章鱼奶爸(Octodad Dadliest Catch)
去除google play未安装弹窗
GooglePlayServicesUtil.getErrorDialog方法的返回值修改为null;这个游戏是在so里面通过反射方式调用了这个方法
// package com.google.android.gms.common.GooglePlayServicesUtil @Deprecated public static Dialog getErrorDialog(int arg1, Activity arg2, int arg3) { return GooglePlayServicesUtil.getErrorDialog(arg1, arg2, arg3, null); } @Deprecated public static Dialog getErrorDialog(int arg1, Activity arg2, int arg3, DialogInterface$OnCancelListener arg4) { return GooglePlayServicesUtil.zza(arg1, arg2, null, arg3, arg4); } Fabulous(美妙的生活)
- \Fabulous_307\smali\co\thefabulous\app\ui\activity\OnBoardingActivity.java
- \Fabulous_307\smali\com\google\android\gms\common ErrorDialogFragment.smali 和 SupportErrorDialogFragment.smali里面的show方法注释掉
代码中的英文
翻译成中文后进行Unicode编码复制过去
Quantum Revenge(量子复仇)
签名校验
搜索获取签名的代码(packageinfo、signature)找到smali中关键代码段,然后定位到了com.realtechvr.v3x.AppActivity的onCreate方法:
protected void onCreate(Bundle arg11) { PackageInfo v0_3; int v9 = 3; int v0 = 0; String v1 = null; Logger.v("AppActivity", "onCreate"); AppActivity.o = this; this.I = this.getWindow().getDecorView(); super.onCreate(arg11); if(this.getExternalFilesDir(v1) == null) { this.u(); return; } try { PackageInfo v2 = AppActivity.o.getPackageManager().getPackageInfo(AppActivity.o.getPackageName(), 64); this.x = v2.packageName; this.y = v2.versionName; Signature[] v2_1 = v2.signatures; int v3 = v2_1.length; while(v0 < v3) { Signature v4 = v2_1[v0]; MessageDigest v5 = MessageDigest.getInstance("SHA"); v5.update(v4.toByteArray()); Base64.encodeToString(v5.digest(), 0).trim(); this.w = "TRW/yoB9UfkS/HQQMNANSB01Cf4="; Logger.v("AppActivity", "| SHA-1 (base64): " + this.w); v5 = MessageDigest.getInstance("MD5"); v5.update(v4.toByteArray()); Logger.v("AppActivity", "| MD5 Signature: " + this.a(v5.digest())); v5 = MessageDigest.getInstance("SHA-256"); v5.update(v4.toByteArray()); Logger.v("AppActivity", "| SHA-256 Signature: " + this.a(v5.digest())); ++v0; } AppActivity.native_onCreate(this.x, this.y, this.w); } catch(NoSuchAlgorithmException v0_1) { } catch(PackageManager$NameNotFoundException v0_2) { } 发现是smali中计算好了签名值传入到so中去校验了,这种好办,我们用原包签名写入传入就可以了。
Error弹窗移除
搜索代码位置
F:\游戏原包\Quantum Revenge\zongjian\outdir\smali\com\realtechvr\v3x\iab\google\b$1.smali: 58: const-string v2, "Problem setting up in-app billing: "
从代码上看就是修改一下判断值,走下面那个语块就可以了
憨豆先生
============== App的基本信息 ================= || 包名 packageName = com.mrbean.around || 版本名称 appVersion = 5.2 || 版本号 appVersionCode = 35 ==========================================
破解路径:F:\游戏原包\憨豆先生\outdir\smali\org\godotengine\godot\GodotPaymentV3.smali
破解前
.method public get_premium()V .locals 6 const/4 v5, 0x0 iget-object v1, p0, Lorg/godotengine/godot/GodotPaymentV3;->activity:Lorg/godotengine/godot/Godot; invoke-virtual {v1, v5}, Lorg/godotengine/godot/Godot;->getPreferences(I)Landroid/content/SharedPreferences; move-result-object v0 iget-object v1, p0, Lorg/godotengine/godot/GodotPaymentV3;->purchaseCallbackId:Ljava/lang/Integer; invoke-virtual {v1}, Ljava/lang/Integer;->intValue()I move-result v1 const-string v2, "set_premium" const/4 v3, 0x1 new-array v3, v3, [Ljava/lang/Object; const-string v4, "unlock_all" invoke-interface {v0, v4, v5}, Landroid/content/SharedPreferences;->getBoolean(Ljava/lang/String;Z)Z move-result v4 invoke-static {v4}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean; move-result-object v4 aput-object v4, v3, v5 invoke-static {v1, v2, v3}, Lorg/godotengine/godot/GodotLib;->calldeferred(ILjava/lang/String;[Ljava/lang/Object;)V return-void.end method.method public request_products(Ljava/lang/String;)V .locals 2 iget-object v0, p0, Lorg/godotengine/godot/GodotPaymentV3;->activity:Lorg/godotengine/godot/Godot; invoke-virtual {v0}, Lorg/godotengine/godot/Godot;->getPaymentsManager()Lorg/godotengine/godot/payments/PaymentsManager; move-result-object v0 invoke-virtual {v0, p0}, Lorg/godotengine/godot/payments/PaymentsManager;->setBaseSingleton(Lorg/godotengine/godot/GodotPaymentV3;)V iget-object v0, p0, Lorg/godotengine/godot/GodotPaymentV3;->activity:Lorg/godotengine/godot/Godot; new-instance v1, Lorg/godotengine/godot/GodotPaymentV3$2; invoke-direct {v1, p0, p1}, Lorg/godotengine/godot/GodotPaymentV3$2;-> (Lorg/godotengine/godot/GodotPaymentV3;Ljava/lang/String;)V invoke-virtual {v0, v1}, Lorg/godotengine/godot/Godot;->runOnUiThread(Ljava/lang/Runnable;)V return-void.end method 破解后
.method public get_premium()V .locals 6 const/4 v5, 0x0 iget-object v1, p0, Lorg/godotengine/godot/GodotPaymentV3;->activity:Lorg/godotengine/godot/Godot; invoke-virtual {v1, v5}, Lorg/godotengine/godot/Godot;->getPreferences(I)Landroid/content/SharedPreferences; move-result-object v0 iget-object v1, p0, Lorg/godotengine/godot/GodotPaymentV3;->purchaseCallbackId:Ljava/lang/Integer; invoke-virtual {v1}, Ljava/lang/Integer;->intValue()I move-result v1 const-string v2, "set_premium" const/4 v3, 0x1 new-array v3, v3, [Ljava/lang/Object; const-string v4, "unlock_all" invoke-interface {v0, v4, v5}, Landroid/content/SharedPreferences;->getBoolean(Ljava/lang/String;Z)Z move-result v4 const/4 v4, 0x1 invoke-static {v4}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean; move-result-object v4 aput-object v4, v3, v5 invoke-static {v1, v2, v3}, Lorg/godotengine/godot/GodotLib;->calldeferred(ILjava/lang/String;[Ljava/lang/Object;)V return-void.end method.method public request_products(Ljava/lang/String;)V .locals 2 /** 这里全删了 **/ return-void.end method 异域镇魂曲
Planescape Torment Enhanced Edition v3.0.3.1
游戏在非原手机上提示网络连接有问题
其实并不是网络连接有问题,而是游戏验证没过,根据提示往上查代码
.method public onDownloadStateChanged(I)V .locals 9 .param p1, "newState" # I .prologue const p1, 0x5 const-string v3, "joyce_Engine_onDownloadStateChanged" new-instance v4, Ljava/lang/StringBuilder; invoke-direct {v4}, Ljava/lang/StringBuilder;-> ()V invoke-virtual {v4, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder; move-result-object v4 invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v4 invoke-static {v3, v4}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I const/16 v7, 0x8 const/4 v6, 0x0 .line 796 invoke-direct {p0, p1}, Lcom/beamdog/infinity/Engine;->setState(I)V .line 797 const/4 v5, 0x1 .line 798 .local v5, "showDashboard":Z const/4 v4, 0x0 .line 801 .local v4, "showCellMessage":Z packed-switch p1, :pswitch_data_0 .line 854 :pswitch_0 const/4 v3, 0x1 .line 855 .local v3, "paused":Z const/4 v1, 0x1 .line 856 .local v1, "indeterminate":Z const/4 v5, 0x1 .line 858 :goto_0 if-eqz v5, :cond_2 move v2, v6 .line 859 .local v2, "newDashboardVisibility":I :goto_1 iget-object v8, p0, Lcom/beamdog/infinity/Engine;->mDashboard:Landroid/view/View; invoke-virtual {v8}, Landroid/view/View;->getVisibility()I move-result v8 if-eq v8, v2, :cond_0 .line 860 iget-object v8, p0, Lcom/beamdog/infinity/Engine;->mDashboard:Landroid/view/View; invoke-virtual {v8, v2}, Landroid/view/View;->setVisibility(I)V .line 862 :cond_0 if-eqz v4, :cond_3 move v0, v6 .line 863 .local v0, "cellMessageVisibility":I :goto_2 iget-object v6, p0, Lcom/beamdog/infinity/Engine;->mCellMessage:Landroid/view/View; invoke-virtual {v6}, Landroid/view/View;->getVisibility()I move-result v6 if-eq v6, v0, :cond_1 .line 864 iget-object v6, p0, Lcom/beamdog/infinity/Engine;->mCellMessage:Landroid/view/View; invoke-virtual {v6, v0}, Landroid/view/View;->setVisibility(I)V .line 867 :cond_1 iget-object v6, p0, Lcom/beamdog/infinity/Engine;->mPB:Landroid/widget/ProgressBar; invoke-virtual {v6, v1}, Landroid/widget/ProgressBar;->setIndeterminate(Z)V .line 868 invoke-direct {p0, v3}, Lcom/beamdog/infinity/Engine;->setButtonPausedState(Z)V .line 869 .end local v0 # "cellMessageVisibility":I .end local v2 # "newDashboardVisibility":I :goto_3 return-void .line 805 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_1 const/4 v3, 0x0 .line 806 .restart local v3 # "paused":Z const/4 v1, 0x1 .line 807 .restart local v1 # "indeterminate":Z goto :goto_0 .line 810 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_2 const/4 v5, 0x1 .line 811 const/4 v3, 0x0 .line 812 .restart local v3 # "paused":Z const/4 v1, 0x1 .line 813 .restart local v1 # "indeterminate":Z goto :goto_0 .line 815 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_3 const/4 v3, 0x0 .line 816 .restart local v3 # "paused":Z const/4 v5, 0x1 .line 817 const/4 v1, 0x0 .line 818 .restart local v1 # "indeterminate":Z goto :goto_0 .line 824 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_4 const/4 v3, 0x1 .line 825 .restart local v3 # "paused":Z const/4 v5, 0x0 .line 826 const/4 v1, 0x0 .line 827 .restart local v1 # "indeterminate":Z goto :goto_0 .line 830 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_5 const/4 v5, 0x0 .line 831 const/4 v3, 0x1 .line 832 .restart local v3 # "paused":Z const/4 v1, 0x0 .line 833 .restart local v1 # "indeterminate":Z const/4 v4, 0x1 .line 834 goto :goto_0 .line 837 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_6 const/4 v3, 0x1 .line 838 .restart local v3 # "paused":Z const/4 v1, 0x0 .line 839 .restart local v1 # "indeterminate":Z goto :goto_0 .line 842 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_7 const/4 v3, 0x1 .line 843 .restart local v3 # "paused":Z const/4 v1, 0x0 .line 844 .restart local v1 # "indeterminate":Z goto :goto_0 .line 846 .end local v1 # "indeterminate":Z .end local v3 # "paused":Z :pswitch_8 const/4 v5, 0x0 .line 847 const/4 v3, 0x0 .line 850 .restart local v3 # "paused":Z const/4 v1, 0x1 .line 851 .restart local v1 # "indeterminate":Z sget-object v6, Lcom/beamdog/infinity/Engine;->mLayout:Landroid/view/ViewGroup; invoke-virtual {p0, v6}, Lcom/beamdog/infinity/Engine;->setContentView(Landroid/view/View;)V goto :goto_3 :cond_2 move v2, v7 .line 858 goto :goto_1 .restart local v2 # "newDashboardVisibility":I :cond_3 move v0, v7 .line 862 goto :goto_2 .line 801 :pswitch_data_0 .packed-switch 0x1 :pswitch_1 :pswitch_2 :pswitch_2 :pswitch_3 :pswitch_8 :pswitch_0 :pswitch_6 :pswitch_5 :pswitch_5 :pswitch_0 :pswitch_0 :pswitch_7 :pswitch_0 :pswitch_7 :pswitch_4 :pswitch_4 :pswitch_0 :pswitch_4 :pswitch_4 .end packed-switch.end method 直接写死传入的值为5,然后返回
在获取游戏obb资源时还会报错
找到关键代码
.method public static getAPKPath(I)Ljava/lang/String; .locals 6 .param p0, "index" # I .prologue .line 523 const/4 v4, -0x2 if-ne p0, v4, :cond_1 .line 524 invoke-static {}, Lcom/beamdog/infinity/Engine;->getContext()Landroid/content/Context; move-result-object v4 invoke-virtual {v4}, Landroid/content/Context;->getPackageCodePath()Ljava/lang/String; move-result-object v3 .line 542 :cond_0 :goto_0 return-object v3 .line 527 :cond_1 new-instance v4, Ljava/lang/StringBuilder; invoke-direct {v4}, Ljava/lang/StringBuilder;-> ()V invoke-static {}, Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File; move-result-object v5 invoke-virtual {v5}, Ljava/io/File;->toString()Ljava/lang/String; move-result-object v5 invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v4 const-string v5, "/Android/obb/" invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v4 invoke-static {}, Lcom/beamdog/infinity/Engine;->getContext()Landroid/content/Context; move-result-object v5 invoke-virtual {v5}, Landroid/content/Context;->getPackageName()Ljava/lang/String; move-result-object v5 invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v4 const-string v5, "/" invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v4 const-string v5, "main.496.com.beamdog.pstee.obb" invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v4 invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v3 const-string v4, "joyce_Engine_getAPKPath" invoke-static {v4, v3}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I .line 529 .local v3, "str":Ljava/lang/String; const/4 v4, -0x1 const/4 p0, -0x1 if-eq p0, v4, :cond_0 .line 533 invoke-static {}, Lcom/beamdog/infinity/Engine;->getContext()Landroid/content/Context; move-result-object v4 invoke-static {v4}, Lcom/google/android/vending/expansion/downloader/impl/DownloadsDB;->getDB(Landroid/content/Context;)Lcom/google/android/vending/expansion/downloader/impl/DownloadsDB; move-result-object v0 .line 534 .local v0, "db":Lcom/google/android/vending/expansion/downloader/impl/DownloadsDB; invoke-virtual {v0}, Lcom/google/android/vending/expansion/downloader/impl/DownloadsDB;->getDownloads()[Lcom/google/android/vending/expansion/downloader/impl/DownloadInfo; move-result-object v2 .line 535 .local v2, "dis":[Lcom/google/android/vending/expansion/downloader/impl/DownloadInfo; if-ltz p0, :cond_2 array-length v4, v2 if-ge p0, v4, :cond_2 .line 536 aget-object v1, v2, p0 .line 537 .local v1, "di":Lcom/google/android/vending/expansion/downloader/impl/DownloadInfo; new-instance v4, Ljava/lang/StringBuilder; invoke-direct {v4}, Ljava/lang/StringBuilder;-> ()V invoke-virtual {v4, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v4 iget-object v5, v1, Lcom/google/android/vending/expansion/downloader/impl/DownloadInfo;->mFileName:Ljava/lang/String; invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v4 invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v3 .line 538 goto :goto_0 .line 539 .end local v1 # "di":Lcom/google/android/vending/expansion/downloader/impl/DownloadInfo; :cond_2 const-string v3, "" goto :goto_0.end method 只需要根据真实本地obb文件名称写死返回就可以正常玩游戏了