Re: [android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread Kostya Vasilyev
22.10.2010 19:04, Mark Murphy пишет: Now, now, it's not the *only* way. If an attempt to run a cracked app resulted in electrocution, piracy would stop in a jiffy. Of course, there's a *slight* liability issue... :-) I hear Google has good lawyers, they could lobby for some kind of Android L

Re: [android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread Mark Murphy
On Fri, Oct 22, 2010 at 10:53 AM, Chris Stratton wrote: > The only way something like LVL will hold up in the long run is if the > license checking functionality is intimately and multiply intertwined > with the application functionality, such that disentangling the two is > more trouble than its

[android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread Chris Stratton
On Oct 22, 8:49 am, Kostya Vasilyev wrote: > Android Market's communication with the server and the application are > encrypted, and Market is signed with the platform key, which means it > can't be tampered with. > > Don't know if there any vulnerabilities with this (other than rooted > phones),

[android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread Chris Stratton
On Aug 24, 3:31 am, Kostya Vasilyev wrote: > Doing it as part of Market application, with only simple allow/deny > passed over RPC is probably more secure. Market app is signed with the > platform key, and the firmware checks the signature, right? How many seconds do you think it would take some

Re: [android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread Leigh McRae
I don't think that you will ever have a solution that will prevent the pirates from stealing. The question is, does LVL prevent the average person from being able to steal the app? For example, on some stores someone can simply forward the email with the download link to the app they just pur

Re: [android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread Kostya Vasilyev
The server-side LVL could verify the application signature instead, since anyone (pirates) changing the code would have to re-sign the package. The signature is (I think) available to Market application on the phone, and to the LVL back-end on the server. Android Market's communication with th

[android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread Jose
But you can check for the checksum in dozens of differents places in your (ofuscated of course) code. It´s very easy and very fast This will raising the bar for piracy one step more On Oct 22, 9:18 am, noriato wrote: > So then the check for the checksum could be removed... same problem. > Peter

[android-developers] Re: LVL found to be easy to crack

2010-10-22 Thread noriato
So then the check for the checksum could be removed... same problem. Peter On 22 Okt., 07:50, Jose wrote: > I think that an easy way to tamper-proof apk would be: > > 1) Android Market computes a checksum for the apk when the apk is > uploaded > 2) In the License Response (eg. in one extra), Andr

[android-developers] Re: LVL found to be easy to crack

2010-10-21 Thread Jose
I think that an easy way to tamper-proof apk would be: 1) Android Market computes a checksum for the apk when the apk is uploaded 2) In the License Response (eg. in one extra), Android Market send this value 3) The aplication computes the same checsum of itself. If the values don`t match, just fin

[android-developers] Re: LVL found to be easy to crack

2010-08-25 Thread OldSkoolMark
I'm hoping for Eclipse integration of Proguard. On Aug 24, 12:38 am, Trevor Johns wrote: > So far, in all the cases of cracked apps we've seen, it's been because of > the following: > > 1. The developer did not run a code obfuscating tool (such as ProGuard) on > their application; and, > 2. The d

[android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread Hugo Visser
OK, I see your point, that could slow them down, but it would slow me down for sure, maintaining a native and a Java project. Not the mention the bugs you can get from native code... But agreed, it's an option. Hugo On Aug 24, 5:23 pm, a1 wrote: > On 24 Sie, 16:15, Hugo Visser wrote: > > > No,

Re: [android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread Trevor Johns
FYI: We have a blog post up on this topic. It covers many of the points I made earlier, but I figured it's worth pointing out. http://android-developers.blogspot.com/2010/08/licensing-server-news.html -- Trevor Johns Google Developer Programs, Android http://developer.android.com

[android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread a1
> But I'm not sure that native code is any harder to patch, and there > are still identifiable syscalls or calls back up to java for i/o to > show where it tries to accomplish verification. First of all it's much harder to bypass especially if you are dealing with optimized code and you will have

[android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread a1
On 24 Sie, 16:15, Hugo Visser wrote: > No, that won't do it, since the entry point is always Java / Dalvik > byte code. Since you can decompile and patch that with relative ease, > you can just make the native calls to the crc check library no-ops or > whatever and you're done without patching a

Re: [android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread Kostya Vasilyev
24.08.2010 17:55, nation-x пишет: Try using your brain and not your emotions and you can probably limit it's impact... Gee, thanks. Wish I had one [ looks at himself in the mirror, does not see any sign of having a brain ] :) -- Kostya Vasilev -- WiFi Manager + pretty widget -- http://kman

[android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread Chris Stratton
I think the suggeston was that the same call to native code accomplish the antipiracy check and some critical part of application functionality. But I'm not sure that native code is any harder to patch, and there are still identifiable syscalls or calls back up to java for i/o to show where it tri

[android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread Hugo Visser
No, that won't do it, since the entry point is always Java / Dalvik byte code. Since you can decompile and patch that with relative ease, you can just make the native calls to the crc check library no-ops or whatever and you're done without patching any native lib. Only obfuscation will help to so

[android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread nation-x
I am always amazed at how people always blame everyone else for their problems... this is something I never see from any Google Developer... I don't see excuses. What has the world come to when everyone always has this expectation of entitlement. Noone is forcing you to develop for Android or any o

[android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread a1
If you put antipiracy check (eg. CRC checking to detect package modification) in native code along with some other vital routines, one will have to patch native implementation, it's of course doable, but will take more time. -- Bart Janusz (Beepstreet) On 24 Sie, 08:34, Hugo Visser wrote: > Even

Re: [android-developers] Re: LVL found to be easy to crack

2010-08-24 Thread Trevor Johns
So far, in all the cases of cracked apps we've seen, it's been because of the following: 1. The developer did not run a code obfuscating tool (such as ProGuard) on their application; and, 2. The developer implemented the LVL as a drop-in library, without making any modifications to the library cod

[android-developers] Re: LVL found to be easy to crack

2010-08-23 Thread Jonas Larsson
An official response would great. As I (and many others) see it the main reason for Android app piracy is paid app unavailability in most countries. When most users have the option of being honest and pay, most would. Until Google enables the full Market in all countries the incitement to crack an

[android-developers] Re: LVL found to be easy to crack

2010-08-23 Thread Hugo Visser
Even native code doesn't help you, the call to the native method can also be decompiled and patched, without bothering with the native code at all. Like John says, it's an inherit problem of a language that runs on the vm: you can decompile the byte code. You can just make it harder to find the poi

[android-developers] Re: LVL found to be easy to crack

2010-08-23 Thread a1
It's really simple, if you use stock implementation of LVL your app will be cracked in no time, otherwise (if you make the code complicated enough and then obfuscate) it will take at least week or two to crack it. If you use native code and put most of the antypiracy code there you will be good for

[android-developers] Re: LVL found to be easy to crack

2010-08-23 Thread Moto
Well it saved me a load on car insurance! :P It was good while it lasted! let the race begin! But being serious this kind of sucks... :( Poor market sells plus pirating not nice On Aug 23, 9:21 pm, "Maps.Huge.Info (Maps API Guru)" wrote: > We all knew this was going to be a problem. It's inh

[android-developers] Re: LVL found to be easy to crack

2010-08-23 Thread Maps.Huge.Info (Maps API Guru)
We all knew this was going to be a problem. It's inherent in the platform. That said, the steps required to fix an app so it will run are way more complicated than they used to be with just forward locking. The script kiddies will be dissuaded from trying to unlock hundreds or even thousands of app