Friday, October 29, 2010

way of the android cracker 1

lesson 1 is finished. it covers debugging methods such as log statements and smalidebugging with apktool and netbeans. it also features crackme1 which is still somewhat easy but more difficult and realistic. download here:

lesson 0 has been renovated to include screen shots, a few fixes and an updated crackme0.

hope you learn something. good luck.

Friday, October 22, 2010

progress on second lesson

i am about half-way finished with the second lesson. while doing it i had many ideas for improving the first lesson. i have gone back and updated, tweaked and fixed the first lesson and will upload it when i am finished with the second.

the next crackme is only slightly more complex but it will include signature verification, a common anti-cracking technique. it is still quite easy but illuminating. actually it is about as easy as many actual android apps. the next lesson will include an obfuscated crackme, an additional anti-cracking technique and perhaps killer robots that stalk you in your sleep, but i may only have time two of those three.

cracking android license code is such a straightforward process that i have started work on a program that will do all of the work for you (baksmali, patch, recompile, resign). i'm not sure if others will find it useful so it does not get much attention.

Tuesday, October 19, 2010

unexplainable problems after recompilation with apktool

something i have seen many times is when a program is recompiled it has strange errors. perhaps a progress bar is not showing up correctly, the layout is somehow distorted or there are strange force closes that happen. in my experience the reason for this is almost always apktool's handling of resources.

if you are having trouble, try simply dumping and building without changing anything with apktool. if there is a problem, then apktool is the culprit. i suggest making an issue on apktool's page here:

you don't have to go into detail about what you're using apktool for. there are lots of legitimate reasons such as adding localization. it should suffice to mention in the report that simply dumping/building results in a distorted .apk.

if you are merely modifying smali code and don't need to modify the resources, try using the --no-res option, or you could just use smali/baksmali. if you are trying to modify an .xml resource then you might have to do it manually.

working with smali means working with the classes.dex file in the apk, and not the apk itself. you will also have to handle resigning and zipaligning (optional) yourself

Friday, October 15, 2010

android market license validation

there are more and more apps using a new official license validation mechanism. it seems very well made and robust but unfortunately it is trivial to overcome in at least every instance where i have seen it.

for more information on how it works, there is lots of good information here:

update: all known (by me) license verification library cracking methods have been implemented in an automated tool here:

if you are interested in seeing how easy it is to defeat, read on.

open com/android/vending/licensing/LicenseValidator.smali and look at handleResponse() you'll see something like:

iget-object v0, p0, Lcom/android/vending/licensing/LicenseValidator;->mPolicy:Lcom/android/vending/licensing/Policy;

# this function returns true/false depending on if we should allow access 
invoke-interface {v0}, Lcom/android/vending/licensing/Policy;->allowAccess()Z

move-result v0

# comment out this jump and protection is gone.
# you can also make allowAccess() always return 0x1 (true)
#if-eqz v0, :cond_0

also there is an updated version of the smali syntax highlight file available here: