SHARE
TWEET

Removind DRM from Android apps (includes Amazon's DRM)

a guest Apr 2nd, 2011 6,661 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. :. Download Smali and Baksmali:
  2.  
  3. http://code.google.com/p/smali/
  4.  
  5. :. Use Smali/Baksmali to decompile/recompile the classes.dex file from the apk file
  6.  
  7. :. Cracking Android Licensing:
  8.  
  9. open com/android/vending/licensing/LicenseValidator.smali and look at handleResponse() you'll see something like:
  10.  
  11.     iget-object v0, p0, Lcom/android/vending/licensing/LicenseValidator;->mPolicy:Lcom/android/vending/licensing/Policy;
  12.  
  13.     # this function returns true/false depending on if we should allow access
  14.     invoke-interface {v0}, Lcom/android/vending/licensing/Policy;->allowAccess()Z
  15.  
  16.     move-result v0
  17.  
  18.     # comment out this jump and protection is gone.
  19.     # you can also make allowAccess() always return 0x1 (true)
  20.     #if-eqz v0, :cond_0
  21.        
  22. :. Cracking Amazon Appstore DRM:
  23.  
  24. open com/amazon/android/aa/d.smali (this filename/path may be different, so try to look for strings from code below). You need to comment out 3 jumps as seen below:
  25.  
  26.         # virtual methods
  27.         .method public final a()V
  28.                 .registers 6
  29.  
  30.                 const-string v4, "LICENSE_FAILURE_CONTENT"
  31.  
  32.                 iget-object v0, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;
  33.  
  34.                 const-string v1, "APPLICATION_LICENSE"
  35.  
  36.                 invoke-virtual {v0, v1}, Lcom/amazon/android/o/d;->b(Ljava/lang/String;)Z
  37.  
  38.                 move-result v0
  39.  
  40.                 # Comment out first jump
  41.                 #if-eqz v0, :cond_14
  42.  
  43.                 sget-object v0, Lcom/amazon/android/aa/d;->a:Lcom/amazon/android/u/a;
  44.  
  45.                 const-string v1, "license verification succeeded"
  46.  
  47.                 invoke-virtual {v0, v1}, Lcom/amazon/android/u/a;->a(Ljava/lang/String;)V
  48.  
  49.                 :goto_13
  50.                 return-void
  51.  
  52.                 :cond_14
  53.                 invoke-virtual {p0}, Lcom/amazon/android/aa/d;->f()Z
  54.  
  55.                 move-result v0
  56.  
  57.                 # Comment out second jump
  58.                 #if-eqz v0, :cond_1d
  59.  
  60.                 invoke-virtual {p0}, Lcom/amazon/android/aa/d;->g()V
  61.  
  62.                 :cond_1d
  63.                 new-instance v1, Lcom/amazon/android/l/m;
  64.  
  65.                 iget-object v0, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;
  66.  
  67.                 const-string v2, "LICENSE_FAILURE_CONTENT"
  68.  
  69.                 invoke-virtual {v0, v4}, Lcom/amazon/android/o/d;->a(Ljava/lang/String;)Ljava/lang/Object;
  70.  
  71.                 move-result-object v0
  72.  
  73.                 check-cast v0, Lcom/amazon/android/l/d;
  74.  
  75.                 # Comment out third jump
  76.                 #if-eqz v0, :cond_3d
  77.  
  78.                 iget-object v2, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;
  79.  
  80.                 const-string v3, "LICENSE_FAILURE_CONTENT"
  81.  
  82.                 iget-object v2, v2, Lcom/amazon/android/o/d;->a:Lcom/amazon/android/o/b;
  83.  
  84.                 invoke-virtual {v2, v4}, Lcom/amazon/android/o/b;->c(Ljava/lang/String;)V
  85.  
  86.                 :goto_34
  87.                 invoke-direct {v1, v0}, Lcom/amazon/android/l/m;-><init>(Lcom/amazon/android/l/d;)V
  88.  
  89.                 iget-object v0, p0, Lcom/amazon/android/aa/d;->c:Lcom/amazon/android/l/f;
  90.  
  91.                 invoke-interface {v0, v1}, Lcom/amazon/android/l/f;->a(Lcom/amazon/android/l/a;)V
  92.  
  93.                 goto :goto_13
  94.  
  95.                 :cond_3d
  96.                 sget-object v0, Lcom/amazon/android/aa/f;->e:Lcom/amazon/android/l/d;
  97.  
  98.                 goto :goto_34
  99.         .end method
  100.  
  101. :. Recompile your new classes.dex file with Smali
  102.  
  103. :. Put the cracked classed.dex file in the root of the apk file
  104.  
  105.  
  106. Resigning:
  107.  
  108. :. Remove META-INF folder from the apk file
  109.  
  110. :. Generate Key:
  111.    keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -validity 10000
  112.    
  113. :. Sign:
  114.    "C:\Program Files (x86)\Java\jdk1.6.0_21\bin\jarsigner.exe" -verbose -keystore my-release-key.keystore ..\net.kairosoft.android.gamedev3en-1.apk alias_name
RAW Paste Data
Pastebin PRO Summer Special!
Get 40% OFF on Pastebin PRO accounts!
Top