor <init>(Lcom/chillyroomsdk/iapppay/MainActivity$4;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V
.locals 0
.param p1, "this$1" # Lcom/chillyroomsdk/iapppay/MainActivity$4;
.prologue
.line 135
iput-object p1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iput-object p2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$price:Ljava/lang/String;
iput-object p3, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iput-object p4, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productId:Ljava/lang/String;
iput-object p5, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productName:Ljava/lang/String;
iput-object p6, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
# virtual methods
.method public onPayResult(ILjava/lang/String;Ljava/lang/String;)V
.locals 8
.param p1, "resultCode" # I
.param p2, "signValue" # Ljava/lang/String;
.param p3, "resultInfo" # Ljava/lang/String;
.prologue
const/4 v2, 0x1
.line 138
packed-switch p1, :pswitch_data_0
.line 156
:pswitch_0
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v0, v0, Lcom/chillyroomsdk/iapppay/MainActivity$4;->this$0:Lcom/chillyroomsdk/iapppay/MainActivity;
invoke-static {v0, p3, v2}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
.line 157
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iget-object v2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-virtual {v0, v1, v2}, Lcom/chillyroomsdk/iapppay/MainActivity$4;->onPayFail(Ljava/lang/String;Ljava/lang/String;)V
.line 160
:goto_0
const-string v0, "Unity"
new-instance v1, Ljava/lang/StringBuilder;
invoke-direct {v1}, Ljava/lang/StringBuilder;-><init>()V
const-string v2, "requestCode:"
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
move-result-object v1
const-string v2, ",signvalue:"
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
const-string v2, ",resultInfo:"
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1, p3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v1
invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
.line 161
return-void
.line 142
:pswitch_1
invoke-static {}, Lcom/chillyroomsdk/sdkbridge/config/SdkConfig;->getInstance()Lcom/chillyroomsdk/sdkbridge/config/SdkConfig;
move-result-object v0
const-string v1, "publicKey"
invoke-virtual {v0, v1}, Lcom/chillyroomsdk/sdkbridge/config/SdkConfig;->getAppParam(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-static {p2, v0}, Lcom/iapppay/sdk/main/IAppPayOrderUtils;->checkPayResult(Ljava/lang/String;Ljava/lang/String;)Z
move-result v7
.line 143
.local v7, "payState":Z
#if-eqz v7, :cond_0
.line 144
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v0, v0, Lcom/chillyroomsdk/iapppay/MainActivity$4;->this$0:Lcom/chillyroomsdk/iapppay/MainActivity;
const-string v1, "\u652f\u4ed8\u6210\u529f"
invoke-static {v0, v1, v2}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
.line 145
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$price:Ljava/lang/String;
invoke-static {v0}, Ljava/lang/Double;->parseDouble(Ljava/lang/String;)D
move-result-wide v4
.line 146
.local v4, "CNY":D
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iget-object v2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productId:Ljava/lang/String;
iget-object v3, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productName:Ljava/lang/String;
iget-object v6, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-virtual/range {v0 .. v6}, Lcom/chillyroomsdk/iapppay/MainActivity$4;->onPayCheckSuccess(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;DLjava/lang/String;)V
goto :goto_0
.line 149
.end local v4 # "CNY":D
:cond_0
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v0, v0, Lcom/chillyroomsdk/iapppay/MainActivity$4;->this$0:Lcom/chillyroomsdk/iapppay/MainActivity;
const-string v1, "\u652f\u4ed8\u6210\u529f\u4f46\u9a8c\u7b7e\u5931\u8d25"
invoke-static {v0, v1, v2}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
goto :goto_0
.line 153
.end local v7 # "payState":Z
:pswitch_2
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iget-object v2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-virtual {v0, v1, v2}, Lcom/chillyroomsdk/iapppay/MainActivity$4;->onPayCancel(Ljava/lang/String;Ljava/lang/String;)V
goto :goto_0
.line 138
:pswitch_data_0
.packed-switch 0x0
:pswitch_0
:pswitch_1
:pswitch_2
.end packed-switch
.end method
一目了然 改switch体 改判断条件
目测是这样 = =
感谢大家 请积极评分
|
评分
-
| 参与人数 10 | 威望 +1 |
HB +37 |
THX +6 |
收起
理由
|
|
虚心学习
| |
+ 1 |
|
|
|
消逝的过去
| |
+ 2 |
|
|
|
冷亦飞
| |
|
+ 1 |
|
|
xgbnapsua
| |
|
+ 1 |
|
|
lies
| |
+ 1 |
|
|
|
PDWORD
| |
|
+ 1 |
|
|
清风而已
| |
+ 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
当前离线
| |
+ 1 |
+ 1 |
[快捷评语] - 2018,狗年发发发,狗年旺旺旺! |
|
luoawai
| |
+ 1 |
+ 1 |
[快捷评语] - 吃水不忘打井人,给个评分懂感恩! |
|
Shark恒
| + 1 |
+ 30 |
+ 1 |
[快捷评语] - 悬赏杀手主题,额外增加10HB,感谢热心解答! |
查看全部评分
|
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
