下面我们来具体说一说具体的操作流程,
第一步当然是打开软件,我们来汇编分析一下,
接下来我们看一看程序的入口点
来到入口点之后,我们来看一看程序的创建方法,
为了测试需要,我们现在我们的安卓模拟器里安装一份并打开,
头一次打开就是这个样子的显示未授权字样
接下来我们回到软件中来查找位置授权这几个字的字样
如果没有找到的话,我们就切换到unicode代码,
看来我们的人品还不错,已经找到了三哥,
下面我们每一个去看一看,
下面我们尝试下来对它进行手术操作,
上面的这个程序中不能显示java源码,下面我们换一个就换改之理吧
package com.linkin.base.bean;
import com.linkin.base.utils.ab;
import java.io.EOFException;
import java.io.InterruptedIOException;
import java.net.ConnectException;
import java.net.ProtocolException;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.cert.CertificateException;
public class HttpStatusCode
{
public static final int SC_BAD_GATEWAY = 502;
public static final int SC_BAD_REQUEST = 400;
public static final int SC_CERTIFICATE_EXCEPTION = 594;
public static final int SC_CONNECT_EXCEPTION = 597;
public static final int SC_CONNECT_TIMEOUT = 598;
public static final int SC_EOF_EXCEPTION = 591;
public static final int SC_FORBIDDEN = 403;
public static final int SC_GATEWAY_TIMEOUT = 504;
public static final int SC_HTTP_REQUEST_FAIL = 596;
public static final int SC_ILLEGAL_URL = 999;
public static final int SC_INTERNAL_SERVER_ERROR = 500;
public static final int SC_MOVED_TEMPORARILY = 302;
public static final int SC_NOT_FOUND = 404;
public static final int SC_NOT_IMPLEMENTED = 501;
public static final int SC_NOT_MODIFIED = 304;
public static final int SC_NO_CONTENT = 204;
public static final int SC_OK = 200;
public static final int SC_PARTIAL_CONTENT = 206;
public static final int SC_PROTOCOL_EXCEPTION = 407;
public static final int SC_REPEAT_REQUEST = 603;
public static final int SC_RSP_FAIL = 600;
private static final String SC_RSP_FAIL_MSG = ab.a(false, "2cEzRmeeeNqYsJvmGXO2PgZEG+XJrZcAVv4V6urESQylm3B/HD1YJUIKIGvFWE2Vt1RYMVm1OBHSg8S+eHAb9xfKEIUQPQm++X+RJB4zHoQnDduAwSHH5tCZJq1ks4BSXRXMwDDTSmQDimk80ffWG1s0Y/8g7TkJ2QOozb2/EwJgYcj4QovEtuVKxu8XSl5vSgtLEAHdKKhcBpyCXJx7xTSzoGmwbuboZeL6E90vDo5Upsfr8DTiC6rW1aTRDOou0+gLM8+YqRdwSqMvjyPO+tXWnTXstLUK5BpGqPqeOQf1WBk91rWA+o71Mb+jWUmyd3m9vldAD1Nk3F+MieamNWTw9EZQ6aj1b4E1P8STTWo=", 48);
public static final int SC_SERVICE_UNAVAILABLE = 503;
public static final int SC_SOCKET_TIMEOUT = 599;
public static final int SC_SSLHANDSHAKE_EXCEPTION = 595;
public static final int SC_SSLPEERUNVERIFIED_EXCEPTION = 593;
public static final int SC_THIRD_API_FAIL = 601;
private static final String SC_THIRD_API_FAIL_MSG = ab.a(false, "Apjc9K1jFRPKA023OsgzXNA5y8rFf+zG43sZeRU5NpMZwogMAg6iSwe/E9Aj9kBBMnxjFe81IeORt9T6cjrsMGWVp8mup7tlGc6cBuRHY+F9l2//7EPGIjYl5TBPDO4FjUgtjyCLaSORYRXfkvO1AVtYioM01kYcZu64Wyp7nPLz7UiK1AfFYR3OkpZ2J3fCoHagYfCZb1PinKvQPGqgglsohBmpmy4vdydCpOuke4MfSoowSxw6A7dMNbxfJCfT", 48);
public static final int SC_THIRD_API_SUCCESS = 602;
private static final String SC_THIRD_API_SUCCESS_MSG = ab.a(false, "2cEzRmeeeNqYsJvmGXO2PgZEG+XJrZcAVv4V6urESQylm3B/HD1YJUIKIGvFWE2Vt1RYMVm1OBHSg8S+eHAb9xfKEIUQPQm++X+RJB4zHoQM6Rezb1HEwW+dAnzHg5PWwH+ijs8O+t7Jt/ENiefEBEywCacqzKsJuJhnlhAbhK2PSlYst4Xbvj/2b4CfbaQH", 48);
public static final int SC_UNAUTHORIZED = 401;
public static final int SC_UNKNOWNHOST_EXCEPTION = 592;
public static int getExceptionCode(String paramString)
{
int i = 596;
if ((paramString.contains(SocketTimeoutException.class.getName())) || (paramString.contains(InterruptedIOException.class.getName()))) {
i = 599;
}
for (;;)
{
return i;
if (paramString.contains(ConnectException.class.getName())) {
i = 597;
} else if (paramString.contains(ProtocolException.class.getName())) {
i = 407;
} else if (paramString.contains(SSLHandshakeException.class.getName())) {
i = 595;
} else if (paramString.contains(CertificateException.class.getName())) {
i = 594;
} else if (paramString.contains(SSLPeerUnverifiedException.class.getName())) {
i = 593;
} else if (paramString.contains(UnknownHostException.class.getName())) {
i = 592;
} else if (paramString.contains(EOFException.class.getName())) {
i = 591;
}
}
}
public static String getHttpStatusMsg(int paramInt)
{
String str = "";
switch (paramInt)
{
}
for (;;)
{
return str;
str = "��������������������";
continue;
str = "��������������������";
continue;
str = "���������� URL ����";
continue;
str = "����������������";
continue;
str = "����������������";
continue;
str = "����������������";
continue;
str = "����������������";
continue;
str = "����������������������������";
continue;
str = "������������������������������";
continue;
str = "������������������������������������";
continue;
str = "������������������";
continue;
str = "������������������";
continue;
str = "��������������������������������";
continue;
str = "����������";
continue;
str = "��������IO����";
continue;
str = "������������";
continue;
str = "Https����������������������������������������������������������";
continue;
str = "Https��������";
continue;
str = "Https��������������������������������������";
continue;
str = "Received HTTP_PROXY_AUTH (407) code while not using proxy��������������������������������������������������";
continue;
str = "����������Socket��������";
continue;
str = SC_RSP_FAIL_MSG;
continue;
str = SC_THIRD_API_FAIL_MSG;
continue;
str = SC_THIRD_API_SUCCESS_MSG;
continue;
str = "��������������������������������1s����������������������������������������������������������";
continue;
str = "������������������";
continue;
str = "����������";
continue;
str = "��������������������������������������������������";
}
}
}
我们看到了上面的java源码,从源码中我们分析,唯一能够跳出跳转判断的语句就只有一条,下面我们便进行修改
:sswitch_1a 这个能够跳出所有的判断,所以我们把其他的几个都改成这个,尝试一下能不能解除这个限制,
.method private a(Ljava/lang/Object;I)V
.locals 3
.prologue
.line 154
iget-object v0, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
iget-object v1, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
invoke-virtual {v0, v1}, Lcom/linkin/tv/AuthActivity;->a(Landroid/app/Activity;)Ljava/lang/Boolean;
move-result-object v0
invoke-virtual {v0}, Ljava/lang/Boolean;->booleanValue()Z
move-result v0
.line 172
:goto_0
return-void
.line 158
:cond_0
if-nez p1, :cond_1
.line 159
iget-object v0, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
const-string/jumbo v1, "\u901a\u8baf\u5f02\u5e38\u65e0\u6cd5\u6388\u6743!"
invoke-static {v0, v1}, Lcom/linkin/tv/AuthActivity;->a(Lcom/linkin/tv/AuthActivity;Ljava/lang/String;)V
goto :goto_0
.line 162
:cond_1
check-cast p1, Lcom/linkin/common/entity/AuthResult;
.line 163
invoke-static {}, Lcom/linkin/livedata/manager/f;->a()Lcom/linkin/livedata/manager/f;
move-result-object v0
invoke-virtual {v0, p1}, Lcom/linkin/livedata/manager/f;->a(Lcom/linkin/common/entity/AuthResult;)V
.line 164
iget-object v0, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
invoke-static {v0}, Lcom/linkin/tv/AuthActivity;->a(Lcom/linkin/tv/AuthActivity;)V
.line 165
invoke-static {}, Lcom/linkin/livedata/manager/f;->a()Lcom/linkin/livedata/manager/f;
move-result-object v0
invoke-virtual {v0}, Lcom/linkin/livedata/manager/f;->c()Z
move-result v0
.line 166
new-instance v0, Landroid/content/Intent;
iget-object v1, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
invoke-static {v1}, Lcom/linkin/tv/AuthActivity;->b(Lcom/linkin/tv/AuthActivity;)Landroid/content/Context;
move-result-object v1
const-class v2, Lcom/linkin/tv/IndexActivity;
invoke-direct {v0, v1, v2}, Landroid/content/Intent;->(Landroid/content/Context;Ljava/lang/Class;)V
.line 167
iget-object v1, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
invoke-virtual {v1, v0}, Lcom/linkin/tv/AuthActivity;->startActivity(Landroid/content/Intent;)V
.line 168
iget-object v0, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
invoke-virtual {v0}, Lcom/linkin/tv/AuthActivity;->finish()V
goto :goto_0
.line 170
:cond_2
iget-object v0, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
new-instance v1, Ljava/lang/StringBuilder;
invoke-direct {v1}, Ljava/lang/StringBuilder;->()V
const-string/jumbo v2, "\u8f6f\u4ef6\u672a\u6388\u6743,\u9519\u8bef\u7801:"
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
iget-object v2, p0, Lcom/linkin/tv/AuthActivity$a;->a:Lcom/linkin/tv/AuthActivity;
invoke-static {v2}, Lcom/linkin/tv/AuthActivity;->c(Lcom/linkin/tv/AuthActivity;)Lcom/linkin/livedata/manager/f;
move-result-object v2
invoke-virtual {v2}, Lcom/linkin/livedata/manager/f;->g()I
move-result v2
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v1
invoke-static {v0, v1}, Lcom/linkin/tv/AuthActivity;->a(Lcom/linkin/tv/AuthActivity;Ljava/lang/String;)V
goto :goto_0
.end method
我们就修改成修改成上面这样