还是火速分享下破解思路吧。
这是本菜鸟上了吾爱安卓进修课后的练习作业啦(当然上帝频道只有你,你,你。。。知道)
第一步,先用开发助手调查下 activity 上面都有啥?点下界面中的【开通会员才能查看的文字等】
结果我发现了返回了目标处的ID号,然后到 xml文件夹搜索下,就找到上面有四个XML中含有该字符串,我们在 那串xxx后面依次加上 1 2 3 4,
图1
结果打包后,没有一个调用的。
其中有一个vip框架的xml比较有意思,于是我就记录了下此id号
最好准备一个小本本,或是手机上的excel ,表格分类比较清晰嘛(很多时候是多个啊,不知哪个才是关键的啊,调查线索很重要啊)
第二步,使用MT管理器打开该apk,dex编辑器++ ,搜索 0x7f0c007c
image.png (233.51 KB, 下载次数: 1)
下载附件
2020-9-3 08:56 上传
image.png (682.66 KB, 下载次数: 2)
下载附件
2020-9-3 08:58 上传
image.png (607.57 KB, 下载次数: 0)
下载附件
2020-9-3 09:00 上传
点击去 查看,
[Asm] 纯文本查看 复制代码.method public setVipLogin(Z)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
.registers 5
.line 1
iget-object v0, p0, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->vipLayout:Landroid/widget/LinearLayout;
const/16 v1, 0x8
if-eqz p1, :cond_8
const/4 v2, 0x0
goto :goto_a
:cond_8
const/16 v2, 0x8
:goto_a
invoke-virtual {v0, v2}, Landroid/widget/LinearLayout;->setVisibility(I)V
.line 2
iget-object v0, p0, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->content:Landroid/widget/TextView;
invoke-virtual {v0, v1}, Landroid/widget/TextView;->setVisibility(I)V
if-nez p1, :cond_2d
.line 3
iget-object p1, p0, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->title:Landroid/widget/TextView;
invoke-virtual {p1}, Landroid/widget/TextView;->getLayoutParams()Landroid/view/ViewGroup$LayoutParams;
move-result-object p1
check-cast p1, Landroid/widget/RelativeLayout$LayoutParams;
.line 4
invoke-static {}, Lcom/tiger/app1/axj/base/BaseApplication;->getContext()Landroid/content/Context;
move-result-object v0
const/high16 v1, 0x42dc0000 # 110.0f
invoke-static {v0, v1}, Lcom/luck/picture/lib/tools/ScreenUtils;->dip2px(Landroid/content/Context;F)I
move-result v0
iput v0, p1, Landroid/widget/RelativeLayout$LayoutParams;->topMargin:I
.line 5
iget-object v0, p0, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->title:Landroid/widget/TextView;
invoke-virtual {v0, p1}, Landroid/widget/TextView;->setLayoutParams(Landroid/view/ViewGroup$LayoutParams;)V
:cond_2d
=====》加这里有效果,但会导致崩溃
return-object p0
.end method
这个文件位于VipTipDialog中
其中点导航,发现有个叫 SetVipLogon(Z)的类,比较有意思
果断短尾 加上一句
const p0 ,1
return-object p0
根据楼下 涛之雨 大佬 和 风绕柳絮轻敲雪 说的看看谁调用setVipLogin这个方法吧确实改的还是不正确
或长按 选择【查找调用处 或 重写调用处方法】
image.png (294.24 KB, 下载次数: 2)
下载附件
2020-9-3 09:06 上传
就来到了这个地方,随便点一个查看下
image.png (804.07 KB, 下载次数: 1)
下载附件
2020-9-3 09:07 上传
咦,发现了新大陆~~
[Asm] 纯文本查看 复制代码 public videoV2V3NoLoingVipTip()V
.registers 4
.line 1
new-instance v0, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
iget-object v1, p0, Lcom/tiger/app1/axj/mvp/present/MovieDetailPresenter;->a:Lcom/trello/rxlifecycle2/components/support/RxAppCompatActivity;
invoke-direct {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->(Landroid/content/Context;)V
const-string v1, "登录会员后可免费观看\n未注册会员请先注册"
.line 2
invoke-virtual {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setTitle(Ljava/lang/String;)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
move-result-object v1
.line 3
invoke-static {}, Lcom/tiger/app1/axj/manager/LoginManager;->getInstance()Lcom/tiger/app1/axj/manager/LoginManager;
move-result-object v2
invoke-virtual {v2}, Lcom/tiger/app1/axj/manager/LoginManager;->isLogin()Z=====>看这句!
move-result v2
xor-int/lit8 v2, v2, 0x1
invoke-virtual {v1, v2}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setVipLogin(Z)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
const v1, 0x7f0e0053
.line 4
invoke-static {v1}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
move-result-object v1
invoke-virtual {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setGoBg(Ljava/lang/Integer;)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
move-result-object v1
const-string v2, "立即注册"
invoke-virtual {v1, v2}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setGoText(Ljava/lang/String;)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
const-string v1, "已是会员可 登陆观看"
.line 5
invoke-virtual {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setTvVipLoginText(Ljava/lang/String;)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
const/4 v1, 0x1
.line 6
invoke-virtual {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setClickDismiss(Z)V
.line 7
new-instance v1, Lcom/tiger/app1/axj/mvp/present/e;
invoke-direct {v1, p0}, Lcom/tiger/app1/axj/mvp/present/e;->(Lcom/tiger/app1/axj/mvp/present/MovieDetailPresenter;)V
invoke-virtual {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setmOnCancelListener(Landroid/view/View$OnClickListener;)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
.line 8
new-instance v1, Lcom/tiger/app1/axj/mvp/present/g;
invoke-direct {v1, p0}, Lcom/tiger/app1/axj/mvp/present/g;->(Lcom/tiger/app1/axj/mvp/present/MovieDetailPresenter;)V
invoke-virtual {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setmOnTipClickListener(Landroid/view/View$OnClickListener;)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
.line 9
new-instance v1, Lcom/tiger/app1/axj/mvp/present/d;
invoke-direct {v1, p0}, Lcom/tiger/app1/axj/mvp/present/d;->(Lcom/tiger/app1/axj/mvp/present/MovieDetailPresenter;)V
invoke-virtual {v0, v1}, Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;->setOnGoClickListener(Landroid/view/View$OnClickListener;)Lcom/tiger/app1/axj/ui/dialog/VipTipDialog;
.line 10
invoke-virtual {v0}, Landroid/app/Dialog;->show()V
return-void
.end method
在 /LoginnManager;->isLogin()Z=====>看这句!在这里长按,弹菜单选择跳转
image.png (543.08 KB, 下载次数: 1)
下载附件
2020-9-3 09:13 上传
改完打包签名后,就会
image.png (614.64 KB, 下载次数: 2)
下载附件
2020-9-3 09:14 上传
再随便登录下
Screenshot_20200903_084729.jpg (68.36 KB, 下载次数: 1)
下载附件
2020-9-3 09:14 上传
已经是5级了,一般的视频能无限次看了,更高级的还有待升级。。。还得接着研究。。。待续。。。
重新打包签名后发现,一点视频,就会闪退,多点几次,偶尔有成功的时候(已经过了当日的播放次数)
又能看了(其他的地方修改并无大的作用),哈哈。总闪退这点很不爽啊,得治啊。 于是就想,怎么弄呢,怎么弄呢, 于是闹肚子了,上了趟厕所,然后我突然想到
何不到vmos里再用xpoosed的那个异常崩溃的插件会不会记录下来呢,我可配了多款啊。 结果,我就捕获到了以下信息
QQ图片20200902231505.jpg (371.25 KB, 下载次数: 0)
下载附件
2020-9-2 23:15 上传
Screenshot_20200902_232806.jpg (346.13 KB, 下载次数: 0)
下载附件
2020-9-2 23:29 上传
Build date: 2020-09-02 21:51:04
Current date: 2020-09-02 21:58:35
Device: Vmos
Stack trace:
io.reactivex.exceptions.UndeliverableException: The exception could not be delivered to the consumer because it has already canceled/disposed the flow or the exception has nowhere to go to begin with. Further reading: https://github.com/ReactiveX/RxJava/wiki/What's-different-in-2.0#error-handling | java.lang.VerifyError: Rejecting class com.tiger.app1.axj.ui.dialog.VipTipDialog because it failed compile-time verification (declaration of 'com.tiger.app1.axj.ui.dialog.VipTipDialog' appears in /data/app/com.xj.tiger-1/base.apk)堆栈跟踪:io.reactivex.exceptions.UndeliverableException:无法将异常传递给使用者,因为该异常已经取消/处理了该流程,或者该异常无处可去。进一步阅读:https://github.com/ReactiveX/RxJava/wiki/What's-different-in-2.0#error-handling | java.lang.VerifyError:拒绝类com.tiger.app1.axj.ui.dialog.VipTipDialog,因为它未通过编译时验证(在/ data中声明了“ com.tiger.app1.axj.ui.dialog.VipTipDialog” /app/com.xj.tiger-1/base.apk)
at io.reactivex.plugins.RxJavaPlugins.onError(SourceFile:4)
at io.reactivex.android.schedulers.HandlerScheduler$ScheduledRunnable.run(SourceFile:2)
at android.os.Handler.handleCallback(Handler.java:739)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:135)
at android.app.ActivityThread.main(ActivityThread.java:5254)
at java.lang.reflect.Method.invoke(Native Method)
at java.lang.reflect.Method.invoke(Method.java:372)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1100)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:875)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
Caused by: java.lang.VerifyError: Rejecting class com.tiger.app1.axj.ui.dialog.VipTipDialog because it failed compile-time verification (declaration of 'com.tiger.app1.axj.ui.dialog.VipTipDialog' appears in /data/app/com.xj.tiger-1/base.apk)
at
[color=]com.tiger.app1.axj.mvp.present.MovieDetailPresenter.a
(SourceFile:3)===============>优先看这行
at
[color=]com.tiger.app1.axj.mvp.present.MovieDetailPresenter$e.a
(SourceFile:5)===============>优先看这行
at
[color=] com.tiger.app1.axj.mvp.present.MovieDetailPresenter$e.onFail
(SourceFile:1)===============>优先看这行
at com.tiger.app1.axj.net.DefaultObserver.onNext(SourceFile:5)
at com.tiger.app1.axj.net.DefaultObserver.onNext(SourceFile:1)
at io.reactivex.internal.operators.observable.ObservableObserveOn$ObserveOnObserver.drainNormal(SourceFile:8)
at io.reactivex.internal.operators.observable.ObservableObserveOn$ObserveOnObserver.run(SourceFile:3)
at io.reactivex.android.schedulers.HandlerScheduler$ScheduledRunnable.run(SourceFile:1)
... 9 more
其中有三条比较有意思, 包名+英文预置那个单词 + a类
。。。。。。。。。。。。e$a类
。。。。。。。。。。。。。最后一条也在上边那个类中,里边有个单词fail
于是我就试着一条条的删除 或 修改 ,结果 果然问题出在 fail 的这个预置类里,删除掉后也不闪退了,但也播放不动了。
于是我试着手机登录下,竟然都正常了。
未完,还得继续。。。
昨夜看了几个后,又出现新的提示 “VIP等级不够,需要达到2级才能看。。。”
因为我知道有vip 5级
你会问我咋知道的?
搜索layout之类的文件夹
*.png
vip*.png
vip.png
等字样,你会发现
vip1.png
vip2.png
vip3.png
vip4.png
vip5.png
Screenshot_20200903_080731.jpg (207.32 KB, 下载次数: 1)
下载附件
2020-9-3 08:11 上传
Screenshot_20200903_080850.jpg (228.48 KB, 下载次数: 1)
下载附件
2020-9-3 08:10 上传
icon_vip_jiao_biao 难道是角标? vip高级版用户显示这头像?
dialog_vip 这个长得很像哟 ~~
icon_vip_recharge 最后一个单词充值的意思,所以不是
dialgo_bg_vip.png (这个就是那个大个的花瓣型的最大的那个背景的那个图)
其实通过r.java 或layout 或resource.arsc 你不仅可以通过字、图、音 皆为成为我们定位的关键突破点
或是asssets (这个修改游戏初始数据很好)
稍后,解决以上问题。
看到上面图片中的 【永久字样】没?7FE0038
[color=]又重新定位了下,发现只有r.java中
[color=]貌似次数限额跟服务器返回值有关
127.0.0.1 试着改了下,没用
isLocalIp 搜索不到 另外下面还有广告,我们得干掉。视频广告我已经干掉了,还有启动广告和界面下方的广告。
看https://www.52pojie.cn/thread-408645-1-1.html这个,果然能提高能力哟。
