On Jun 12, 9:59 pm, String wrote:
> Wait... He's hosting this crap on BLOGGER?!? And we still can't get Google
> to shut the site down??
>
> Wow. They care even less about Android piracy than I realized.
>
> String
Better yet they advertise on his site. Google sure do know how to make
money
just in case anyone is interesting, I posted the my algorithm to avoid
tempering of applications:
http://groups.google.com/group/android-developers/browse_thread/thread/5e8f76ea5371f674/4637cbf1c42dfd22?lnk=gst&q=crc#4637cbf1c42dfd22
On Jun 12, 11:02 pm, Kostya Vasilyev wrote:
> He can move to
I agree with Kostya. Although it's annoying people crack our apps, we should
be thankful this is available for us to download, decompile, see how it
works and then change your app easily with a single line of code so that it
is no longer crackable.
If anyone just takes the lvl code example prov
He can move to a different host at any time.
Someone could file a DMCA notice with Blogger / Google, but at the same
time, it seems useful to run his scripts on one's code, to see if it gets
broken.
-- Kostya
2011/6/13 String
> Wait... He's hosting this crap on BLOGGER?!? And we still can't
Wait... He's hosting this crap on BLOGGER?!? And we still can't get Google to
shut the site down??
Wow. They care even less about Android piracy than I realized.
String
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this
The creator uses blogger to publish this software.
The page for downloading the app is this:
http://androidcracking.blogspot.com/p/antilvl.html
It's very useful for testing your own app security.
--
You received this message because you are subscribed to the Google
Groups "Android Developers"
Makes sense.
-- Kostya
13.05.2011 22:25, Nikolay Elenkov пишет:
It replaces all Method.invoke() calls with it's own invokeHook() that does
something like this:
if ( methodClassName
.equals("android.app.ContextImpl$ApplicationPackageManager")
|| methodClassName
.equals("android
On Sat, May 14, 2011 at 2:53 AM, Nikolay Elenkov
wrote:
> On Sat, May 14, 2011 at 2:27 AM, Kostya Vasilyev wrote:
>> Reflection too can be bypassed, by hooking getClass / getMethod and friends,
>> and it's only a matter of time before it's scripted.
>
> The antilvl tool does reflection too.
It r
On Sat, May 14, 2011 at 2:27 AM, Kostya Vasilyev wrote:
> Reflection too can be bypassed, by hooking getClass / getMethod and friends,
> and it's only a matter of time before it's scripted.
The antilvl tool does reflection too. And apparently 'encrypted' strings
(base64, etc.). It actually comes
Reflection too can be bypassed, by hooking getClass / getMethod and
friends, and it's only a matter of time before it's scripted.
One could run two signature checks: one for the reference value stored
in the .apk, the other for the signature of the installed .apk. Or get
the signature from the
You should definitely be using reflection for any calls to platform APIs,
since those of course can't be obfuscated by ProGuard.
On Fri, May 13, 2011 at 6:48 AM, Nikolay Elenkov
wrote:
> On Fri, May 13, 2011 at 8:02 PM, Kostya Vasilyev
> wrote:
> > This thread has a snippet of modified (hacked)
On Fri, May 13, 2011 at 8:02 PM, Kostya Vasilyev wrote:
> This thread has a snippet of modified (hacked) code as well as a link to the
> script's author:
>
> http://groups.google.com/group/android-developers/browse_thread/thread/3d92715cd41208e/
>
Thanks, that blog has some interesting stuff. Re
This thread has a snippet of modified (hacked) code as well as a link to
the script's author:
http://groups.google.com/group/android-developers/browse_thread/thread/3d92715cd41208e/
-- Kostya
13.05.2011 14:02, Nikolay Elenkov пишет:
>
> The PackageManager GET_SIGNATURES call can be hooked to
> My point is that in order to make it inconvenient to pirate, you need
> your LVL to sneak past the tool. Worrying about a human cracking your
> app is less of an issue as by the time one does that the app has
> likely been out for a while and you have an update almost ready. But
> if the tool wo
On Fri, May 13, 2011 at 5:33 PM, Kostya Vasilyev wrote:
> 13.05.2011 9:07, Nikolay Elenkov пишет:
>>
>> I see. In the sense that it identifies the publisher, it is indeed a
>> 'signature'.
>
> Hmm, are we talking about the same thing here?
You got me :)
>
> Isn't the key that the .apk is signed
>
> The PackageManager GET_SIGNATURES call can be hooked to return the
> original signature even if the package has been hacked and re-signed.
> There is a script somewhere on the 'net that does this automatically.
Could you kindly provide a link? Do you mean that my check is useless?
Anyway, I d
13.05.2011 9:07, Nikolay Elenkov пишет:
I see. In the sense that it identifies the publisher, it is indeed a
'signature'.
Hmm, are we talking about the same thing here?
Isn't the key that the .apk is signed with (which is generated by the
developer, and is specific to a particular package) di
If you are not following Google's advice and blindly copy/paste the
LVL code from the sample app, you deserve that a tool cracks your
app. Not you, Kevin. No way any tool would crack my app (and
incidentally, I do the same as you do -- redirect the user to the
Android Market)
On May 13, 2:40 p
I mostly agree with the blog post but some additional thoughts:
1) Google just opened up paid apps in more countries. There's
potential to turn current pirates into legit users. However if they're
already used to downloading your app from the pirate sites then even
after you release an update they
On Thu, May 12, 2011 at 10:07 PM, Nikolay Elenkov wrote:
> I see. In the sense that it identifies the publisher, it is indeed a
> 'signature'.
> Is this guaranteed across versions? If so, using the PackageManager
> to get it could be an alternative to embedding your public key in the APK
> for LV
On Fri, May 13, 2011 at 1:51 PM, Dianne Hackborn wrote:
> On Thu, May 12, 2011 at 9:39 PM, Nikolay Elenkov
> wrote:
>>
>> It turns out the 'Signature' you get from the PackageManager it's actually
>> the
>> public key used to signed the app, that's whey it works. It was either
>> poorly named
>>
On Thu, May 12, 2011 at 9:39 PM, Nikolay Elenkov
wrote:
> It turns out the 'Signature' you get from the PackageManager it's actually
> the
> public key used to signed the app, that's whey it works. It was either
> poorly named
> or the meaning changed somewhere along the line. It's still an effect
On Thu, May 12, 2011 at 5:29 PM, Shine wrote:
>> > Does this work at all? The signature is different from the public key, so
>> > it
>> > shouldn't.
>
> Yes it works, I wrote "MY_LONG_PUBLIC_KEY", but I meant "signature".
>
It turns out the 'Signature' you get from the PackageManager it's actuall
> http://jeff-vogel.blogspot.com/2011/05/final-answer-for-what-to-do-to...
I totally agree with that blog post. I believe the vast majority of
users, at least for non-trivial apps, resort to piracy not because
they are too cheap to pay for it, but because the app is not available
in the country
> > Does this work at all? The signature is different from the public key, so
> > it
> > shouldn't.
Yes it works, I wrote "MY_LONG_PUBLIC_KEY", but I meant "signature".
thank you for replying Dianne, I knew it's a matter of time. Since the
app costs less than 3$, I hope the three implemented leve
25 matches
Mail list logo
