首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. Android安全
    3. 发新帖
[讨论]Android 手机软件反编译的smali源码,如何爆破?
发表于: 2011-6-26 17:20 15996

[讨论]Android 手机软件反编译的smali源码,如何爆破?

藏经阁 活跃值
2011-6-26 17:20
15996
Android 手机软件反编译的smali源码,如何爆破?

    .prologue
    .line 234
    const-wide/16 v0, 0x613

    .line 235
    .local v0, DW1:J
    const-wide/16 v9, 0x0

    .line 236
    .local v9, tol:J
    const/4 v11, 0x6

    new-array v2, v11, [C

    .line 238
    .local v2, cnum:[C
    const-string v4, ""

    .line 240
    .local v4, stmp:Ljava/lang/String;
    iget-object v11, p0, LMy/XuanAo/BaZi/CSoftReg;->Fregcode:Ljava/lang/String;

    invoke-virtual {v11}, Ljava/lang/String;->length()I

    move-result v11

    const/16 v12, 0xf

    if-ne v11, v12, :cond_1d

    iget-object v11, p0, LMy/XuanAo/BaZi/CSoftReg;->Fsoftsn:Ljava/lang/String;

    invoke-virtual {v11}, Ljava/lang/String;->length()I

    move-result v11

    const/16 v12, 0xc

    .line 266
    :goto_1e
    return v11

    .line 241
    :cond_1f
    const-wide/16 v5, 0x2710

    .local v5, t1:J
    const/4 v3, 0x1

    .line 243
    .local v3, ii:I
    :cond_22
    iget-object v11, p0, LMy/XuanAo/BaZi/CSoftReg;->Fregcode:Ljava/lang/String;

    const/4 v12, 0x1

    sub-int v12, v3, v12

    invoke-virtual {v11, v12}, Ljava/lang/String;->charAt(I)C

    move-result v11

    const/16 v12, 0x30

    sub-int/2addr v11, v12

    int-to-long v7, v11

    .line 244
    .local v7, t2:J
    mul-long v11, v7, v5

    add-long/2addr v9, v11

    .line 245
    add-int/lit8 v3, v3, 0x1

    .line 246
    const-wide/16 v11, 0xa

    div-long/2addr v5, v11

    .line 247
    const-wide/16 v11, 0x0

    cmp-long v11, v5, v11

    if-gtz v11, :cond_22

    .line 248
    const-wide/16 v11, 0x613

    invoke-virtual {p0, v11, v12}, LMy/XuanAo/BaZi/CSoftReg;->SnCal(J)J

    move-result-wide v11

    xor-long/2addr v9, v11

    .line 249
    const-wide/16 v11, 0x613

    add-long/2addr v9, v11

    const-wide/16 v11, 0x3

    div-long/2addr v9, v11

    .line 250
    const-wide/16 v11, 0x613

    sub-long/2addr v9, v11

    .line 251
    invoke-static {v9, v10}, Ljava/lang/String;->valueOf(J)Ljava/lang/String;

    move-result-object v11

    invoke-virtual {v11}, Ljava/lang/String;->trim()Ljava/lang/String;

    move-result-object v4

    .line 252
    invoke-virtual {v4}, Ljava/lang/String;->length()I

    move-result v11

    int-to-long v5, v11

    .line 253
    const/4 v11, 0x0

    long-to-int v12, v5

    const/4 v13, 0x0

    invoke-virtual {v4, v11, v12, v2, v13}, Ljava/lang/String;->getChars(II[CI)V

    .line 254
    const-wide/16 v11, 0x4

    cmp-long v11, v5, v11

    if-gez v11, :cond_75

    .line 256
    const-wide/16 v11, 0x4

    sub-long v7, v11, v5

    .line 257
    const-wide/16 v11, 0x1

    sub-long v11, v5, v11

    long-to-int v3, v11

    :goto_6f
    if-gez v3, :cond_7b

    .line 259
    const/4 v3, 0x0

    :goto_72
    long-to-int v11, v7

    if-lt v3, v11, :cond_85

    .line 262
    :cond_75
    const/4 v3, 0x1

    :goto_76
    const/4 v11, 0x4

    if-le v3, v11, :cond_8c

    .line 266
    const/4 v11, 0x1

    goto :goto_1e

    .line 258
    :cond_7b
    int-to-long v11, v3

    add-long/2addr v11, v7

    long-to-int v11, v11

    aget-char v12, v2, v3

    aput-char v12, v2, v11

    .line 257
    add-int/lit8 v3, v3, -0x1

    goto :goto_6f

    .line 260
    :cond_85
    const/16 v11, 0x30

    aput-char v11, v2, v3

    .line 259
    add-int/lit8 v3, v3, 0x1

    goto :goto_72

    .line 264
    :cond_8c
    const/4 v11, 0x1

    sub-int v11, v3, v11

    aget-char v11, v2, v11

    iget-object v12, p0, LMy/XuanAo/BaZi/CSoftReg;->Fsoftsn:Ljava/lang/String;

    const/4 v13, 0x1

    sub-int v13, v3, v13

    invoke-virtual {v12, v13}, Ljava/lang/String;->charAt(I)C

    move-result v12

    if-eq v11, v12, :cond_9e

    const/4 v11, 0x0

    goto :goto_1e

    .line 262
    :cond_9e
    add-int/lit8 v3, v3, 0x1

    goto :goto_76
.end method

    .prologue
    .line 271
    const-wide/16 v0, 0x843

    .line 272
    .local v0, DW1:J
    const-wide/16 v9, 0x0

    .line 273
    .local v9, tol:J
    const/4 v11, 0x6

    new-array v2, v11, [C

    .line 275
    .local v2, cnum:[C
    const-string v4, ""

    .line 277
    .local v4, stmp:Ljava/lang/String;
    iget-object v11, p0, LMy/XuanAo/BaZi/CSoftReg;->Fregcode:Ljava/lang/String;

    invoke-virtual {v11}, Ljava/lang/String;->length()I

    move-result v11

    const/16 v12, 0xf

    if-ne v11, v12, :cond_1d

    iget-object v11, p0, LMy/XuanAo/BaZi/CSoftReg;->Fsoftsn:Ljava/lang/String;

    invoke-virtual {v11}, Ljava/lang/String;->length()I

    move-result v11

    const/16 v12, 0xc

    if-eq v11, v12, :cond_1f

    :cond_1d
    const/4 v11, 0x0

    .line 304
    :goto_1e
    return v11

    .line 278
    :cond_1f
    const-wide/16 v5, 0x2710

    .local v5, t1:J
    const/4 v3, 0x6

    .line 280
    .local v3, ii:I
    :cond_22
    iget-object v11, p0, LMy/XuanAo/BaZi/CSoftReg;->Fregcode:Ljava/lang/String;

    const/4 v12, 0x1

    sub-int v12, v3, v12

    invoke-virtual {v11, v12}, Ljava/lang/String;->charAt(I)C

    move-result v11

    const/16 v12, 0x30

    sub-int/2addr v11, v12

    int-to-long v7, v11

    .line 281
    .local v7, t2:J
    mul-long v11, v7, v5

    add-long/2addr v9, v11

    .line 282
    add-int/lit8 v3, v3, 0x1

    .line 283
    const-wide/16 v11, 0xa

    div-long/2addr v5, v11

    .line 284
    const-wide/16 v11, 0x0

    cmp-long v11, v5, v11

    if-gtz v11, :cond_22

    .line 285
    const-wide/16 v11, 0x843

    invoke-virtual {p0, v11, v12}, LMy/XuanAo/BaZi/CSoftReg;->SnCal(J)J

    move-result-wide v11

    xor-long/2addr v9, v11

    .line 286
    const-wide/16 v11, 0x843

    xor-long/2addr v9, v11

    .line 287
    const-wide/16 v11, 0x2

    div-long/2addr v9, v11

    const-wide/16 v11, 0x843

    add-long/2addr v9, v11

    .line 288
    const-wide/16 v11, 0x2

    div-long/2addr v9, v11

    const-wide/16 v11, 0x843

    sub-long/2addr v9, v11

    .line 289
    invoke-static {v9, v10}, Ljava/lang/String;->valueOf(J)Ljava/lang/String;

    move-result-object v11

    invoke-virtual {v11}, Ljava/lang/String;->trim()Ljava/lang/String;

    move-result-object v4

    .line 290
    invoke-virtual {v4}, Ljava/lang/String;->length()I

    move-result v11

    int-to-long v5, v11

    .line 291
    const/4 v11, 0x0

    long-to-int v12, v5

    const/4 v13, 0x0

    invoke-virtual {v4, v11, v12, v2, v13}, Ljava/lang/String;->getChars(II[CI)V

    .line 292
    const-wide/16 v11, 0x4

    cmp-long v11, v5, v11

    if-gez v11, :cond_7b

    .line 294
    const-wide/16 v11, 0x4

    sub-long v7, v11, v5

    .line 295
    const-wide/16 v11, 0x1

    sub-long v11, v5, v11

    long-to-int v3, v11

    :goto_75
    if-gez v3, :cond_82

    .line 297
    const/4 v3, 0x0

    :goto_78
    long-to-int v11, v7

    if-lt v3, v11, :cond_8c

    .line 300
    :cond_7b
    const/4 v3, 0x5

    :goto_7c
    const/16 v11, 0x8

    if-le v3, v11, :cond_93

    .line 304
    const/4 v11, 0x1

    goto :goto_1e

    .line 296
    :cond_82
    int-to-long v11, v3

    add-long/2addr v11, v7

    long-to-int v11, v11

    aget-char v12, v2, v3

    aput-char v12, v2, v11

    .line 295
    add-int/lit8 v3, v3, -0x1

    goto :goto_75

    .line 298
    :cond_8c
    const/16 v11, 0x30

    aput-char v11, v2, v3

    .line 297
    add-int/lit8 v3, v3, 0x1

    goto :goto_78

    .line 302
    :cond_93
    const/4 v11, 0x5

    sub-int v11, v3, v11

    aget-char v11, v2, v11

    iget-object v12, p0, LMy/XuanAo/BaZi/CSoftReg;->Fsoftsn:Ljava/lang/String;

    const/4 v13, 0x1

    sub-int v13, v3, v13

    invoke-virtual {v12, v13}, Ljava/lang/String;->charAt(I)C

    move-result v12

    if-eq v11, v12, :cond_a6

    const/4 v11, 0x0

    goto/16 :goto_1e

    .line 300
    :cond_a6
    add-int/lit8 v3, v3, 0x1

    .prologue
    .line 309
    const-wide/16 v5, 0xb61

    .line 310
    .local v5, DW1:J
    const-wide/16 v16, 0x0

    .line 311
    .local v16, tol:J
    const/16 v18, 0x6

    move/from16 v0, v18

    new-array v0, v0, [C

    move-object v7, v0

    .line 313
    .local v7, cnum:[C
    const-string v9, ""

    .line 315
    .local v9, stmp:Ljava/lang/String;
    move-object/from16 v0, p0

    iget-object v0, v0, LMy/XuanAo/BaZi/CSoftReg;->Fregcode:Ljava/lang/String;

    move-object/from16 v18, v0

    invoke-virtual/range {v18 .. v18}, Ljava/lang/String;->length()I

    move-result v18

    const/16 v19, 0xf

    move/from16 v0, v18

    move/from16 v1, v19

    if-ne v0, v1, :cond_31

    move-object/from16 v0, p0

    iget-object v0, v0, LMy/XuanAo/BaZi/CSoftReg;->Fsoftsn:Ljava/lang/String;

    move-object/from16 v18, v0

    invoke-virtual/range {v18 .. v18}, Ljava/lang/String;->length()I

    move-result v18

    const/16 v19, 0xc

    move/from16 v0, v18

    move/from16 v1, v19

    if-eq v0, v1, :cond_34

    :cond_31
    const/16 v18, 0x0

    .line 347
    :goto_33
    return v18

    .line 316
    :cond_34
    const-wide/16 v10, 0x2710

    .local v10, t1:J
    const/16 v8, 0xb

    .line 318
    .local v8, ii:I
    :cond_38
    move-object/from16 v0, p0

    iget-object v0, v0, LMy/XuanAo/BaZi/CSoftReg;->Fregcode:Ljava/lang/String;

    move-object/from16 v18, v0

    const/16 v19, 0x1

    sub-int v19, v8, v19

    invoke-virtual/range {v18 .. v19}, Ljava/lang/String;->charAt(I)C

    move-result v18

    const/16 v19, 0x30

    sub-int v18, v18, v19

    move/from16 v0, v18

    int-to-long v0, v0

    move-wide v12, v0

    .line 319
    .local v12, t2:J
    mul-long v18, v12, v10

    add-long v16, v16, v18

    .line 320
    add-int/lit8 v8, v8, 0x1

    .line 321
    const-wide/16 v18, 0xa

    div-long v10, v10, v18

    .line 322
    const-wide/16 v18, 0x0

    cmp-long v18, v10, v18

    if-gtz v18, :cond_38

    .line 323
    const-wide/16 v18, 0xb61

    move-object/from16 v0, p0

    move-wide/from16 v1, v18

    invoke-virtual {v0, v1, v2}, LMy/XuanAo/BaZi/CSoftReg;->SnCal(J)J

    move-result-wide v18

    xor-long v16, v16, v18

    .line 324
    const-wide/16 v18, 0xb61

    xor-long v16, v16, v18

    .line 325
    const-wide/16 v10, 0x0

    const-wide/16 v14, 0x3e8

    .line 326
    .local v14, t3:J
    const/16 v8, 0xc

    :goto_74
    if-gez v8, :cond_c6

    .line 332
    move-wide/from16 v16, v10

    .line 333
    invoke-static/range {v16 .. v17}, Ljava/lang/String;->valueOf(J)Ljava/lang/String;

    move-result-object v18

    invoke-virtual/range {v18 .. v18}, Ljava/lang/String;->trim()Ljava/lang/String;

    move-result-object v9

    .line 334
    invoke-virtual {v9}, Ljava/lang/String;->length()I

    move-result v18

    move/from16 v0, v18

    int-to-long v0, v0

    move-wide v10, v0

    .line 335
    const/16 v18, 0x0

    move-wide v0, v10

    long-to-int v0, v0

    move/from16 v19, v0

    const/16 v20, 0x0

    move-object v0, v9

    move/from16 v1, v18

    move/from16 v2, v19

    move-object v3, v7

    move/from16 v4, v20

    invoke-virtual {v0, v1, v2, v3, v4}, Ljava/lang/String;->getChars(II[CI)V

    .line 336
    const-wide/16 v18, 0x4

    cmp-long v18, v10, v18

    if-gez v18, :cond_b9

    .line 337
    const-wide/16 v18, 0x4

    sub-long v12, v18, v10

    .line 338
    const-wide/16 v18, 0x1

    sub-long v18, v10, v18

    move-wide/from16 v0, v18

    long-to-int v0, v0

    move v8, v0

    :goto_ad
    if-gez v8, :cond_df

    .line 340
    const/4 v8, 0x0

    :goto_b0
    move-wide v0, v12

    long-to-int v0, v0

    move/from16 v18, v0

    move v0, v8

    move/from16 v1, v18

    if-lt v0, v1, :cond_f1

    .line 343
    :cond_b9
    const/16 v8, 0x9

    :goto_bb
    const/16 v18, 0xc

    move v0, v8

    move/from16 v1, v18

    if-le v0, v1, :cond_f8

    .line 347
    const/16 v18, 0x1

    goto/16 :goto_33

    .line 328
    :cond_c6
    shr-long v18, v16, v8

    const-wide/16 v20, 0xf

    and-long v18, v18, v20

    const-wide/16 v20, 0x2a

    add-long v12, v18, v20

    .line 329
    const-wide/16 v18, 0x30

    sub-long v18, v12, v18

    mul-long v18, v18, v14

    add-long v10, v10, v18

    .line 330
    const-wide/16 v18, 0xa

    div-long v14, v14, v18

    .line 326
    add-int/lit8 v8, v8, -0x4

    goto :goto_74

    .line 339
    :cond_df
    move v0, v8

    int-to-long v0, v0

    move-wide/from16 v18, v0

    add-long v18, v18, v12

    move-wide/from16 v0, v18

    long-to-int v0, v0

    move/from16 v18, v0

    aget-char v19, v7, v8

    aput-char v19, v7, v18

    .line 338
    add-int/lit8 v8, v8, -0x1

    goto :goto_ad

    .line 341
    :cond_f1
    const/16 v18, 0x30

    aput-char v18, v7, v8

    .line 340
    add-int/lit8 v8, v8, 0x1

    goto :goto_b0

    .line 345
    :cond_f8
    const/16 v18, 0x9

    sub-int v18, v8, v18

    aget-char v18, v7, v18

    move-object/from16 v0, p0

    iget-object v0, v0, LMy/XuanAo/BaZi/CSoftReg;->Fsoftsn:Ljava/lang/String;

    move-object/from16 v19, v0

    const/16 v20, 0x1

    sub-int v20, v8, v20

    invoke-virtual/range {v19 .. v20}, Ljava/lang/String;->charAt(I)C

    move-result v19

    move/from16 v0, v18

    move/from16 v1, v19

    if-eq v0, v1, :cond_116

    const/16 v18, 0x0

    goto/16 :goto_33

    .line 343
    :cond_116
    add-int/lit8 v8, v8, 0x1

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (5)
冰川
雪    币: 415
活跃值: (71)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
2
呵呵,是玄奥易学软件吧。
2011-6-26 20:32
0
frozenrain
雪    币: 107
活跃值: (1738)
能力值: ( LV6,RANK:80 )
在线值:
发帖
回帖
粉丝
私信
3
反成JAVA代码看,他几个平台的的软件算法好像没变化,分3段校验吧,你可以参考一下它WIN32下的程序。
2011-6-26 22:05
0
藏经阁
雪    币: 5
活跃值: (26)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
关键是smali看不明白,反成java,又不能修改
2011-6-27 22:50
0
holmesabc
雪    币: 486
活跃值: (210)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
以前去广告的时候就是搞一份smali和一份反后的java,
看java找关键函数,再去的对应的smail里面找到对应的函数,修改就行了。
smail里面的函数名和java里面的是一样的,直接搜索就行了。

smali相对于汇编已经很容易看了。
2011-7-3 15:59
0
pc小波
雪    币: 118
活跃值: (106)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
私信
6
我以为你们都是直接看这个smali就看明白了呢原来我也没那么笨
2012-5-25 16:37
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//