Friday, October 29, 2010

way of the android cracker 1

lesson 1 is finished. it covers debugging methods such as log statements and smalidebugging with apktool and netbeans. it also features crackme1 which is still somewhat easy but more difficult and realistic. download here:
https://sites.google.com/site/lohanplus/files/WayoftheAndroidCracker1.zip?attredirects=0&d=1

lesson 0 has been renovated to include screen shots, a few fixes and an updated crackme0.
https://sites.google.com/site/lohanplus/files/WayoftheAndroidCracker0.zip?attredirects=0&d=1

hope you learn something. good luck.
Posted by at
Labels:

18 comments :

  1. UnknownOctober 29, 2010 at 11:51 AM

    Hi,your PDF file is strange,it cannot be select well.

    I don't know how to say,maybe a snapshot?
    http://yfrog.com/nccaptureuujj

    ReplyDelete
  2. lohan+October 29, 2010 at 8:05 PM

    i confirmed this problem and converted to adobe with another version and fixed the problem. uploaded fixed versions of both. thanks for pointing it out.

    ReplyDelete
  3. UnknownOctober 29, 2010 at 10:29 PM

    I found another problem when click the link in PDF
    http://imgur.com/45AAR.jpg

    it happened when the link contain "-" ,I guess

    ReplyDelete
  4. AnonymousSeptember 30, 2011 at 2:09 PM

    You linked to lesson0 btw.

    ReplyDelete
  5. Suresh SubediOctober 27, 2011 at 9:18 AM

    I am not being able to stack trace. I inserted
    invoke-static {}, Ljava/lang/Thread;->dumpStack()V
    in my smali code and i can verify that its executed using netbeans debugging but i don't get anything in ddms log window when i use e button or even v(erbose) button. Please help me ?

    ReplyDelete
  6. lohan+October 27, 2011 at 10:43 AM

    Suresh, it should be a W (warning) level message with the System.err tag. i can't think of a reason why it wouldn't show up.

    ReplyDelete
  7. Suresh SubediOctober 28, 2011 at 7:47 AM

    Thanks for your quick reply. You are right, it was w(arning) button with system.err tag. I didn't got it because I was using debugger at the same time. When I stopped my debugger session, then I was able to see stack trace log messages.

    ReplyDelete
  8. ApprenticeOctober 30, 2011 at 3:10 AM

    I can't understand anything in .smali files. How do you suggest me to proceed. I am having problems to find the part where protection is applied. How would you have done that ? How do i know if its a variable or parameter and if its getting a value or putting it into a method? How can i find current class, method being used ? Hope to hear something soon from you.

    ReplyDelete
  9. lohan+October 30, 2011 at 7:15 AM

    you need to become more fluent with smali or you will not get anywhere. take your time and walk through the code, line by line, understanding each part. only by doing this will you begin to sense the flow. only then will you be able to recognize suspicious code. a good starting point for this crackme is, like i suggest in the tutorial, at the end. start by searching for any strings like "not licensed" and then work your way backwards. if you find methodA loads the string "not licensed", then you need to find where methodA is called. perhaps the protection is there, or further back.

    ReplyDelete
  10. dindogMarch 29, 2012 at 12:40 AM

    I like geeks like you man, plain words that birdie can understand and never being arrogant.

    ReplyDelete
  11. ChorolaSeptember 14, 2012 at 12:52 AM

    For my solution:I use Toast to show the registration code. :P

    .method public validateSerial(Ljava/lang/String;)I
    .locals 2
    .parameter "serial"

    .prologue
    .line 67
    :try_start_0
    invoke-virtual {p0}, Lcom/lohan/crackme0/Main;->getMobileID()Ljava/lang/String;

    move-result-object v1

    invoke-static {v1}, Lcom/lohan/crackme0/Main;->generateHash(Ljava/lang/String;)Ljava/lang/String;

    move-result-object v1

    # Added begin by Ch0r0l4 2012-09-14 15:37
    const/4 v0, 0x0

    invoke-static {p0, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

    move-result-object v0

    invoke-virtual {v0}, Landroid/widget/Toast;->show()V
    # Added end 2012-09-14 15:37

    invoke-virtual {v1, p1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
    :try_end_0
    .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0

    move-result v1

    ReplyDelete
    Replies
    1. lohan+September 14, 2012 at 5:34 PM

      congrats and good idea Chorola. that's a really easy way to do it. one tiny adjustment: use LENGTH_LONG (http://developer.android.com/reference/android/widget/Toast.html#LENGTH_LONG) when using the toast to make copying easier, or just dump it to the debug log. looks like i'm going to have to start making new ones. :D

      Delete
  12. RushiDecember 23, 2013 at 3:31 AM

    Just awesome please make a tutorial on crackinng " hack me if you can "app you search for apk on google its legal to hack it ,infact it has been made for it

    ReplyDelete
  13. azmioDecember 29, 2013 at 8:39 PM

    was an avid j2me cracker in the past, i hope this will jumpstart me..
    - funtikar

    ReplyDelete
  14. AdyDecember 11, 2019 at 9:39 PM

    Nice Article. Thank you for sharing the informative article with us. Morpheus tv apk is the best online Streaming App.Click the below link to know more about
    Morpheus tv apk
    morpheus tv
    morpheus tv apk
    morpheus app
    morpheus tv ios
    morpheus tv on your windows

    ReplyDelete
  15. mohitJune 2, 2021 at 2:06 AM

    Also I love how authentic you seem to be.
    David Laid
    vivi winkler

    ReplyDelete
  16. Pushkar ToshniwalSeptember 11, 2021 at 9:51 PM

    Nice article
    Visit Tech News to get tips and tricks of Technology, Android, Websites and others.

    ReplyDelete

Do NOT post about or link to specific apps!

Subscribe to: Post Comments ( Atom )