Results 1 to 1 of 1

Thread: How To Crack Android Apps & games

          
  1. #1
    Super Moderator GSM_Update's Avatar
    Join Date
    Aug 2010
    Posts
    2,467
    Thanks
    56
    Thanked 189 Times in 131 Posts

    Lightbulb How To Crack Android Apps & games

    Cracking Android Apps & Games



    Check out the step by step Guide

    Setting up the Ground :

    To begin our journey we need Android SDK, a target to test with and the necessary tools.

    You can download the necessary file from these locations:

    Android SDK: Android SDK | Android Developers
    Deurus Android crackme 03: Crackmes.de - Welcome to the longest running and most complete Crackmes web page on the internet.
    Smali and baksmali: smali - An assembler/disassembler for Android's dex format - Google Project Hosting
    Dex2jar: dex2jar - Tools to work with android .dex and java .class files - Google Project Hosting
    Java decompiler: JD | Java Decompiler

    Download and install Android SDK, SDK platform(latest is 2.2 at the time of writing), necessary Java packages and rest of the tools. Create a virtual device from SDK menu and start emulation. Within few minutes you can see the emulator booting up and showing the phone screen. Well, thats it! we have our emulator up and running.

    Getting Started with the Game :
    Now we need to install the software(crackme, its legal!) to the emulator. For that you may have to get acquainted with Android debug bridge(adb). Installing a apk file is pretty simple, all you have to do is to run two commands from Android SDK directory/tools.



    After the installation you can see the crackme icon from application menu.



    Now run the crackme by clicking on it. If everything went as expected you will see the crackme application on the screen.



    Now we will play with it, pressing check button with no inputs pops a message 'Min 4 chars', and with a proper name it pops up 'Bad boy'. We have to remember these strings because we will be using them as our search keys when we disassemble the apk(actually dex) files. Also note that we have two hardware ids and we need to find out what those exactly means.

    Real Android Reversing :
    As our crackme is up and running in emulator, we now move onto reversing it. If you have read apk file format, you can visualize it as a extended JAR file which essentially is a zip file. Now you can change the crackme file name from Crackme03.apk to Crackme03.zip and decompress it to any folder.



    Now the interesting file for us is classes.dex, which contains the compiled vm codes. We are going to disassemble the dex file with baksmali. Commands are pretty simple as you can see from screen shots.



    If everything worked fine, we will have a folder structure similar to Java packages. Interesting .smali files are located at '\com\example\helloandroid'. Open all the .smali files into your favorite text editor(I use Notepad++). If you have never done anything related to reverse engineering/esoteric programming/assembly(IL) programming, you will probably think: WTF!. Relax. We have just opened a disassembled dex file. Now, if you are thinking how on earth someone can find the correct location of checking function, I hope you remember those pop up strings I told earlier. Yeah, 'Min 4 chars' and 'Bad boy'. Now we will use those strings as our search keys. Searching Min 4 chars in all the opened .smali files, we will find a hit in HelloAndroid$2.smali line 130.



    Our aim is to understand the serial checking function and write a keygen for it. For that we have to know all the dalvik opcodes that are used here. You can visit this page to understand the opcodes and after that you can convert disassembled code to much higher language constructs. I will provide a brief code snippet which actually implements the algorithm. Two hardware ids used are IMEI and sim serial number.



    As you can see, the algorithm is pretty straight forward. It is using name and two hardware ids as input and doing some operations on them to make a serial. We can easily recode it in any programming language we prefer to make it as a keygen. Anyway, I am not posting any keygen sources as it will spoil the whole phun!

    Decoding the Algorithm :
    A demonstrative serial calculation routine is given below:

    Code:

    Name: aaaaa HW ID1: 0000000000000000 HW ID2: 89014103211118510720
    Here are stepwise instructions on generating final serial number
    At first 'aaaaa' will be converted to '9797979797', from which we will take first 5 letters and convert it into integer 97979
    This will be xored with 0x6B016 resulting 511661 and this will be first part of serial.
    For second part, we will take first 6 letters from HW ID1 and HW ID2, convert them to integer and xor, resulting 000000^890141 = 890141.
    For third part we will use first 6 characters from HW ID1.
    Formatting with the specified delimiter the serial will become '511661-890141-000000'.

    Final Verification of Reversing :
    Now we will put the same magic number into our Crackme application.



    Bingo! everything worked as expected. Now, for all those who thinks it is pretty hard to read all those disassembled instructions and manually converting them to higher language constructs, there are other options. As dalvik is based on design of Java, it is also susceptible to decompilation. There is no decompiler available at this moment, but there is hope.

    For now we can use another utility which converts dex files to jar files so that we can use Java decompilers to see much more abstracted code. From starting of this blog post you may have noticed the tool dex2jar. Use dex2jar to convert classes.dex to classes.dex.dex2jar.jar. Open it in a Java decompiler and you can see much better output than dalvik disassembly. Please note that dex2jar is still in development phase and the output is meaningless at many places. This should be used only to get a quick understanding of all the functions.

    Conclusion :
    In this introductory article, Dhanesh explains reversing Andriod using the emulator and all available tools in sequence with pictorial elaborative steps. It is mainly based to set up your ground for further reversing work on Andriod Platform.

    Well, thats it! We have analyzed an Android program and defeated its protection. Cheerio!

    Special How To Crack Gameloft Android HD Games Credit Goes to Djeman for Inventing This Method:
    unpack an android package (apk) with a zip extractor, disassemble dex file in smali source files with dex2jar .
    delete this {blue} line in the LicenseManagement.smali in the Billing folder.

    Code:

    if-nez v0, :cond_1
    .line 224
    const-string v0, "ANDROID BILLING"
    const-string v0, "THIS IS A FULL VERSION PREVIOUSLY BILLED"
    invoke-static {v2, v3, v0}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/GLDebug;->debugMessage(ILjava/lang/String;Ljava/lang/StringV
    .line 225
    invoke-static {}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/LicenseManagement;->saveUnlockGame()V

    move v0, v2

    .line 230
    :goto_1
    return v0
    .line 229
    :cond_1
    const-string v0, "ANDROID BILLING"
    const-string v0, "THIS IS NOT A FULL VERSION!!!!"





















    So you have to delete the blue line, to avoid the game to jump to the read line (by deleting this line game will never show THIS IS NOT A FULL VERSION).
    rebuild apk After that you need to sign it to run on your mobile.


    http://developer.android.com/guide/p...p-signing.html

    To understand Dalvik's commands more, you'll need that website
    http://pallergabor.uw.hu/androidblog...k_opcodes.html

    And if you want to go further, for the .so file, the ELF Dynamic library, you have to use IDA Pro to analyze it, and with ARM doc (Find it here) you'll be allowed to modify the file with a hexadecimal editor by calculating the ARM opcodes.

  2. # ADS
    Circuit advertisement
    Join Date
    Always
    Posts
    Many
    Official iPhone Unlock - iUnlockStore World's most trusted iPhone Unlocking Solution -
    Official iPhone Unlock
     

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Cyder Cydia in PC Ultrasn0w,SSH,Apps,Games,Theme Without Wifi [100% Working]
    By iPhone_help in forum iPhone Jailbreak & Hacks
    Replies: 5
    Last Post: 01-21-2013, 07:27 AM
  2. Android Cracked Games
    By Gsmman in forum Android Apps & Games
    Replies: 14
    Last Post: 07-21-2012, 04:53 PM
  3. Android Apps and Games Pack 2011 Edition
    By GSM_Update in forum Android Apps & Games
    Replies: 6
    Last Post: 04-28-2012, 12:31 AM
  4. Android Games Packs
    By anatolian in forum Android Apps & Games
    Replies: 0
    Last Post: 01-07-2012, 06:08 PM
  5. Android Cracked Games
    By Gsmman in forum Android Devices
    Replies: 5
    Last Post: 01-04-2012, 06:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •