Removind DRM from Android apps (includes Amazon's DRM)

1. :. Download Smali and Baksmali:
2.  
3. http://code.google.com/p/smali/
4.  
5. :. Use Smali/Baksmali to decompile/recompile the classes.dex file from the apk file
6.  
7. :. Cracking Android Licensing:
8.  
9. open com/android/vending/licensing/LicenseValidator.smali and look at handleResponse() you'll see something like:
10.  
11. iget-object v0, p0, Lcom/android/vending/licensing/LicenseValidator;->mPolicy:Lcom/android/vending/licensing/Policy;
12.  
13. # this function returns true/false depending on if we should allow access
14. invoke-interface {v0}, Lcom/android/vending/licensing/Policy;->allowAccess()Z
15.  
16. move-result v0
17.  
18. # comment out this jump and protection is gone.
19. # you can also make allowAccess() always return 0x1 (true)
20. #if-eqz v0, :cond_0
21.  
22. :. Cracking Amazon Appstore DRM:
23.  
24. open com/amazon/android/aa/d.smali (this filename/path may be different, so try to look for strings from code below). You need to comment out 3 jumps as seen below:
25.  
26. # virtual methods
27. .method public final a()V
28. .registers 6
29.  
30. const-string v4, "LICENSE_FAILURE_CONTENT"
31.  
32. iget-object v0, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;
33.  
34. const-string v1, "APPLICATION_LICENSE"
35.  
36. invoke-virtual {v0, v1}, Lcom/amazon/android/o/d;->b(Ljava/lang/String;)Z
37.  
38. move-result v0
39.  
40. # Comment out first jump
41. #if-eqz v0, :cond_14
42.  
43. sget-object v0, Lcom/amazon/android/aa/d;->a:Lcom/amazon/android/u/a;
44.  
45. const-string v1, "license verification succeeded"
46.  
47. invoke-virtual {v0, v1}, Lcom/amazon/android/u/a;->a(Ljava/lang/String;)V
48.  
49. :goto_13
50. return-void
51.  
52. :cond_14
53. invoke-virtual {p0}, Lcom/amazon/android/aa/d;->f()Z
54.  
55. move-result v0
56.  
57. # Comment out second jump
58. #if-eqz v0, :cond_1d
59.  
60. invoke-virtual {p0}, Lcom/amazon/android/aa/d;->g()V
61.  
62. :cond_1d
63. new-instance v1, Lcom/amazon/android/l/m;
64.  
65. iget-object v0, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;
66.  
67. const-string v2, "LICENSE_FAILURE_CONTENT"
68.  
69. invoke-virtual {v0, v4}, Lcom/amazon/android/o/d;->a(Ljava/lang/String;)Ljava/lang/Object;
70.  
71. move-result-object v0
72.  
73. check-cast v0, Lcom/amazon/android/l/d;
74.  
75. # Comment out third jump
76. #if-eqz v0, :cond_3d
77.  
78. iget-object v2, p0, Lcom/amazon/android/aa/d;->b:Lcom/amazon/android/o/d;
79.  
80. const-string v3, "LICENSE_FAILURE_CONTENT"
81.  
82. iget-object v2, v2, Lcom/amazon/android/o/d;->a:Lcom/amazon/android/o/b;
83.  
84. invoke-virtual {v2, v4}, Lcom/amazon/android/o/b;->c(Ljava/lang/String;)V
85.  
86. :goto_34
87. invoke-direct {v1, v0}, Lcom/amazon/android/l/m;-><init>(Lcom/amazon/android/l/d;)V
88.  
89. iget-object v0, p0, Lcom/amazon/android/aa/d;->c:Lcom/amazon/android/l/f;
90.  
91. invoke-interface {v0, v1}, Lcom/amazon/android/l/f;->a(Lcom/amazon/android/l/a;)V
92.  
93. goto :goto_13
94.  
95. :cond_3d
96. sget-object v0, Lcom/amazon/android/aa/f;->e:Lcom/amazon/android/l/d;
97.  
98. goto :goto_34
99. .end method
100.  
101. :. Recompile your new classes.dex file with Smali
102.  
103. :. Put the cracked classed.dex file in the root of the apk file
104.  
105.  
106. Resigning:
107.  
108. :. Remove META-INF folder from the apk file
109.  
110. :. Generate Key:
111. keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -validity 10000
112.  
113. :. Sign:
114. "C:\Program Files (x86)\Java\jdk1.6.0_21\bin\jarsigner.exe" -verbose -keystore my-release-key.keystore ..\net.kairosoft.android.gamedev3en-1.apk alias_name