-
-
[原创]Android程序开机启动杀手Autorun Manager破解
-
2012-8-16 02:03
-
Autorun Manager是个不错的应用。可以用来禁止某些不老实的android应用开机启动和push 一些垃圾信息(如sina weibo就喜欢时不时push一些垃圾信息)。
虽然网上有捐赠版的下载,不过,还是喜欢自己折腾一下。折腾,是生活的一部分。
而且目前网络上还没有直接破解版的下载,我看到的所谓专业版都是下载主程序之后还要再装一个key程序。对于我这种有洁癖的人来说,还是选择自己动手吧。
官方介绍:
也就是说:
免费版的有广告、不能启用阻止应用重启、不能修改超过4个receiver、不能启用Chuck Norris模式。
其它3条还算可以接受,唯一不可接受的就是不能修改超过4个receiver这一条。
android应用在AndroidManifest.xml中注册它要使用的receiver,如:
如android.intent.action.BOOT_COMPLETED 这个receiver就是用于接收开机启动广播的。
而Autorun Manager的禁止程序开机启动的机制正是将相应程序的receiver给禁用,这样,这个程序便不会开机即启动了。android.intent.action.GET_PUSH_VALUE 即是用于推送的,我很果断地把sina weibo的这个receiver给disable了。
关于android broadcast receiver的原理,有兴趣的童鞋可以自行Google.这里不述。
==================================================
2012-08-17 :今天重新把思路整理了一下,并更新了这篇文章。
修改过4个receiver的设置后,这个应用(免费版的)便会提示你使用的免费版,最多只能修改4个receiver.
破解思路:
最多只能修改4个receiver这一限制的破解很简单。在后面的代码中会详细介绍。而另外两个选项:阻止应用重启、启用Chuck Norris模式相对来说就麻烦了一点点。
用apktool反编译出smali文件后,打开res/values/strings.xml和res/values/public.xml查得提示语You need to have PRO key to change more than %1$d receivers的id为0x7f0b0025。
搜索0x7f0b0025,在smali/f/d.smali 文件第341行找到。我这里把相关代码帖出并做些许解释:
不难看出,:cond_9 处的那小段代码就是显示你不是捐赠用户,不能改变过超过4个receiver.
其实这里要改变这个跳转,有3个地方可以修改。
因为这里的跳转实际上是根据3个条件相与的结果来进行的(要(!c.ka.booleanValue() && l.bJ() >= 4 && !l.jp.contains(jy.jE)) 这个表达式为真才会跳转到执行弹出not donated提示框的代码)。
条件1:如果h.c.ka的值为真,则跳转到:cond_0
条件2:如果已经禁用的reciever数量(v2寄存器)小于 4 个(v4寄存器),则跳转到 :cond_0
if-lt v2, v4, :cond_0
条件3: if-eqz v2, :cond_9
也就是说,代码逻辑是:
。
最初我采用的破解方法是把 if-eqz v2, :cond_9 这个跳转修改为了 if-nez v2, :cond_9,这样当然是可以的,因为改变任意一个条件都是可以成功的。
现在我采用的破解方法是让“h.c.ka的值为真”,怎么让它为真呢?等下往下看时我会说到。因为这个h.c.ka的值不单单是影响可以修改的receiver的数量,还影响到free版的应用的另外两个选项:阻止应用重启、启用Chuck Norris模式,如果只修改一处地方就能影响到两外以上的跳转(这些跳转正是我们需要的),何乐而不为呢?因此,这里我不再按老方法去修改跳转了。
==================================================
然后再看com\rs\autorun\misc\AutorunPreferencesActivity.smali
因为这个AutorunPreferences是修改配置时的Activity,所以看下它的代码。看它是怎么处理复选框被点击事件的。根据编程经验加上反编译出来的smali代码,可以知道,这个应用只是把pro版的功能给隐匿了,相应的操作代码还是有的。因此,只需要让程序自己觉得是pro版就行了。
这里它对于AutorunPreferencesActivity的事件响应逻辑是这样的:当pro版才能使用的复选框被点击时,判断是否满足相应的条件,不满足的话就弹出提示框,提示此功能只有pro版才能使用。并把复选框的值设置为false.
com\rs\autorun\misc\AutorunPreferencesActivity.smali相关代码:
代码比较多,我这里只帖出关键的:
从上面的代码分析得出,要使用pro版的功能,就要改变其中的某些跳转。而这些跳转的关键flag就是h.c.ka 和 h.c.kb 的值。这两个值起到开关的作用。
打开com.rs.autorun-1\smali\h\c.smali ,由其源码名字Donate.java也可以再次看出这个文件是用于标志此程序是否要启用pro功能的。再次验证了我上面的分析的正确性。
到此,4个receiver的限制就算解除了。阻止应用重启、启用Chuck Norris模式也可以启用了。
重新打包,签名,安装。
可以看到“Get Pro"按钮已经是灰色的了。
”防止重启"复选框也可以选择了。
下载:
com.rs.autorun-cracked-by-hywd.apk
2012-10-28 更新:
新版(3.6版)已破解程序:
com.rs.autorun-cracked-signed.apk
2012-10-28 更新:
程序更新版本到 3.6了,附上3.6已破解pro功能、去广告版的程序。(见本帖下面)
虽然网上有捐赠版的下载,不过,还是喜欢自己折腾一下。折腾,是生活的一部分。
而且目前网络上还没有直接破解版的下载,我看到的所谓专业版都是下载主程序之后还要再装一个key程序。对于我这种有洁癖的人来说,还是选择自己动手吧。
官方介绍:
PRO key app is available on the market!
Donators and PRO users receive additional features:
- no ads
- basic mode's prevent restart feature is selectable
- can block more than 4 receivers in advanced mode
- Chuck Norris mode enabled
、
软件名:Autorun Manager
软件版本: 3.5
也就是说:
免费版的有广告、不能启用阻止应用重启、不能修改超过4个receiver、不能启用Chuck Norris模式。
其它3条还算可以接受,唯一不可接受的就是不能修改超过4个receiver这一条。
android应用在AndroidManifest.xml中注册它要使用的receiver,如:
<receiver android:name="com.rs.autorun.AutorunStartupIntentReceiver" android:enabled="false">
<intent-filter android:priority="-1000">
<action android:name="android.intent.action.BOOT_COMPLETED" />
<category android:name="android.intent.category.HOME" />
</intent-filter>
</receiver>
<receiver android:name="com.rs.autorun.misc.InstallReferrerReceiver" android:exported="true">
<intent-filter>
<action android:name="com.android.vending.INSTALL_REFERRER" />
</intent-filter>
</receiver>如android.intent.action.BOOT_COMPLETED 这个receiver就是用于接收开机启动广播的。
而Autorun Manager的禁止程序开机启动的机制正是将相应程序的receiver给禁用,这样,这个程序便不会开机即启动了。android.intent.action.GET_PUSH_VALUE 即是用于推送的,我很果断地把sina weibo的这个receiver给disable了。
关于android broadcast receiver的原理,有兴趣的童鞋可以自行Google.这里不述。
==================================================
2012-08-17 :今天重新把思路整理了一下,并更新了这篇文章。
修改过4个receiver的设置后,这个应用(免费版的)便会提示你使用的免费版,最多只能修改4个receiver.
破解思路:
最多只能修改4个receiver这一限制的破解很简单。在后面的代码中会详细介绍。而另外两个选项:阻止应用重启、启用Chuck Norris模式相对来说就麻烦了一点点。
用apktool反编译出smali文件后,打开res/values/strings.xml和res/values/public.xml查得提示语You need to have PRO key to change more than %1$d receivers的id为0x7f0b0025。
搜索0x7f0b0025,在smali/f/d.smali 文件第341行找到。我这里把相关代码帖出并做些许解释:
# virtual methods
.method public final onCheckedChanged(Landroid/widget/CompoundButton;Z)V
.locals 6
.parameter
.parameter
.prologue
#寄存器v4用来保存最大可禁用的reciever数量(4个)
const/4 v4, 0x4
const/4 v1, 0x0
const/4 v0, 0x1
.line 206
iget-object v2, p0, Lf/d;->jy:Lf/g;
.line 207
#取 h.c.ka的值给v2 (布尔类型)
sget-object v2, Lh/c;->ka:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
#如果h.c.ka的值为真,则跳转到:cond_0
if-nez v2, :cond_0
invoke-static {}, Lcom/rs/autorun/receiver/l;->bJ()I
move-result v2
#如果已经禁用的reciever数量(v2寄存器)小于 4 个(v4寄存器),则跳转到 :cond_0 .
if-lt v2, v4, :cond_0
#Lcom/rs/autorun/receiver/l;->jp 是一个ArrayList
#将jp给v2
sget-object v2, Lcom/rs/autorun/receiver/l;->jp:Ljava/util/ArrayList;
#取得p0对象实例的jy属性丢给v3寄存器
iget-object v3, p0, Lf/d;->jy:Lf/g;
iget-object v3, v3, Lf/g;->jE:Ljava/lang/String;
检查v2对象中是否包含v3对象.(v2 is the "this" instance,v3为参数)
invoke-virtual {v2, v3}, Ljava/util/ArrayList;->contains(Ljava/lang/Object;)Z
move-result v2
#如果不在的话,就跳转到:cond_9
if-eqz v2, :cond_9
.line 209
:cond_0
sget-object v2, Lcom/rs/autorun/receiver/l;->jq:Ljava/util/ArrayList;
iget-object v3, p0, Lf/d;->jz:Lf/a;
iget-object v3, v3, Lf/a;->packageName:Ljava/lang/String;
invoke-virtual {v2, v3}, Ljava/util/ArrayList;->contains(Ljava/lang/Object;)Z
move-result v2
if-eqz v2, :cond_3
iget-object v2, p0, Lf/d;->jy:Lf/g;
iget-object v2, v2, Lf/g;->jE:Ljava/lang/String;
const-string v3, "com.crittercism."
invoke-virtual {v2, v3}, Ljava/lang/String;->startsWith(Ljava/lang/String;)Z
move-result v2
if-nez v2, :cond_3
.line 210
sget-object v2, Lh/l;->LOG_TAG:Ljava/lang/String;
new-instance v3, Ljava/lang/StringBuilder;
const-string v4, "app disable not allowed: "
invoke-direct {v3, v4}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
iget-object v4, p0, Lf/d;->jz:Lf/a;
iget-object v4, v4, Lf/a;->packageName:Ljava/lang/String;
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v3
invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
invoke-static {v2, v3}, Landroid/util/Log;->v(Ljava/lang/String;Ljava/lang/String;)I
.line 212
iget-object v2, p0, Lf/d;->jw:Landroid/content/Context;
const v3, 0x7f0b0031
invoke-virtual {v2, v3}, Landroid/content/Context;->getText(I)Ljava/lang/CharSequence;
move-result-object v2
iget-object v3, p0, Lf/d;->jw:Landroid/content/Context;
invoke-static {v2, v3}, Lh/m;->a(Ljava/lang/CharSequence;Landroid/content/Context;)V
.line 214
iget-object v2, p0, Lf/d;->jA:Landroid/widget/CheckBox;
if-nez p2, :cond_2
:goto_0
invoke-virtual {v2, v0}, Landroid/widget/CheckBox;->setChecked(Z)V
.line 247
:cond_1
:goto_1
return-void
:cond_2
move v0, v1
.line 214
goto :goto_0
.line 215
:cond_3
iget-object v2, p0, Lf/d;->jw:Landroid/content/Context;
invoke-static {v2}, Lcom/rs/autorun/misc/s;->x(Landroid/content/Context;)Lcom/rs/autorun/misc/s;
move-result-object v2
iget-boolean v2, v2, Lcom/rs/autorun/misc/s;->iC:Z
if-nez v2, :cond_5
iget-object v2, p0, Lf/d;->jz:Lf/a;
iget-object v2, v2, Lf/a;->jt:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
if-eqz v2, :cond_5
.line 216
sget-object v2, Lh/l;->LOG_TAG:Ljava/lang/String;
const-string v3, "system disable is not enabled"
invoke-static {v2, v3}, Landroid/util/Log;->v(Ljava/lang/String;Ljava/lang/String;)I
.line 218
iget-object v2, p0, Lf/d;->jA:Landroid/widget/CheckBox;
if-nez p2, :cond_4
:goto_2
invoke-virtual {v2, v0}, Landroid/widget/CheckBox;->setChecked(Z)V
.line 219
iget-object v0, p0, Lf/d;->jw:Landroid/content/Context;
const v1, 0x7f0b0023
invoke-virtual {v0, v1}, Landroid/content/Context;->getString(I)Ljava/lang/String;
move-result-object v0
iget-object v1, p0, Lf/d;->jw:Landroid/content/Context;
invoke-static {v0, v1}, Lh/m;->a(Ljava/lang/CharSequence;Landroid/content/Context;)V
goto :goto_1
:cond_4
move v0, v1
.line 218
goto :goto_2
.line 225
:cond_5
sget-object v2, Lh/l;->LOG_TAG:Ljava/lang/String;
new-instance v3, Ljava/lang/StringBuilder;
const-string v4, "disable item: "
invoke-direct {v3, v4}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
iget-object v4, p0, Lf/d;->jy:Lf/g;
iget-object v4, v4, Lf/g;->packageName:Ljava/lang/String;
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v3
const-string v4, " - "
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v3
iget-object v4, p0, Lf/d;->jy:Lf/g;
iget-object v4, v4, Lf/g;->jE:Ljava/lang/String;
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v3
invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
invoke-static {v2, v3}, Landroid/util/Log;->v(Ljava/lang/String;Ljava/lang/String;)I
.line 226
iget-object v2, p0, Lf/d;->jy:Lf/g;
iget-object v2, v2, Lf/g;->jE:Ljava/lang/String;
const-string v3, "com.crittercism."
invoke-virtual {v2, v3}, Ljava/lang/String;->startsWith(Ljava/lang/String;)Z
move-result v2
if-eqz v2, :cond_6
.line 227
const-string v2, "crittercism is disabled"
invoke-static {v2}, Lcom/flurry/android/f;->c(Ljava/lang/String;)V
.line 230
:cond_6
iget-object v2, p0, Lf/d;->jw:Landroid/content/Context;
invoke-static {v2}, Lh/m;->H(Landroid/content/Context;)Z
move-result v2
if-nez v2, :cond_8
move v2, v0
.line 231
:goto_3
if-eqz v2, :cond_7
.line 232
invoke-static {v0}, Lh/m;->j(Z)V
.line 234
:cond_7
iget-object v3, p0, Lf/d;->jA:Landroid/widget/CheckBox;
iget-object v4, p0, Lf/d;->jy:Lf/g;
invoke-static {p2}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v5
invoke-virtual {v4, v5, v0}, Lf/g;->a(Ljava/lang/Boolean;Z)Z
move-result v0
invoke-virtual {v3, v0}, Landroid/widget/CheckBox;->setChecked(Z)V
.line 235
if-eqz v2, :cond_1
.line 236
invoke-static {v1}, Lh/m;->j(Z)V
goto/16 :goto_1
:cond_8
move v2, v1
.line 230
goto :goto_3
.line 240
:cond_9
sget-object v2, Lh/l;->LOG_TAG:Ljava/lang/String;
const-string v3, "not donated"
invoke-static {v2, v3}, Landroid/util/Log;->v(Ljava/lang/String;Ljava/lang/String;)I
.line 243
iget-object v2, p0, Lf/d;->jw:Landroid/content/Context;
# id 0x7f0b0025
对应: You need to have PRO key to change more than %1$d receivers
const v3, 0x7f0b0025
invoke-virtual {v2, v3}, Landroid/content/Context;->getText(I)Ljava/lang/CharSequence;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/Object;->toString()Ljava/lang/String;
move-result-object v2
new-array v3, v0, [Ljava/lang/Object;
invoke-static {v4}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
move-result-object v4
aput-object v4, v3, v1
invoke-static {v2, v3}, Ljava/lang/String;->format(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;
move-result-object v2
iget-object v3, p0, Lf/d;->jw:Landroid/content/Context;
invoke-static {v2, v3}, Lh/m;->a(Ljava/lang/CharSequence;Landroid/content/Context;)V
.line 245
#取得p0对象的jA给v2寄存器
iget-object v2, p0, Lf/d;->jA:Landroid/widget/CheckBox;
if-nez p2, :cond_a
:goto_4
#设置为已选中状态
invoke-virtual {v2, v0}, Landroid/widget/CheckBox;->setChecked(Z)V
goto/16 :goto_1
:cond_a
move v0, v1
goto :goto_4
.end method
不难看出,:cond_9 处的那小段代码就是显示你不是捐赠用户,不能改变过超过4个receiver.
其实这里要改变这个跳转,有3个地方可以修改。
因为这里的跳转实际上是根据3个条件相与的结果来进行的(要(!c.ka.booleanValue() && l.bJ() >= 4 && !l.jp.contains(jy.jE)) 这个表达式为真才会跳转到执行弹出not donated提示框的代码)。
条件1:如果h.c.ka的值为真,则跳转到:cond_0
条件2:如果已经禁用的reciever数量(v2寄存器)小于 4 个(v4寄存器),则跳转到 :cond_0
if-lt v2, v4, :cond_0
条件3: if-eqz v2, :cond_9
也就是说,代码逻辑是:
if( !condition_1 && !condition_2 && !condition_3 ) 执行提醒捐赠的代码 else 执行正常的保存设置代码
。
最初我采用的破解方法是把 if-eqz v2, :cond_9 这个跳转修改为了 if-nez v2, :cond_9,这样当然是可以的,因为改变任意一个条件都是可以成功的。
现在我采用的破解方法是让“h.c.ka的值为真”,怎么让它为真呢?等下往下看时我会说到。因为这个h.c.ka的值不单单是影响可以修改的receiver的数量,还影响到free版的应用的另外两个选项:阻止应用重启、启用Chuck Norris模式,如果只修改一处地方就能影响到两外以上的跳转(这些跳转正是我们需要的),何乐而不为呢?因此,这里我不再按老方法去修改跳转了。
==================================================
然后再看com\rs\autorun\misc\AutorunPreferencesActivity.smali
因为这个AutorunPreferences是修改配置时的Activity,所以看下它的代码。看它是怎么处理复选框被点击事件的。根据编程经验加上反编译出来的smali代码,可以知道,这个应用只是把pro版的功能给隐匿了,相应的操作代码还是有的。因此,只需要让程序自己觉得是pro版就行了。
这里它对于AutorunPreferencesActivity的事件响应逻辑是这样的:当pro版才能使用的复选框被点击时,判断是否满足相应的条件,不满足的话就弹出提示框,提示此功能只有pro版才能使用。并把复选框的值设置为false.
com\rs\autorun\misc\AutorunPreferencesActivity.smali相关代码:
代码比较多,我这里只帖出关键的:
# interfaces
.implements Landroid/content/SharedPreferences$OnSharedPreferenceChangeListener;
# instance fields
.field private hY:Lcom/rs/autorun/misc/AutorunPreferencesActivity;
.field private hZ:Landroid/preference/CheckBoxPreference;
.field private ia:Landroid/preference/CheckBoxPreference;
.field private ib:Landroid/preference/CheckBoxPreference;
.field private ic:Landroid/preference/CheckBoxPreference;
.field private ie:Landroid/preference/CheckBoxPreference;
.field private if:Landroid/preference/Preference;
.field private ig:Landroid/preference/Preference;
.field private ih:Landroid/preference/Preference;
.field private ii:Landroid/preference/Preference;
.field private ij:Landroid/preference/Preference;
.field private ik:Landroid/preference/Preference;
.field private final il:Lcom/rs/autorun/misc/q;
#
弹出需要pro版才能使用此功能的对话框(调出com/rs/autorun/ui/BuyProVersionActivity)
.method static synthetic a(Lcom/rs/autorun/misc/AutorunPreferencesActivity;)V
.locals 2
.parameter
.prologue
.line 32
new-instance v0, Landroid/content/Intent;
const-class v1, Lcom/rs/autorun/ui/BuyProVersionActivity;
invoke-direct {v0, p0, v1}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
const/high16 v1, 0x4000
invoke-virtual {v0, v1}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
move-result-object v0
const/high16 v1, 0x400
invoke-virtual {v0, v1}, Landroid/content/Intent;->addFlags(I)Landroid/content/Intent;
move-result-object v0
invoke-virtual {p0, v0}, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->startActivity(Landroid/content/Intent;)V
return-void
.end method
#ia (prevent选项) 之getter
.method static synthetic b(Lcom/rs/autorun/misc/AutorunPreferencesActivity;)Landroid/preference/CheckBoxPreference;
.locals 1
.parameter
.prologue
.line 32
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ia:Landroid/preference/CheckBoxPreference;
return-object v0
.end method
#hZ (cnmodeEnabled选项) 之getter
.method static synthetic e(Lcom/rs/autorun/misc/AutorunPreferencesActivity;)Landroid/preference/CheckBoxPreference;
.locals 1
.parameter
.prologue
.line 32
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
return-object v0
.end method
.method protected onCreate(Landroid/os/Bundle;)V 方法这里省略不帖出,它的作用时做一些初始化的操作,如获取应用配置信息prefs,并将结果保存到当前对象的成员变量中。在这个方法的中会执行bC()方法。bC()方法的作用是什么呢?就是设置OnPreferenceClick事件的监听器。我们继续看下面的代码就会知道详细的程序逻辑。
#bC() 方法是关键
.method private bC()V
.locals 7
.prologue
const/4 v4, 0x0
const/4 v0, 0x1
const/4 v1, 0x0
#如果h.c.ka的值为假,就跳转到 :cond_3 , :cond_3 处的代码是干什么用的呢?往下面看,找:cond_3 .
.line 90
sget-object v2, Lh/c;->ka:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
if-eqz v2, :cond_3 #这个跳转是我们所不希望的
#把ia对象的值给v2
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ia:Landroid/preference/CheckBoxPreference;
#设置v2对象的OnPreferenceClick事件监听器为v4( null ) ,这里的代码是我们需要它执行的
invoke-virtual {v2, v4}, Landroid/preference/CheckBoxPreference;->setOnPreferenceClickListener(Landroid/preference/Preference$OnPreferenceClickListener;)V
.line 91
:cond_0
:goto_0
sget-object v2, Lh/c;->ka:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
iget-object v3, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hY:Lcom/rs/autorun/misc/AutorunPreferencesActivity;
#m.c() 方法用于判断设置是否已经root和安**usybox
invoke-static {v3, v1}, Lh/m;->c(Landroid/content/Context;Z)Ljava/lang/Boolean;
move-result-object v3
invoke-virtual {v3}, Ljava/lang/Boolean;->booleanValue()Z
move-result v3
#如果没有root和安**usybox,跳转到:cond_5
if-eqz v3, :cond_5
#如果v2为0 ,也就是说h.c.ka的值为假,直接跳转到 :cond_4
if-eqz v2, :cond_4
#否则,设置com/rs/autorun/misc/AutorunPreferencesActivity;->hZ对象(也就是cnmodeenabled复选框对象)的OnPreferenceClickListener为 v4 (null)
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
invoke-virtual {v2, v4}, Landroid/preference/CheckBoxPreference;->setOnPreferenceClickListener(Landroid/preference/Preference$OnPreferenceClickListener;)V
.line 92
:cond_1
:goto_1
sget-object v2, Lh/c;->ka:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
#又是判断h.c.ka ,如果为假,跳转到:cond_7
if-eqz v2, :cond_7
#否则,是pro版了,禁用pro 选项 ( AutorunPreferencesActivity;->ik 为 pro选项对象),使之处于灰色不可点击状态。
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ik:Landroid/preference/Preference;
invoke-virtual {v2, v1}, Landroid/preference/Preference;->setEnabled(Z)V
sget-object v2, Lh/c;->kb:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
#如果没有安装pro key app ,跳转到 :cond_2
if-eqz v2, :cond_2
#否则,启用hidePro checkbox,使之可点击
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ie:Landroid/preference/CheckBoxPreference;
invoke-virtual {v2, v0}, Landroid/preference/CheckBoxPreference;->setEnabled(Z)V
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ie:Landroid/preference/CheckBoxPreference;
iget-object v3, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hY:Lcom/rs/autorun/misc/AutorunPreferencesActivity;
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
sget-object v5, Lh/l;->PACKAGE_NAME:Ljava/lang/String;
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
const-string v5, ".pro"
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
#v4 的值现在为 com.rs.autorun.pro
move-result-object v4
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
sget-object v6, Lh/l;->PACKAGE_NAME:Ljava/lang/String;
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
const-string v6, ".pro.MainActivity"
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
#v5 的值现在为 com.rs.autorun.pro.MainActivity
move-result-object v5
#m->a() 方法检测 com.rs.autorun.pro包的MainActivity组件是否已经启用。
invoke-static {v3, v4, v5, v0}, Lh/m;->a(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Z)Z
move-result v3
#如果启用了,跳转到:cond_6
if-nez v3, :cond_6
:goto_2
invoke-virtual {v2, v0}, Landroid/preference/CheckBoxPreference;->setChecked(Z)V
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ie:Landroid/preference/CheckBoxPreference;
new-instance v1, Lcom/rs/autorun/misc/j;
invoke-direct {v1, p0}, Lcom/rs/autorun/misc/j;-><init>(Lcom/rs/autorun/misc/AutorunPreferencesActivity;)V
invoke-virtual {v0, v1}, Landroid/preference/CheckBoxPreference;->setOnPreferenceClickListener(Landroid/preference/Preference$OnPreferenceClickListener;)V
.line 93
:cond_2
:goto_3
return-void
#弹出"需要donate版才能使用此功能"对话框
#ia为prevent checkbox对象
.line 90
:cond_3
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ia:Landroid/preference/CheckBoxPreference;
new-instance v3, Lcom/rs/autorun/misc/c;
invoke-direct {v3, p0}, Lcom/rs/autorun/misc/c;-><init>(Lcom/rs/autorun/misc/AutorunPreferencesActivity;)V
#设置prevent checkbox对象(v2)的OnPreferenceClick事件的listener为v3 ( com/rs/autorun/misc/c)
#关于com/rs/autorun/misc/c 类的详细代码,稍后再分析。现在你只需要知道com/rs/autorun/misc/c类的功能就是执行AutorunPreferencesActivity的a()方法,这个a()方法就是我上面帖出来的那个,其功能为调用com/rs/autorun/ui/BuyProVersionActivity
#然后调用android的setChecked方法将被点击的复选框设置为没有选中状态。
invoke-virtual {v2, v3}, Landroid/preference/CheckBoxPreference;->setOnPreferenceClickListener(Landroid/preference/Preference$OnPreferenceClickListener;)V
sget-object v2, Lh/c;->kd:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
if-eqz v2, :cond_0
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ia:Landroid/preference/CheckBoxPreference;
invoke-virtual {v2, v1}, Landroid/preference/CheckBoxPreference;->setChecked(Z)V
goto/16 :goto_0
.line 91
:cond_4
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
new-instance v3, Lcom/rs/autorun/misc/e;
invoke-direct {v3, p0}, Lcom/rs/autorun/misc/e;-><init>(Lcom/rs/autorun/misc/AutorunPreferencesActivity;)V
invoke-virtual {v2, v3}, Landroid/preference/CheckBoxPreference;->setOnPreferenceClickListener(Landroid/preference/Preference$OnPreferenceClickListener;)V
sget-object v2, Lh/c;->kd:Ljava/lang/Boolean;
invoke-virtual {v2}, Ljava/lang/Boolean;->booleanValue()Z
move-result v2
if-eqz v2, :cond_1
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
invoke-virtual {v2, v1}, Landroid/preference/CheckBoxPreference;->setChecked(Z)V
goto/16 :goto_1
:cond_5
iget-object v2, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
invoke-virtual {v2, v1}, Landroid/preference/CheckBoxPreference;->setEnabled(Z)V
goto/16 :goto_1
:cond_6
move v0, v1 #设置v0值为0x0 (false)
.line 92
goto :goto_2
:cond_7
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ik:Landroid/preference/Preference;
new-instance v1, Lcom/rs/autorun/misc/k;
invoke-direct {v1, p0}, Lcom/rs/autorun/misc/k;-><init>(Lcom/rs/autorun/misc/AutorunPreferencesActivity;)V
invoke-virtual {v0, v1}, Landroid/preference/Preference;->setOnPreferenceClickListener(Landroid/preference/Preference$OnPreferenceClickListener;)V
goto :goto_3
.end method
#最后看 onSharedPreferenceChanged方法,这是配置被改变时要触发的事件方法:
.method public onSharedPreferenceChanged(Landroid/content/SharedPreferences;Ljava/lang/String;)V
.locals 4
.parameter
.parameter
.prologue
const/4 v3, 0x0
.line 307
const-string v0, "donator"
invoke-virtual {p2, v0}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_0
.line 308
const-string v0, "donator"
invoke-virtual {p0, v0}, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference;
move-result-object v0
check-cast v0, Landroid/preference/EditTextPreference;
.line 309
invoke-virtual {p0}, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->getApplicationContext()Landroid/content/Context;
move-result-object v1
invoke-static {v3}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v2
invoke-static {v1, v2}, Lh/m;->a(Landroid/content/Context;Ljava/lang/Boolean;)Ljava/lang/Boolean;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/Boolean;->booleanValue()Z
move-result v1
if-eqz v1, :cond_0
.line 310
invoke-virtual {v0}, Landroid/preference/EditTextPreference;->getText()Ljava/lang/String;
move-result-object v0
invoke-virtual {v0}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v0
.line 314
invoke-static {v0, v3}, Lh/c;->a(Ljava/lang/String;Z)Z
.line 317
:cond_0
const-string v0, "cnmodeEnabled"
invoke-virtual {p2, v0}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_2
.line 319
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0}, Landroid/preference/CheckBoxPreference;->isChecked()Z
move-result v0
if-eqz v0, :cond_2
.line 320
invoke-static {}, Lh/j;->bP()Lh/j;
move-result-object v0
const-string v1, "exit"
invoke-virtual {v0, v1}, Lh/j;->A(Ljava/lang/String;)V
.line 321
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ib:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0}, Landroid/preference/CheckBoxPreference;->isChecked()Z
move-result v0
if-eqz v0, :cond_1
.line 322
invoke-virtual {p0, v3}, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->showDialog(I)V
.line 324
:cond_1
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ib:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0, v3}, Landroid/preference/CheckBoxPreference;->setChecked(Z)V
.line 327
:cond_2
const-string v0, "enableSystem"
invoke-virtual {p2, v0}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_4
.line 328
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ib:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0}, Landroid/preference/CheckBoxPreference;->isChecked()Z
move-result v0
if-eqz v0, :cond_4
.line 329
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0}, Landroid/preference/CheckBoxPreference;->isChecked()Z
move-result v0
if-eqz v0, :cond_3
.line 330
invoke-virtual {p0, v3}, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->showDialog(I)V
.line 332
:cond_3
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hZ:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0, v3}, Landroid/preference/CheckBoxPreference;->setChecked(Z)V
.line 335
:cond_4
const-string v0, "enableAdvanced"
invoke-virtual {p2, v0}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_6
.line 336
iget-object v0, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->ic:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0}, Landroid/preference/CheckBoxPreference;->isChecked()Z
move-result v0
if-eqz v0, :cond_5
.line 337
const v0, 0x7f0b005d
invoke-virtual {p0, v0}, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->getText(I)Ljava/lang/CharSequence;
move-result-object v0
iget-object v1, p0, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->hY:Lcom/rs/autorun/misc/AutorunPreferencesActivity;
invoke-static {v0, v1}, Lh/m;->a(Ljava/lang/CharSequence;Landroid/content/Context;)V
.line 339
:cond_5
const/4 v0, 0x1
invoke-virtual {p0, v0}, Lcom/rs/autorun/misc/AutorunPreferencesActivity;->showDialog(I)V
.line 341
:cond_6
return-void
.end method
从上面的代码分析得出,要使用pro版的功能,就要改变其中的某些跳转。而这些跳转的关键flag就是h.c.ka 和 h.c.kb 的值。这两个值起到开关的作用。
打开com.rs.autorun-1\smali\h\c.smali ,由其源码名字Donate.java也可以再次看出这个文件是用于标志此程序是否要启用pro功能的。再次验证了我上面的分析的正确性。
.class public final Lh/c;
.super Ljava/lang/Object;
.source "Donate.java"
# static fields
.field public static ka:Ljava/lang/Boolean;
.field public static kb:Ljava/lang/Boolean;
.field public static kc:Ljava/lang/Boolean;
.field public static kd:Ljava/lang/Boolean;
.field public static ke:Ljava/lang/String;
.field public static kf:I
.field private static kg:Landroid/app/Application;
.field private static final kh:Lh/e;
.field private static ki:Ljava/util/ArrayList;
# direct methods
.method static constructor <clinit>()V
.locals 2
.prologue
#这个就是ka和kb成员变量的默认值了。。。只需要将它修改为 0x1 ,即可达到目的~~
const/4 v1, 0x0
.line 22
invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->ka:Ljava/lang/Boolean;
.line 23
invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->kb:Ljava/lang/Boolean;
.line 24
invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->kc:Ljava/lang/Boolean;
.line 25
invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->kd:Ljava/lang/Boolean;
.line 26
const-string v0, ""
sput-object v0, Lh/c;->ke:Ljava/lang/String;
.line 172
new-instance v0, Lh/e;
invoke-direct {v0, v1}, Lh/e;-><init>(B)V
sput-object v0, Lh/c;->kh:Lh/e;
.line 185
new-instance v0, Ljava/util/ArrayList;
invoke-direct {v0}, Ljava/util/ArrayList;-><init>()V
sput-object v0, Lh/c;->ki:Ljava/util/ArrayList;
return-void
.end method
.method private static C(Landroid/content/Context;)Z
.locals 3
.parameter
.prologue
.line 199
invoke-static {p0}, Landroid/preference/PreferenceManager;->getDefaultSharedPreferences(Landroid/content/Context;)Landroid/content/SharedPreferences;
move-result-object v0
const-string v1, "lcn132"
const-string v2, "" #这里默认是空,修改为pl9812
invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
.line 200
sput-object v0, Lh/c;->ke:Ljava/lang/String;
const-string v1, ""
invoke-virtual {v0, v1}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v0
if-nez v0, :cond_0
const/4 v0, 0x1
:goto_0
return v0
:cond_0
const/4 v0, 0x0
goto :goto_0
.end method
.method public static a(Landroid/app/Application;)V
.locals 0
.parameter
.prologue
.line 36
sput-object p0, Lh/c;->kg:Landroid/app/Application;
.line 37
return-void
.end method
.method public static a(Landroid/os/Handler;)V
.locals 1
.parameter
.prologue
.line 188
sget-object v0, Lh/c;->ki:Ljava/util/ArrayList;
invoke-virtual {v0, p0}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
.line 189
return-void
.end method
.method public static a(Ljava/lang/String;Z)Z
.locals 6
.parameter
.parameter
.prologue
const/4 v2, 0x0
const/4 v1, 0x1
.line 46
sget-object v0, Lh/c;->kg:Landroid/app/Application;
invoke-virtual {v0}, Landroid/app/Application;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v0
sget-object v3, Lh/c;->kg:Landroid/app/Application;
invoke-virtual {v3}, Landroid/app/Application;->getPackageName()Ljava/lang/String;
move-result-object v3
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
sget-object v5, Lh/c;->kg:Landroid/app/Application;
invoke-virtual {v5}, Landroid/app/Application;->getPackageName()Ljava/lang/String;
move-result-object v5
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
#这里是检验com.rs.autorun.pro 包的签名是否和 com.rs.autorun 包一样,由于我们并没有安装com.rs.autorun.pro,因此,这里用一个小技巧,让它和自己比吧
const-string v5, ".pro" #这里由原来的.pro修改为空
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v4
invoke-virtual {v0, v3, v4}, Landroid/content/pm/PackageManager;->checkSignatures(Ljava/lang/String;Ljava/lang/String;)I
move-result v0
#比较签名时,如果结果小于0表示两个包没有相同的签名。这里的意思是,没有相同的签名就跳转到:cond_2
if-ltz v0, :cond_2 #自己的签名肯定是相同的,因此,这里 v0 值为 0 ,不满足条件,不会跳转。这正是我们需要的。
sget-object v0, Lh/c;->kg:Landroid/app/Application;
invoke-virtual {v0}, Landroid/app/Application;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v0
new-instance v3, Ljava/lang/StringBuilder;
invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
sget-object v4, Lh/c;->kg:Landroid/app/Application;
invoke-virtual {v4}, Landroid/app/Application;->getPackageName()Ljava/lang/String;
move-result-object v4
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v3
#下面是判断com.rs.autorun.pro的版本号是否 >= kf ,同样,由于这个包我们并没有安装(这个包就是key app的包),我们再次故技重演。
const-string v4, ".pro" #修改为空字符串
invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v3
invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v3
invoke-static {v0, v3}, Lh/m;->a(Landroid/content/pm/PackageManager;Ljava/lang/String;)I
move-result v0
sget v3, Lh/c;->kf:I
#将 com.rs.autorun.pro的版本号与 h.c.kf 比较
#如果 v0 (com.rs.autorun.pro的版本号) 小于 v3 (h.c.kf),跳转到 :cond_1 ,这个跳转是我们最不想要的。这里我们可以改变跳转或者改变跳转后的代码。由于其代码修改也比较方便,因此,这里我们不修改跳转。
#由于 这里, kf为静态成员变量,初值应该为0 ,相当于把其版本号与0相比较。
if-lt v0, v3, :cond_1 #如果 .pro 包的版本号 小于0,则跳转到 :cond_1
invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->ka:Ljava/lang/Boolean;
const-string v0, ""
sput-object v0, Lh/c;->ke:Ljava/lang/String;
invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->kb:Ljava/lang/Boolean;
sget-object v0, Lh/c;->kg:Landroid/app/Application;
invoke-static {v0}, Lh/f;->b(Landroid/app/Application;)Lh/f;
move-result-object v0
sget-object v3, Lh/c;->kh:Lh/e;
invoke-virtual {v0, v3}, Lh/f;->b(Landroid/os/Handler;)V
:goto_0
sget-object v0, Lh/c;->ka:Ljava/lang/Boolean;
invoke-virtual {v0}, Ljava/lang/Boolean;->booleanValue()Z
move-result v0
if-nez v0, :cond_0
sget-object v0, Lh/m;->lf:Ljava/lang/String;
sget-object v3, Lh/c;->kg:Landroid/app/Application;
invoke-static {v0, v1, v3}, Lh/m;->a(Ljava/lang/CharSequence;ILandroid/content/Context;)V
:cond_0
invoke-static {v1}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
:goto_1
invoke-virtual {v0}, Ljava/lang/Boolean;->booleanValue()Z
move-result v0
if-eqz v0, :cond_4
move v0, v1
.line 54
:goto_2
return v0
.line 46
:cond_1
invoke-static {v2}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean; #v2 为0 ,v1 为 1 ,这里我们修改v2为v1,即使它跳转到这里,也干的是同样的事情~~
move-result-object v0
sput-object v0, Lh/c;->ka:Ljava/lang/Boolean;
const-string v0, ""
sput-object v0, Lh/c;->ke:Ljava/lang/String;
invoke-static {v2}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean; #这里同样修改v2为v1
move-result-object v0
sput-object v0, Lh/c;->kb:Ljava/lang/Boolean;
goto :goto_0
:cond_2
sget-object v0, Lh/c;->kg:Landroid/app/Application;
invoke-static {v0}, Landroid/preference/PreferenceManager;->getDefaultSharedPreferences(Landroid/content/Context;)Landroid/content/SharedPreferences;
move-result-object v0
const-string v3, "lcn132"
const-string v4, ""
invoke-interface {v0, v3, v4}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
const-string v3, "pl9812"
invoke-virtual {v0, v3}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v0
if-eqz v0, :cond_3
sget-object v0, Lh/c;->kg:Landroid/app/Application;
const-string v3, ""
invoke-static {v0, v3}, Lh/c;->j(Landroid/content/Context;Ljava/lang/String;)V
:cond_3
invoke-static {v2}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
goto :goto_1
.line 49
:cond_4
const-string v0, ""
invoke-virtual {p0, v0}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v0
if-nez v0, :cond_5
.line 51
new-instance v0, Lh/d;
invoke-direct {v0, p1}, Lh/d;-><init>(Z)V
new-array v3, v1, [Ljava/lang/String;
aput-object p0, v3, v2
invoke-virtual {v0, v3}, Lh/d;->execute([Ljava/lang/Object;)Landroid/os/AsyncTask;
move v0, v1
.line 52
goto :goto_2
:cond_5
move v0, v2
.line 54
goto :goto_2
.end method
.method static synthetic b(Ljava/lang/String;Z)Ljava/lang/Boolean;
.locals 6
.parameter
.parameter
.prologue
const/4 v5, 0x1
const/4 v0, 0x0
.line 17
sget-object v1, Lh/l;->kQ:Ljava/lang/Boolean;
invoke-virtual {v1}, Ljava/lang/Boolean;->booleanValue()Z
move-result v1
if-nez v1, :cond_0
move p1, v0
:cond_0
invoke-static {v0}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v1
sput-object v1, Lh/c;->kd:Ljava/lang/Boolean;
if-eqz p1, :cond_2
sget-object v1, Lh/c;->kg:Landroid/app/Application;
invoke-static {v1}, Lh/c;->C(Landroid/content/Context;)Z
move-result v1
if-eqz v1, :cond_2
invoke-static {}, Ljava/lang/Math;->random()D
move-result-wide v1
const-wide v3, 0x3feccccccccccccdL
cmpg-double v1, v1, v3
if-gez v1, :cond_2
invoke-static {v5}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->ka:Ljava/lang/Boolean;
:cond_1
:goto_0
sget-object v0, Lh/c;->ka:Ljava/lang/Boolean;
return-object v0
:cond_2
sget-object v1, Lh/c;->kg:Landroid/app/Application;
invoke-static {v0}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v2
invoke-static {v1, v2}, Lh/m;->a(Landroid/content/Context;Ljava/lang/Boolean;)Ljava/lang/Boolean;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/Boolean;->booleanValue()Z
move-result v1
if-eqz v1, :cond_4
invoke-static {v5}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v1
sput-object v1, Lh/c;->kd:Ljava/lang/Boolean;
new-instance v1, Ljava/util/ArrayList;
const/4 v2, 0x2
invoke-direct {v1, v2}, Ljava/util/ArrayList;-><init>(I)V
new-instance v2, Lorg/apache/http/message/BasicNameValuePair;
const-string v3, "email"
invoke-direct {v2, v3, p0}, Lorg/apache/http/message/BasicNameValuePair;-><init>(Ljava/lang/String;Ljava/lang/String;)V
invoke-interface {v1, v2}, Ljava/util/List;->add(Ljava/lang/Object;)Z
sget-object v2, Lh/l;->lb:Ljava/lang/String;
invoke-static {v2, v1}, Lh/m;->a(Ljava/lang/String;Ljava/util/List;)Ljava/lang/String;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v2
const-string v3, ""
invoke-virtual {v2, v3}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v2
if-nez v2, :cond_3
sget-object v2, Lh/l;->lb:Ljava/lang/String;
const-string v3, "http://andrs.w3pla.net/"
invoke-virtual {v2, v3}, Ljava/lang/String;->startsWith(Ljava/lang/String;)Z
move-result v2
if-eqz v2, :cond_3
const-string v2, "#!name#!="
invoke-virtual {v1, v2}, Ljava/lang/String;->startsWith(Ljava/lang/String;)Z
move-result v2
if-eqz v2, :cond_3
invoke-static {v5}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->ka:Ljava/lang/Boolean;
invoke-virtual {v1}, Ljava/lang/String;->trim()Ljava/lang/String;
move-result-object v0
const-string v1, "#!name#!="
const-string v2, ""
invoke-virtual {v0, v1, v2}, Ljava/lang/String;->replaceFirst(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
sput-object v0, Lh/c;->ke:Ljava/lang/String;
:goto_1
sget-object v0, Lh/c;->kg:Landroid/app/Application;
sget-object v1, Lh/c;->ke:Ljava/lang/String;
invoke-static {v0, v1}, Lh/c;->j(Landroid/content/Context;Ljava/lang/String;)V
goto :goto_0
:cond_3
invoke-static {v0}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean; #这里改用v5
move-result-object v0
sput-object v0, Lh/c;->ka:Ljava/lang/Boolean;
const-string v0, "" #这里应该是注册者的email,随便填写吧
sput-object v0, Lh/c;->ke:Ljava/lang/String;
goto :goto_1
:cond_4
sget-object v0, Lh/c;->kg:Landroid/app/Application;
invoke-static {v0}, Lh/c;->C(Landroid/content/Context;)Z
move-result v0
if-eqz v0, :cond_1 #这个跳转也可以改一下的
invoke-static {v5}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;
move-result-object v0
sput-object v0, Lh/c;->ka:Ljava/lang/Boolean;
goto/16 :goto_0
.end method
.method static synthetic bL()V
.locals 6
.prologue
.line 17
sget-object v0, Lh/c;->ki:Ljava/util/ArrayList;
invoke-virtual {v0}, Ljava/util/ArrayList;->iterator()Ljava/util/Iterator;
move-result-object v1
:goto_0
invoke-interface {v1}, Ljava/util/Iterator;->hasNext()Z
move-result v0
if-eqz v0, :cond_0
invoke-interface {v1}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v0
check-cast v0, Landroid/os/Handler;
const/4 v2, 0x0
const/4 v3, 0x0
const/16 v4, 0x52c
const/4 v5, 0x2
invoke-static {v2, v3, v4, v5}, Landroid/os/Message;->obtain(Landroid/os/Handler;III)Landroid/os/Message;
move-result-object v2
invoke-virtual {v0, v2}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
goto :goto_0
:cond_0
return-void
.end method
.method static synthetic bM()Landroid/app/Application;
.locals 1
.prologue
.line 17
sget-object v0, Lh/c;->kg:Landroid/app/Application;
return-object v0
.end method
.method public static j(Landroid/content/Context;Ljava/lang/String;)V
.locals 2
.parameter
.parameter
.prologue
.line 210
invoke-static {p0}, Landroid/preference/PreferenceManager;->getDefaultSharedPreferences(Landroid/content/Context;)Landroid/content/SharedPreferences;
move-result-object v0
invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;
move-result-object v0
.line 211
const-string v1, "lcn132"
invoke-interface {v0, v1, p1}, Landroid/content/SharedPreferences$Editor;->putString(Ljava/lang/String;Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;
.line 212
invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->commit()Z
.line 213
return-void
.end method
到此,4个receiver的限制就算解除了。阻止应用重启、启用Chuck Norris模式也可以启用了。
重新打包,签名,安装。
可以看到“Get Pro"按钮已经是灰色的了。
”防止重启"复选框也可以选择了。
下载:
com.rs.autorun-cracked-by-hywd.apk
2012-10-28 更新:
新版(3.6版)已破解程序:
com.rs.autorun-cracked-signed.apk
[培训]《安卓高级研修班(网课)》月薪三万计划,掌 握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
嗯嗯,我只是懂得一点皮毛了,您要多多指教啊~~
 ps:今天又重新破解了一次,等下班后我再更新帖子~~ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
