本帖最后由 Super817 于 2016-1-31 14:36 编辑
問題回報:
=======LuckyPatchSign Ver1.0=======
适用范?:
1.Java?通?getPackageManager().getPackageInfo.signatures??取?名信息;
2.Native方法/DLL/Lua?本等通??取Java的context/Activity?象,反射?用getPackageInfo等??取?名;
3.首先?取apk的路?,定位到META-INF\*.RSA文件,?取其中的?名信息;
自我?得Lucky的几率Patch的方式?上到下依次降低!!
方法收集于网?,只是整合了一下!!Feat 小白、空道!!
Good Lucky!! 更多?迎?注新浪微博 @人生?NG
方式一:substrate框架libhooksig By空道
方式二:重??承?packageInfo和PackageManager By小白
方式三:重??承?,重置Sign信息;
方式四:??定位到具体RSA文件路??取?名的??方式;
??入 1,2,3,4 ??? Patch 的方式:
2
?取到的程序的包名:
com.magv.play
======反??操作======
I: 使用 ShakaApktool 2.0.0-RC4-1.2-20150410
I: 使用 Apktool 2.0.0-RC4 反編譯 magv185.apk
I: 正在加載資源列表...
I: 反編譯 AndroidManifest.xml 與資源...
I: 正在從框架文件載入資源列表: C:\Users\EaZy\apktool\framework\1.apk
I: 常規資源列表...
I: 反編譯資源文件...
I: 反編譯 values?? */* XMLs...
I: 反編譯 classes.dex...
testI: 複製 assets 和 libs...
I: 複製未知文件...
I: 複製原始文件...
======反??apk成功======
======?取的程序??信息======
?程序?Application
程序??的主Acitivity??:com.magv.play.GLLoading
======?取正版?名信息======
正版的?名信息?:3082022f30820198a00302010202044fcf0067300d06092a864886f70d0101050500305b310b30090603
55040613025457310b3009060355040813025457310f300d06035504071306746169706569310d300b060355040a13046d61
67763110300e060355040b1307616e64726f6964310d300b060355040313046d6167763020170d3132303630363037303135
395a180f32303637303331303037303135395a305b310b3009060355040613025457310b3009060355040813025457310f30
0d06035504071306746169706569310d300b060355040a13046d6167763110300e060355040b1307616e64726f6964310d30
0b060355040313046d61677630819f300d06092a864886f70d010101050003818d0030818902818100a9b7db0497aab84e10
8c9c0baaddb6f497fe793cadcb504d01cb224d9a449e8c33c4fe4eb2a84fb60eefb558b23ad7616cfc07b95ef13b636dac3b
e0416ad809a4e9d1abe239e12765c0527f6dfab11a9c057437903cec84e945b2a091500e14de624237d9fe26bb76804fdb18
c13b5e35efe761fe4fb710172a8863699609670203010001300d06092a864886f70d01010505000381810091ce55cfc834f2
3daf7ab5a3c3ed533c7b21d903322b4563d14376cde9377477689be91b9e93b28864aa8a78b0fe111717b81e84151cc4bf08
9bb3195a362c02a12eb283f06ccff37999c5725b1f162f9e77e48a5712e3b8ea9963ee27beb0a71c7341daea735a52f8bf74
e6de1e13e5a60d9e8bb9d915fcad608747ca7280f9
======?始复制文件======
目的目?不存在,准??建。。。
目的目?不存在,准??建。。。
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\Diaoyong.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MainActivity.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MyAPP.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MyContext.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MyContextWrapper.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MypackageInfo$1.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MypackageInfo.smali
正在复制:C:\Sign\SDK\ByXiaobai\smali\com\example\hook\MypackageManger.smali
复制Smali文件成功!
======在???中添加?承======
程序??的主Acitivity??:com.magv.play.GLLoading
在???中添加引用方法成功!
======修改外引用?的包名和?名信息======
更?正版?名信息成功!
======Smali修改完成======
回??及?名...
I: 使用 ShakaApktool 2.0.0-RC4-1.2-20150410
I: 使用 Apktool 2.0.0-RC4
I: 編譯 smali 到 classes.dex...
=============================
反編譯 已簽名的APK
查看 MypackageInfo.smali
.class public Lcom/example/hook/MypackageInfo;
.super Landroid/content/pm/PackageInfo;
.source "MypackageInfo.java"
# static fields
.field public static final INSTALL_LOCATION_AUTO:I = 0x0
.field public static final INSTALL_LOCATION_INTERNAL_ONLY:I = 0x1
.field public static final INSTALL_LOCATION_PREFER_EXTERNAL:I = 0x2
.field public static final INSTALL_LOCATION_UNSPECIFIED:I = -0x1
# instance fields
.field public activities:[Landroid/content/pm/ActivityInfo;
.field public applicationInfo:Landroid/content/pm/ApplicationInfo;
.field public configPreferences:[Landroid/content/pm/ConfigurationInfo;
.field public firstInstallTime:J
.field public gids:[I
.field public installLocation:I
.field public instrumentation:[Landroid/content/pm/InstrumentationInfo;
.field public lastUpdateTime:J
.field public packageName:Ljava/lang/String;
.field public permissions:[Landroid/content/pm/PermissionInfo;
.field public providers:[Landroid/content/pm/ProviderInfo;
.field public receivers:[Landroid/content/pm/ActivityInfo;
.field public reqFeatures:[Landroid/content/pm/FeatureInfo;
.field public requestedPermissions:[Ljava/lang/String;
.field public services:[Landroid/content/pm/ServiceInfo;
.field public sharedUserId:Ljava/lang/String;
.field public sharedUserLabel:I
.field public versionCode:I
.field public versionName:Ljava/lang/String;
# direct methods
.method public constructor <init>(Ljava/lang/String;)V
.locals 4
.param p1, "string" # Ljava/lang/String;
.prologue
const/4 v0, 0x1
.line 21
invoke-direct {p0}, Landroid/content/pm/PackageInfo;-><init>()V
.line 215
iput v0, p0, Lcom/example/hook/MypackageInfo;->installLocation:I
.line 22
iput-object p1, p0, Lcom/example/hook/MypackageInfo;->packageName:Ljava/lang/String;
.line 23
new-array v0, v0, [Landroid/content/pm/Signature;
iput-object v0, p0, Lcom/example/hook/MypackageInfo;->signatures:[Landroid/content/pm/Signature;
.line 24
iget-object v0, p0, Lcom/example/hook/MypackageInfo;->signatures:[Landroid/content/pm/Signature;
const/4 v1, 0x0
new-instance v2, Lcom/example/hook/MypackageInfo$1;
.line 25
const-string v3, "308202c9308201b1a003020102020428e9dc2f300d06092a864886f70d01010b05003015311330110603550403130a477265617420546f776e301e170d3134313031343038343133315a170d3339313030383038343133315a3015311330110603550403130a477265617420546f776e30820122300d06092a864886f70d01010105000382010f003082010a028201010095abf94f6404c70a375b1264d026be2b56c2efa2336155b4810ab78eb7d29291364527aa4e2c20e7c5a34d62642810f3fa1745ffff456975b0525cc7a542371c4d9cfc1e80c834351e0c45144def39ad4d6f4ba651450feb7abe9fabf90fd1d4bfe740a12b9e1065ec34f9a62ede0fe26faa3f674a52029f28999b57e243e2212409dc124bb10b7744c391e6ea8a449732b780587f8ccaf6a660ab8a7e53c0db2c7c1668af266e6ca4a3471fb0da9b069776fc830e9503044c139a585637ad0a15fe6721c04d5fd30731481433573d8c0fdd02861829e223eebc0c05cf89213f4d2053be0f78a8e8127ffe7c3a9b0a94d80e60659f0b0911bc35d5195b0616d10203010001a321301f301d0603551d0e041604149b1c251d751ca61020f2db0dd2355789a76e8d51300d06092a864886f70d01010b05000382010100040243e2abf253632ffca821391064e447af1c26c0d4972d5a880f47c71af6cf00697feafb841a92ddfc95878ea7133b69ff264b23edc2e29453bc078a6e44b42b9d0c92f6fdc49f1047e79360a787fb1fd6c42cf8c82723bf22bfbf433b1c1e504ca07e923db396b86fc0534b93f852fba53b67f907c0582b85eb716e46c282a232eeb83c017ac868e8bff7a88c84bc67cde407048d03e9043cac7a27b9cceb9b521ee022d6e2b35a44015e450c817efbf08c894f677a99d7ce538150c66b87cd4e1c5b2fd024eb27454e6d556b3d678b73910c4fcd905d0b73c2468c979a5a12ad3ad4ac339c9a21e960954e8b6b0a8ee440082e2d9fc622bacf78ba2aff02"
invoke-direct {v2, p0, v3}, Lcom/example/hook/MypackageInfo$1;-><init>(Lcom/example/hook/MypackageInfo;Ljava/lang/String;)V
.line 24
aput-object v2, v0, v1
.line 41
sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;
const-string v1, "开始调用签名"
invoke-virtual {v0, v1}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V
.line 42
return-void
.end method
.method public constructor <init>(Ljava/lang/String;Landroid/content/pm/PackageInfo;)V
.locals 1
.param p1, "string" # Ljava/lang/String;
.param p2, "oldInfopac" # Landroid/content/pm/PackageInfo;
.prologue
.line 45
invoke-direct {p0}, Landroid/content/pm/PackageInfo;-><init>()V
.line 215
const/4 v0, 0x1
iput v0, p0, Lcom/example/hook/MypackageInfo;->installLocation:I
.line 46
return-void
.end method
更?正版?名信息成功??
正版簽名信息與MypackageInfo.smali檔案內容不一樣
==================================
程序??的主Acitivity??:com.magv.play.GLLoading
在???中添加引用方法成功!
添加引用方法錯誤
# virtual methods
.method public getPackageManager()Landroid/content/pm/PackageManager;
.locals 2
.prologue
new-instance v0, Lhehe/NewPackageManager;
invoke-super {p0}, Landroid/app/Application;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v1
invoke-direct {v0, v1}, Lhehe/NewPackageManager;-><init>(Landroid/content/pm/PackageManager;)V
return-object v0
.end method
.method protected onCreate(Landroid/os/Bundle;)V
.locals 9
|