I do not encourage the use of Dexer for any form of application piracy or copyright infringement. You HAVE TO customize the Google’s Android License Verification Library if you want to protect your software against piracy. This post was written to make you aware of this. Please support android developers, and pay for your apps.
I've made a simple application, using Android Licensing Service, based on the sample provided with the SDK. Then i've made a simple C# application, using Dexer, to show how it's easy to circumvent the licensing protection. Something similar was first done by Justin Case using Smali/Baksmali.
All the magic is in a switch block, which tells the licensing library what to do next, depending on the results of the verification query. Here is how to patch this switch, without knowing the class name, method name and method prototype (so it should work with simple obfuscated applications).
apktool d -f -s DexerLVL.unpatched.apk DexerLVL.unpatched.apk-extract
I: Copying raw classes.dex file...
I: Loading resource table...
I: Decoding resources...
I: Copying assets and libs...
copy /Y DexerLVL.unpatched.apk-extract\classes.dex classes.dex > nul
DexerPOC
Dexer Licensing POC - Scanning instructions...
SparseSwitch found! - com.android.vending.licensing.LicenseValidator
::verify(java.security.PublicKey, Int, java.lang.String, java.lang.String) : Void
Done!
copy /Y output.dex DexerLVL.unpatched.apk-extract\classes.dex > nul
apktool b DexerLVL.unpatched.apk-extract DexerLVL.patched.apk
I: Copying classes.dex file...
I: Checking whether resources has changed...
I: Building resources...
I: Building apk file...
jarsigner -keystore debug.keystore -storepass android -keypass android DexerLVL.patched.apk androiddebugkey
Again, i've made this on my own application for research purposes only. It is illegal to defeat protections on copyrighted works. You should read all protection techniques here.
Original application: DexerLVL.unpatched.apk | Patched application: DexerLVL.patched.apk |
Commentaires