Saturday, April 2, 2011

cracking amazon drm

update: antilvl 1.1.4 can handle amazon drm protection.

amazon has an app store now and they rolled their own drm. Anonymous was kind enough to post a link describing how to crack the protection: http://pastebin.com/cFddguZX

there may be a cleaner solution, and if you find one you are encouraged to share it. here's the code from the above link but syntax highlighted:
# virtual methods
.method public final a()V
    .registers 6

    const-string v4, "LICENSE_FAILURE_CONTENT"

    iget-object v0, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;

    const-string v1, "APPLICATION_LICENSE"

    invoke-virtual {v0, v1}, Lcom/amazon/android/o/d;->b(Ljava/lang/String;)Z

    move-result v0

    # Comment out first jump
    #if-eqz v0, :cond_14

    sget-object v0, Lcom/amazon/android/aa/d;->a:Lcom/amazon/android/u/a;

    const-string v1, "license verification succeeded"

    invoke-virtual {v0, v1}, Lcom/amazon/android/u/a;->a(Ljava/lang/String;)V

    :goto_13
    return-void

    :cond_14
    invoke-virtual {p0}, Lcom/amazon/android/aa/d;->f()Z

    move-result v0

    # Comment out second jump
    #if-eqz v0, :cond_1d

    invoke-virtual {p0}, Lcom/amazon/android/aa/d;->g()V

    :cond_1d
    new-instance v1, Lcom/amazon/android/l/m;

    iget-object v0, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;

    const-string v2, "LICENSE_FAILURE_CONTENT"

    invoke-virtual {v0, v4}, Lcom/amazon/android/o/d;->a(Ljava/lang/String;)Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Lcom/amazon/android/l/d;

    # Comment out third jump
    #if-eqz v0, :cond_3d

    iget-object v2, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;

    const-string v3, "LICENSE_FAILURE_CONTENT"

    iget-object v2, v2, Lcom/amazon/android/o/d;->a:Lcom/amazon/android/o/b;

    invoke-virtual {v2, v4}, Lcom/amazon/android/o/b;->c(Ljava/lang/String;)V

    :goto_34
    invoke-direct {v1, v0}, Lcom/amazon/android/l/m;->(Lcom/amazon/android/l/d;)V

    iget-object v0, p0, Lcom/amazon/android/aa/d;->c:Lcom/amazon/android/l/f;

    invoke-interface {v0, v1}, Lcom/amazon/android/l/f;->a(Lcom/amazon/android/l/a;)V

    goto :goto_13

    :cond_3d
    sget-object v0, Lcom/amazon/android/aa/f;->e:Lcom/amazon/android/l/d;

    goto :goto_34
.end method

the file name will likely always be different with obfuscation. just search for strings like "LICENSE_FAILURE_CONTENT" or "APPLICATION_LICENSE" and perform the three modifications mentioned above.

i'll be adding this functionality to the next release of antilvl. it will also contain a few more bypasses for anti-cracking techniques i've seen, and some improvements in lvl fingerprinting.

13 comments :

  1. Awesome..Please keep up the great work

    ReplyDelete
  2. How is amazon injecting code into the APK and getting it to run?

    ReplyDelete
  3. I'm not sure. Either the developer sets it up and sends it in (likely) or they have some automated patching system (unlikely).

    ReplyDelete
  4. Just in case you want to batch patch your amazon apps. (NOTE: The weirdness in sed is cause bash on OS X is weird.)
    [code]
    #!/bin/bash
    OLDIFS=$IFS
    IFS=$':'

    for i in $( find 2b_patched -name '*.apk' -type f | sed 's/\'$'\s//' | tr '\n' ':' )
    do
    java -jar ./antilvl.jar --amazon-only ./$i
    wait
    done
    IFS=$OLDIFS
    [/code]

    All you need is this script, and a folder called 2b_patched int the same file path as antilvl.jar

    HTH

    ReplyDelete
  5. why hello HTH. i've enjoyed reading your various posts at various sites. ;) very clever. thanks for the sharing tip.

    ReplyDelete
  6. Where to write this code in android cellphone

    ReplyDelete
    Replies
    1. Try zombo.com. You can do anything at zombo.com. The only limit is yourself.

      Delete
  7. Will surely come and visit this blog more often. Thanks for sharing.
    facetime for android

    ReplyDelete
  8. Nice tutorial. The Oracle Hyperion DRM tutorial was help ful for me. Keep Sharing Tutorials.

    ReplyDelete

  9. Hello companion the data that you give that was awesome.I extremely like your direction however few days prior I was going to a site which likewise give cracktaking programming download path and here any one can download a wide range of split software,so in the event that you have much time you additionally can visit the site and look at it cracktaking.com

    ReplyDelete
  10. This comment has been removed by the author.

    ReplyDelete

Do NOT post about or link to specific apps!