本帖最后由 泄密无花 于 2023-3-2 12:52 编辑
0x00 前言
本帖是对前篇帖子:https://www.52hb.com/thread-57930-1-1.html 修改的一个补充。
主要的区别点在于:
前篇帖子修改VIP之后还是存在速记技巧试用的提醒,但是修改了试用速记技巧的次数为增加;本帖修改了方法,做到了去除试用速记技巧的提示,也可以说是成为了“真正”的VIP,而不是“虚假”的VIP。
PS:除了试用次数的修改,其他修改与之前的帖子没有区别(自行尝试)
“虚假”的VIP的截图:
“真正”的VIP的截图:
0x01 准备工作
懒人驾考最新版本:https://www.wandoujia.com/apps/8106296
使用工具:MT管理器
0x02 逆向思路
在之前的帖子中有个永久VIP关键词:key_mmkv_vip_list_forever
那么这里直接全局搜索该关键词,全部点击。并根据下面思路修改
点开第三个结果,主要关注一下类似的代码
转成Java代码可以看到,这个c是判断永久会员的开通的方法。那么只要让这个if的判断通通为0即可成为真正的VIP(截图太长,我直接贴代码)
public void onReceive(Context context, Intent intent) {
String action = intent.getAction();
action.hashCode();
char c = 0;
switch (action.hashCode()) {
case -1744024835:
if (action.equals("android.lrjk.action.refresh.user_info_vip")) {
c = 0;
break;
}
break;
case -1106495621:
if (action.equals("wx_pay_0")) {
c = 0;
break;
}
break;
case -1106495620:
if (action.equals("wx_pay_1")) {
c = 0;
break;
}
break;
case -1106495619:
if (action.equals("wx_pay_2")) {
c = 3;
break;
}
break;
case 748682015:
if (action.equals("android.lrjk.action.refresh.user_info")) {
c = 0;
break;
}
break;
}
String str = "恭喜您成功开通永久会员";
switch (c) {
case 0:
if (b.G(1)) {
OpenVipActivityNew.O(this.a, 1, str);
return;
}
return;
case 1:
OpenVipActivityNew openVipActivityNew = this.a;
if (OpenVipActivityNew.c0(openVipActivityNew) != 0) {
str = "恭喜您成功开通30天会员";
}
OpenVipActivityNew.O(openVipActivityNew, 1, str);
o.g("key_sp_is_vip", true);
k.a().encode(OpenVipActivityNew.c0(this.a) == 0 ? "key_mmkv_vip_list_forever" : "key_mmkv_vip_list_30", true);
b.K("android.lrjk.action.refresh.pay");
AppLog.onEventV3("pay_full_payment_success", m.h("from", OpenVipActivityNew.n0(this.a), "isUseCoupon", OpenVipActivityNew.o0(this.a) != 0 ? "1" : "0", "payMoney", Double.parseDouble(OpenVipActivityNew.p0(this.a).getText().toString().trim()), "couponMoney", OpenVipActivityNew.q0(this.a) != null ? OpenVipActivityNew.q0(this.a).getPreferentialMoney() : 0, "practiceCount", k.a().decode=1Int("key_mmkv_static_question_count", 0)));
AppLog.onEventV3("pay_payment_success", m.h("from", OpenVipActivityNew.n0(this.a), "isUseCoupon", OpenVipActivityNew.o0(this.a) != 0 ? "1" : "0", "payMoney", Double.parseDouble(OpenVipActivityNew.p0(this.a).getText().toString().trim()), "couponMoney", OpenVipActivityNew.q0(this.a) != null ? OpenVipActivityNew.q0(this.a).getPreferentialMoney() : 0, "practiceCount", k.a().decode=1Int("key_mmkv_static_question_count", 0)));
com.jx885.lrjk.c.b.b B = com.jx885.lrjk.c.b.b.B();
B.u0(OpenVipActivityNew.r0(this.a) + "", "1");
return;
case 2:
OpenVipActivityNew.O(this.a, 2, "支付失败");
return;
case 3:
OpenVipActivityNew.O(this.a, 3, "支付取消");
return;
case 4:
OpenVipActivityNew.P(this.a);
return;
default:
return;
}
}
}
修改如下:全部把Java中的if判断的条件都改成0,即可成功进入真正VIP的判断
.method public onReceive(Landroid/content/Context;Landroid/content/Intent;)V
.registers 20
move-object/from16 v0, p0
.line 1
invoke-virtual/range {p2 .. p2}, Landroid/content/Intent;->getAction()Ljava/lang/String;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/String;->hashCode()I
invoke-virtual {v1}, Ljava/lang/String;->hashCode()I
move-result v2
const/4 v3, 0x3
const/4 v4, 0x2
const/4 v5, 0x0
const/4 v6, 0x1
const/4 v7, 0x0 # 修改
sparse-switch v2, :sswitch_data_178
goto :goto_4c
:sswitch_16
const-string v2, "android.lrjk.action.refresh.user_info"
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-nez v1, :cond_1f
goto :goto_4c
:cond_1f
const/4 v7, 0x0 # 修改
goto :goto_4c
:sswitch_21
const-string v2, "wx_pay_2"
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-nez v1, :cond_2a
goto :goto_4c
:cond_2a
const/4 v7, 0x0 # 修改
goto :goto_4c
:sswitch_2c
const-string v2, "wx_pay_1"
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-nez v1, :cond_35
goto :goto_4c
:cond_35
const/4 v7, 0x0 # 修改
goto :goto_4c
:sswitch_37
const-string v2, "wx_pay_0"
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-nez v1, :cond_40
goto :goto_4c
:cond_40
const/4 v7, 0x0 # 修改
goto :goto_4c
:sswitch_42
const-string v2, "android.lrjk.action.refresh.user_info_vip"
invoke-virtual {v1, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v1
if-nez v1, :cond_4b
goto :goto_4c
:cond_4b
const/4 v7, 0x0
:goto_4c
const-string v1, "恭喜您成功开通永久会员"
额外修改的一个判断:
com/jx885/Irjk/c/c/b 中的一个method public static F()Z
.method public static F()Z
.registers 2
const/4 v0, 0x1
.line 1
invoke-static {v0}, Lcom/jx885/lrjk/c/c/b;->G(I)Z
move-result v1
if-nez v1, :cond_1e
const/4 v1, 0x5
invoke-static {v1}, Lcom/jx885/lrjk/c/c/b;->G(I)Z
move-result v1
if-nez v1, :cond_1e
const/4 v1, 0x7
invoke-static {v1}, Lcom/jx885/lrjk/c/c/b;->G(I)Z
move-result v1
if-nez v1, :cond_1e
const/4 v1, 0x6
invoke-static {v1}, Lcom/jx885/lrjk/c/c/b;->G(I)Z
move-result v1
if-eqz v1, :cond_1d
goto :goto_1e
:cond_1d
const/4 v0, 0x1 # 修改
:cond_1e
:goto_1e
return v0
.end method
0x03 修改对比
完全去除了试用的提示
0x04 总结
这次直接搜索关键词:key_mmkv_vip_list_forever,把涉及该关键词的方法全部修改判断,就可以做到完全成为真正的VIP,节省了分析的弯路。(帖子写得比较匆忙,有问题可以评论区讨论)
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
