This article has been introduced to crack the reason, this article will focus on what ways to break.
Do check to see if the server
In the hands before a break is best app to do some checking, whether the need to crack a look at the function of the server to do a check, if the server is doing a check, then I need hands cracked, otherwise, is to crack success, only to find that vain.
Verify whether the server to do a check, the best way is to capture, modify the return value interface, verify that you can achieve what you want, if you can achieve the desired effect, then you can begin to crack the app .
Ethereal
Packet capture tool I use Charles
, how about the capture can not say here, have questions, you can contact me through the end of the article, see here a direct result of capture, as
code
is used to determine the status of, and
message
are used to display a message from this interface can be found message is "insufficient flow"
code
is "10109", a look other return value of the interface, find
code
the value is 0, so he took this interface
code
return value changed to "0", a look can continue to accelerate, and the results did not disappoint, modify future generations can continue to accelerate. Here, we can know what the break point is, as long as the code to obtain
code
the result was changed to 0.
Crack
Using jadx-gui
tools to see apk code direct search interface name, results as shown below
public static Response a(String str, long j) {
try {
return d.newCall(new Request.Builder().url("https://api.enfi.vip/api/consumeTraffic").addHeader("Authorization", str).post(RequestBody.create(MediaType.parse("application/json; charset=utf-8"), a(str, j, true, SystemClock.currentThreadTimeMillis()))).build()).execute();
} catch (Exception unused) {
return null;
}
}
复制代码
The above code can be found only interface request, is where we need to use this interface that is where the return value to call this interface. View of the method are: the use of apktool direct decompile apk, then smali code into AndroidStudio, find the above code, press the Alt (Option) + F7 to see where to call this method. Search results are as follows
Not enter a file for the corresponding code, enters thisEnfiActivity
view, the relevant code is as follows
invoke-static {v4}, Lcom/enficloud/mobile/a/c;->a(Ljava/lang/String;)Lokhttp3/Response;
move-result-object v0
if-eqz v0, :cond_1
.line 682
invoke-virtual {v0}, Lokhttp3/Response;->isSuccessful()Z
move-result v12
if-eqz v12, :cond_1
.line 686
:try_start_0
invoke-virtual {v0}, Lokhttp3/Response;->body()Lokhttp3/ResponseBody;
move-result-object v0
invoke-virtual {v0}, Lokhttp3/ResponseBody;->string()Ljava/lang/String;
move-result-object v0
.line 688
new-instance v12, Lorg/json/JSONObject;
invoke-direct {v12, v0}, Lorg/json/JSONObject;-><init>(Ljava/lang/String;)V
const-string v0, "code"
.line 689
invoke-virtual {v12, v0}, Lorg/json/JSONObject;->getInt(Ljava/lang/String;)I
move-result v0
复制代码
Since the process is too long, just copy the important part of the code, look at the focus of this code
.line 689
const-string v0, "code"
invoke-virtual {v12, v0}, Lorg/json/JSONObject;->getInt(Ljava/lang/String;)I
move-result v0
复制代码
The meaning of this code is to get the json returned by JsonObject code
values, we want to modify is this code
value, how to do it? I am here is code injection method, the return value directly take to write my own code. I wrote the following code
public class RegisterGetLong {
//这部分代码是修改用户剩余流量的
public static long getLong(String value) {
return 1024000000000l;
}
//这里的代码是修改code的返回值的
public static int getInt(String value) {
return 0;
}
}
复制代码
Need to write code for a call, substitute the following code
public class Test {
public static void main(String[] args) {
RegisterGetLong.getLong("quantity");
RegisterGetLong.getInt("code");
}
}
复制代码
The above Java code needs to be converted into Smali syntax, may be converted by the mounting Code2Smali AndroidStudio plug, since the code is converted into the syntax Smali lot, so look where Test
the class into the code as follows
.class public Lsmali/com/enficloud/mobile/activity/Test;
.super Ljava/lang/Object;
.source "Test.java"
# direct methods
.method public constructor <init>()V
.registers 1
.prologue
.line 5
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
.method public static main([Ljava/lang/String;)V
.registers 2
.param p0, "args" # [Ljava/lang/String;
.prologue
.line 7
const-string v0, "quantity"
invoke-static {v0}, Lsmali/com/enficloud/mobile/RegisterGetLong;->getLong(Ljava/lang/String;)J
.line 8
const-string v0, "code"
invoke-static {v0}, Lsmali/com/enficloud/mobile/RegisterGetLong;->getInt(Ljava/lang/String;)I
.line 9
return-void
.end method
复制代码
Here only sentence
invoke-static {v0}, Lsmali/com/enficloud/mobile/RegisterGetLong;->getInt(Ljava/lang/String;)I
复制代码
Code, to obtain the above through JsonObject json returned code
code values of the phrase to be replaced, so that the acquired code
value of 0 has been. Back then is compiled, signatures, and verify the installation.
Here we take only modifying code
the values of example, of course, the user may also modify the values of the residual flow, the text already part of the code, modifying the principles are the same. Finally, look at the results of crack
Conclusion
The purpose of this article we hope to enhance their ability to reverse through the text of the method, if it is limited, want to experience the software after the break, the beginning of this article there is a method of obtaining .
Disclaimer: cracked software only for the exchange of learning to use, does not involve any commercial purposes. Such as who for commercial use, at your peril.
A group of like-minded people who share here, scan code, notes "reverse" pull you into the reverse exchange group
This article has been public number "AndroidShared" episode