本帖最后由 水波摇曳 于 2015-1-26 09:27 编辑
这款游戏是帮朋友破解的
下面是破解过程:
1、游戏中的购买流程如下:
点击那个小红叉,返回以后下面会提示“用户取消购买”:
搜索“用户取消购买”的Unicode码,得到下面的结果:
此时的文件树如下所示:
通过浏览文件树里的各个smali类,定位到道具的购买操作的方法:
在smali的修改之后如下:
[Java] 纯文本查看 复制代码 .......
invoke-virtual {p0, p2}, Lcom/idreamsky/gamecenter/payment/PaymentAPI;->findItemByIdentifier(Ljava/lang/String;)Lcom/idreamsky/gamecenter/resource/Item;
move-result-object v4
.line 309
goto :cond_1 //////////始终跳到:cond_1
.line 310
const-string v0, "\u672a\u53d1\u73b0\u9053\u5177"
invoke-virtual {v3, v0}, Lcom/idreamsky/gc/DGCInternal;->makeToast(Ljava/lang/String;)V
.line 353
:cond_0
:goto_0
return-void
.line 313
:cond_1
invoke-virtual {p0, p2}, Lcom/idreamsky/gamecenter/payment/PaymentAPI;->isProductOwned(Ljava/lang/String;)Z
move-result v0
.line 314
#if-eqz v0, :cond_3 ////////////这个外跳注释掉
.line 315
iget-object v0, v4, Lcom/idreamsky/gamecenter/resource/Item;->product:Lcom/idreamsky/gamecenter/resource/Product;
iget v0, v0, Lcom/idreamsky/gamecenter/resource/Product;->type:I
goto :cond_2 //////////始终跳到:cond_2
iget-object v0, v4, Lcom/idreamsky/gamecenter/resource/Item;->product:Lcom/idreamsky/gamecenter/resource/Product;
iget v0, v0, Lcom/idreamsky/gamecenter/resource/Product;->type:I
const/4 v5, 0x2
if-ne v0, v5, :cond_3
.line 316
:cond_2
iget-object v0, p0, Lcom/idreamsky/gamecenter/payment/PaymentAPI;->a:Lcom/idreamsky/gamecenter/payment/PaymentDelegate;
////////////////////////////往外的跳注释掉
#if-eqz v0, :cond_0
.line 317
iget-object v0, p0, Lcom/idreamsky/gamecenter/payment/PaymentAPI;->a:Lcom/idreamsky/gamecenter/payment/PaymentDelegate;
invoke-static {v4}, Lcom/idreamsky/gamecenter/payment/PaymentAPI;->toPayableProduct(Lcom/idreamsky/gamecenter/resource/Item;)Lcom/idreamsky/gamecenter/payment/PayableProduct;
move-result-object v1
///////////////////////始终走这个流程
invoke-virtual {v0, v1}, Lcom/idreamsky/gamecenter/payment/PaymentDelegate;->onProductPurchased(Lcom/idreamsky/gamecenter/payment/PayableProduct;)V
.line 318
iget-object v0, p0, Lcom/idreamsky/gamecenter/payment/PaymentAPI;->a:Lcom/idreamsky/gamecenter/payment/PaymentDelegate;
invoke-static {v4}, Lcom/idreamsky/gamecenter/payment/PaymentAPI;->toPayableProduct(Lcom/idreamsky/gamecenter/resource/Item;)Lcom/idreamsky/gamecenter/payment/PayableProduct;
move-result-object v1
.line 319
const-string v2, ""
.line 318
invoke-virtual {v0, v1, p3, p4, v2}, Lcom/idreamsky/gamecenter/payment/PaymentDelegate;->onProductPurchased(Lcom/idreamsky/gamecenter/payment/PayableProduct;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V
goto :goto_0
........
我们再次见识到了 owned 的伟大..
隐藏几天,不然你们都不回复
支持论坛啊
完了
| 
[复制链接]
好好学习,多谢哈!
