今天我反编译一个APK,发现它使用的TF加密卡验证..
1. 手机必须使用它给我TF加密卡,才可以登陆进去!
2. 反编译以后发现它登陆时候的代码和加密解密的代码全部写成 OS 文件.
我想请问大神,有什么解决办法没有?
1. 复制TF卡? 我不需要里面是什么东西,但是要里面的数据,可以在写到任何一张TF卡上可以使用.
2. OS 文件有办法修改没有? 汇编?[难度系数太大]
3. 修改 Smali 代码是否可以跳过TF卡验证?
4. 或者还其他的解决办法!!!!
请大神说说......谢谢.!下面是代码请大神告诉,是否可以跳过TF卡验证这块.谢谢........
#==========================================
# Jd-Gui 所看到的代码
#==========================================
public boolean verifyPIN()
{
Message localMessage = new Message();
localMessage.what = 30001;
XxX.App.Data.ConstData.loginCount = 1 + XxX.App.Data.ConstData.loginCount;
if (XxX.App.Data.ConstData.loginCount > 3)
{
localMessage.what = 30003;
localMessage.obj = "已经连续3次错误,按取消退出";
this.handler.sendMessage(localMessage);
return false;
}
String str1 = this.etUserId.getText().toString();
if ((str1 == null) || (str1.equals("")))
{
localMessage.what = 30003;
localMessage.obj = "请输入帐号";
this.handler.sendMessage(localMessage);
return false;
}
String str2 = this.etPin.getText().toString();
if ((str2 == null) || (str2.equals("")))
{
localMessage.what = 30003;
localMessage.obj = "请输入密码";
this.handler.sendMessage(localMessage);
return false;
}
#==========================================
# 这个是OS封装好的函数
#==========================================
[COLOR="Red"] DeviceManager localDeviceManager = new DeviceManager(this);
try
{
boolean bool;
switch (localDeviceManager.sdOpen())
{
default:
this.cardSN = localDeviceManager.getSN();
if (this.debugNoVerifyPIN)
bool = true;
break;
case 70:
case 71:
case 72:
}
do
{
if (bool)
{
if (localDeviceManager.readCert() == null)
break label525;
String str3 = localDeviceManager.getJH();
Log.i("ccc", str3 + " wo qu ");
if (!str3.equals(this.etUserId.getText().toString()))
break;
XxX.App.Data.ConstData.loginTag = true;
}[/COLOR]
localMessage.what = 30004;
localMessage.obj = "登陆成功";
this.handler.sendMessage(localMessage);
XxX.App.Data.ConstData.loginCount = 0;
return true;
localMessage.what = 30003;
localMessage.obj = "请检查是否插入加密卡";
this.handler.sendMessage(localMessage);
return false;
localMessage.what = 30003;
localMessage.obj = "请检查是否安装加密卡驱动";
this.handler.sendMessage(localMessage);
return false;
localMessage.what = 30003;
localMessage.obj = "打开加密卡出现错误";
this.handler.sendMessage(localMessage);
return false;
bool = localDeviceManager.checkPin(str2);
if ((!bool) && (XxX.App.Data.ConstData.loginCount == 3))
{
localMessage.what = 30003;
localMessage.obj = "已经连续3次错误,按取消退出";
this.handler.sendMessage(localMessage);
return false;
}
}
while (bool);
localMessage.what = 30003;
localMessage.obj = "密码错误";
this.handler.sendMessage(localMessage);
return false;
localMessage.what = 30003;
localMessage.obj = "帐号错误,请确认输入正确的帐号";
this.handler.sendMessage(localMessage);
return false;
label525: localMessage.what = 30003;
localMessage.obj = "未导入合法证书的加密卡";
this.handler.sendMessage(localMessage);
return false;
}
catch (Exception localException)
{
Log.e("SetAPN", localException.toString());
localMessage.what = 30003;
localMessage.obj = "异常";
this.handler.sendMessage(localMessage);
return false;
}
finally
{
localDeviceManager.sdClose();
}
}
}
#==========================================
# Smali 引用
#==========================================
package XxXxX;
import android.os.Environment;
public class XxXxXGAPI
{
static
{
System.loadLibrary("XxXxXAPI");
}
public XxXxXAPI()
{
XxXxXSetSdPath(Environment.getExternalStorageDirectory() + "/");
}
#==========================================
# Smali 所看到的代码
#==========================================
.method public verifyPIN()Z
.locals 14
.prologue
const/4 v13, 0x3
const/4 v10, 0x1
const/16 v12, 0x7533
const/4 v9, 0x0
.line 943
new-instance v3, Landroid/os/Message;
invoke-direct {v3}, Landroid/os/Message;-><init>()V
.line 945
.local v3, m:Landroid/os/Message;
const/16 v11, 0x7531
iput v11, v3, Landroid/os/Message;->what:I
.line 946
sget v11, LXxX/App/Data/ConstData;->loginCount:I
add-int/lit8 v11, v11, 0x1
sput v11, LXxX/App/Data/ConstData;->loginCount:I
.line 947
sget v11, LXxX/App/Data/ConstData;->loginCount:I
if-le v11, v13, :cond_0
.line 948
iput v12, v3, Landroid/os/Message;->what:I
.line 949
const-string v10, "\u5df2\u7ecf\u8fde\u7eed3\u6b21\u9519\u8bef\uff0c\u6309\u53d6\u6d88\u9000\u51fa"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 950
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
.line 1056
:goto_0
return v9
.line 953
:cond_0
iget-object v11, p0, LXxX/App/Login/LoginForm;->etUserId:Landroid/widget/EditText;
invoke-virtual {v11}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v11
invoke-virtual {v11}, Ljava/lang/Object;->toString()Ljava/lang/String;
move-result-object v4
.line 954
.local v4, password:Ljava/lang/String;
if-eqz v4, :cond_1
const-string v11, ""
invoke-virtual {v4, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v11
if-eqz v11, :cond_2
.line 955
:cond_1
iput v12, v3, Landroid/os/Message;->what:I
.line 956
const-string v10, "\u8bf7\u8f93\u5165\u5e10\u53f7"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 957
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
goto :goto_0
.line 960
:cond_2
iget-object v11, p0, LXxX/App/Login/LoginForm;->etPin:Landroid/widget/EditText;
invoke-virtual {v11}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v11
invoke-virtual {v11}, Ljava/lang/Object;->toString()Ljava/lang/String;
move-result-object v5
.line 961
.local v5, pin:Ljava/lang/String;
if-eqz v5, :cond_3
const-string v11, ""
invoke-virtual {v5, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v11
if-eqz v11, :cond_4
.line 962
:cond_3
iput v12, v3, Landroid/os/Message;->what:I
.line 963
const-string v10, "\u8bf7\u8f93\u5165\u5bc6\u7801"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 964
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
goto :goto_0
.line 967
:cond_4
new-instance v1, Lhdzb/DeviceManager;
invoke-direct {v1, p0}, Lhdzb/DeviceManager;-><init>(Landroid/content/Context;)V
.line 970
.local v1, dm:Lhdzb/DeviceManager;
:try_start_0
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdOpen()I
move-result v6
.line 971
.local v6, returnValue:I
packed-switch v6, :pswitch_data_0
.line 991
invoke-virtual {v1}, Lhdzb/DeviceManager;->getSN()Ljava/lang/String;
move-result-object v11
iput-object v11, p0, LXxX/App/Login/LoginForm;->cardSN:Ljava/lang/String;
.line 992
const/4 v8, 0x0
.line 994
.local v8, verifyPin:Z
iget-boolean v11, p0, LXxX/App/Login/LoginForm;->debugNoVerifyPIN:Z
if-eqz v11, :cond_7
.line 999
const/4 v8, 0x1
.line 1018
:cond_5
if-eqz v8, :cond_6
.line 1019
invoke-virtual {v1}, Lhdzb/DeviceManager;->readCert()Ljava/security/cert/X509Certificate;
move-result-object v0
.line 1020
.local v0, cert:Ljava/security/cert/X509Certificate;
if-eqz v0, :cond_a
.line 1021
invoke-virtual {v1}, Lhdzb/DeviceManager;->getJH()Ljava/lang/String;
move-result-object v7
.line 1023
.local v7, userId:Ljava/lang/String;
const-string v11, "ccc"
new-instance v12, Ljava/lang/StringBuilder;
invoke-direct {v12}, Ljava/lang/StringBuilder;-><init>()V
invoke-virtual {v12, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v12
const-string v13, " wo qu "
invoke-virtual {v12, v13}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v12
invoke-virtual {v12}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v12
invoke-static {v11, v12}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
.line 1025
iget-object v11, p0, LXxX/App/Login/LoginForm;->etUserId:Landroid/widget/EditText;
invoke-virtual {v11}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v11
invoke-virtual {v11}, Ljava/lang/Object;->toString()Ljava/lang/String;
move-result-object v11
invoke-virtual {v7, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v11
if-eqz v11, :cond_9
.line 1026
const/4 v11, 0x1
sput-boolean v11, LXxX/App/Data/ConstData;->loginTag:Z
.line 1043
.end local v0 #cert:Ljava/security/cert/X509Certificate;
.end local v7 #userId:Ljava/lang/String;
:cond_6
const/16 v11, 0x7534
iput v11, v3, Landroid/os/Message;->what:I
.line 1044
const-string v11, "\u767b\u9646\u6210\u529f"
iput-object v11, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 1046
iget-object v11, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v11, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
.line 1047
const/4 v11, 0x0
sput v11, LXxX/App/Data/ConstData;->loginCount:I
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
move v9, v10
goto/16 :goto_0
.line 973
.end local v8 #verifyPin:Z
:pswitch_0
const/16 v10, 0x7533
:try_start_1
iput v10, v3, Landroid/os/Message;->what:I
.line 974
const-string v10, "\u8bf7\u68c0\u67e5\u662f\u5426\u63d2\u5165\u52a0\u5bc6\u5361"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 975
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_0
.catch Ljava/lang/Exception; {:try_start_1 .. :try_end_1} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.line 978
:pswitch_1
const/16 v10, 0x7533
:try_start_2
iput v10, v3, Landroid/os/Message;->what:I
.line 979
const-string v10, "\u8bf7\u68c0\u67e5\u662f\u5426\u5b89\u88c5\u52a0\u5bc6\u5361\u9a71\u52a8"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 980
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.catch Ljava/lang/Exception; {:try_start_2 .. :try_end_2} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.line 983
:pswitch_2
const/16 v10, 0x7533
:try_start_3
iput v10, v3, Landroid/os/Message;->what:I
.line 984
const-string v10, "\u6253\u5f00\u52a0\u5bc6\u5361\u51fa\u73b0\u9519\u8bef"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 985
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_3
.catchall {:try_start_3 .. :try_end_3} :catchall_0
.catch Ljava/lang/Exception; {:try_start_3 .. :try_end_3} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.line 1002
.restart local v8 #verifyPin:Z
:cond_7
:try_start_4
invoke-virtual {v1, v5}, Lhdzb/DeviceManager;->checkPin(Ljava/lang/String;)Z
move-result v8
.line 1003
if-nez v8, :cond_8
sget v11, LXxX/App/Data/ConstData;->loginCount:I
if-ne v11, v13, :cond_8
.line 1004
const/16 v10, 0x7533
iput v10, v3, Landroid/os/Message;->what:I
.line 1005
const-string v10, "\u5df2\u7ecf\u8fde\u7eed3\u6b21\u9519\u8bef\uff0c\u6309\u53d6\u6d88\u9000\u51fa"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 1006
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_4
.catchall {:try_start_4 .. :try_end_4} :catchall_0
.catch Ljava/lang/Exception; {:try_start_4 .. :try_end_4} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.line 1010
:cond_8
if-nez v8, :cond_5
.line 1011
const/16 v10, 0x7533
:try_start_5
iput v10, v3, Landroid/os/Message;->what:I
.line 1012
const-string v10, "\u5bc6\u7801\u9519\u8bef"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 1013
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_5
.catchall {:try_start_5 .. :try_end_5} :catchall_0
.catch Ljava/lang/Exception; {:try_start_5 .. :try_end_5} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.line 1028
.restart local v0 #cert:Ljava/security/cert/X509Certificate;
.restart local v7 #userId:Ljava/lang/String;
:cond_9
const/16 v10, 0x7533
:try_start_6
iput v10, v3, Landroid/os/Message;->what:I
.line 1029
const-string v10, "\u5e10\u53f7\u9519\u8bef\uff0c\u8bf7\u786e\u8ba4\u8f93\u5165\u6b63\u786e\u7684\u5e10\u53f7"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 1030
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_6
.catchall {:try_start_6 .. :try_end_6} :catchall_0
.catch Ljava/lang/Exception; {:try_start_6 .. :try_end_6} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.line 1035
.end local v7 #userId:Ljava/lang/String;
:cond_a
const/16 v10, 0x7533
:try_start_7
iput v10, v3, Landroid/os/Message;->what:I
.line 1036
const-string v10, "\u672a\u5bfc\u5165\u5408\u6cd5\u8bc1\u4e66\u7684\u52a0\u5bc6\u5361"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 1037
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_7
.catchall {:try_start_7 .. :try_end_7} :catchall_0
.catch Ljava/lang/Exception; {:try_start_7 .. :try_end_7} :catch_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.line 1049
.end local v0 #cert:Ljava/security/cert/X509Certificate;
.end local v6 #returnValue:I
.end local v8 #verifyPin:Z
:catch_0
move-exception v2
.line 1050
.local v2, ex:Ljava/lang/Exception;
:try_start_8
const-string v10, "SetAPN"
invoke-virtual {v2}, Ljava/lang/Exception;->toString()Ljava/lang/String;
move-result-object v11
invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1051
const/16 v10, 0x7533
iput v10, v3, Landroid/os/Message;->what:I
.line 1052
const-string v10, "\u5f02\u5e38"
iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;
.line 1053
iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;
invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
:try_end_8
.catchall {:try_start_8 .. :try_end_8} :catchall_0
.line 1056
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
goto/16 :goto_0
.end local v2 #ex:Ljava/lang/Exception;
:catchall_0
move-exception v9
invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V
throw v9
.line 971
:pswitch_data_0
.packed-switch 0x46
:pswitch_0
:pswitch_1
:pswitch_2
.end packed-switch
.end method
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课