To download the full content Mouwang disk, I cracked an App

Language 2019-11-23 21:59:10 views: null

This article has been introduced to crack the reason, this article will focus on what ways to break.

Do check to see if the server

  In the hands before a break is best app to do some checking, whether the need to crack a look at the function of the server to do a check, if the server is doing a check, then I need hands cracked, otherwise, is to crack success, only to find that vain.

  Verify whether the server to do a check, the best way is to capture, modify the return value interface, verify that you can achieve what you want, if you can achieve the desired effect, then you can begin to crack the app .

Ethereal

  Packet capture tool I use Charles, how about the capture can not say here, have questions, you can contact me through the end of the article, see here a direct result of capture, as

consumeTraffic Interface packet capture
From the above results capture, you can see these two interfaces are associated with the flow, can be seen in the first chart should be used to determine whether the user has sufficient flow to accelerate, I first chapter is intercepted map returns the value of my lack of traffic data look returned interface, as shown below.

Experienced developers students know, the return value code is used to determine the status of, and message are used to display a message from this interface can be found message is "insufficient flow" code is "10109", a look other return value of the interface, find code the value is 0, so he took this interface code return value changed to "0", a look can continue to accelerate, and the results did not disappoint, modify future generations can continue to accelerate. Here, we can know what the break point is, as long as the code to obtain code the result was changed to 0.

Crack

  Using jadx-guitools to see apk code direct search interface name, results as shown below

Direct access to search out the file, the code we need are as follows 

 public static Response a(String str, long j) {
        try {
            return d.newCall(new Request.Builder().url("https://api.enfi.vip/api/consumeTraffic").addHeader("Authorization", str).post(RequestBody.create(MediaType.parse("application/json; charset=utf-8"), a(str, j, true, SystemClock.currentThreadTimeMillis()))).build()).execute();
        } catch (Exception unused) {
            return null;
        }
    }
复制代码

The above code can be found only interface request, is where we need to use this interface that is where the return value to call this interface. View of the method are: the use of apktool direct decompile apk, then smali code into AndroidStudio, find the above code, press the Alt (Option) + F7 to see where to call this method. Search results are as follows

Not enter a file for the corresponding code, enters this EnfiActivity view, the relevant code is as follows 

 invoke-static {v4}, Lcom/enficloud/mobile/a/c;->a(Ljava/lang/String;)Lokhttp3/Response;

    move-result-object v0

    if-eqz v0, :cond_1

    .line 682
    invoke-virtual {v0}, Lokhttp3/Response;->isSuccessful()Z

    move-result v12

    if-eqz v12, :cond_1

    .line 686
    :try_start_0
    invoke-virtual {v0}, Lokhttp3/Response;->body()Lokhttp3/ResponseBody;

    move-result-object v0

    invoke-virtual {v0}, Lokhttp3/ResponseBody;->string()Ljava/lang/String;

    move-result-object v0

    .line 688
    new-instance v12, Lorg/json/JSONObject;

    invoke-direct {v12, v0}, Lorg/json/JSONObject;-><init>(Ljava/lang/String;)V

    const-string v0, "code"

    .line 689
    invoke-virtual {v12, v0}, Lorg/json/JSONObject;->getInt(Ljava/lang/String;)I
    
    move-result v0
复制代码

Since the process is too long, just copy the important part of the code, look at the focus of this code

.line 689
    const-string v0, "code"

    invoke-virtual {v12, v0}, Lorg/json/JSONObject;->getInt(Ljava/lang/String;)I
    
    move-result v0
复制代码

The meaning of this code is to get the json returned by JsonObject codevalues, we want to modify is this codevalue, how to do it? I am here is code injection method, the return value directly take to write my own code. I wrote the following code

public class RegisterGetLong {
    //这部分代码是修改用户剩余流量的
    public static long getLong(String value) {
        return 1024000000000l;
    }
    //这里的代码是修改code的返回值的
    public static int getInt(String value) {
        return 0;
    }

}
复制代码

Need to write code for a call, substitute the following code

public class Test {
    public static void main(String[] args) {
        RegisterGetLong.getLong("quantity");
        RegisterGetLong.getInt("code");
    }
}
复制代码

The above Java code needs to be converted into Smali syntax, may be converted by the mounting Code2Smali AndroidStudio plug, since the code is converted into the syntax Smali lot, so look where Testthe class into the code as follows

.class public Lsmali/com/enficloud/mobile/activity/Test;
.super Ljava/lang/Object;
.source "Test.java"


# direct methods
.method public constructor <init>()V
    .registers 1

    .prologue
    .line 5
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void
.end method

.method public static main([Ljava/lang/String;)V
    .registers 2
    .param p0, "args"    # [Ljava/lang/String;

    .prologue
    .line 7
    const-string v0, "quantity"

    invoke-static {v0}, Lsmali/com/enficloud/mobile/RegisterGetLong;->getLong(Ljava/lang/String;)J

    .line 8
    const-string v0, "code"

    invoke-static {v0}, Lsmali/com/enficloud/mobile/RegisterGetLong;->getInt(Ljava/lang/String;)I

    .line 9
    return-void
.end method

复制代码

Here only sentence

 invoke-static {v0}, Lsmali/com/enficloud/mobile/RegisterGetLong;->getInt(Ljava/lang/String;)I
复制代码

Code, to obtain the above through JsonObject json returned codecode values of the phrase to be replaced, so that the acquired codevalue of 0 has been. Back then is compiled, signatures, and verify the installation.

  Here we take only modifying codethe values of example, of course, the user may also modify the values of the residual flow, the text already part of the code, modifying the principles are the same. Finally, look at the results of crack

Conclusion

  The purpose of this article we hope to enhance their ability to reverse through the text of the method, if it is limited, want to experience the software after the break, the beginning of this article there is a method of obtaining .

Disclaimer: cracked software only for the exchange of learning to use, does not involve any commercial purposes. Such as who for commercial use, at your peril.

A group of like-minded people who share here, scan code, notes "reverse" pull you into the reverse exchange group

Scan code
Scan code, notes "reverse" pull you into the reverse exchange group

This article has been public number "AndroidShared" episode

I welcome the attention of the public number
Scan code number of public attention, Reply "access to information" surprises

Guess you like

Origin juejin.im/post/5dd8d836f265da7dda43fec4
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com