关于一个Android签名校验问题的解决方法
本帖最后由 xkang 于 2018-8-28 15:04 编辑原帖地址:
Android问题
https://www.52hb.com/thread-39443-1-1.html
(出处: 吾爱汇编论坛)
原本我是给出了解决方案得但好像这位老哥没弄懂帖子还在
索性重新讲一下这个过签名校验
毕竟搞Android的不多 我得留住这位老哥{:5_193:}
直接开干工具在我另外一个帖子里有
直通车:
安卓逆向-——实现内购以及HOOK法干掉签名校验
https://www.52hb.com/thread-39146-1-1.html
(出处: 吾爱汇编论坛)
安装正规APK获取签名
接下来准备替换
打开yc 找到 SignatureFake.smali 打开替换刚刚得到的签名 保存
打开Android killer 搜索attachBaseContext 并在下一行添加
invoke-static {}, Lcom/yc/pm/SignatureKill;->kill()V
重新打包编译搞定
搞都搞了不如 搞到位 = =
内购关键代码
class MainActivity$4$1
implements IPayResultCallback
{
MainActivity$4$1(MainActivity.4 param4, String paramString1, String paramString2, String paramString3, String paramString4, String paramString5) {}
public void onPayResult(int paramInt, String paramString1, String paramString2)
{
switch (paramInt)
{
case 1:
default:
Toast.makeText(this.this$1.this$0, paramString2, 1).show();
this.this$1.onPayFail(this.val$orderId, this.val$extra);
}
for (;;)
{
Log.i("Unity", "requestCode:" + paramInt + ",signvalue:" + paramString1 + ",resultInfo:" + paramString2);
return;
if (IAppPayOrderUtils.checkPayResult(paramString1, SdkConfig.getInstance().getAppParam("publicKey")))
{
Toast.makeText(this.this$1.this$0, "支付成功", 1).show();
double d = Double.parseDouble(this.val$price);
this.this$1.onPayCheckSuccess(this.val$orderId, this.val$productId, this.val$productName, d, this.val$extra);
}
else
{
Toast.makeText(this.this$1.this$0, "支付成功,但验签失败", 1).show();
continue;
this.this$1.onPayCancel(this.val$orderId, this.val$extra);
}
}
}
}
Smali 源码
.class Lcom/chillyroomsdk/iapppay/MainActivity$4$1;
.super Ljava/lang/Object;
.source "MainActivity.java"
# interfaces
.implements Lcom/iapppay/interfaces/callback/IPayResultCallback;
# annotations
.annotation system Ldalvik/annotation/EnclosingMethod;
value = Lcom/chillyroomsdk/iapppay/MainActivity$4;->doPay(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V
.end annotation
.annotation system Ldalvik/annotation/InnerClass;
accessFlags = 0x0
name = null
.end annotation
# instance fields
.field final synthetic this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
.field final synthetic val$extra:Ljava/lang/String;
.field final synthetic val$orderId:Ljava/lang/String;
.field final synthetic val$price:Ljava/lang/String;
.field final synthetic val$productId:Ljava/lang/String;
.field final synthetic val$productName:Ljava/lang/String;
# direct methods
.method constructor <init>(Lcom/chillyroomsdk/iapppay/MainActivity$4;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V
.locals 0
.param p1, "this$1" # Lcom/chillyroomsdk/iapppay/MainActivity$4;
.prologue
.line 135
iput-object p1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iput-object p2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$price:Ljava/lang/String;
iput-object p3, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iput-object p4, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productId:Ljava/lang/String;
iput-object p5, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productName:Ljava/lang/String;
iput-object p6, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
# virtual methods
.method public onPayResult(ILjava/lang/String;Ljava/lang/String;)V
.locals 8
.param p1, "resultCode" # I
.param p2, "signValue" # Ljava/lang/String;
.param p3, "resultInfo" # Ljava/lang/String;
.prologue
const/4 v2, 0x1
.line 138
packed-switch p1, :pswitch_data_0
.line 156
:pswitch_0
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v0, v0, Lcom/chillyroomsdk/iapppay/MainActivity$4;->this$0:Lcom/chillyroomsdk/iapppay/MainActivity;
invoke-static {v0, p3, v2}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
.line 157
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iget-object v2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-virtual {v0, v1, v2}, Lcom/chillyroomsdk/iapppay/MainActivity$4;->onPayFail(Ljava/lang/String;Ljava/lang/String;)V
.line 160
:goto_0
const-string v0, "Unity"
new-instance v1, Ljava/lang/StringBuilder;
invoke-direct {v1}, Ljava/lang/StringBuilder;-><init>()V
const-string v2, "requestCode:"
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
move-result-object v1
const-string v2, ",signvalue:"
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
const-string v2, ",resultInfo:"
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1, p3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v1
invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
.line 161
return-void
.line 142
:pswitch_1
invoke-static {}, Lcom/chillyroomsdk/sdkbridge/config/SdkConfig;->getInstance()Lcom/chillyroomsdk/sdkbridge/config/SdkConfig;
move-result-object v0
const-string v1, "publicKey"
invoke-virtual {v0, v1}, Lcom/chillyroomsdk/sdkbridge/config/SdkConfig;->getAppParam(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-static {p2, v0}, Lcom/iapppay/sdk/main/IAppPayOrderUtils;->checkPayResult(Ljava/lang/String;Ljava/lang/String;)Z
move-result v7
.line 143
.local v7, "payState":Z
#if-eqz v7, :cond_0
.line 144
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v0, v0, Lcom/chillyroomsdk/iapppay/MainActivity$4;->this$0:Lcom/chillyroomsdk/iapppay/MainActivity;
const-string v1, "\u652f\u4ed8\u6210\u529f"
invoke-static {v0, v1, v2}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
.line 145
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$price:Ljava/lang/String;
invoke-static {v0}, Ljava/lang/Double;->parseDouble(Ljava/lang/String;)D
move-result-wide v4
.line 146
.local v4, "CNY":D
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iget-object v2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productId:Ljava/lang/String;
iget-object v3, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$productName:Ljava/lang/String;
iget-object v6, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-virtual/range {v0 .. v6}, Lcom/chillyroomsdk/iapppay/MainActivity$4;->onPayCheckSuccess(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;DLjava/lang/String;)V
goto :goto_0
.line 149
.end local v4 # "CNY":D
:cond_0
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v0, v0, Lcom/chillyroomsdk/iapppay/MainActivity$4;->this$0:Lcom/chillyroomsdk/iapppay/MainActivity;
const-string v1, "\u652f\u4ed8\u6210\u529f\u4f46\u9a8c\u7b7e\u5931\u8d25"
invoke-static {v0, v1, v2}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v0
invoke-virtual {v0}, Landroid/widget/Toast;->show()V
goto :goto_0
.line 153
.end local v7 # "payState":Z
:pswitch_2
iget-object v0, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->this$1:Lcom/chillyroomsdk/iapppay/MainActivity$4;
iget-object v1, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$orderId:Ljava/lang/String;
iget-object v2, p0, Lcom/chillyroomsdk/iapppay/MainActivity$4$1;->val$extra:Ljava/lang/String;
invoke-virtual {v0, v1, v2}, Lcom/chillyroomsdk/iapppay/MainActivity$4;->onPayCancel(Ljava/lang/String;Ljava/lang/String;)V
goto :goto_0
.line 138
:pswitch_data_0
.packed-switch 0x0
:pswitch_0
:pswitch_1
:pswitch_2
.end packed-switch
.end method
一目了然改switch体改判断条件
目测是这样 = =
感谢大家请积极评分
谢谢楼主
研究一下
支持恒大!
{:5_118:} 谢谢楼主分享 多见识
多学习
多进步 学习学习
研究研究
{:5_116:} 懂了,谢谢楼主
请问楼主一下,wifi万能钥匙不能用这方法去除,楼主可否帮忙一下。 太感谢了,刚学安卓逆向,一直被这个签名验证困扰,终于解决,谢谢谢谢!!!!! 在吗,我没法回复我贴子,可以回复下你的企鹅吗,RMB定制区来的 十分感谢大佬
页:
[1]
2