首页
社区
课程
招聘
[求助]Apk反编译 发现 超级难度问题!!
发表于: 2014-11-30 03:17 10237

[求助]Apk反编译 发现 超级难度问题!!

2014-11-30 03:17
10237
今天我反编译一个APK,发现它使用的TF加密卡验证..

  1. 手机必须使用它给我TF加密卡,才可以登陆进去!

  2. 反编译以后发现它登陆时候的代码和加密解密的代码全部写成 OS 文件.

我想请问大神,有什么解决办法没有?

   1. 复制TF卡? 我不需要里面是什么东西,但是要里面的数据,可以在写到任何一张TF卡上可以使用.

  2. OS 文件有办法修改没有? 汇编?[难度系数太大]

  3. 修改 Smali 代码是否可以跳过TF卡验证?

  4. 或者还其他的解决办法!!!!

请大神说说......谢谢.!


下面是代码请大神告诉,是否可以跳过TF卡验证这块.谢谢........


#==========================================
#           Jd-Gui 所看到的代码
#==========================================

  public boolean verifyPIN()
  {
    Message localMessage = new Message();
    localMessage.what = 30001;
    XxX.App.Data.ConstData.loginCount = 1 + XxX.App.Data.ConstData.loginCount;
    if (XxX.App.Data.ConstData.loginCount > 3)
    {
      localMessage.what = 30003;
      localMessage.obj = "已经连续3次错误,按取消退出";
      this.handler.sendMessage(localMessage);
      return false;
    }
    String str1 = this.etUserId.getText().toString();
    if ((str1 == null) || (str1.equals("")))
    {
      localMessage.what = 30003;
      localMessage.obj = "请输入帐号";
      this.handler.sendMessage(localMessage);
      return false;
    }
    String str2 = this.etPin.getText().toString();
    if ((str2 == null) || (str2.equals("")))
    {
      localMessage.what = 30003;
      localMessage.obj = "请输入密码";
      this.handler.sendMessage(localMessage);
      return false;
    }
#==========================================
#          这个是OS封装好的函数
#==========================================
[COLOR="Red"]    DeviceManager localDeviceManager = new DeviceManager(this); 
    try
    {
      boolean bool;
      switch (localDeviceManager.sdOpen())
      {
      default:
        this.cardSN = localDeviceManager.getSN();
        if (this.debugNoVerifyPIN)
          bool = true;
        break;
      case 70:
      case 71:
      case 72:
      }
      do
      {
        if (bool)
        {
          if (localDeviceManager.readCert() == null)
            break label525;
          String str3 = localDeviceManager.getJH();
          Log.i("ccc", str3 + " wo qu ");
          if (!str3.equals(this.etUserId.getText().toString()))
            break;
          XxX.App.Data.ConstData.loginTag = true;
        }[/COLOR]
        localMessage.what = 30004;
        localMessage.obj = "登陆成功";
        this.handler.sendMessage(localMessage);
        XxX.App.Data.ConstData.loginCount = 0;
        return true;
        localMessage.what = 30003;
        localMessage.obj = "请检查是否插入加密卡";
        this.handler.sendMessage(localMessage);
        return false;
        localMessage.what = 30003;
        localMessage.obj = "请检查是否安装加密卡驱动";
        this.handler.sendMessage(localMessage);
        return false;
        localMessage.what = 30003;
        localMessage.obj = "打开加密卡出现错误";
        this.handler.sendMessage(localMessage);
        return false;
        bool = localDeviceManager.checkPin(str2);
        if ((!bool) && (XxX.App.Data.ConstData.loginCount == 3))
        {
          localMessage.what = 30003;
          localMessage.obj = "已经连续3次错误,按取消退出";
          this.handler.sendMessage(localMessage);
          return false;
        }
      }
      while (bool);
      localMessage.what = 30003;
      localMessage.obj = "密码错误";
      this.handler.sendMessage(localMessage);
      return false;
      localMessage.what = 30003;
      localMessage.obj = "帐号错误,请确认输入正确的帐号";
      this.handler.sendMessage(localMessage);
      return false;
      label525: localMessage.what = 30003;
      localMessage.obj = "未导入合法证书的加密卡";
      this.handler.sendMessage(localMessage);
      return false;
    }
    catch (Exception localException)
    {
      Log.e("SetAPN", localException.toString());
      localMessage.what = 30003;
      localMessage.obj = "异常";
      this.handler.sendMessage(localMessage);
      return false;
    }
    finally
    {
      localDeviceManager.sdClose();
    }
  }
}


#==========================================
#           Smali 引用
#==========================================
package XxXxX;

import android.os.Environment;

public class XxXxXGAPI
{
  static
  {
    System.loadLibrary("XxXxXAPI");
  }

  public XxXxXAPI()
  {
    XxXxXSetSdPath(Environment.getExternalStorageDirectory() + "/");
  }


#==========================================
#           Smali 所看到的代码
#==========================================
.method public verifyPIN()Z
    .locals 14

    .prologue
    const/4 v13, 0x3

    const/4 v10, 0x1

    const/16 v12, 0x7533

    const/4 v9, 0x0

    .line 943
    new-instance v3, Landroid/os/Message;

    invoke-direct {v3}, Landroid/os/Message;-><init>()V

    .line 945
    .local v3, m:Landroid/os/Message;
    const/16 v11, 0x7531

    iput v11, v3, Landroid/os/Message;->what:I

    .line 946
    sget v11, LXxX/App/Data/ConstData;->loginCount:I

    add-int/lit8 v11, v11, 0x1

    sput v11, LXxX/App/Data/ConstData;->loginCount:I

    .line 947
    sget v11, LXxX/App/Data/ConstData;->loginCount:I

    if-le v11, v13, :cond_0

    .line 948
    iput v12, v3, Landroid/os/Message;->what:I

    .line 949
    const-string v10, "\u5df2\u7ecf\u8fde\u7eed3\u6b21\u9519\u8bef\uff0c\u6309\u53d6\u6d88\u9000\u51fa"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 950
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z

    .line 1056
    :goto_0
    return v9

    .line 953
    :cond_0
    iget-object v11, p0, LXxX/App/Login/LoginForm;->etUserId:Landroid/widget/EditText;

    invoke-virtual {v11}, Landroid/widget/EditText;->getText()Landroid/text/Editable;

    move-result-object v11

    invoke-virtual {v11}, Ljava/lang/Object;->toString()Ljava/lang/String;

    move-result-object v4

    .line 954
    .local v4, password:Ljava/lang/String;
    if-eqz v4, :cond_1

    const-string v11, ""

    invoke-virtual {v4, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v11

    if-eqz v11, :cond_2

    .line 955
    :cond_1
    iput v12, v3, Landroid/os/Message;->what:I

    .line 956
    const-string v10, "\u8bf7\u8f93\u5165\u5e10\u53f7"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 957
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z

    goto :goto_0

    .line 960
    :cond_2
    iget-object v11, p0, LXxX/App/Login/LoginForm;->etPin:Landroid/widget/EditText;

    invoke-virtual {v11}, Landroid/widget/EditText;->getText()Landroid/text/Editable;

    move-result-object v11

    invoke-virtual {v11}, Ljava/lang/Object;->toString()Ljava/lang/String;

    move-result-object v5

    .line 961
    .local v5, pin:Ljava/lang/String;
    if-eqz v5, :cond_3

    const-string v11, ""

    invoke-virtual {v5, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v11

    if-eqz v11, :cond_4

    .line 962
    :cond_3
    iput v12, v3, Landroid/os/Message;->what:I

    .line 963
    const-string v10, "\u8bf7\u8f93\u5165\u5bc6\u7801"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 964
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z

    goto :goto_0

    .line 967
    :cond_4
    new-instance v1, Lhdzb/DeviceManager;

    invoke-direct {v1, p0}, Lhdzb/DeviceManager;-><init>(Landroid/content/Context;)V

    .line 970
    .local v1, dm:Lhdzb/DeviceManager;
    :try_start_0
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdOpen()I

    move-result v6

    .line 971
    .local v6, returnValue:I
    packed-switch v6, :pswitch_data_0

    .line 991
    invoke-virtual {v1}, Lhdzb/DeviceManager;->getSN()Ljava/lang/String;

    move-result-object v11

    iput-object v11, p0, LXxX/App/Login/LoginForm;->cardSN:Ljava/lang/String;

    .line 992
    const/4 v8, 0x0

    .line 994
    .local v8, verifyPin:Z
    iget-boolean v11, p0, LXxX/App/Login/LoginForm;->debugNoVerifyPIN:Z

    if-eqz v11, :cond_7

    .line 999
    const/4 v8, 0x1

    .line 1018
    :cond_5
    if-eqz v8, :cond_6

    .line 1019
    invoke-virtual {v1}, Lhdzb/DeviceManager;->readCert()Ljava/security/cert/X509Certificate;

    move-result-object v0

    .line 1020
    .local v0, cert:Ljava/security/cert/X509Certificate;
    if-eqz v0, :cond_a

    .line 1021
    invoke-virtual {v1}, Lhdzb/DeviceManager;->getJH()Ljava/lang/String;

    move-result-object v7

    .line 1023
    .local v7, userId:Ljava/lang/String;
    const-string v11, "ccc"

    new-instance v12, Ljava/lang/StringBuilder;

    invoke-direct {v12}, Ljava/lang/StringBuilder;-><init>()V

    invoke-virtual {v12, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v12

    const-string v13, " wo qu "

    invoke-virtual {v12, v13}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v12

    invoke-virtual {v12}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v12

    invoke-static {v11, v12}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I

    .line 1025
    iget-object v11, p0, LXxX/App/Login/LoginForm;->etUserId:Landroid/widget/EditText;

    invoke-virtual {v11}, Landroid/widget/EditText;->getText()Landroid/text/Editable;

    move-result-object v11

    invoke-virtual {v11}, Ljava/lang/Object;->toString()Ljava/lang/String;

    move-result-object v11

    invoke-virtual {v7, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v11

    if-eqz v11, :cond_9

    .line 1026
    const/4 v11, 0x1

    sput-boolean v11, LXxX/App/Data/ConstData;->loginTag:Z

    .line 1043
    .end local v0           #cert:Ljava/security/cert/X509Certificate;
    .end local v7           #userId:Ljava/lang/String;
    :cond_6
    const/16 v11, 0x7534

    iput v11, v3, Landroid/os/Message;->what:I

    .line 1044
    const-string v11, "\u767b\u9646\u6210\u529f"

    iput-object v11, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 1046
    iget-object v11, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v11, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z

    .line 1047
    const/4 v11, 0x0

    sput v11, LXxX/App/Data/ConstData;->loginCount:I
    :try_end_0
    .catchall {:try_start_0 .. :try_end_0} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    move v9, v10

    goto/16 :goto_0

    .line 973
    .end local v8           #verifyPin:Z
    :pswitch_0
    const/16 v10, 0x7533

    :try_start_1
    iput v10, v3, Landroid/os/Message;->what:I

    .line 974
    const-string v10, "\u8bf7\u68c0\u67e5\u662f\u5426\u63d2\u5165\u52a0\u5bc6\u5361"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 975
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_1
    .catchall {:try_start_1 .. :try_end_1} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_1 .. :try_end_1} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .line 978
    :pswitch_1
    const/16 v10, 0x7533

    :try_start_2
    iput v10, v3, Landroid/os/Message;->what:I

    .line 979
    const-string v10, "\u8bf7\u68c0\u67e5\u662f\u5426\u5b89\u88c5\u52a0\u5bc6\u5361\u9a71\u52a8"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 980
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_2
    .catchall {:try_start_2 .. :try_end_2} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_2 .. :try_end_2} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .line 983
    :pswitch_2
    const/16 v10, 0x7533

    :try_start_3
    iput v10, v3, Landroid/os/Message;->what:I

    .line 984
    const-string v10, "\u6253\u5f00\u52a0\u5bc6\u5361\u51fa\u73b0\u9519\u8bef"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 985
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_3
    .catchall {:try_start_3 .. :try_end_3} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_3 .. :try_end_3} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .line 1002
    .restart local v8       #verifyPin:Z
    :cond_7
    :try_start_4
    invoke-virtual {v1, v5}, Lhdzb/DeviceManager;->checkPin(Ljava/lang/String;)Z

    move-result v8

    .line 1003
    if-nez v8, :cond_8

    sget v11, LXxX/App/Data/ConstData;->loginCount:I

    if-ne v11, v13, :cond_8

    .line 1004
    const/16 v10, 0x7533

    iput v10, v3, Landroid/os/Message;->what:I

    .line 1005
    const-string v10, "\u5df2\u7ecf\u8fde\u7eed3\u6b21\u9519\u8bef\uff0c\u6309\u53d6\u6d88\u9000\u51fa"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 1006
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_4
    .catchall {:try_start_4 .. :try_end_4} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_4 .. :try_end_4} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .line 1010
    :cond_8
    if-nez v8, :cond_5

    .line 1011
    const/16 v10, 0x7533

    :try_start_5
    iput v10, v3, Landroid/os/Message;->what:I

    .line 1012
    const-string v10, "\u5bc6\u7801\u9519\u8bef"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 1013
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_5
    .catchall {:try_start_5 .. :try_end_5} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_5 .. :try_end_5} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .line 1028
    .restart local v0       #cert:Ljava/security/cert/X509Certificate;
    .restart local v7       #userId:Ljava/lang/String;
    :cond_9
    const/16 v10, 0x7533

    :try_start_6
    iput v10, v3, Landroid/os/Message;->what:I

    .line 1029
    const-string v10, "\u5e10\u53f7\u9519\u8bef\uff0c\u8bf7\u786e\u8ba4\u8f93\u5165\u6b63\u786e\u7684\u5e10\u53f7"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 1030
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_6
    .catchall {:try_start_6 .. :try_end_6} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_6 .. :try_end_6} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .line 1035
    .end local v7           #userId:Ljava/lang/String;
    :cond_a
    const/16 v10, 0x7533

    :try_start_7
    iput v10, v3, Landroid/os/Message;->what:I

    .line 1036
    const-string v10, "\u672a\u5bfc\u5165\u5408\u6cd5\u8bc1\u4e66\u7684\u52a0\u5bc6\u5361"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 1037
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_7
    .catchall {:try_start_7 .. :try_end_7} :catchall_0
    .catch Ljava/lang/Exception; {:try_start_7 .. :try_end_7} :catch_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .line 1049
    .end local v0           #cert:Ljava/security/cert/X509Certificate;
    .end local v6           #returnValue:I
    .end local v8           #verifyPin:Z
    :catch_0
    move-exception v2

    .line 1050
    .local v2, ex:Ljava/lang/Exception;
    :try_start_8
    const-string v10, "SetAPN"

    invoke-virtual {v2}, Ljava/lang/Exception;->toString()Ljava/lang/String;

    move-result-object v11

    invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I

    .line 1051
    const/16 v10, 0x7533

    iput v10, v3, Landroid/os/Message;->what:I

    .line 1052
    const-string v10, "\u5f02\u5e38"

    iput-object v10, v3, Landroid/os/Message;->obj:Ljava/lang/Object;

    .line 1053
    iget-object v10, p0, LXxX/App/Login/LoginForm;->handler:Landroid/os/Handler;

    invoke-virtual {v10, v3}, Landroid/os/Handler;->sendMessage(Landroid/os/Message;)Z
    :try_end_8
    .catchall {:try_start_8 .. :try_end_8} :catchall_0

    .line 1056
    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    goto/16 :goto_0

    .end local v2           #ex:Ljava/lang/Exception;
    :catchall_0
    move-exception v9

    invoke-virtual {v1}, Lhdzb/DeviceManager;->sdClose()V

    throw v9

    .line 971
    :pswitch_data_0
    .packed-switch 0x46
        :pswitch_0
        :pswitch_1
        :pswitch_2
    .end packed-switch
.end method

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (2)
雪    币: 465
活跃值: (398)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
能上传上来研究一下
2014-11-30 08:14
0
雪    币: 190
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
每人知道吗?大神们!
2014-12-8 06:03
0
游客
登录 | 注册 方可回帖
返回
//