Sunday, September 26, 2010

way of the android cracker 0

this is the first tutorial in a series. it lays the foundation. as you follow along you will set up your cracking environment, learn to use apktool and will have a general idea on how various cracking methods can be implemented.

also included is a crackme, an ultraedit syntax highlighting file and some heavily commented dalvik code.

if you learn anything new on your journey share it with others.

download it here:
https://sites.google.com/site/lohanplus/files/WayoftheAndroidCracker0.zip?attredirects=0&d=1

18 comments :

  1. This comment has been removed by the author.

    ReplyDelete
  2. I have followed the tutorial and have got to the 'Using Apktool' section. When I run 'apktool d crackme0.apk dump-crackme0' it only produces an empty folder. Cmd never runs through any steps. It only displays apktool options (the help dialogs describing which options to use). Any ideas what I may be doing wrong?
    screenshot: http://img2.me/OO7dT

    ReplyDelete
  3. After more research I've solved my problem. Somehow in my download of apktool I was not supplied with the mgwz.dll file. I was able to find it on xda. After putting that file in the same directory where I was running apktool I was able to decompile the apk.

    ReplyDelete
  4. good. i'm glad you figured it out and thanks for posting your solution afterwards.

    ReplyDelete
  5. was the mgwz.dll file added to the dl? Or do i need to also search for that file to add to my DIR? I am just starting out, thanks for this.

    FurRelKT

    ReplyDelete
  6. furelkt, where are you seeing this error?

    ReplyDelete
  7. sorry lohan disreg, i was just asking if this was something i needed... all installed perfectly. TY.

    ReplyDelete
  8. i was expecting a better tutorial.

    Please see this:

    http://www.androidpolice.com/2010/08/23/exclusive-report-googles-android-market-license-verification-easily-circumvented-will-not-stop-pirates/

    Much more in depth.

    ReplyDelete
  9. the article you link to is good. i read it about 4 months ago. it really only covers a tiny, narrow, single, solitary subject of one possible method of breaking one single implementation of unobfuscated lvl checks.

    comparing it with tutorial 0 is not very helpful with regard to improving since the topics covered differ in scope and objective.

    ReplyDelete
  10. Part 1 is much better than part 0. Much appreciate the info. I have tried to crack 2 apps both Dynomaster 3.0 & Trackmaster 2.12 both manually and with AntiLVL to no avail.

    It seems the license check is removed. Though then the app launches the market to the app page telling me that it is installed. Though if i then try and get back to the app it keeps pushing me to the market. This keeps happening in a loop.

    Anyways you said to let you know if AntiLVL wasnt working so this could be a challenge for you :).

    ReplyDelete
  11. i should have said "thought when the app launches it then launches the market app"

    ReplyDelete
  12. if you would like to discuss things, please contact me via a non-public channel. google may ban my account if people are discussing cracking specific apps.

    ReplyDelete
  13. where do i find this non-public channel? i could not find any email address listed :)

    ReplyDelete
  14. there are hidden ones. :) i will make it easy for you: lohan.plus (at) gmail.com

    ReplyDelete
  15. i just wanna thank you

    ReplyDelete
  16. Thank you very much for your amazing tutorial. I hope to see more tutorials from you.

    I solved it different ways:
    1. by changing line 148 to if-eqz instead of if-nez (best solution I think)
    2. by moving the success logic from OnClick to onCreate to automatically start as pro version, but I think this won't be feasible in big apps.

    3. by reading the serial generation code and making a Keygen :)

    /* ======= KeyGen ======== */
    TelephonyManager mTelephonyMgr = (TelephonyManager) GetApplicationContext().getSystemService(Context.TELEPHONY_SERVICE);
    String devId = mTelephonyMgr.getDeviceId();
    try {
    MessageDigest m = MessageDigest.getInstance("MD5");
    byte[] bytes = devId.getBytes();
    m.update(bytes, 0, devId.length());

    BigInteger serialInt = new BigInteger(1, bytes);
    String serial = serialInt.toString(16);

    Log.v("Serial", serial);
    } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
    }
    /* ========================= */

    Thanks again very much for the awesome geeky blog ;)

    ReplyDelete
  17. Hi Lohan,
    Thank you for your post!

    I would love to discuss in private with you.

    How could I please reach to you?

    Thank you so much!

    ReplyDelete
    Replies
    1. no, thanks. i'll spare us both the trouble.

      Delete

Do NOT post about or link to specific apps!