Activity Stream
94,887 MEMBERS
57 ONLINE
How To Crack Android Application & Game How To Crack Android Application & Game How To Crack Android Application & Game How To Crack Android Application & Game How To Crack Android Application & Game
Results 1 to 6 of 6
  1.    Tweet this post   Share This Post On Facebook Share This Post On Google+
    #1
    Special Member
    Senior Poster
    Mobile_Guru's Avatar
    How To Crack Android Application & Game

    Info How To Crack Android Application & Game

    How To Crack Android Application & Game

    Setting up the Ground :
    Well, it seems people are getting crazy about Android platform(everyone is trying to buy an Android phone!). lets see if I can get my hands dirty with this Linux+java clean room engineered platform.

    To begin our journey we need Android SDK, a target to test with and the necessary tools.

    You can download the necessary file from these locations:

    Android SDK: [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]

    Deurus Android crackme 03: [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]

    Smali and baksmali: [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]

    Dex2jar: [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]

    Java decompiler: [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    Download and install Android SDK, SDK platform(latest is 2.2 at the time of writing), necessary Java packages and rest of the tools. Create a virtual device from SDK menu and start emulation. Within few minutes you can see the emulator booting up and showing the phone screen. Well, thats it! we have our emulator up and running.

    Getting Started with the Game :
    Now we need to install the software(crackme, its legal!) to the emulator. For that you may have to get acquainted with Android debug bridge(adb). Installing a apk file is pretty simple, all you have to do is to run two commands from Android SDK directory/tools.



    After the installation you can see the crackme icon from application menu.



    Now run the crackme by clicking on it. If everything went as expected you will see the crackme application on the screen.



    Now we will play with it, pressing check button with no inputs pops a message 'Min 4 chars', and with a proper name it pops up 'Bad boy'. We have to remember these strings because we will be using them as our search keys when we disassemble the apk(actually dex) files. Also note that we have two hardware ids and we need to find out what those exactly means.

    Real Android Reversing :
    As our crackme is up and running in emulator, we now move onto reversing it. If you have read apk file format, you can visualize it as a extended JAR file which essentially is a zip file. Now you can change the crackme file name from Crackme03.apk to Crackme03.zip and decompress it to any folder.



    Now the interesting file for us is classes.dex, which contains the compiled vm codes. We are going to disassemble the dex file with baksmali. Commands are pretty simple as you can see from screen shots.



    If everything worked fine, we will have a folder structure similar to Java packages. Interesting .smali files are located at '\com\example\helloandroid'. Open all the .smali files into your favorite text editor(I use Notepad++). If you have never done anything related to reverse engineering/esoteric programming/assembly(IL) programming, you will probably think: WTF!. Relax. We have just opened a disassembled dex file. Now, if you are thinking how on earth someone can find the correct location of checking function, I hope you remember those pop up strings I told earlier. Yeah, 'Min 4 chars' and 'Bad boy'. Now we will use those strings as our search keys. Searching �Min 4 chars� in all the opened .smali files, we will find a hit in HelloAndroid$2.smali line 130.



    Our aim is to understand the serial checking function and write a keygen for it. For that we have to know all the dalvik opcodes that are used here. You can visit this page to understand the opcodes and after that you can convert disassembled code to much higher language constructs. I will provide a brief code snippet which actually implements the algorithm. Two hardware ids used are IMEI and sim serial number.

    01 //Read name from text box
    02 const v23, 0x7f050004
    03 invoke-virtual/range {v22 .. v23}, Lcom/example/helloandroid/HelloAndroid;->findViewById(I)Landroid/view/View;
    04 move-result-object v9
    05
    06 //Read serial from text box
    07 const v23, 0x7f050006
    08 invoke-virtual/range {v22 .. v23}, Lcom/example/helloandroid/HelloAndroid;->findViewById(I)Landroid/view/View;
    09 move-result-object v21
    10
    11 //Checking whether the name is of length greate than 4
    12 const/16 v22, 0x4
    13 move v0, v11
    14 move/from16 v1, v22
    15 if-ge v0, v1, :cond_51
    16
    17 //Popup showing Min 4 chars
    18 const-string v23, "Min 4 chars"
    19 const/16 v24, 0x1
    20 .line 86
    21 invoke-static/range {v22 .. v24}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
    22 move-result-object v13
    23 .line 88
    24 .local v13, notificacionToast:Landroid/widget/Toast;
    25 invoke-virtual {v13}, Landroid/widget/Toast;->show()V
    26
    27 //There is a little exception trick to make integer string from username
    28 //It converts aaaa to 97979797 which is ascii equivalent
    29 invoke-virtual {v10, v5}, Ljava/lang/String;->charAt(I)C
    30 move-result v3
    31
    32 //Getting first 5 chars from ascii converted name
    33 const/16 v22, 0x0
    34 const/16 v23, 0x5
    35 move-object v0, v12
    36 move/from16 v1, v22
    37 move/from16 v2, v23
    38 invoke-virtual {v0, v1, v2}, Ljava/lang/String;->substring(II)Ljava/lang/String;
    39
    40 //Converting it into integer abd xoring with 0x6B016 - Serial part 1
    41 invoke-static {v12}, Ljava/lang/Integer;->parseInt(Ljava/lang/StringI
    42 move-result v22
    43 const v23, 0x6b016
    44 xor-int v22, v22, v23
    45
    46 //Getting IMEI from TelephonyManager
    47 //http://developer.Android.com/reference/Android/telephony/TelephonyManager.html
    48 invoke-virtual {v8}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String;
    49 move-result-object v6
    50 .line 102
    51 .local v6, imei2:Ljava/lang/String;
    52
    53 //Getting sim serial
    54 invoke-virtual {v8}, Landroid/telephony/TelephonyManager;->getSimSerialNumber()Ljava/lang/String;
    55 move-result-object v16
    56 .line 103
    57 .local v16, simsn:Ljava/lang/String;
    58
    59 //Getting first 6 chars from IMEI, and similarly from sim serial (IMEI.Substring(0,6) will be used as Serial part 3)
    60 const/16 v22, 0x0
    61 const/16 v23, 0x6
    62 move-object v0, v6
    63 move/from16 v1, v22
    64 move/from16 v2, v23
    65 invoke-virtual {v0, v1, v2}, Ljava/lang/String;->substring(II)Ljava/lang/String;
    66
    67 //Converting them to integer and xoring - Serial part2
    68 invoke-static/range {v19 .. v19}, Ljava/lang/Integer;->parseInt(Ljava/lang/StringI
    69 move-result v22
    70 invoke-static/range {v20 .. v20}, Ljava/lang/Integer;->parseInt(Ljava/lang/StringI
    71 move-result v23
    72 xor-int v22, v22, v23
    73
    74 //Making a new StringBuilder object and formatting the string to part1-part2-part3
    75 new-instance v22, Ljava/lang/StringBuilder;
    76 invoke-static {v12}, Ljava/lang/String;->valueOf(Ljava/lang/ObjectLjava/lang/String;
    77 move-result-object v23
    78 invoke-direct/range {v22 .. v23}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/StringV
    79 const-string v23, "-"
    80 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/StringLjava/lang/StringBuilder;
    81 move-result-object v22
    82 invoke-static/range {v17 .. v18}, Ljava/lang/String;->valueOf(J)Ljava/lang/String;
    83 move-result-object v23
    84 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/StringLjava/lang/StringBuilder;
    85 move-result-object v22
    86 const-string v23, "-"
    87 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/StringLjava/lang/StringBuilder;
    88 move-result-object v22
    89 move-object/from16 v0, v22
    90 move-object/from16 v1, v19
    91 invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/StringLjava/lang/StringBuilder;
    92 move-result-object v22
    93
    94 //Checking whether user entered serial and program made serials are equal.

    [Login or [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]
    to remove this advertisement]

    95 invoke-virtual {v14, v15}, Ljava/lang/String;->equals(Ljava/lang/Object
    Real Android Reversing :
    As our crackme is up and running in emulator, we now move onto reversing it. If you have read apk file format, you can visualize it as a extended JAR file which essentially is a zip file. Now you can change the crackme file name from Crackme03.apk to Crackme03.zip and decompress it to any folder.



    Now the interesting file for us is classes.dex, which contains the compiled vm codes. We are going to disassemble the dex file with baksmali. Commands are pretty simple as you can see from screen shots.



    If everything worked fine, we will have a folder structure similar to Java packages. Interesting .smali files are located at '\com\example\helloandroid'. Open all the .smali files into your favorite text editor(I use Notepad++). If you have never done anything related to reverse engineering/esoteric programming/assembly(IL) programming, you will probably think: WTF!. Relax. We have just opened a disassembled dex file. Now, if you are thinking how on earth someone can find the correct location of checking function, I hope you remember those pop up strings I told earlier. Yeah, 'Min 4 chars' and 'Bad boy'. Now we will use those strings as our search keys. Searching Min 4 chars in all the opened .smali files, we will find a hit in HelloAndroid$2.smali line 130.



    Our aim is to understand the serial checking function and write a keygen for it. For that we have to know all the dalvik opcodes that are used here. You can visit this page to understand the opcodes and after that you can convert disassembled code to much higher language constructs. I will provide a brief code snippet which actually implements the algorithm. Two hardware ids used are IMEI and sim serial number.

    As you can see, the algorithm is pretty straight forward. It is using name and two hardware ids as input and doing some operations on them to make a serial. We can easily recode it in any programming language we prefer to make it as a keygen. Anyway, I am not posting any keygen sources as it will spoil the whole phun!

    Decoding the Algorithm :
    A demonstrative serial calculation routine is given below:

    Code: 
    Name: aaaaa
    HW ID1: 0000000000000000
    HW ID2: 89014103211118510720
    Here are stepwise instructions on generating final serial number
    At first 'aaaaa' will be converted to '9797979797', from which we will take first 5 letters and convert it into integer 97979
    This will be xored with 0x6B016 resulting 511661 and this will be first part of serial.
    For second part, we will take first 6 letters from HW ID1 and HW ID2, convert them to integer and xor, resulting 000000^890141 = 890141.
    For third part we will use first 6 characters from HW ID1.
    Formatting with the specified delimiter the serial will become '511661-890141-000000'.

    Final Verification of Reversing :
    Now we will put the same magic number into our Crackme application.



    Bingo! everything worked as expected. Now, for all those who thinks it is pretty hard to read all those disassembled instructions and manually converting them to higher language constructs, there are other options. As dalvik is based on design of Java, it is also susceptible to decompilation. There is no decompiler available at this moment, but there is hope.

    For now we can use another utility which converts dex files to jar files so that we can use Java decompilers to see much more abstracted code. From starting of this blog post you may have noticed the tool dex2jar. Use dex2jar to convert classes.dex to classes.dex.dex2jar.jar. Open it in a Java decompiler and you can see much better output than dalvik disassembly. Please note that dex2jar is still in development phase and the output is meaningless at many places. This should be used only to get a quick understanding of all the functions.

    Conclusion :
    In this introductory article, Dhanesh explains reversing Andriod using the emulator and all available tools in sequence with pictorial elaborative steps. It is mainly based to set up your ground for further reversing work on Andriod Platform.

    Well, thats it! We have analyzed an Android program and defeated its protection. Cheerio!

    Special How To Crack Gameloft Android HD Games Credit Goes to Djeman for Inventing This Method:

    unpack an android package (apk) with a zip extractor, disassemble dex file in smali source files with dex2jar .
    delete this {blue} line in the LicenseManagement.smali in the Billing folder.

    Code: 
    if-nez v0, :cond_1
    
        .line 224
        const-string v0, "ANDROID BILLING"
    
        const-string v0, "THIS IS A FULL VERSION PREVIOUSLY BILLED"
    
        invoke-static {v2, v3, v0}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/GLDebug;->debugMessage(ILjava/lang/String;Ljava/lang/String;)V
    
        .line 225
        invoke-static {}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/LicenseManagement;->saveUnlockGame()V
    
        move v0, v2
    
        .line 230
        :goto_1
        return v0
    
        .line 229
        :cond_1
        const-string v0, "ANDROID BILLING"
    
        const-string v0, "THIS IS NOT A FULL VERSION!!!!"
    So you have to delete the blue line, to avoid the game to jump to the read line (by deleting this line game will never show THIS IS NOT A FULL VERSION).
    rebuild apk After that you need to sign it to run on your mobile.
    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    To understand Dalvik's commands more, you'll need that website
    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    And if you want to go further, for the .so file, the ELF Dynamic library, you have to use IDA Pro to analyze it, and with ARM doc (Find it here) you'll be allowed to modify the file with a hexadecimal editor by calculating the ARM opcodes.

    All information is provided for educational purposes only.
    Mobile_Guru Reviewed by Mobile_Guru on . How To Crack Android Application & Game How To Crack Android Application & Game Setting up the Ground : Well, it seems people are getting crazy about Android platform(everyone is trying to buy an Android phone!). lets see if I can get my hands dirty with this Linux+java clean room engineered platform. To begin our journey we need Android SDK, a target to test with and the necessary tools. You can download the necessary file from these locations: Android SDK: http://developer.Android.com/sdk/index.html Rating: 5

  2. The Following 2 Users Say Thank You to Mobile_Guru For This Useful Post:
    [ Click to Expand ]

    rafalense (13th April 2013),real (23rd November 2013)

  3.   Advertisements

  4.    Tweet this post   Share This Post On Facebook Share This Post On Google+
    #2
    ₪ cGiPDA Team ₪
    R@me$h's Avatar
    How To Crack Android Application &amp; Game
    1/"Introduction":
    So as you certainly know it, a .apk file is quite like a .zip... You can unzip it. If you're a little curious and you do that, you'll see that it contains some folders like:
    -"Res": The images of the game are usually stored in "drawable", the sounds in"raw" etc...
    -"META-INF": You obtain it when you sign the .apk..
    -You can find the AndroidManifest
    And sometimes there are also other folders but you don't care about them... What we have to modify is the file "classes.dex"
    Let's see how to do that

    2/Disassemble the .apk/classes.dex:
    So there are many methods for that, like converting the .dex file to .jar with dex2jar and read it with a java decompiler but the method i prefer is to use apktool:
    Code:

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]

    I'll show you how to use it (if you still don't know how to do

    3/Cracking :
    So this is a (very) quick tutorial, there are many different protections so don't be angry if this method doesn't work with another game anyway i'll improve my tutorial later and add other methods later

    So i've recently downloaded a game
    Medieval. v1.0.6 full retail

    and i got this

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    And of course, i've decided to crack it :smile:.
    So put the .apk of the game in the apktool folder. Open cmd and write:
    Code:

    cd c:\[directory-of-the-apktool-folder]apktool d name_of_your_file.apk
    like this:



    So apktool is quite cool because it converts the classes.dex file to a smali folder.. it contains many .smali files, you can open them with a text editor (i use notepad ++). Where you have to go is smali\android\vending\licensing\..
    In this case we are lucky because the .smali files are named "correctly"..i mean sometimes they are named "a","b", "c","d" etc...

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    Open ServerManagedPolicy.smali and go here:

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    There is the allowAcess() function, wich returns true (licensed) or false (license check fail )
    here, we can easly guess that 0x0 returns false and 0x1 true... So just change 0X0 to 0X1... Like this:

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    When it is done, congrats your game is now cracked That was easy huh ???
    just save and recompile the .apk like this:
    Code:

    apktool b [name-of-the-folder] [write-the-name-of-your-cracked-game].apk
    like this.

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    now you have to sign the .apk because you have recompiled it What i do is that i put the game on my sd card and i use zipsigner (free on the android market) to sign it:

    [Only Registered and Activated users can see Content.
    Click Here To Register..
    ]


    done, you can install it and play without problems


  5. The Following 1 Users Say Thank You to R@me$h For This Useful Post:
    [ Click to Expand ]

    MiXMaster (8th February 2019)

  6.    Tweet this post   Share This Post On Facebook Share This Post On Google+
    #3
    iron man9's Avatar

    Default Re: How To Crack Android Application & Game

    now there's the apk manager that make the compiling much easier rather than writing the codes in apktool don't you think so

  7.    Tweet this post   Share This Post On Facebook Share This Post On Google+
    #4
    thanks for posting was of great help

  8.    Tweet this post   Share This Post On Facebook Share This Post On Google+
    #5
    its easier said than done I really have to get this going

  9.    Tweet this post   Share This Post On Facebook Share This Post On Google+
    #6
    Thank you for sharing this with us and while i am a noob, i still think its great to read the process behind all this awesomeness so a big thumbs up to the poster.

Thread Information

Users Browsing this Thread

There Are Currently 1 Users Browsing This Thread. (0 Members and 1 Guests)

Similar Threads

  1. Request your Ad-Free Application or Game here
    By Mobile_Guru in forum Symbian^3 General Discussions,Request & Help
    Replies: 44
    Last Post: 30th January 2014, 04:57 PM
  2. Mega Android Application and Game Pack Vol 2
    By dth1982 in forum Android Packs
    Replies: 0
    Last Post: 22nd April 2012, 11:13 AM
  3. Great Little War Game v1.0 Proper Crack (Android)
    By BogdanSNB in forum Android OS Games
    Replies: 0
    Last Post: 5th October 2011, 12:23 AM
  4. Replies: 1
    Last Post: 1st June 2011, 01:03 PM

Tags for this Thread

BE SOCIAL
How To Crack Android Application &amp; Game How To Crack Android Application &amp; Game How To Crack Android Application &amp; Game How To Crack Android Application &amp; Game How To Crack Android Application &amp; Game