BlubBlab wrote:Wasn't that the work of the one who tried to make a private ROM server? So far I remember that guy did something like this.
Anyway I think you must search the code for the part which communicate with the payment server and put it simply always true.
That App basically based on a server/client communication which is reverse engineered. I think he must put meaning of each Opcode in some classes.
Yes that was the same guy. He really did awesome things and one of them is this app. Was looking for such a part, but there are a few files I think, which have to do with the payment, so its hard to find.
Probably the IInAppBillingService.class is the right one. If there were some notes, which part what does it would be easier...
Code: Select all
package com.android.vending.billing;
import android.os.Binder;
import android.os.Bundle;
import android.os.IBinder;
import android.os.IInterface;
import android.os.Parcel;
import android.os.Parcelable.Creator;
import android.os.RemoteException;
public abstract interface IInAppBillingService extends IInterface
{
public abstract int consumePurchase(int paramInt, String paramString1, String paramString2)
throws RemoteException;
public abstract Bundle getBuyIntent(int paramInt, String paramString1, String paramString2, String paramString3, String paramString4)
throws RemoteException;
public abstract Bundle getPurchases(int paramInt, String paramString1, String paramString2, String paramString3)
throws RemoteException;
public abstract Bundle getSkuDetails(int paramInt, String paramString1, String paramString2, Bundle paramBundle)
throws RemoteException;
public abstract int isBillingSupported(int paramInt, String paramString1, String paramString2)
throws RemoteException;
public static abstract class Stub extends Binder
implements IInAppBillingService
{
private static final String DESCRIPTOR = "com.android.vending.billing.IInAppBillingService";
static final int TRANSACTION_consumePurchase = 5;
static final int TRANSACTION_getBuyIntent = 3;
static final int TRANSACTION_getPurchases = 4;
static final int TRANSACTION_getSkuDetails = 2;
static final int TRANSACTION_isBillingSupported = 1;
public Stub()
{
attachInterface(this, "com.android.vending.billing.IInAppBillingService");
}
public static IInAppBillingService asInterface(IBinder paramIBinder)
{
if (paramIBinder == null)
return null;
IInterface localIInterface = paramIBinder.queryLocalInterface("com.android.vending.billing.IInAppBillingService");
if ((localIInterface != null) && ((localIInterface instanceof IInAppBillingService)))
return (IInAppBillingService)localIInterface;
return new Proxy(paramIBinder);
}
public IBinder asBinder()
{
return this;
}
public boolean onTransact(int paramInt1, Parcel paramParcel1, Parcel paramParcel2, int paramInt2)
throws RemoteException
{
switch (paramInt1)
{
default:
return super.onTransact(paramInt1, paramParcel1, paramParcel2, paramInt2);
case 1598968902:
paramParcel2.writeString("com.android.vending.billing.IInAppBillingService");
return true;
case 1:
paramParcel1.enforceInterface("com.android.vending.billing.IInAppBillingService");
int k = isBillingSupported(paramParcel1.readInt(), paramParcel1.readString(), paramParcel1.readString());
paramParcel2.writeNoException();
paramParcel2.writeInt(k);
return true;
case 2:
paramParcel1.enforceInterface("com.android.vending.billing.IInAppBillingService");
int j = paramParcel1.readInt();
String str1 = paramParcel1.readString();
String str2 = paramParcel1.readString();
Bundle localBundle3;
if (paramParcel1.readInt() != 0)
{
localBundle3 = (Bundle)Bundle.CREATOR.createFromParcel(paramParcel1);
Bundle localBundle4 = getSkuDetails(j, str1, str2, localBundle3);
paramParcel2.writeNoException();
if (localBundle4 == null)
break label202;
paramParcel2.writeInt(1);
localBundle4.writeToParcel(paramParcel2, 1);
}
while (true)
{
return true;
localBundle3 = null;
break;
paramParcel2.writeInt(0);
}
case 3:
paramParcel1.enforceInterface("com.android.vending.billing.IInAppBillingService");
Bundle localBundle2 = getBuyIntent(paramParcel1.readInt(), paramParcel1.readString(), paramParcel1.readString(), paramParcel1.readString(), paramParcel1.readString());
paramParcel2.writeNoException();
if (localBundle2 != null)
{
paramParcel2.writeInt(1);
localBundle2.writeToParcel(paramParcel2, 1);
}
while (true)
{
return true;
paramParcel2.writeInt(0);
}
case 4:
label202: paramParcel1.enforceInterface("com.android.vending.billing.IInAppBillingService");
Bundle localBundle1 = getPurchases(paramParcel1.readInt(), paramParcel1.readString(), paramParcel1.readString(), paramParcel1.readString());
paramParcel2.writeNoException();
if (localBundle1 != null)
{
paramParcel2.writeInt(1);
localBundle1.writeToParcel(paramParcel2, 1);
}
while (true)
{
return true;
paramParcel2.writeInt(0);
}
case 5:
}
paramParcel1.enforceInterface("com.android.vending.billing.IInAppBillingService");
int i = consumePurchase(paramParcel1.readInt(), paramParcel1.readString(), paramParcel1.readString());
paramParcel2.writeNoException();
paramParcel2.writeInt(i);
return true;
}
private static class Proxy
implements IInAppBillingService
{
private IBinder mRemote;
Proxy(IBinder paramIBinder)
{
this.mRemote = paramIBinder;
}
public IBinder asBinder()
{
return this.mRemote;
}
public int consumePurchase(int paramInt, String paramString1, String paramString2)
throws RemoteException
{
Parcel localParcel1 = Parcel.obtain();
Parcel localParcel2 = Parcel.obtain();
try
{
localParcel1.writeInterfaceToken("com.android.vending.billing.IInAppBillingService");
localParcel1.writeInt(paramInt);
localParcel1.writeString(paramString1);
localParcel1.writeString(paramString2);
this.mRemote.transact(5, localParcel1, localParcel2, 0);
localParcel2.readException();
int i = localParcel2.readInt();
return i;
}
finally
{
localParcel2.recycle();
localParcel1.recycle();
}
throw localObject;
}
public Bundle getBuyIntent(int paramInt, String paramString1, String paramString2, String paramString3, String paramString4)
throws RemoteException
{
Parcel localParcel1 = Parcel.obtain();
Parcel localParcel2 = Parcel.obtain();
try
{
localParcel1.writeInterfaceToken("com.android.vending.billing.IInAppBillingService");
localParcel1.writeInt(paramInt);
localParcel1.writeString(paramString1);
localParcel1.writeString(paramString2);
localParcel1.writeString(paramString3);
localParcel1.writeString(paramString4);
this.mRemote.transact(3, localParcel1, localParcel2, 0);
localParcel2.readException();
if (localParcel2.readInt() != 0)
{
localBundle = (Bundle)Bundle.CREATOR.createFromParcel(localParcel2);
return localBundle;
}
Bundle localBundle = null;
}
finally
{
localParcel2.recycle();
localParcel1.recycle();
}
}
public String getInterfaceDescriptor()
{
return "com.android.vending.billing.IInAppBillingService";
}
public Bundle getPurchases(int paramInt, String paramString1, String paramString2, String paramString3)
throws RemoteException
{
Parcel localParcel1 = Parcel.obtain();
Parcel localParcel2 = Parcel.obtain();
try
{
localParcel1.writeInterfaceToken("com.android.vending.billing.IInAppBillingService");
localParcel1.writeInt(paramInt);
localParcel1.writeString(paramString1);
localParcel1.writeString(paramString2);
localParcel1.writeString(paramString3);
this.mRemote.transact(4, localParcel1, localParcel2, 0);
localParcel2.readException();
if (localParcel2.readInt() != 0)
{
localBundle = (Bundle)Bundle.CREATOR.createFromParcel(localParcel2);
return localBundle;
}
Bundle localBundle = null;
}
finally
{
localParcel2.recycle();
localParcel1.recycle();
}
}
public Bundle getSkuDetails(int paramInt, String paramString1, String paramString2, Bundle paramBundle)
throws RemoteException
{
Parcel localParcel1 = Parcel.obtain();
Parcel localParcel2 = Parcel.obtain();
while (true)
{
try
{
localParcel1.writeInterfaceToken("com.android.vending.billing.IInAppBillingService");
localParcel1.writeInt(paramInt);
localParcel1.writeString(paramString1);
localParcel1.writeString(paramString2);
if (paramBundle == null)
continue;
localParcel1.writeInt(1);
paramBundle.writeToParcel(localParcel1, 0);
this.mRemote.transact(2, localParcel1, localParcel2, 0);
localParcel2.readException();
if (localParcel2.readInt() != 0)
{
localBundle = (Bundle)Bundle.CREATOR.createFromParcel(localParcel2);
return localBundle;
localParcel1.writeInt(0);
continue;
}
}
finally
{
localParcel2.recycle();
localParcel1.recycle();
}
Bundle localBundle = null;
}
}
public int isBillingSupported(int paramInt, String paramString1, String paramString2)
throws RemoteException
{
Parcel localParcel1 = Parcel.obtain();
Parcel localParcel2 = Parcel.obtain();
try
{
localParcel1.writeInterfaceToken("com.android.vending.billing.IInAppBillingService");
localParcel1.writeInt(paramInt);
localParcel1.writeString(paramString1);
localParcel1.writeString(paramString2);
this.mRemote.transact(1, localParcel1, localParcel2, 0);
localParcel2.readException();
int i = localParcel2.readInt();
return i;
}
finally
{
localParcel2.recycle();
localParcel1.recycle();
}
throw localObject;
}
}
}
}
I do not really know, what an Opcode is, but just googled "Opcode". Do you mean somethng like this? (from SQLiteAssetHelper.class)
Code: Select all
// ERROR //
public SQLiteDatabase getWritableDatabase()
{
// Byte code:
// 0: aload_0
// 1: monitorenter
// 2: aload_0
// 3: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 6: ifnull +32 -> 38
// 9: aload_0
// 10: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 13: invokevirtual 292 android/database/sqlite/SQLiteDatabase:isOpen ()Z
// 16: ifeq +22 -> 38
// 19: aload_0
// 20: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 23: invokevirtual 338 android/database/sqlite/SQLiteDatabase:isReadOnly ()Z
// 26: ifne +12 -> 38
// 29: aload_0
// 30: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 33: astore_2
// 34: aload_0
// 35: monitorexit
// 36: aload_2
// 37: areturn
// 38: aload_0
// 39: getfield 45 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mIsInitializing Z
// 42: ifeq +19 -> 61
// 45: new 286 java/lang/IllegalStateException
// 48: dup
// 49: ldc_w 340
// 52: invokespecial 289 java/lang/IllegalStateException:<init> (Ljava/lang/String;)V
// 55: athrow
// 56: astore_1
// 57: aload_0
// 58: monitorexit
// 59: aload_1
// 60: athrow
// 61: aconst_null
// 62: astore_2
// 63: aload_0
// 64: iconst_1
// 65: putfield 45 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mIsInitializing Z
// 68: aload_0
// 69: iconst_0
// 70: invokespecial 342 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:createOrOpenDatabase (Z)Landroid/database/sqlite/SQLiteDatabase;
// 73: astore_2
// 74: aload_2
// 75: invokevirtual 318 android/database/sqlite/SQLiteDatabase:getVersion ()I
// 78: istore 6
// 80: iload 6
// 82: ifeq +32 -> 114
// 85: iload 6
// 87: aload_0
// 88: getfield 47 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mForcedUpgradeVersion I
// 91: if_icmpge +23 -> 114
// 94: aload_0
// 95: iconst_1
// 96: invokespecial 342 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:createOrOpenDatabase (Z)Landroid/database/sqlite/SQLiteDatabase;
// 99: astore_2
// 100: aload_2
// 101: aload_0
// 102: getfield 74 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mNewVersion I
// 105: invokevirtual 346 android/database/sqlite/SQLiteDatabase:setVersion (I)V
// 108: aload_2
// 109: invokevirtual 318 android/database/sqlite/SQLiteDatabase:getVersion ()I
// 112: istore 6
// 114: iload 6
// 116: aload_0
// 117: getfield 74 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mNewVersion I
// 120: if_icmpeq +33 -> 153
// 123: aload_2
// 124: invokevirtual 349 android/database/sqlite/SQLiteDatabase:beginTransaction ()V
// 127: iload 6
// 129: ifne +64 -> 193
// 132: aload_0
// 133: aload_2
// 134: invokevirtual 352 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:onCreate (Landroid/database/sqlite/SQLiteDatabase;)V
// 137: aload_2
// 138: aload_0
// 139: getfield 74 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mNewVersion I
// 142: invokevirtual 346 android/database/sqlite/SQLiteDatabase:setVersion (I)V
// 145: aload_2
// 146: invokevirtual 355 android/database/sqlite/SQLiteDatabase:setTransactionSuccessful ()V
// 149: aload_2
// 150: invokevirtual 358 android/database/sqlite/SQLiteDatabase:endTransaction ()V
// 153: aload_0
// 154: aload_2
// 155: invokevirtual 329 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:onOpen (Landroid/database/sqlite/SQLiteDatabase;)V
// 158: aload_0
// 159: iconst_0
// 160: putfield 45 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mIsInitializing Z
// 163: iconst_1
// 164: ifeq +147 -> 311
// 167: aload_0
// 168: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 171: astore 7
// 173: aload 7
// 175: ifnull +10 -> 185
// 178: aload_0
// 179: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 182: invokevirtual 293 android/database/sqlite/SQLiteDatabase:close ()V
// 185: aload_0
// 186: aload_2
// 187: putfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 190: goto -156 -> 34
// 193: iload 6
// 195: aload_0
// 196: getfield 74 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mNewVersion I
// 199: if_icmple +54 -> 253
// 202: getstatic 34 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:TAG Ljava/lang/String;
// 205: new 51 java/lang/StringBuilder
// 208: dup
// 209: ldc_w 360
// 212: invokespecial 56 java/lang/StringBuilder:<init> (Ljava/lang/String;)V
// 215: iload 6
// 217: invokevirtual 60 java/lang/StringBuilder:append (I)Ljava/lang/StringBuilder;
// 220: ldc_w 322
// 223: invokevirtual 79 java/lang/StringBuilder:append (Ljava/lang/String;)Ljava/lang/StringBuilder;
// 226: aload_0
// 227: getfield 74 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mNewVersion I
// 230: invokevirtual 60 java/lang/StringBuilder:append (I)Ljava/lang/StringBuilder;
// 233: ldc_w 324
// 236: invokevirtual 79 java/lang/StringBuilder:append (Ljava/lang/String;)Ljava/lang/StringBuilder;
// 239: aload_2
// 240: invokevirtual 361 android/database/sqlite/SQLiteDatabase:getPath ()Ljava/lang/String;
// 243: invokevirtual 79 java/lang/StringBuilder:append (Ljava/lang/String;)Ljava/lang/StringBuilder;
// 246: invokevirtual 63 java/lang/StringBuilder:toString ()Ljava/lang/String;
// 249: invokestatic 139 android/util/Log:w (Ljava/lang/String;Ljava/lang/String;)I
// 252: pop
// 253: aload_0
// 254: aload_2
// 255: iload 6
// 257: aload_0
// 258: getfield 74 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mNewVersion I
// 261: invokevirtual 365 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:onUpgrade (Landroid/database/sqlite/SQLiteDatabase;II)V
// 264: goto -127 -> 137
// 267: astore 9
// 269: aload_2
// 270: invokevirtual 358 android/database/sqlite/SQLiteDatabase:endTransaction ()V
// 273: aload 9
// 275: athrow
// 276: astore_3
// 277: aload_0
// 278: iconst_0
// 279: putfield 45 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mIsInitializing Z
// 282: iconst_0
// 283: ifeq +39 -> 322
// 286: aload_0
// 287: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 290: astore 4
// 292: aload 4
// 294: ifnull +10 -> 304
// 297: aload_0
// 298: getfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 301: invokevirtual 293 android/database/sqlite/SQLiteDatabase:close ()V
// 304: aload_0
// 305: aload_2
// 306: putfield 43 com/readystatesoftware/sqliteasset/SQLiteAssetHelper:mDatabase Landroid/database/sqlite/SQLiteDatabase;
// 309: aload_3
// 310: athrow
// 311: aload_2
// 312: ifnull -278 -> 34
// 315: aload_2
// 316: invokevirtual 293 android/database/sqlite/SQLiteDatabase:close ()V
// 319: goto -285 -> 34
// 322: aload_2
// 323: ifnull -14 -> 309
// 326: aload_2
// 327: invokevirtual 293 android/database/sqlite/SQLiteDatabase:close ()V
// 330: goto -21 -> 309
// 333: astore 5
// 335: goto -31 -> 304
// 338: astore 8
// 340: goto -155 -> 185
//
// Exception table:
// from to target type
// 2 34 56 finally
// 38 56 56 finally
// 158 163 56 finally
// 167 173 56 finally
// 178 185 56 finally
// 185 190 56 finally
// 277 282 56 finally
// 286 292 56 finally
// 297 304 56 finally
// 304 309 56 finally
// 309 311 56 finally
// 315 319 56 finally
// 326 330 56 finally
// 132 137 267 finally
// 137 149 267 finally
// 193 253 267 finally
// 253 264 267 finally
// 63 80 276 finally
// 85 114 276 finally
// 114 127 276 finally
// 149 153 276 finally
// 153 158 276 finally
// 269 276 276 finally
// 297 304 333 java/lang/Exception
// 178 185 338 java/lang/Exception
}