Comments

Friday, January 25, 2013

Android Break The Limits Reverse Engineering

Posted by at Friday, January 25, 2013 Read our previous post
android_hack_logo
Android Reverse Engineering by cr4shyyy
Taget : os.devwom.usbsharereval  sry devwom Zwinkerndes Smiley
Taget version ; os.devwom.usbsharereval-2_1.6.1.3.apk
ROOTED DEVICE IS MANDATORY!!
7 days evaluation version.
Share only selected files or usb virtual, LUKS encrypted or unencrypted, disks via usb with PC/Radio car/Player ...
Also mount virtual Un/encrypted images in your device.
* Share only selected folder/directory.
* Share only desired files, preventing visibility of undesired files on your SD card.
To do this, select desired files with your favorite application and use "Usb Sharer" to this job.
* Create virtual USB encrypted or unencrypted disks and share only files inside it, rejecting access to other files in your sdcard.
Also you will encrypt all files and data if your disk is selected as encrypted. By default encryption is AES, and uses LUKS standard.

Its a very cool App,i have buy it too.
Now i want to test to reverse the the eval version.apk.
7 days evaluation version hmmm ? Zwinkerndes Smiley
Time to Reverse it !!!
Get some Decompiler i used apktool to Decompile it.
 
apktool d <file.apk> <directory to output to>
apktool b <directory of decoded apk>

After decompile we can see the smalicode and other files.
Here some sample code

.class public Los/devwom/usbsharereval/usbShare;
.super Los/devwom/usbsharereval/usbEventsHandler;
.source "usbShare.java"

# interfaces
.implements Landroid/view/View$OnClickListener;
.implements Landroid/widget/CompoundButton$OnCheckedChangeListener;
.implements Los/devwom/usbsharereval/actionManager$ActionDoneListener;


# static fields
.field private static final ACTIVATE_DATE:Ljava/lang/String; = "2013-01-13"
.field private static final ELATIME:J = 0x2932e000L
.field private static final FINAL_DATE:Ljava/lang/String; = "2013-03-13"
.field private static final LOG_TAG:Ljava/lang/String;
.field private static expDays:J
.field private static haVencido:Z
.field private static final imageExtensions:[Ljava/lang/String;
.field private static proChecked:Z

Cool now we can read some smali code Zwinkerndes Smiley Cool things we can read

ACTIVATE_DATE:Ljava/lang/String; = "2013-01-13"

.field private static final FINAL_DATE:Ljava/lang/String; = "2013-03-13"

Now we start the App on your Android Device.And we see this screen i hope .

shot_000003
Yeah i got 8 days with a simple trick pull the date back Zwinkerndes Smiley
After the 8 days we will see this screen. Trauriges Smiley

shot_000002
hmmm now its over  we need to buy the Full version or Uninstall it  ……
No … Now its time to get dirty Smiley

We can read some string “Do you want buy full version?" Its a good Point to Start.
Now we search for “Do you want buy full version“ on the smaili code.

This is what i found.

<string name="wantbuy">Do you want buy full version?</string>

Now we search for “wantbuy” Next found Zwinkerndes Smiley

.field public static final virtualimage:I = 0x7f070029
.field public static final wantbuy:I = 0x7f07005b
.field public static final wantinstallscriptmanager:I = 0x7f070040

wantbuy got the Offset wantbuy:I = 0x7f07005b
Now lets search for the Offset 0x7f07005b

    .line 672
    invoke-static {p0}, Los/devwom/usbsharereval/usbShare;->vencido(Landroid/app/Activity;)Z

    move-result v3

    if-eqz v3, :cond_0

    .line 673
    new-instance v1, Landroid/app/AlertDialog$Builder;

    invoke-direct {v1, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V

    .line 674
    .local v1, dlg:Landroid/app/AlertDialog$Builder;
    const v3, 0x7f07005a

    invoke-virtual {v1, v3}, Landroid/app/AlertDialog$Builder;->setTitle(I)Landroid/app/AlertDialog$Builder;

    .line 675
    const v3, 0x7f07005b

    invoke-virtual {v1, v3}, Landroid/app/AlertDialog$Builder;->setMessage(I)Landroid/app/AlertDialog$Builder;

This is what i found.
Landroid/app/AlertDialog$Builder;->setMessage(I)Landroid/app/AlertDialog$Builder
It tell us thats he built a AlertDialog with a Msgbox from the offset from wantbuy.
Here is the pic for this sample code

shot_000002

Now we can control the smali code and have Reverse Engineering it.
We need now to search for a If Statements like

if my penis bigger than yours do anything to become a bigger one.

In smaili code its looks like this.
 if-eqz v3, :cond_0

Now we change the “if-eqz v3, :cond_0” to “if-eqz v1, :cond_0”  and we will never see again the AlertDialogBox ;)

and now we skipped the hole AlertDialog Zwinkerndes Smiley Really ? Yeahhhh
Lets test it

apktool b Reverse unsecure.apk
Sign the new apk with any apk sign tool Like auto-sign apk google it.

The Results are :

shot_000004

Thats all we are done with Reverse Engineering and got a full working copy of usbsharereval.
Sry devwom i hope you read my blog and learn anything Zwinkerndes Smiley

Used for Personal use or study purposes.




6 comments:

  1. I made the changes you said and it does not work. After I install and launch the modified version gives me erorr crash. I'm not sure about "Now we change the “if-eqz v3, :cond_0” to “if-eqz v1, :cond_0” and we will never see again the AlertDialogBox". I install version 1.6.1.3 eval.

    ReplyDelete
  2. Try to Uninstall frist than install the new version.

    ReplyDelete
  3. Or try to change some strings like me,to test it frist.

    http://lh4.ggpht.com/-chxCI2OIuH4/UQMMdYKPWlI/AAAAAAAAAOY/oOqYN9k1Xxc/shot_000004_thumb.png?imgmax=800

    Change AppName or other string.If it not work i will check it again.

    ReplyDelete
  4. Hi, I finally managed to solve the problem through a simple method that does not require even change the program (no reverse engineering). It is clear to me that the program need to be improved and has a programming bug. Here's how I did get rid of the message that appears after the expiration of the 7 day evaluation:
    1. install the program and open it for the first time. Everything should function properly, you're in the evaluation period
    2. close it and change the date, a year BACK
    3. open the program again. This is the step where the meter is fried :))
    4. again change the current date or any date in advance and the message will not appear again, at least as I've tested.

    Notice: The program should not be given the message "Do you want to buy full version?" ever, if you want to continue with step 2. Once the message, the above procedure does not work, have uninstalled and reinstalled so that it can be opened normally. I have found that this can be done with a file earlier assessment (09/09/2012), the condition is to set a date when installing from the program evaluation period (09.09.2012-16.09.2012).

    For the blog author:
    I feel like the last change you propose related to "change the "if-eqz v3: cond_0" to "if-eqz v1,: cond_0"" worked for you because you did accidentally step 2 and 3 described above and that's why he gave you no message. I'm not sure, but for me it did not work modifying "v3" with "v1", although I managed to change the message bar and other small corrections below the surface. Note that the android can not reinstall a program, this is done only by uninstalling and reinstalling.
    If the information provided is useful and help someone, I'm glad I could be helpful, but I'm sure DEVWOM will solve the problem soon. Until then, give him greetings from me and I hope to not read this blog soon.

    Sign BU. b-)

    PS: Do what you want with the information obtained, but please let me know here, whether for yourself or others worked my way.

    ReplyDelete
  5. I love it ;) Thanks from luxenburg :P

    ReplyDelete
  6. Thanks i will test it.
    And for keep your date with your trick.But date 1 year up install usbshare.Kill it change date back to normal well done ;)

    ReplyDelete

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template