Android mobile phone xx.apk JAVA cracking tour

I have installed a software on my mobile phone over the past few days, and it took a long time to pay for it. So I wanted to see if I could crack it, please note that this article is only for technical communication. Do not crack it illegally. Software Description: This apk will be deducted after a certain number of times. points cannot be used when the number of points is less than 0. Each time you start the program, the system will prompt that the points are 0 and you need to register them, this indicates that the program has detected points at startup, and can be used by this trainer software: http://pan.baidu.com/share/link?shareid=64695&uk=201738998 1. for environment configuration, first download the latest jdk, which is everywhere on the network. Remember to configure environment variables and download tools on the Network (note that all paths are in English). Reference: http://code.google.com/p/gapktool/downloads/list And signature tool: Auto-sign_aW.zip 2. start decompilation (1) use the tool apktool1.4. In the lib directory of the tool provided above, copy the apk file to this directory before use. The method is to start cmd, locate the directory, and enter the command: xxx.apk for your apk code: apktool d xxx.apk. Then, The Decompilation file, including resources, will be generated in the directory, source code (The Decompilation file of java), we will modify the source code here (2) Open the Gapktool. bat: select your apk and its decompilation output path. Be sure not to use Chinese characters. Check the two items and click Start decompilation to generate the decompilation file. In a short time, you will be prompted to save the file, and automatically open java decompiler (3). You need to note that the source code in java decompiler seems to be confused. Many variables or functions are ambiguous and need to be guessed by yourself (4) in the output directory set by myself, in addition to the decompiled code, there are other resources, images, and so on. Here we can Manual DIY or localization, such as strings under res \ values. the xml file contains the software menu file. You can use the drawable file in res \ values to replace image resources. code positioning our purpose is to crack, so the code file is under the smali folder, through analysis we can know that the com folder is the main code of the program, net mainly includes advertising code, android should be the library code of the android system. The com folder and many smail files are the core code of the main program, but there are no naming rules, you don't know what they are doing. Fortunately, you can still guess some files, such as activity_register.smali and An_QimenActivity.smali. In this case, you will know that they are registration-related files (1, check activity_register.java in Java Decompiler. The code is obvious: Code: pac Kage com. nfbazi. qimen; import android. app. activity; import android. content. sharedPreferences; import android. OS. bundle; import android. widget. button; import android. widget. editText; import android. widget. textView; import com. nfbazi. qimen. a. a; public class activity_register extends Activity {a = new a (this); private SharedPreferences B; protected void onCreate (Bundle paramBundle) {super. onCreate (param Bundle); setContentView (2130903043); EditText localEditText1 = (EditText) findViewById (2131165228); EditText localEditText2 = (EditText) findViewById (2131165230); localEditText1.setText (. o); localEditText2.setFocusable (true); trim (true); Button localButton1 = (Button) findViewById (2131165232); Button localButton2 = (Button) findViewById (2131165233); localButton1.setO NClickListener (new bp (this); localButton2.setOnClickListener (new bo (this); TextView localTextView = (TextView) findViewById (2131165231); if (. q) // if the object. the q field is not 0 {localTextView. setTextColor (-16776961); // set the text color localTextView. setText ("You have registered this program. "); // Set the text localEditText2.setText (" ************** "); // set the text localEditText2.setEnabled (false ); // The text box that fills in the registration code is grayed out because it has already been registered.} So we just need to simply put if (. q) Can I just remove it? (2) We open activity_register.smali and observe the Code: Pull to the end. The code is long and we don't care about other codes :. class public Lcom/nfbazi/qimen/activity_register ;. super Landroid/app/Activity; # instance fields. field a: Lcom/nfbazi/qimen/;. field private B: Landroid/content/SharedPreferences; # direct methods. method public constructor <init> () V. locals 1 invoke-direct {p0}, Landroid/app/Activity;-> <init> () V new-instance v0, Lcom/nfbazi/qimen/a; invo Ke-direct {v0, p0}, Lcom/nfbazi/qimen/a;-> <init> (Landroid/content/Context;) V iput-object v0, p0, lcom/nfbazi/qimen/activity_register;-> a: Lcom/nfbazi/qimen/a; return-void.end method. method static synthetic a (Lcom/nfbazi/qimen/activity_register;) Landroid/content/SharedPreferences ;. locals 1 iget-object v0, p0, Lcom/nfbazi/qimen/activity_register;-> B: Landroid/content/SharedPreferences; return-ob Ject v0.end method. method static synthetic a (Lcom/nfbazi/qimen/activity_register; Landroid/content/SharedPreferences;) V. locals 0 iput-object p1, p0, Lcom/nfbazi/qimen/activity_register;-> B: Landroid/content/SharedPreferences; return-void.end method # virtual methods. method protected onCreate (Landroid/OS/Bundle;) V. locals 4 const/4 v3, 0x1 invoke-super {p0, p1}, Landroid/app/Activity;-> onCreate (Lan Droid/OS/Bundle;) V const v0, 0x7f030003 invoke-virtual {p0, v0}, Lcom/nfbazi/qimen/activity_register;-> setContentView (I) V const v0, 0x7f07002c invoke-virtual {p0, v0}, Lcom/nfbazi/qimen/activity_register;-> findViewById (I) Landroid/view/View; move-result-object v0 check-cast v0, Landroid/widget/EditText; const v1, 0x7f07002e invoke-virtual {p0, v1}, Lcom/nfbazi/qimen/activity_register; -> findViewById (I) Landroid/view/View; move-result-object v1 check-cast v1, Landroid/widget/EditText; sget-object v2, lcom/nfbazi/qimen/a;-> o: Ljava/lang/String; invoke-virtual {v0, v2}, Landroid/widget/EditText; -> setText (Ljava/lang/CharSequence;) V invoke-virtual {v1, v3}, Landroid/widget/EditText;-> setFocusable (Z) V invoke-virtual {v1, v3}, Landroid/widget/EditText;-> setFocusableInTouchMode (Z) V const v0, 0x7f070 030 invoke-virtual {p0, v0}, Lcom/nfbazi/qimen/activity_register;-> findViewById (I) Landroid/view/View; move-result-object v0 check-cast v0, Landroid/widget/Button; const v2, 0x7f070031 invoke-virtual {p0, v2}, Lcom/nfbazi/qimen/activity_register; -> findViewById (I) Landroid/view/View; move-result-object v2 check-cast v2, Landroid/widget/Button; new-instance v3, lcom/nfbazi/qimen/bp; invoke-direct {v3, P0}, Lcom/nfbazi/qimen/bp;-> <init> (Lcom/nfbazi/qimen/activity_register;) V invoke-virtual {v0, v3 }, landroid/widget/Button;-> setOnClickListener (Landroid/view/View $ OnClickListener;) V new-instance v0, Lcom/nfbazi/qimen/bo; invoke-direct {v0, p0}, Lcom/nfbazi/qimen/bo;-> <init> (Lcom/nfbazi/qimen/activity_register;) V invoke-virtual {v2, v0 }, landroid/widget/Button;-> setOnClickListener (Landroid/view/Vie W $ OnClickListener;) V const v0, 0x7f07002f invoke-virtual {p0, v0}, Lcom/nfbazi/qimen/activity_register;-> findViewById (I) Landroid/view/View; move-result-object v0 check-cast v0, Landroid/widget/TextView; sget-boolean v2, Lcom/nfbazi/qimen/a;-> q: Z if-eqz v2,: cond_0 // The if-eqz here means that if the v2 variable is equal to the square of 0, it will jump ..., delete const v2,-0xffff01 // defines the constant v2 invoke-virtual {v0, v2}, Landroid/widget/TextView;-> setTextC Olor (I) V // call the method to set the color. The parameters are v0 and v2, so v2 should be the color information const-string v2, "\ u60a8 \ u5df2 \ u7ecf \ u6ce8 \ u518c \ u4e86 \ u672c \ u7a0b \ u5e8f \ u3002" // The definition string that the program has registered invoke-virtual {v0, v2}, Landroid/widget/TextView;-> setText (Ljava/lang/CharSequence;) V const-string v0, "*************" // set the text box to ********** and then set it to gray invoke-virtual {v1., v0}, Landroid/widget/EditText;-> setText (Ljava/lang/CharSequence;) V const/4 v0, 0x0 invoke-virt Ual {v1, v0}, Landroid/widget/EditText;-> setEnabled (Z) V: cond_0 return-void [/color]. end method, so the complete code is: Code: The above part starts from here const v2,-0xffff01 invoke-virtual {v0, v2}, Landroid/widget/TextView; -> setTextColor (I) V const-string v2, "\ u60a8 \ u5df2 \ u7ecf \ u6ce8 \ u518c \ u4e86 \ u672c \ u7a0b \ signature \ u3002" invoke-virtual {v0, v2}, Landroid/widget/TextView;-> setText (Ljava/lang/CharSequence;) V const-string v0 ,"****** * ***** "Invoke-virtual {v1, v0}, Landroid/widget/EditText;-> setText (Ljava/lang/CharSequence;) V const/4 v0, 0x0 invoke-virtual {v1, v0}, Landroid/widget/EditText;-> setEnabled (Z) V: cond_0 return-void.end method after the above modification, the registration is only displayed in the registration window, and the points are still 0. The Code still needs to be located. This is only for good looks (2). Now that this file is useless, we can check another An_QimenActivity.java file, by searching for "points", we can see the code: public String d () {com. nfbazi. qimen. a. a. a = c (); if (com. nfbazi. qimen. A. a. a <5); for (String str = "remaining points:" + Integer. toString (com. nfbazi. qimen. a. a. a) + "points. Your credit is insufficient. "+ 10 +" after the trial period, if you do not have a registered account and want to continue using the software for free, you can click "get points" in the lower-right corner of the program home page to download and install the application, get a certain credit for free. "+" You can also register the software for a fee without using the credit method. Click "help" in "menu" in the lower left corner of the program homepage to view how to register the program. "+" After registration, no points are displayed. "; Str =" remaining points: "+ Integer. toString (com. nfbazi. qimen. a. a) +" points. Each time you click "Home Qimen", the "home Qimen" will be consumed, and the points will be consumed "+ 5 +. ") Return str;} is obviously registered .... judge object. a. if a is less than 5, that is, whether the points are less than 5, then. a. the value of a is obtained through the c () method above. Now we search for the c () code in this file; Code: public int c () {try {int i2 = YoumiPointsManager. queryPoints (this); i1 = i2; return i1; // The returned i1 is our point, while i1 is by calling YoumiPointsManager. queryPoints (this) is obtained. We do not need to go into the implementation of this method. We only need to modify the returned value to get the points.} catch (Exception localException) {while (true) int i1 = 0 ;}}let's open An_QimenActivity.smali and locate the c () method (the method name is the same, but the assembly code is different). The Code is as follows :. method public c () I. locals 1: try_start_0 // Exception Code // get the credits invoke-static {p0}, Lnet/youmi/android/appoffers/YoumiPointsManager;-> queryPoints (Landroid/content/Context ;) i: try_end_0 // The End of the exception. catch Ljava/lang/Exception; {: try_start_0 ..: try_end_0}: catch_0 move-result v0 // assign points to v0 and return ,, we can modify the value of v0 in this line of code so that no matter how much it returns will be overwritten. We can modify const/4 v3, 0 xxxx xxx for the points you need: goto_0 return v0: catch_0 // handle exception part move-exception v0 const/4 v0, 0x0 goto: goto_0.end method modified code is: others are the same here only show c () code :. method public c () I. locals 1: try_start_0 invoke-static {p0}, Lnet/youmi/android/appoffers/YoumiPointsManager;-> queryPoints (Landroid/content/Context;) I: try_end_0. catch Ljava/lang/Exception; {: try_start_0 ..: try_end_0}: catch_0 const/4 v0, 0x5 move-result v0: goto_0 return v0: catch_0 move-exception v0 const/4 v0, 0x0 goto: goto_0.end method, so that we can complete the cracking ..... 4.apk packaging and signature (1) Using apktool1.4, Command Format: Code: apktool B xxxx where xxx is your folder. If the environment configuration is correct, the code is modified correctly, then the compilation will be successful. The successfully compiled file will be in the dist folder under your apk directory, and it will be copied out. At this time, it cannot be installed, because no signature token has been installed for such a crack, 5 points will be fixed each time you click Start. As for why I don't modify multiple points, I also want, every time you change it to another value, an error will be reported during compilation. It is estimated that it is designed for Android programming, or register. This is still to be studied ............... in addition, I don't need to leave the registration part in the compressed package for you to practice. If you get the points, it's free. In fact, you can also do other things, such as advertising, modify resources, etc.
The attack is basically completed here. We can see that mobile phone software is relatively simple to write. We can modify a return and it will be OK. With the popularity of the Android platform, I believe that the trend of the Android platform will become more and more important in the future.