5) Next, use the AS to build the smali source code project and configure the debug port. There are ready-made tutorials on this part of the content on the Internet. I wo nβt say much here. After the establishment is complete, click the debug button. The log below the AS shows that the startup debugging is successful:
6) At this point, the debugging environment is successfully built, and the cracking begins below.
π¦
π¦
π¦Cracking process
Idea 1: Error message prompt
Old ideas, first try it out. Click on the game's purchase, a purchase box will pop up, you need to enter the mobile phone number and verification code, enter a mobile phone number and verification code here, click to confirm payment, no accident will fail, and a prompt box pops up..
> Well, this is my first and first failure point. My idea is that since it gives this error message, there must be logic of payment success and failure in the place where this error is displayed, then I modified this logic and it's
> ok. OK, here is how to find the logic of this judgment. That βs right, string search. The most traditional method is to search for a string in Android. You ca nβt directly search for Chinese characters. You need to convert it to unicode code, and then convert βSMS verification code verification failedβ to unicode code, it is "u77ed \ u4fe1 \ u9a8c \ u8bc1 \ u7801 \ u9a8c \ u8bc1 \ u5931 \ u8d25", the result was not found, okay, is it a concatenation of strings, shorter, search for "SMS verification code", and then there are search results :
Idea 1: Error message prompt
Old ideas, first try it out. Click on the game's purchase, a purchase box will pop up, you need to enter the mobile phone number and verification code, enter a mobile phone number and verification code here, click to confirm payment, no accident will fail, and a prompt box pops up..
> Well, this is my first and first failure point. My idea is that since it gives this error message, there must be logic of payment success and failure in the place where this error is displayed, then I modified this logic and it's
> ok. OK, here is how to find the logic of this judgment. That βs right, string search. The most traditional method is to search for a string in Android. You ca nβt directly search for Chinese characters. You need to convert it to unicode code, and then convert βSMS verification code verification failedβ to unicode code, it is "u77ed \ u4fe1 \ u9a8c \ u8bc1 \ u7801 \ u9a8c \ u8bc1 \ u5931 \ u8d25", the result was not found, okay, is it a concatenation of strings, shorter, search for "SMS verification code", and then there are search results :
π¦Sorry, I ca nβt understand smali, I converted it to java source code,
1) The original function is too large, only a part of it is posted here, it looks really different from the logic, so is it the logic? The verification method is very simple, here is the next breakpoint, then, there is no break. Then the next breakpoint at the function entrance still didn't come. Well, this idea ended in failure. Later, I found out that the payment box popped up from the so-called tracking code. Woo. .
2) Idea Two: Drawing on Internet Posts
I have searched for similar posts before, and the post said that the search string was "successful payment", so I converted the string into a unicode code, searched in AK, and then found three results:
I have searched for similar posts before, and the post said that the search string was "successful payment", so I converted the string into a unicode code, searched in AK, and then found three results:
3) Similarly, to verify whether this is the logic code to determine whether the payment is successful, set a breakpoint at the function head where each string is located, and there is no breakpoint at the position where the string is located because I will not dig out the wallet,
4) All operations are payment failure operations. The code logic of successful payment will definitely not come, so set a breakpoint in the function header, and then click to confirm that the payment has not been broken, but when I click the close button, it succeeds Is broken in the first function. This was an unexpected surprise. Then use jadx to view the logic of this function:
4) All operations are payment failure operations. The code logic of successful payment will definitely not come, so set a breakpoint in the function header, and then click to confirm that the payment has not been broken, but when I click the close button, it succeeds Is broken in the first function. This was an unexpected surprise. Then use jadx to view the logic of this function:
5) The logic of the code is very clear, check the value of the parameter resultCode, and then judge whether the payment is successful, so here is probably the key code logic I want. Verify that all switch structures are changed to case1 branch. The syntax of the Smali code is to put all the cases together, as follows
6) The above code means that the value in the switch is compared with 1. If the result is 0, it jumps to the pswitch_0 label, and if the result is 1, it jumps to the pswitch_1 execution, so here all the labels are changed to pwtich_0, and a line is added below , So that by default, it will also jump to pswtich_0, that is, the three types will jump to the successful branch regardless of the value of resultCode, as follows:
7) Finally, compile and repackage, install and test, success, OK. So far, the internal function of this app has been successfully cracked.
In fact, I didn't press the close button of the payment box at the beginning, so I took another way of thinking. If you have patience here, you can take a look at my detour, haha.
In fact, I didn't press the close button of the payment box at the beginning, so I took another way of thinking. If you have patience here, you can take a look at my detour, haha.
Forwarded from Backup Legal Mega
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦OFFICIAL MICROSOFT WINDOWS 10 ALL VERSIONS LINK FROM MICROSOFT WILL REMOVED IN 24 NH IN 24 HOURS
1) https://software-download.microsoft.com/db/Win10_1909_EnglishInternational_x64.iso?t=bb0ee77b-65a3-4600-ac4e-4eec1e9da28f&e=1590661565&h=cefa3e04e5bc567c0cbb70d25776d5c9 x 64
2) https://software-download.microsoft.com/db/Win10_1909_EnglishInternational_x32.iso?t=bb0ee77b-65a3-4600-ac4e-4eec1e9da28f&e=1590661565&h=08b458da0c8f37ed06594d12d9d06403 x 32
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦OFFICIAL MICROSOFT WINDOWS 10 ALL VERSIONS LINK FROM MICROSOFT WILL REMOVED IN 24 NH IN 24 HOURS
1) https://software-download.microsoft.com/db/Win10_1909_EnglishInternational_x64.iso?t=bb0ee77b-65a3-4600-ac4e-4eec1e9da28f&e=1590661565&h=cefa3e04e5bc567c0cbb70d25776d5c9 x 64
2) https://software-download.microsoft.com/db/Win10_1909_EnglishInternational_x32.iso?t=bb0ee77b-65a3-4600-ac4e-4eec1e9da28f&e=1590661565&h=08b458da0c8f37ed06594d12d9d06403 x 32
β β β ο½ππ»βΊπ«Δπ¬πβ β β β