Sunday, February 13, 2011

antilvl 1.1.3

just put up antilvl 1.1.3. a few small but annoying bugs fixed and some improvements with the hooks. pick it up from the usual spot: http://androidcracking.blogspot.com/p/antilvl_01.html

also had to do some major refactoring so people could make use of the source once it's released, and i think i got most of the kinks out.

while working on this, i noticed a few more apps that were using string encryption. maybe it will start to get popular? i wrote a proof of concept decryptor just to see how feasible it would be to convert dex to java .class files and run the apk's own methods to decrypt the strings. it worked but i want to make something more general. here's my idea:

  • start with an apk and disassemble
  • chose to decode literal strings (ex: const-string "some-encoded-string") or assume strings are the result of a function call (ex: invoke-static LStringHolder;->getString(v0)).
  • show all lines that match the above selection and allow for regex filtering. this way, if you pick literal strings and not all strings are encoded, you can filter for just the ones that are
  • decode strings by one of several methods: run the function, in the case of function-call encryption, built-in stuff like base 64, etc. or by using reflection on the classes of the apk. this way if every literal string in the apk is decoded through some function, i could use dex2jar to get the java class, dynamically load that and run each string through it.
the goal is to make the tool generic enough so that it's useful in the most situations. shouldn't be too hard. half of the work will be making my patching and apk libraries more generic and useful, so it wont be a total waste of time.

6 comments :

  1. how to use fpexclude? command prompt "java -jar antilvl.jar --fpexclude License Validator" don't work...

    ReplyDelete
  2. "don't work" = option not recognized? option parsing error? option has no effect? option has incorrect effect? option creates code that will not compile?

    ReplyDelete
  3. c:\1>java -jar antilvl.jar --fpexclude Hook File Size 2.apk
    -----------------------------------------------------
    AntiLVL - Android License Verification Library Subversion
    Version: 1.1.3 Updated: February 13th, 2011 By: lohan+
    For educational purposes only! :-D
    -----------------------------------------------------

    Error: File does not exist.
    Usage: java -jar antilvl.jar [options] <Apktool/Baksmali dump | Apk fi
    t Apk]
    Options:
    -f, --force Force overwriting
    -s, --skip-assembly Skip assembly
    -d, --detect-only Detect protection information only
    -n, --skip-nonlvl Skip Non LVL protection subversion
    -v#, --verbose# Verbose level (1-3)
    --sign-only Sign Apk file then exit
    --info-only Get App info then exit
    --assemble-only Assemble dump then exit
    --skip-cleanup Do not clean up any files while running
    --fplist List installed fingerprints
    --fpexclude Comma-separated fingerprints to exclude
    -h, --help Show this friendly message

    ReplyDelete
  4. try with quotes:
    java -jar antilvl.jar --fpexclude "Hook File Size" 2.apk

    ReplyDelete
  5. This is great stuff. antilvl's anti-anti features have saved me a ton of time. THANK YOU!

    ReplyDelete

Do NOT post about or link to specific apps!