• Android逆向破解表单注册程序

    Android逆向破解表单注册程序

    Android开发

    ADT: android studio(as)

    程序界面如下,注册码为6位随机数字,注册成功时弹出通知注册成功,注册失败时弹出通知注册失败

    布局代码

    <?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    android:orientation="vertical">
    <TextView
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:gravity="center"
        android:text="用户注册"
        android:textSize="28sp" />
    <EditText
        android:id="@+id/Username"
        android:layout_width="fill_parent"
        android:layout_height="wrap_content"
        android:text="6位用户名"/>
    <EditText
        android:id="@+id/Register"
        android:layout_width="fill_parent"
        android:layout_height="wrap_content"
        android:text="6位注册码"/>
    <Button
        android:id="@+id/BTN_Login"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:text="注册" />
</LinearLayout>

    主程序代码

    package com.example.mark.myfirstregister;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
public class MainActivity extends AppCompatActivity {
    EditText edit_Name;
    EditText Reg;
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        edit_Name = (EditText) findViewById(R.id.Username);
        Reg = (EditText) findViewById(R.id.Register);
        Button btn_reg = (Button) findViewById(R.id.BTN_Login);
        btn_reg.setOnClickListener(new View.OnClickListener() {

            @Override
            public void onClick(View v) {
                checkReg(edit_Name.getText().toString().trim(),Reg.getText().toString().trim());
            }
        });
    }
    public void checkReg(String name, String reg){
        int numcode = (int) ((Math.random() * 9 + 1) * 100000);
        int n = 6;
        if(name.length() == 6 && reg.equals(numcode)){
            Toast.makeText(MainActivity.this,"注册成功",Toast.LENGTH_SHORT).show();
        }
        else
            Toast.makeText(MainActivity.this,"注册失败",Toast.LENGTH_SHORT).show();
    }
}

    Android逆向破解

    tool: apktool

    # 反编译
apktool d[ecode] [options] <file_apk>
# 编译
apktool b[uild] [options] <app_path>

    反编译apk,执行 apktool d target.apk -o /path,之后生成一些目录,res存放资源文件,smali存放被反编译的smali代码。关键代码存放在smali目录下的MainActivity.smali文件,打开后进行分析。

    .class public Lcom/example/mark/myfirstregister/MainActivity;
.super Landroid/support/v7/app/AppCompatActivity;
.source "MainActivity.java"


# instance fields
.field Reg:Landroid/widget/EditText;

.field edit_Name:Landroid/widget/EditText;


# direct methods
.method public constructor <init>()V
    .locals 0

    .line 14
    invoke-direct {p0}, Landroid/support/v7/app/AppCompatActivity;-><init>()V

    return-void
.end method


# virtual methods
.method public checkReg(Ljava/lang/String;Ljava/lang/String;)V
    .locals 5
    .param p1, "name"    # Ljava/lang/String;
    .param p2, "reg"    # Ljava/lang/String;

    .line 35
    invoke-static {}, Ljava/lang/Math;->random()D

    move-result-wide v0

    const-wide/high16 v2, 0x4022000000000000L    # 9.0

    mul-double v0, v0, v2

    const-wide/high16 v2, 0x3ff0000000000000L    # 1.0

    add-double/2addr v0, v2

    const-wide v2, 0x40f86a0000000000L    # 100000.0

    mul-double v0, v0, v2

    double-to-int v0, v0

    .line 36
    .local v0, "numcode":I
    const/4 v1, 0x6

    .line 37
    .local v1, "n":I
    invoke-virtual {p1}, Ljava/lang/String;->length()I

    move-result v2

    const/4 v3, 0x0

    const/4 v4, 0x6

    if-ne v2, v4, :cond_0

    invoke-static {v0}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;

    move-result-object v2

    invoke-virtual {p2, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v2

    if-eqz v2, :cond_0

    .line 38
    const-string v2, "u6ce8u518cu6210u529f"

    invoke-static {p0, v2, v3}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

    move-result-object v2

    invoke-virtual {v2}, Landroid/widget/Toast;->show()V

    goto :goto_0

    .line 41
    :cond_0
    const-string v2, "u6ce8u518cu5931u8d25"

    invoke-static {p0, v2, v3}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

    move-result-object v2

    invoke-virtual {v2}, Landroid/widget/Toast;->show()V

    .line 43
    :goto_0
    return-void
.end method

.method protected onCreate(Landroid/os/Bundle;)V
    .locals 2
    .param p1, "savedInstanceState"    # Landroid/os/Bundle;

    .line 20
    invoke-super {p0, p1}, Landroid/support/v7/app/AppCompatActivity;->onCreate(Landroid/os/Bundle;)V

    .line 21
    const v0, 0x7f09001c

    invoke-virtual {p0, v0}, Lcom/example/mark/myfirstregister/MainActivity;->setContentView(I)V

    .line 22
    const v0, 0x7f070008

    invoke-virtual {p0, v0}, Lcom/example/mark/myfirstregister/MainActivity;->findViewById(I)Landroid/view/View;

    move-result-object v0

    check-cast v0, Landroid/widget/EditText;

    iput-object v0, p0, Lcom/example/mark/myfirstregister/MainActivity;->edit_Name:Landroid/widget/EditText;

    .line 23
    const v0, 0x7f070005

    invoke-virtual {p0, v0}, Lcom/example/mark/myfirstregister/MainActivity;->findViewById(I)Landroid/view/View;

    move-result-object v0

    check-cast v0, Landroid/widget/EditText;

    iput-object v0, p0, Lcom/example/mark/myfirstregister/MainActivity;->Reg:Landroid/widget/EditText;

    .line 24
    const v0, 0x7f070001

    invoke-virtual {p0, v0}, Lcom/example/mark/myfirstregister/MainActivity;->findViewById(I)Landroid/view/View;

    move-result-object v0

    check-cast v0, Landroid/widget/Button;

    .line 25
    .local v0, "btn_reg":Landroid/widget/Button;
    new-instance v1, Lcom/example/mark/myfirstregister/MainActivity$1;

    invoke-direct {v1, p0}, Lcom/example/mark/myfirstregister/MainActivity$1;-><init>(Lcom/example/mark/myfirstregister/MainActivity;)V

    invoke-virtual {v0, v1}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V

    .line 33
    return-void
.end method

    关键部分代码在checkReg()方法中,注册成功的smali代码如下

    if-eqz v2, :cond_0

.line 38
const-string v2, "u6ce8u518cu6210u529f"

    对照AS38行的代码

    Toast.makeText(MainActivity.this,"注册成功",Toast.LENGTH_SHORT).show();

    由此可以确定程序破解的关键,直接修改if-eqzif-nez,然后重新编译。

    apktool b /path/ -o /path/1.apk

    安装后打开,输入任意6位用户名和注册码即可成功注册。
  • 相关阅读:
    基于OpenStack构建企业私有云(8)Cinder
    基于OpenStack构建企业私有云(6)创建第一台云主机
    基于OpenStack创建企业私有云(7)Horizon
    基于OpenStack构建企业私有云(4)Nova
    python--006--三元运算、列表解析、生成器表达式
    python--006--迭代器协议和for循环工作机制
    python--005--文件操作(b,其他)
    python--005--文件操作(r,w,a)
    python--004--函数(其他内置函数)
    python--004--函数(zip、min、max)
  • 原文地址:https://www.cnblogs.com/mark-zh/p/10408469.html
Copyright © 2020-2023  润新知