[KeygenMe] KeygenMe#1

[zAWS!]

Hi ..

it's first My keygenMe for anybody care with Android Reversing ..

it's a medium protection "NOT FOR BEGINNING" it's need a good skills on Android OS & dalvik opcode

i left Application without obfuscation to be clear for anyone want to study it

if you have any question ..please ask

-----------------------------------------------------------------------------------------------------------

zAWS!

KeygenMe#1.rar

[kakamail]

Hi, i'm new in android. Here is what i see in your kgm, didn't finish it but i hope all below is correct.

 

1.

const/4 v6, 0x0

const/4 v9, 0x1

const-string v11, "Activate"

const-string v10, "About"

const-string v8, ""

 

2.

_emulator_dete    : Mac address problem

_emulator_dete1  : IMEI problem

 

3.

//patch to bypass prob1.

sget-object v0, LCom/zAWS/KeygenMe/main;->_mac_address:Ljava/lang/String;

    goto :cond_bb

    .line 321

    invoke-static {}, LCom/zAWS/KeygenMe/main;->_emulator_dete()Ljava/lang/String;

 

//patch to bypass prob2.

 

const-string v0, "123456789097531"

sput-object v0, LCom/zAWS/KeygenMe/main;->_imei:Ljava/lang/String;

 

4.

//get imei

//get len and then sub 1.

 

invoke-static {}, Lanywheresoftware/b4a/phone/Phone$PhoneId;->GetDeviceId()Ljava/lang/String;

    move-result-object v0

    sput-object v0, LCom/zAWS/KeygenMe/main;->_imei:Ljava/lang/String;

    .line 340

    sget-object v0, LCom/zAWS/KeygenMe/main;->mostCurrent:LCom/zAWS/KeygenMe/main;

    sget-object v0, LCom/zAWS/KeygenMe/main;->_imei:Ljava/lang/String;

    invoke-virtual {v0}, Ljava/lang/String;->length()I

    move-result v0

    sub-int/2addr v0, v9

    int-to-double v0, v0

 

5. goto_d5

 

    move v2, v6 

    move v3, v6

//v2 = v3 = 0

    .line 341

    :goto_d5

    int-to-double v4, v2 

//v4 = 0

    cmpg-double v4, v4, v0

    if-lez v4, :cond_e3 #way1 jump at the first time.

    .line 349

    if-nez v3, :cond_106 #way2 jump at the second time.

    .line 351

    invoke-static {}, LCom/zAWS/KeygenMe/main;->_emulator_dete1()Ljava/lang/String;

 

way1:

v4 = imei

v5 = v2 + 1 = 1

v4 = substring(v4,v2,v5) = substring(imei,0,1) = 1

v5 = 0x10 = 16

v4 = invoke-static {v4, v5}, Lanywheresoftware/b4a/keywords/Bit;->ParseInt

mean convert v4 from b16 to b10 <=> v4 = 0x31 = 49

v4 = invoke-static {v4}, Lanywheresoftware/b4a/BA;->NumberToString

int-to-double A, B: as i read B is source, A is dest.

then i have 

v5 = v3 = 0

v3 = v4 (double)

v3 = v3 + v5 = v3 (int)

 

v4 = v2 = 0

v6 = 0x3FF0

v4 = v4 + v6 = v6

v2 = v4 = v6 (int)

then back to goto_d5

 

way2: main protect.

v0 = v3*0x17

v1 = 0xF

v0 = v0 and v1

put v0 into _key_from_imei_number

read from key.txt

come to _check_code function.

 

_check_code

    const/4 v6, 0x1

    const/4 v5, 0x0

    const-string v2, ""

    .line 542

    const-string v0, ""

    .................................why so many v0 here?

v0 = readfile = key

v1 = compare v0, v2 => check if key is null.

if-eqz v1, :cond_20 => Start decrypt

 

:cond_20

v0 = _decrypt(v0) = 11 bits of DES decrypt, maybe key is UTF8, i'm not sure.

more than one complex function, i don't have time to check it all, serial is appended from these functions.

[zAWS!]

Hi kakamail

good tracing ..some details how to solve keygen me by fishing serial posted  here

http://forum.tuts4you.com/topic/31544-android-self-keygen-tutorial/

[kakamail]

Fishing is not my goal (not your purpose either) i want to understand this kgm, please help me, i can't send pm to you, i still want to learn more about android cracking, please send me your mail/pm if you don't mind.