continue to organize the previous article, the Novice may have a little idea of the inspiration Bar, directly put the blog ...
----------------------------Split Line---------------------------------
These two days to see someone on the internet sent a mobile phone card in the purchase of the tutorial, the unpacked files directly chinamobilepurchase$ Purchasecallback.smali inside the Onuseropercancel content changed to onbillingsuccess content, with mobile payment Click Cancel is equivalent to pay. Right now the test card on hand is Unicom, OK, re-start analysis of the payment process Unicom.
The first step : Game demo
We first install the software to the mobile phone, Baidu search to download APK installation can be. playing the game to the second level, we open Eclipse's DDMS to view the log content.
Then click the Acceleration button in the second Guanzhong, then click Start Again, then tap the acceleration button again, the prompt will pop up.
this time we look at the log log in Ddms, then find the relevant content, find the keyword tag xyf, and then we add a filter,tat set to XYF can
At this point, let's start with the flight mode of the phone and see what the effect of the payment failure looks like. Log as follows
Step Two: Start thinkingafter the first step of the analysis, we have a general direction of operation. ①. Find the relevant code based on the content of the prompt .②. SMS Purchase, we directly modify the text message.③. If you can figure out ②, then we can get rid of the SMS sending process.
Step Three: Start Analysissearch ' s31: ' Look at the context where it appears, inZhiwudazhanjiangshi2gaoqing_1\smali\com\multimode_billing_sms\ui\iililiiiliiliill.smalidiscover the place where S31 is located:
Utf-8 after transcoding:S31: User confirm selection, ready to send SMSand then in this class, look up.
Utf-8 after transcoding:S31: User confirm selection, ready to send SMSand then in this class, look up.
S31 is under this if statement, which is the judgment of the Click event, which determines or cancels. That is, we found the events that were made after clicking OK. Knowing this, we began to look for the text to send the entrance where, first look at the s31 below, because S31 content is ready to send text messages, so we found the following class.Lcom/multimode_billing_sms/ui/multimodepay;
since we are looking for a message to send the portal, so, we now search sendtextmessage keyword, see if we can find, can find, our work is very simple.
find this, suddenly enlightened, ready to test, we will change the number of mobile phone to another card, to see if we can receive text messages, if we can receive, indicating that we modify the success, this code is paid code. back to compile, sign, install, test ...as follows:
The phone shows the purchase success, OK, here we understand the Unicom card payment process. Then we thought about the second step in advance.think ②. We can think of the simplest way is to modify the mobile phone number here, modify the text message content, SMS send number. That is , sendtextmessage content, modify the V1 (SMS), v2 (SMS content) is to send a query SMS to 10010. ---------------------------------Split Line--------------------------Invoke-virtual/range {v0. v5}, Landroid/telephony/smsmanager;->sendtextmessage (ljava/lang/string; ljava/lang/string; ljava/lang/string; Landroid/app/pendingintent; landroid/app/pendingintent;) V---------------------------------Split Line--------------------------write above this codeConst-string v1, "10010" Const-string v3, "10010"can be. think ③. Delete the code that sent the text message, which is the Sendtextmessage method mentioned above, and see if it works. Delete, back to compile, sign, test, see log
here, through the content of log feedback, we can also know that the purchase has been successful, and then we see whether the game is normal, such as:
Fourth Step: test CompleteOK, here we have finished testing, Unicom card payment has been done, you can play the game happily!this time, we continue to think, if we encounter the game or SMS payment, we can directly search for the keyword sendtextmessage, and then review the context of the changes to test, and finally delete the test.
Original software:Link: http://pan.baidu.com/share/link?shareid=711418096&uk=3659465571 Password: 1shi
Plant vs. Zombies 2 pay Analysis
