Friday, October 15, 2010

android market license validation

there are more and more apps using a new official license validation mechanism. it seems very well made and robust but unfortunately it is trivial to overcome in at least every instance where i have seen it.

for more information on how it works, there is lots of good information here:
http://developer.android.com/guide/publishing/licensing.html

update: all known (by me) license verification library cracking methods have been implemented in an automated tool here: http://androidcracking.blogspot.com/p/antilvl.html

if you are interested in seeing how easy it is to defeat, read on.

open com/android/vending/licensing/LicenseValidator.smali and look at handleResponse() you'll see something like:

iget-object v0, p0, Lcom/android/vending/licensing/LicenseValidator;->mPolicy:Lcom/android/vending/licensing/Policy;

# this function returns true/false depending on if we should allow access 
invoke-interface {v0}, Lcom/android/vending/licensing/Policy;->allowAccess()Z

move-result v0

# comment out this jump and protection is gone.
# you can also make allowAccess() always return 0x1 (true)
#if-eqz v0, :cond_0


also there is an updated version of the smali syntax highlight file available here:
http://androidcracking.blogspot.com/2010/09/smali-syntax-highlighting-for-ultraedit.html

1 comment :

  1. Updated tutorial showing how to crack Amazon Appstore's DRM: http://pastebin.com/cFddguZX

    ReplyDelete

Do NOT post about or link to specific apps!