minor update to antilvl. someone pointed me to some apps that it did not correctly identify the implementation so the incorrect file was modified.
antilvl also now looks for the check_license permission which it uses as a definitive indicator that android lvl is being used. it check_license permission is not found, antilvl will tell you and exit.
http://androidcracking.blogspot.com/p/antilvl.html
Friday, December 17, 2010
Wednesday, December 15, 2010
antilvl 0.8.3
this new version has some support for non-lvl protection detection such as signature and last modified checks. if you have any suggestions for more let me know. in the future it may be possible to automatically disable some of these, but it is somewhat complicated.
also optimized how it scans through files so it should be a little faster. you can get it here:
http://androidcracking.blogspot.com/p/antilvl.html
also optimized how it scans through files so it should be a little faster. you can get it here:
http://androidcracking.blogspot.com/p/antilvl.html
Friday, November 19, 2010
ideas for antilvl and new lesson
my discretionary time is limited lately but i have begun work on lesson 2 which will cover anti-cracking techniques. it will give examples of all anti-cracking methods i have seen in the wild. i will attempt to come up with some novel techniques as well, because that seems fun.
also thought of a possible feature for antilvl. one anti-cracking technique is signature checking. the apk compares the hashcode of its signature with a stored hashcode to see if the apk has been resigned, which would indicate tampering since all apks must be resigned if modified. antilvl could search for these uses, which rarely have any other purpose but to prevent cracking, and optionally disable them. it would then be possible to extend this to other common, easy to interpret anti-cracking techniques. just some thoughts.
also thought of a possible feature for antilvl. one anti-cracking technique is signature checking. the apk compares the hashcode of its signature with a stored hashcode to see if the apk has been resigned, which would indicate tampering since all apks must be resigned if modified. antilvl could search for these uses, which rarely have any other purpose but to prevent cracking, and optionally disable them. it would then be possible to extend this to other common, easy to interpret anti-cracking techniques. just some thoughts.
Saturday, November 13, 2010
sharing a good blog
found a nice blog about reversing and android cracking by Dan, who was kind enough to point out that the well-known site crackmes.de has some android crackmes (just search android).
his blog also introduced me to a tool called dex2jar that will sort of convert a classes.dex file into .java source. of course, it's not perfect and it's still new but it can be useful for getting a quick overview if the dalvik is too confusing.
here's Dan's article on android reversing: http://www.kizhakkinan.com/?p=39, check it out. it's got pictures!
his blog also introduced me to a tool called dex2jar that will sort of convert a classes.dex file into .java source. of course, it's not perfect and it's still new but it can be useful for getting a quick overview if the dalvik is too confusing.
here's Dan's article on android reversing: http://www.kizhakkinan.com/?p=39, check it out. it's got pictures!
Friday, November 12, 2010
AntiLVL 0.8.1
saw some new kinds of obfuscation right after i released 0.8 so i spent the past several hours rewriting everything and optimizing. i had been looking for a fun java project to get some practice, so this has been quite handy.
the detection was totally rethought and there is a much better chance of detecting new types of obfuscation and lvl files in very strange places. i'm only increasing the version to 0.8.1 from 0.8 until i get a lot more testing, but to do that i'll need to test many apks. best way to do that is just send me any that don't work. i will assume it is legal for you to do so.
tested with 7 different apps and 3 of them worked. one of them would not recompile, so it does not count. one of them required further modifications. one seems broken. your mileage will vary.
the detection was totally rethought and there is a much better chance of detecting new types of obfuscation and lvl files in very strange places. i'm only increasing the version to 0.8.1 from 0.8 until i get a lot more testing, but to do that i'll need to test many apks. best way to do that is just send me any that don't work. i will assume it is legal for you to do so.
tested with 7 different apps and 3 of them worked. one of them would not recompile, so it does not count. one of them required further modifications. one seems broken. your mileage will vary.
AntiLVL 0.8
last week, i released the proof-of-concept version of anti lvl. it really only cracked the standard, unobfuscated android license verification. this version cracks license checks of more implementations and works even if code is obfuscated. it is also designed to be flexible and extensible to keep up with changing trends or any new types of implementations.
the new version is here:
https://sites.google.com/site/lohanplus/files/AntiLVL-0.8.zip?attredirects=0&d=1
there is a new page for antilvl so you don't have to always watch the blog here:
http://androidcracking.blogspot.com/p/antilvl.html
the new version is here:
https://sites.google.com/site/lohanplus/files/AntiLVL-0.8.zip?attredirects=0&d=1
there is a new page for antilvl so you don't have to always watch the blog here:
http://androidcracking.blogspot.com/p/antilvl.html
Sunday, November 7, 2010
AntiLVL - android license verification subversion
update:
new version released. read about it here: http://androidcracking.blogspot.com/2010/11/anti-lvl-08.html
i've written previously about android market license verification here and here. i decided to write a tool for developers who want to protect their apps more by automating the entire process. here's a copy of the readme:
https://sites.google.com/site/lohanplus/files/AntiLVL-0.5.zip?attredirects=0&d=1
new version released. read about it here: http://androidcracking.blogspot.com/2010/11/anti-lvl-08.html
i've written previously about android market license verification here and here. i decided to write a tool for developers who want to protect their apps more by automating the entire process. here's a copy of the readme:
AntiLVL - Android License Verification Library Subversionhere is the download link:
[ What is it? ]
This takes an .apk or apktool dump directory, attempts to subvert the market license verification library and recompiles, signs and zipaligns the modified code. The result is an .apk with the LVL check effectively removed. To the App, it appears the check was successful and no part of the application code is modified.
[ Who is it for? ]
Developers who wish to have more than Android LVL protection could devise and implement other types of protection. Then this tool could be used to simulate a crack attempt without the developer having to learn to use apktool, Dalvik and LVL cracking methods.
[ Usage ]
Usage: java -jar AntiLVL.jar [options] <smali dump path | Apk file> [output Apk name]
Options:
-v: Verbose output
-s: Skip assembly
-h: Show help
[ Known Problems ]
Any sort of LVL obfuscation will prevent this tool from working. It will be added if people want it.
https://sites.google.com/site/lohanplus/files/AntiLVL-0.5.zip?attredirects=0&d=1
Subscribe to:
Posts
(
Atom
)