Friday, October 29, 2010

way of the android cracker 1

lesson 1 is finished. it covers debugging methods such as log statements and smalidebugging with apktool and netbeans. it also features crackme1 which is still somewhat easy but more difficult and realistic. download here:
https://sites.google.com/site/lohanplus/files/WayoftheAndroidCracker1.zip?attredirects=0&d=1

lesson 0 has been renovated to include screen shots, a few fixes and an updated crackme0.
https://sites.google.com/site/lohanplus/files/WayoftheAndroidCracker0.zip?attredirects=0&d=1

hope you learn something. good luck.

15 comments:

  1. Hi,your PDF file is strange,it cannot be select well.

    I don't know how to say,maybe a snapshot?
    http://yfrog.com/nccaptureuujj

    ReplyDelete
  2. i confirmed this problem and converted to adobe with another version and fixed the problem. uploaded fixed versions of both. thanks for pointing it out.

    ReplyDelete
  3. I found another problem when click the link in PDF
    http://imgur.com/45AAR.jpg

    it happened when the link contain "-" ,I guess

    ReplyDelete
  4. You linked to lesson0 btw.

    ReplyDelete
  5. I am not being able to stack trace. I inserted
    invoke-static {}, Ljava/lang/Thread;->dumpStack()V
    in my smali code and i can verify that its executed using netbeans debugging but i don't get anything in ddms log window when i use e button or even v(erbose) button. Please help me ?

    ReplyDelete
  6. Suresh, it should be a W (warning) level message with the System.err tag. i can't think of a reason why it wouldn't show up.

    ReplyDelete
  7. Thanks for your quick reply. You are right, it was w(arning) button with system.err tag. I didn't got it because I was using debugger at the same time. When I stopped my debugger session, then I was able to see stack trace log messages.

    ReplyDelete
  8. I can't understand anything in .smali files. How do you suggest me to proceed. I am having problems to find the part where protection is applied. How would you have done that ? How do i know if its a variable or parameter and if its getting a value or putting it into a method? How can i find current class, method being used ? Hope to hear something soon from you.

    ReplyDelete
  9. you need to become more fluent with smali or you will not get anywhere. take your time and walk through the code, line by line, understanding each part. only by doing this will you begin to sense the flow. only then will you be able to recognize suspicious code. a good starting point for this crackme is, like i suggest in the tutorial, at the end. start by searching for any strings like "not licensed" and then work your way backwards. if you find methodA loads the string "not licensed", then you need to find where methodA is called. perhaps the protection is there, or further back.

    ReplyDelete
  10. I like geeks like you man, plain words that birdie can understand and never being arrogant.

    ReplyDelete
    Replies
    1. glad you appreciate it birdie. :D

      Delete
  11. For my solution:I use Toast to show the registration code. :P

    .method public validateSerial(Ljava/lang/String;)I
    .locals 2
    .parameter "serial"

    .prologue
    .line 67
    :try_start_0
    invoke-virtual {p0}, Lcom/lohan/crackme0/Main;->getMobileID()Ljava/lang/String;

    move-result-object v1

    invoke-static {v1}, Lcom/lohan/crackme0/Main;->generateHash(Ljava/lang/String;)Ljava/lang/String;

    move-result-object v1

    # Added begin by Ch0r0l4 2012-09-14 15:37
    const/4 v0, 0x0

    invoke-static {p0, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

    move-result-object v0

    invoke-virtual {v0}, Landroid/widget/Toast;->show()V
    # Added end 2012-09-14 15:37

    invoke-virtual {v1, p1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
    :try_end_0
    .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0

    move-result v1

    ReplyDelete
    Replies
    1. congrats and good idea Chorola. that's a really easy way to do it. one tiny adjustment: use LENGTH_LONG (http://developer.android.com/reference/android/widget/Toast.html#LENGTH_LONG) when using the toast to make copying easier, or just dump it to the debug log. looks like i'm going to have to start making new ones. :D

      Delete
  12. Just awesome please make a tutorial on crackinng " hack me if you can "app you search for apk on google its legal to hack it ,infact it has been made for it

    ReplyDelete
  13. was an avid j2me cracker in the past, i hope this will jumpstart me..
    - funtikar

    ReplyDelete