verizon has a new app store. it has an amazon-store like drm that's fairly simple to crack.
here's how it works. in the launching activity a thread is started that calls checkLicense(). this was in com/cp/app/MainActivity$2.smali:
if you look at isDRMDone() you'll see that it's basically a big switch. input of 0 or 1 counts as valid. everything else is some kind of error. so we just need to make sure checkLicense returns 1 and doesn't call anything else that may have side effects (timeouts, checking to see if verizon app store is installed, etc..).
checkLicense() is defined in com/verizon/vcast/apps/LicenseAuthenticator.smali. after modification it looks like:
if you're a developer, depending on how they implement the insertion of their drm, it may still be possible to use classical protection / anti-tampering techniques. i'd like to know. but really though, don't waste your time on protection. i'm not blasting verizon or amazon or google for weak security. real effort should be spent improving the program, not slowing down (because you can't stop) crackers. if you want money, use ads.
here's how it works. in the launching activity a thread is started that calls checkLicense(). this was in com/cp/app/MainActivity$2.smali:
.method public run()V .locals 2 .prologue .line 100 invoke-static {}, Landroid/os/Looper;->prepare()V .line 102 :try_start_0 iget-object v0, p0, Lcom/cp/app/MainActivity$2;->this$0:Lcom/cp/app/MainActivity; iget-object v0, v0, Lcom/cp/app/MainActivity;->licenseAuthenticator:Lcom/verizon/vcast/apps/LicenseAuthenticator; sget-object v1, Lcom/cp/app/MainActivity;->verizonAppKeyword:Ljava/lang/String; # call checkLicense and store result in v0 invoke-virtual {v0, v1}, Lcom/verizon/vcast/apps/LicenseAuthenticator;->checkLicense(Ljava/lang/String;)I move-result v0 .line 103 iget-object v1, p0, Lcom/cp/app/MainActivity$2;->this$0:Lcom/cp/app/MainActivity; # send result of checkLicense (v0) to isDRMDone() invoke-virtual {v1, v0}, Lcom/cp/app/MainActivity;->isDRMDone(I)Z move-result v0 # isDRMDone() handles error messages and returns true when all is good if-eqz v0, :cond_0 # ... rest of code if you look at isDRMDone() you'll see that it's basically a big switch. input of 0 or 1 counts as valid. everything else is some kind of error. so we just need to make sure checkLicense returns 1 and doesn't call anything else that may have side effects (timeouts, checking to see if verizon app store is installed, etc..).
checkLicense() is defined in com/verizon/vcast/apps/LicenseAuthenticator.smali. after modification it looks like:
.method public declared-synchronized checkLicense(Ljava/lang/String;)I .locals 10 .parameter "keyword" .prologue # just set v0 to true and return # the rest of the code never runs const/4 v0, 0x1 return v0 const/16 v9, 0x64 const-string v7, "checkLicense() finished. Trying to shutDownLicenseService()" const-string v7, "LicenseAuthenticator" .line 256 monitor-enter p0 :try_start_0 const-string v7, "LicenseAuthenticator" const-string v8, "begin checkLicense()" # ... rest of code
if you're a developer, depending on how they implement the insertion of their drm, it may still be possible to use classical protection / anti-tampering techniques. i'd like to know. but really though, don't waste your time on protection. i'm not blasting verizon or amazon or google for weak security. real effort should be spent improving the program, not slowing down (because you can't stop) crackers. if you want money, use ads.
Komentar
Posting Komentar