RSS Feed
Twitter
Well, it seems people are getting crazy about Android platform(everyone is trying to buy an Android phone!). lets see if I can get my hands dirty with this Linux+java clean room engineered platform.
To begin our journey we need Android SDK, a target to test with and the necessary tools.
You can download the necessary file from these locations:
Android SDK: http://developer.Android.com/sdk/index.html
Deurus Android crackme 03: http://crackmes.de/users/deurus/android_crackme03/
Smali and baksmali: http://code.google.com/p/smali/
Dex2jar: http://code.google.com/p/dex2jar/
Java decompiler: http://java.decompiler.free.fr/
Download and install Android SDK, SDK platform(latest is 2.2 at the time of writing), necessary Java packages and rest of the tools. Create a virtual device from SDK menu and start emulation. Within few minutes you can see the emulator booting up and showing the phone screen. Well, thats it! we have our emulator up and running.
Getting Started with the Game :
Now we need to install the software(crackme, its legal!) to the emulator. For that you may have to get acquainted with Android debug bridge(adb). Installing a apk file is pretty simple, all you have to do is to run two commands from Android SDK directory/tools.
After the installation you can see the crackme icon from application menu.
Now run the crackme by clicking on it. If everything went as expected you will see the crackme application on the screen.
Now we will play with it, pressing check button with no inputs pops a message 'Min 4 chars', and with a proper name it pops up 'Bad boy'. We have to remember these strings because we will be using them as our search keys when we disassemble the apk(actually dex) files. Also note that we have two hardware ids and we need to find out what those exactly means.
Real Android Reversing :
As our crackme is up and running in emulator, we now move onto reversing it. If you have read apk file format, you can visualize it as a extended JAR file which essentially is a zip file. Now you can change the crackme file name from Crackme03.apk to Crackme03.zip and decompress it to any folder.
Now the interesting file for us is classes.dex, which contains the compiled vm codes. We are going to disassemble the dex file with baksmali. Commands are pretty simple as you can see from screen shots.
If everything worked fine, we will have a folder structure similar to Java packages. Interesting .smali files are located at '\com\example\helloandroid'. Open all the .smali files into your favorite text editor(I use Notepad++). If you have never done anything related to reverse engineering/esoteric programming/assembly(IL) programming, you will probably think: WTF!. Relax. We have just opened a disassembled dex file. Now, if you are thinking how on earth someone can find the correct location of checking function, I hope you remember those pop up strings I told earlier. Yeah, 'Min 4 chars' and 'Bad boy'. Now we will use those strings as our search keys. Searching Min 4 chars in all the opened .smali files, we will find a hit in HelloAndroid$2.smali line 130.
Our aim is to understand the serial checking function and write a keygen for it. For that we have to know all the dalvik opcodes that are used here. You can visit this page to understand the opcodes and after that you can convert disassembled code to much higher language constructs. I will provide a brief code snippet which actually implements the algorithm. Two hardware ids used are IMEI and sim serial number.
As you can see, the algorithm is pretty straight forward. It is using name and two hardware ids as input and doing some operations on them to make a serial. We can easily recode it in any programming language we prefer to make it as a keygen. Anyway, I am not posting any keygen sources as it will spoil the whole phun!
Decoding the Algorithm :
A demonstrative serial calculation routine is given below:
Code:
Name: aaaaa
HW ID1: 0000000000000000
HW ID2: 89014103211118510720
At first 'aaaaa' will be converted to '9797979797', from which we will take first 5 letters and convert it into integer 97979
This will be xored with 0x6B016 resulting 511661 and this will be first part of serial.
For second part, we will take first 6 letters from HW ID1 and HW ID2, convert them to integer and xor, resulting 000000^890141 = 890141.
For third part we will use first 6 characters from HW ID1.
Formatting with the specified delimiter the serial will become '511661-890141-000000'.
Final Verification of Reversing :
Now we will put the same magic number into our Crackme application.
Bingo! everything worked as expected. Now, for all those who thinks it is pretty hard to read all those disassembled instructions and manually converting them to higher language constructs, there are other options. As dalvik is based on design of Java, it is also susceptible to decompilation. There is no decompiler available at this moment, but there is hope.
For now we can use another utility which converts dex files to jar files so that we can use Java decompilers to see much more abstracted code. From starting of this blog post you may have noticed the tool dex2jar. Use dex2jar to convert classes.dex to classes.dex.dex2jar.jar. Open it in a Java decompiler and you can see much better output than dalvik disassembly. Please note that dex2jar is still in development phase and the output is meaningless at many places. This should be used only to get a quick understanding of all the functions.
Conclusion :
In this introductory article, Dhanesh explains reversing Andriod using the emulator and all available tools in sequence with pictorial elaborative steps. It is mainly based to set up your ground for further reversing work on Andriod Platform.
Well, thats it! We have analyzed an Android program and defeated its protection. Cheerio!
Special How To Crack Gameloft Android HD Games Credit Goes to Djeman for Inventing This Method:
unpack an android package (apk) with a zip extractor, disassemble dex file in smali source files with dex2jar .
delete this {blue} line in the LicenseManagement.smali in the Billing folder.
Code:
if-nez v0, :cond_1
.line 224
const-string v0, "ANDROID BILLING"
const-string v0, "THIS IS A FULL VERSION PREVIOUSLY BILLED"
invoke-static {v2, v3, v0}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/GLDebug;->debugMessage(ILjava/lang/String;Ljava/lang/String;)V
.line 225
invoke-static {}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/LicenseManagement;->saveUnlockGame()V
move v0, v2
.line 230
:goto_1
return v0
.line 229
:cond_1
const-string v0, "ANDROID BILLING"
const-string v0, "THIS IS NOT A FULL VERSION!!!!"
rebuild apk After that you need to sign it to run on your mobile.
http://developer.android.com/guide/p...p-signing.html
http://forum.mobiles24.com/showthrea...810#post365810
To understand Dalvik's commands more, you'll need that website
http://pallergabor.uw.hu/androidblog...k_opcodes.html
And if you want to go further, for the .so file, the ELF Dynamic library, you have to use IDA Pro to analyze it, and with ARM doc (Find it here) you'll be allowed to modify the file with a hexadecimal editor by calculating the ARM opcodes.
2 comments:
Gaming is like any skill, in that it takes practice but also knowing what you're doing. There are a few accessories and settings you can adjust to get better at video games. While targeted at console games and fps games, it can be applied to PC gaming as well.
Real games
Folder locks software by using that you can protect your important files or folder. It can also protect drives. To protect, files, drives, folders, it uses a password that will be selected. So, you can maintain your privacy on computer by using folder lock.For this, we can suggest you to use folder lock 7.5. It is really powerful protection software.so you want to get this software " please click here and visit this website(onlinetech24.com) and dowenload this.
Post a Comment