duangsuse::Echo

>> navi
## navigating process state at http://localhost:8080
   -- Process suspended for navigation.

18 views10:15

duangsuse::Echo

感觉暂停的不是时候，好像没什么可看的（

17 views10:22

duangsuse::Echo

不过感觉很好

19 views10:24

duangsuse::Echo

@drakeet 果然 #dalao

19 views10:25

duangsuse::Echo

这是 JaDX 反编译出的结果, 比 smali 好看多了

由此可见 JaDX 作为一个工具还是很不错的
修改代码就要用 smali 了

19 views11:05

duangsuse::Echo

现在目标很明确：
了解反破解弹窗逻辑

19 views11:06

duangsuse::Echo

然后我会移除反破解功能 🌚

18 views11:07

duangsuse::Echo

This media is not supported in your browser

VIEW IN TELEGRAM

18 views11:07

duangsuse::Echo

对象已经看完了, 继续调试

18 views11:09

duangsuse::Echo

20 views11:14

duangsuse::Echo

Photo

我选了款喜欢的 Atom 风格稿纸，又碰了好久断点 🌚

19 views11:14

duangsuse::Echo

This media is not supported in your browser

VIEW IN TELEGRAM

20 views11:15

duangsuse::Echo

不过这次有个好消息：
包含校验逻辑的 com.drakeet.purewriter.Ww.www 也 trap 了

> ## trace thread <1> main        (running suspended)
   -- com.drakeet.purewriter.Ww.ww(Ljava/lang/CharSequence;IIIIIIII)Z:0
   --
      com.drakeet.purewriter.vz.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Ljava/lang/CharSequence;IIIILandroid/graphics/Paint$FontMetricsInt
      ;)V:14
      -- this=Lcom/drakeet/purewriter/vz; <830060797840>
-- snip --
   -- android.view.Choreographer.doCallbacks(IJ)V:26
      -- this=Landroid/view/Choreographer; <830055153504>
      -- callbackType=2
      -- frameTimeNanos=7066658945180
   -- android.view.Choreographer.doFrame(JI)V:103
      -- jitterNanos=171803079
      -- this=Landroid/view/Choreographer; <830055153504>
      -- frame=8435
      -- startNanos=7066662763167
      -- frameTimeNanos=7066658945180
   -- android.view.Choreographer$FrameDisplayEventReceiver.run()V:9
      -- this=Landroid/view/Choreographer$FrameDisplayEventReceiver; <830055158992>
   -- android.os.Handler.handleCallback(Landroid/os/Message;)V:2
      -- message=Landroid/os/Message; <830054730432>
   -- android.os.Handler.dispatchMessage(Landroid/os/Message;)V:4
      -- this=Landroid/view/Choreographer$FrameHandler; <830055153568>
      -- msg=Landroid/os/Message; <830054730432>
   -- android.os.Looper.loop()V:84
      -- me=Landroid/os/Looper; <830053353696>
      -- msg=Landroid/os/Message; <830054730432>
      -- ident=43237435771745
      -- logging=None
      -- queue=Landroid/os/MessageQueue; <830053353728>
   -- android.app.ActivityThread.main([Ljava/lang/String;)V:56
      -- args=[]
      -- thread=Landroid/app/ActivityThread; <830053353856>
   -- java.lang.reflect.Method.invokeNative(Ljava/lang/Object;[Ljava/lang/Object;Ljava/lang/Class;[Ljava/lang/Class;Ljava/lang/Class;
      IZ)Ljava/lang/Object; <native>
   -- java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;:17
      -- this=Ljava/lang/reflect/Method; <830053348656>
      -- args=([],)
      -- receiver=None
   -- com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run()V:11
      -- this=Lcom/android/internal/os/ZygoteInit$MethodAndArgsCaller; <830053348816>
   -- com.android.internal.os.ZygoteInit.main([Ljava/lang/String;)V:70
      -- caller=Lcom/android/internal/os/ZygoteInit$MethodAndArgsCaller; <830053348816>
      -- argv=(#'com.android.internal.os.ZygoteInit', #'start-system-server')
   -- dalvik.system.NativeStart.main([Ljava/lang/String;)V <native>

rt.
这说明我没冤枉 com.drakeet.purewriter.Ww.www, 它的确尝试了解包自身的信息

## trace thread <1> main        (running suspended)
   -- com.drakeet.purewriter.Ww.www(Ljava/lang/CharSequence;IIIIIIII)Z <native>
   -- com.drakeet.purewriter.Ww.ww(Ljava/lang/CharSequence;IIIIIIII)Z:4

19 views11:23

duangsuse::Echo

包含了行间距算法位置相关信息

17 views11:24

duangsuse::Echo

## trace thread <1> main        (running suspended)
   -- com.drakeet.purewriter.Ww.www(Ljava/lang/CharSequence;IIIIIIII)Z <native>
   -- com.drakeet.purewriter.Ww.ww(Ljava/lang/CharSequence;IIIIIIII)Z:4

(caller)
com.drakeet.purewriter.vz.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Ljava/lang/CharSequence;IIIILandroid/graphics/Paint$FontMetricsInt
;)V:14

17 viewsedited 11:24

duangsuse::Echo

包含了行间距算法位置相关信息

后面有很多中断都是类似的

17 views11:27

duangsuse::Echo

18 views11:28

duangsuse::Echo

## trace thread <1> main (running suspended) -- com.drakeet.purewriter.Ww.www(Ljava/lang/CharSequence;IIIIIIII)Z <native> -- com.drakeet.purewriter.Ww.ww(Ljava/lang/CharSequence;IIIIIIII)Z:4 (caller) com.drakeet.purewriter.vz.Wwwwwwwwwwwwwww…

验证逻辑可能就只有这一个 (com.drakeet.purewriter.Ww.ww(Ljava/lang/CharSequence;IIIIIIII)Z:4) （只是可能！！！）

18 viewsedited 11:28

duangsuse::Echo

   -- java.lang.Thread.run()V:6
      -- this=Lcom/drakeet/purewriter/ald$Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww; <830055181040>

>> inspect 830055181040
## object <830055181040> Lcom/drakeet/purewriter/ald$Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww; in thread <25> RxSingleScheduler-1
   (waiting suspended)

18 views11:29

duangsuse::Echo

   -- com.drakeet.purewriter.tn.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Landroid/content/Context;Ljava/lang/String;)Landroid/content/pm/Pac
      kageInfo;:6
   -- com.drakeet.purewriter.tn.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Landroid/content/Context;Ljava/lang/String;)Z:1
   -- com.drakeet.purewriter.tn.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Landroid/content/Context;)Z:4
   -- com.drakeet.purewriter.tn.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Lcom/drakeet/purewriter/Xxxxx;)V:0
   -- com.drakeet.purewriter.to.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww()V:2
   -- com.drakeet.purewriter.aiw.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Lcom/drakeet/purewriter/ago;)V:9
      -- this=Lcom/drakeet/purewriter/aiw; <830060197552>
   -- com.drakeet.purewriter.agm.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(Lcom/drakeet/purewriter/ago;)V:9
      -- this=Lcom/drakeet/purewriter/aiw; <830060197552>
   -- com.drakeet.purewriter.aiy$Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.run()V:2
      -- this=Lcom/drakeet/purewriter/aiy$Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww; <830063701456>
   -- com.drakeet.purewriter.alf.Wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww()Ljava/lang/Void;:9

从调用堆上截取下的部分，最后调用了 getPackageInfo()

20 views11:31

About

Blog

Apps

Platform