一直没有找到合适的种子下载器,偶尔看到一个匆匆下载器,试了下解析成功率相当高,但是是要付费的,我这种穷逼,拿来的钱,所以就打算逆向下,看看
第一步分析
- 打开APKTool,分析改APK,结果发现居然加密,是用梆梆加密的
- 关于如何破解梆梆加密请看我这篇文章App“梆梆加固”破解
第二部开始分析,关键代码
-
我们把源码dum出来之后,使用 dexjar,打开
image
-
源码全部看到啦
-
我们通过
ACTIVITY TOP获取播放界面的完整类名,和路径
image
这里我么就看到了,他的包名,和当前Activity的完整路径,接下在我们就去找AdvancedPlayActivity这个类 -
然后我们根据他的提示语去搜索,找到关键代码
这个是游客登录的限制逻辑
image
这个是vip逻辑的限制
image
- 有了关键代买,我们就好办了,我们分析,他这个逻辑都是在一个叫做,
startPositionTimer方法里面被调用,我们只需要hook住这个方法,替换这个方法,替换成一个空实现不就ok了
public class Man implements IXposedHookLoadPackage {
private static final String FILTER_PKGNAME = "com.congcong.dl.application";
private static final String BAI_DU_PKGNAME = "com.congcong.dl.application.widget.BDCloudVideoView";
private static final String AD_PKGNAME = "com.congcong.dl.application.cc.bar.AdvancedMediaController";
private static final String LOG_PKGNAME = "android.util.Log";
@Override
public void handleLoadPackage(final LoadPackageParam loadPackageParam) throws Throwable {
Log.e("handleLoadPackage", loadPackageParam.packageName);
if (FILTER_PKGNAME.equals(loadPackageParam.packageName)) {
//这里是为了解决app多dex进行hook的问题,Xposed默认是hook主dex
XposedHelpers
.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Log.e("handleLoadPackage", "afterHookedMethod");
final ClassLoader cl = ((Context) param.args[0]).getClassLoader();
XposedHelpers.findAndHookMethod("com.congcong.dl.application.cc.AdvancedPlayActivity", cl, "onCreate", Bundle.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Log.e("handleLoadPackage", "onCreate");
//获取当前hook的activity
final Activity thisObject = (Activity) param.thisObject;
Uri data = thisObject.getIntent().getData();
Log.e("handleLoadPackage",data.toString());
final Class<?> aClass = cl.loadClass(AD_PKGNAME);
//hook AdvancedMediaController 中 startPositionTimer方法并且替换为空实现
XposedHelpers.findAndHookMethod(aClass, "startPositionTimer",
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam)
throws Throwable {
Toast.makeText(thisObject,"hook,成功!",Toast.LENGTH_SHORT).show();
Log.e("handleLoadPackage", "replaceHookedMethod");
return null;
}
});
}
});
}
});
}
}
}
这样就可以无限制的看了,代码已经上传github地址,在xposted 里面搜索匆匆就可以使用该插件了
网友评论