支付宝钱包手势密码破解实战（root过的手机可直接绕过手势密码）

.method public final a(Ljava/lang/String;)V

.locals 4

invoke-virtual {p1},Ljava/lang/String;->length()I #取输入字符串的长度

move-result v0

sget v1,Lcom/alipay/mobile/security/gesture/component/LockView;->MINSELECTED:I

if-ltv0, v1, :cond_1 #比较字符串长度

:try_start_0

iget-object v0, p0,Lcom/alipay/mobile/security/gesture/component/e;->a:Lcom/alipay/mobile/framework/service/ext/security/bean/UserInfo;#获取UserInfo对象

invoke-virtual {v0}, Lcom/alipay/mobile/framework/service/ext/security/bean/UserInfo;->getGesturePwd()Ljava/lang/String;#调用UserInfo的getGesturePwd函数获得加密过的正确的手势密码

move-result-object v0

invoke-virtual {v0}, Ljava/lang/String;->length()I #取加密过的正确密码的长度

move-result v0

const/16 v1, 0x20

if-le v0, v1, :cond_0 #长度是否小于32

new-instance v0, Ljava/lang/StringBuilder;

invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V #初始化StringBuilder对象

invoke-virtual {v0, p1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

#将输入的明文手势密码赋值给StringBuilder对象

move-result-object v0

iget-object v1, p0,Lcom/alipay/mobile/security/gesture/component/e;->a:Lcom/alipay/mobile/framework/service/ext/security/bean/UserInfo;

invoke-virtual {v1},Lcom/alipay/mobile/framework/service/ext/security/bean/UserInfo;->getUserId()Ljava/lang/String;#调用UserInfo的getUserId函数获取user id

move-result-object v1

const-string/jumbo v2, "userInfo"

invoke-static {v1, v2}, Lcom/alipay/mobile/common/security/Des;->encrypt(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;#调用des加密函数，，以“userInfo”为key，加密user id字符串

move-result-object v1

invoke-virtual {v0, v1},Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

#将加密好的user id字符串附加到StringBuilder对象上

move-result-object v0

invoke-virtual {v0},Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

move-result-object v0

#StringBuilder对象（输入明文手势的密码 + 加密后的user id）转字符串，并赋值给v0寄存器

invoke-static {v0}, Lcom/alipay/mobile/security/gesture/util/SHA1;->sha1(Ljava/lang/String;)Ljava/lang/String;

#调用静态的sha1函数，计算出一个hash值

move-result-object v0

:goto_0

iget-object v1, p0,Lcom/alipay/mobile/security/gesture/component/e;->a:Lcom/alipay/mobile/framework/service/ext/security/bean/UserInfo;

invoke-virtual {v1},Lcom/alipay/mobile/framework/service/ext/security/bean/UserInfo;->getGesturePwd()Ljava/lang/String;#调用UserInfo的getGesturePwd函数获得加密过的正确的手势密码

move-result-object v1

invoke-virtual {v0, v1},Ljava/lang/String;->equals(Ljava/lang/Object;)Z

#比较输入的密码和正确的密码

move-result v0

if-eqz v0, :cond_1

未曾失败的人恐怕也未曾成功过。