Rabbit Unknown
Posts Tags Categories
Rabbit Unknown

Contents

Cracking Duoduomao VIP

 included in security reverse
   409 words   2 minutes 
Contents

I am going to show off my skills and seek glory in my love, so I will make a simple arrangement for the reverse thinking here.

Drag into JADX, search string directly VIP Targeting org.noear.ddcat.controller.a.aq.

    public void onStart() {
        // ...
        String replace = z.b(R.string.format_live_days).replace("{num}", cc.i);
        if (cc.e > 0) {
            CharSequence charSequence = cc.e > 1 ? "SVIP" : "VIP";
            this.d.setText(charSequence + " LV" + cc.f + "  " + replace);
        // ...
        } else {
            this.d.setText("LV" + cc.f + "  " + replace);
            this.c.setTextColor(cd.b().b);
        }

It can be seen that the string displayed on the VIP level on the home page is being processed here. this cc.e Must be VIP level. and this cc.e Where is it? can be found from the import statement cc is imported org.noear.ddcat.dao.cc kind.

public final class cc {
    public static long a = e.a.getLong("userID", 0);
    // ...
    public static int e = e.a("isVip");
    public static int f = e.a("level");
    // ...
    static String m;

    public static void a() {

The string features here are also obvious, e is the VIP level, and f is the user level. we continue to search cc.e where it is assigned. Searching for assignment statements There are two methods here. The easiest is of course to search in the decompiled code cc.e =. But in this case, methods that fail in class assignment or decompilation will not be retrieved. So I choose to search for smali here. Use the following regular statements to search the directory unpacked by apktool:

sput v[0-9]+, Lorg/noear/ddcat/dao/cc;->e:I

Locate to three categories, org.noear.ddcat.dao.a.u org.noear.ddcat.dao.a.w and org.noear.ddcat.dao.a.x. Replace the searched statement together with the context (mainly the part of calling the function to obtain the VIP level) as follows, so that the VIP level and user level are always 3.

    const/4 v1, 0x3

    sput v1, Lorg/noear/ddcat/dao/cc;->f:I

    const/4 v1, 0x3

    sput v1, Lorg/noear/ddcat/dao/cc;->e:I

Then apktool package and sign it.

Easter egg: VIP level and name [Slant Eyes]

case 1: return "VIP";
case 2: return "SVIP";
case 3: return "SSVIP";
case 201: return "MVP";
case 300: return "SMVP";
case 301: return "DMVP";
case 302: return "SMVP";
case 306: return "TMVP";
case 310: return "master";
case 311: return "developer";
case 312: return "spreader";
case 313: return "supporter";
case 314: return "container";
case 315: return "servicer";
case 316: return "translator";
case 321: return "女神";
case 322: return "可愛";
case 323: return "女仆";
case 331: return "男神";
case 332: return "强壮";
case 333: return "男仆";
default: return "VIP";
Updated on 2017-11-10
 androidcase-studymobile-security
Back | Home