Cracking VIP in the beauty pavilion 6.7.0

There are many restrictions on this application that require VIP Purchase:
1. There is a bar advertisement under the screen.
2. Use the source image to browse in WIFI.

Cracking Process:
1. decompile the APK program with APKTOOL and convert the classes file into a jar file with dex2jar.

2. In the AndroidManifest. xml file, find the main Activity: picview. meitui. type.

Code:

     <activity android:name="picview.meitui.type" android:screenOrientation="portrait">            <intent-filter>                <action android:name="android.intent.action.MAIN" />                <category android:name="android.intent.category.LAUNCHER" />            </intent-filter>        </activity>

 
3. Use the JR-GUI to view the JAR file, and you can find a VIP class.

4. Expand VIP. There is a VipMgr class in it, which is obviously a management class for VIP. Expand it:

5. Observe the member variables and member methods. It is not difficult to find a member function getVipType.

6. The returned value of getVipType determines the VIP type.

Code:
 

  public static int getVipType(Activity paramActivity)  {    a = paramActivity;    if (a == null);    for (int i = -2; ; i = (int)a.getApplication().getSharedPreferences("360meinv", 3).getLong("state", -2L))      return i;  }

7. the VIP type is defined in the member variables in the VipMgr class:

Code:
 

  public static final int VIP_NEED_LOGIN = -2;  public static final int VIP_NOAD = 100;  public static final int VIP_NOAD_1YUAN = 130;  public static final int VIP_NOAD_MONEY = 200;  public static final int VIP_NOAD_SMS_10YUAN = 135;  public static final int VIP_OUTDATE = -1;  public static final int VIP_VIP = 300;

VIP_VIP is the highest level VIP, which has no restrictions.

8. so we only need to force the return value of getVipType to 300, and the program considers us as the VIP_VIP type. Modify the smali file as follows:

Code:
 

. Method public static getVipType (Landroid/app/Activity;) I. locals 6. parameter "a1 ". prologue. line 325 sput-object p0, Lpicview/meitui/vip/vipMgr;-> a: Landroid/app/Activity ;. line 326 const/4 v0,-0x2. line 328. local v0, ret: I sget-object v3, Lpicview/meitui/vip/vipMgr;-> a: Landroid/app/Activity; if-nez v3,: cond_0 move v1, v0. line 336. end local v0 # ret: I. local v1, ret: I: goto_0 # Add this sentence. The mandatory return value is 300 (0x12c) const/16 v1, 0x12C return v1. line 331. end local v1 # ret: I. restart local v0 # ret: I: cond_0 sget-object v3, Lpicview/meitui/vip/vipMgr;-> a: Landroid/app/Activity; invoke-virtual {v3 }, landroid/app/Activity;-> getApplication () Landroid/app/Application; move-result-object v3 const-string v4, "360 meinv" const/4 v5, 0x3 invoke-virtual {v3, v4, v5}, Landroid/app/Application;-> getSharedPreferences (Ljava/lang/String; I) Landroid/content/SharedPreferences; move-result-object v2. line 335. local v2, set: Landroid/content/SharedPreferences; const-string v3, "state" const-wide/16 v4,-0x2 invoke-interface {v2, v3, v4, v5}, Landroid/content/SharedPreferences;-> getLong (Ljava/lang/String; J) J move-result-wide v3 long-to-int v0, v3 move v1, v0. line 336. end local v0 # ret: I. restart local v1 # ret: I goto: goto_0.end method

9. Save the modification, re-create the APK, sign the file, and crack the file.

 


 

Attach the cracked APK: http://www.bkjia.com/uploadfile/2013/0821/20130821014132767.rar