Android Crackmes & Keygemmes Challenges

[Jasi2169]

Difficulty : 0 - 5
Language : Android Studio
Platform : Android
OS Version : JellyBean+
Packer / Protector : None

Description :

Here are couple of crackmes and keygenmes i coded for android any beginner or want to test can test their hand in :-

1. App :- Android_Crackme1_TeamURET , Difficulty :- 0/10

2. App :- Android_Crackme2_TeamURET , Difficulty :- 1/10

3. App :- AndroidKeygenMe_1-URET , Difficulty :- 2/10

4. App :- URET Android Official KeygenMe 01 , Difficulty :- 5/10 (This Is Official KeygemMe Only Defeated By One Guy Yet)

Enjoy....

Files are attached

URET_Android_crackmes_Keygenmes.rar

[CodeExplorer]

1. App :- Android_Crackme1_TeamURET , Difficulty :- 0/10

package acm.jasi2169.acm1;

public class Acm extends Activity
{
  String a = "2169";

2169 is the key.

I will check 2 son.
 

[Jasi2169]

On 2/22/2017 at 2:37 AM, CodeCracker said:

1. App :- Android_Crackme1_TeamURET , Difficulty :- 0/10

package acm.jasi2169.acm1;

public class Acm extends Activity
{
  String a = "2169";

2169 is the key.

I will check 2 son.
 

great ,looking forward for Official Uret ANdroid Keygenme solution from you

[CodeExplorer]

Patching Android_Crackme2_TeamURET.apk

class acm.jasi2169.acm2.AA

  String b = "Application Is Not Licensed";
  String c = "Application Is Licensed";

I've used ApkAnayser to get from where are used:
and both are used from:
acm.jasi2169.acm2.Aa.Aa() @ 5
This was just the constructor class method!

b ( "Application Is Not Licensed") is also used from:
acm.jasi2169.acm2.Aa.c() @ 3

  public void c()
  {
    d();
    b.a(this, this.b, this.d);
  }

c() method is the bad boy!

Local graph for c() method:
class b run() void
class Aa b() void
class Aa c() void

  public void b()
  {
    if (!a(this))
    {  // bad boy 1
      if (!this.f.getBoolean("a", false))
      {
        this.g.putBoolean("a", true);
        this.g.commit();
      }
      c();
    }
    for (;;)
    {
      return;
      if (!a(this))
      {
        d();
        moveTaskToBack(true);
        finish();
        i();
      }
      else if (!android.support.a.a.a.a(this))
      {
        this.g.putBoolean("a", true);    // bad boy 2
        this.g.commit();
        c();
      }
    }
  }
 

    public void m6b() {
        if (!m1a((Context) this)) {
            if (!this.f5f.getBoolean("a", false)) {
                this.f6g.putBoolean("a", true);
                this.f6g.commit();
            }
            m7c(); // call bad boy!
        } else if (!m1a((Context) this)) {
            m8d();
            moveTaskToBack(true);
            finish();
            m13i();
        } else if (!C0007a.m17a(this)) {
            this.f6g.putBoolean("a", true);
            this.f6g.commit();
            m7c();  // call bad boy!
        }
    }

classType = Lacm/jasi2169/acm2/Aa;

Method Size: 3
Method Code Offset: 37516
Method: a(Landroid/content/Context;)Z
{
const-string v0 "playstore is not installed means chinese user ?"
const-string v0 "playstore is required to check license :)"
invoke-virtual {v2} Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v0
invoke-virtual {v2} Landroid/content/Context;->getPackageName()Ljava/lang/String;
move-result-object v1
invoke-virtual {v0,v1} Landroid/content/pm/PackageManager;->getInstallerPackageName(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
if-eqz v0 :label_28
const-string v1 "com.android.vending"
invoke-virtual {v0,v1} Ljava/lang/String;->startsWith(Ljava/lang/String;)Z
move-result v0
if-eqz v0 :label_28
const/4 v0 1
label_27:
return v0
label_28:
const/4 v0 0 ; to replace 1200 with 1210 - to always return true
goto :label_27

}

929C is the body address!

android.support.a.a
method a

classType = Landroid/support/a/a/a;
Method Code Offset: 39764
Real body start: 9B64

Same changes as before: replace 1200 with 1210 - to always return true

ApkEditor - to be able to install the apk:
Select an Apk File, choose "Common Edit" option,
as "Internal Location" choose "Internal Only"
APK is stored on:
/storage/sdcard/ApkEditor/tmp/gen_signed.apk

Link download of solved crackme:
http://www33.zippyshare.com/v/BUSak2ZA/file.html
 

Edited March 22, 2017 by CodeCracker

[Jasi2169]

@CodeCracker

great work on second one,change at right place rather then modifying the string by some users who tried before.

looking for official keygenme thats the real challenge

[CodeExplorer]

@Jasi2169: I've noticed that your crackmes are very small (great job), how you did it?
What android developer you use? (If I may know)
As for me solving the keygen me, that for sure require (android) coding skills, which currently I don't poses,
I am a beginner with android development.
 

[Jasi2169]

hi ,i used old sdk build tools i do not remember maybe they are of jellybean sdks 16 or 17 i guess,also they were built on Eclipse IDE

now the sdk tools is v25 nougat,even if you use v21 lollipop build tools your size will be more

why ? because the AppCompat support library is automatically added by android studio which takes 1.5-1.9mb space.

this is the reason uret patcher is 2.5mb,patcher is only 1mb 1.5 mb is taken by this support n design library added by sdk tools when compiling the debug or release build

 

i would suggest you keep using android studio as its easy and simple ,eclipse was good but nothing compare to Android studio built on modules of intelij idea

 

or try changing your Extends AppCompatActivity to Activity in all the activity and try removing extra libraries in dependancies of your build gradle module

[CodeExplorer]

Finded here a list of old android studio:
http://ady.my/viewer/android-studio/
And here somw download link:
http://v1248.com/index.htm?kw=Alesso_Studio.zip&pn=257&ca=&ft=&fd=

https://androidsdkoffline.blogspot.ro/p/android-sdk-41-api-16-jelly-bean-direct.html

Also finded this:
https://androidsdkoffline.blogspot.ro/2016/06/how-to-install-android-sdk-offline.html

Edited April 10, 2017 by CodeCracker

[Jasi2169]

Old android studios hanges.freezes and crashes alot i use v2.1.2 i did not updated to latest as it works great for me

so use latest Android studio but download old android sdk and push it to

C:\Users\JASI\AppData\Local\Android\sdk (this is default location)  ,make android folder in Local and put sdk folder there in username

and then go to android studio and in settings locate android studio folder and click apply and restart

 

we just need android build tools old and support library old for example in android sdk downloader download jellybean api 16 stuff and use that to compile the apk

i would suggest compatibility is most important over size

[CodeExplorer]

Just finded a better replacer (for AndroidStudio):
https://pirateproxybay.info/torrent/8729618/Complete_android_SDK_with_eclipse_ADT_and_JDK_JRE_(Windows)

Resulted apk - simple hello world application has only 14 KB!
But I am too lazy to convert my already made programs on AndroidStudio!
 

[zAWS!]

App :- URET Android Official KeygenMe 01 , Difficulty :- 5/10  : include a mistake in coding ... are you  update this version?or it is the last!? Jasi2169

i will post key generator for two keygenme's (5/10 & 2/10) under Android platform!

and explain what the wrong in this official version!

thx for  this challenging.

 

[zAWS!]

attachment : for 2/10 ...

for 5/10 ..is any update or repaired version?

 

uretkgme1_zAWS!.apk

Edited May 10, 2018 by zAWS!
insert attach..

[zAWS!]

For 5/0 official Keygen me:

 

Uret_off_kgme1_zAWS!.apK

[Jasi2169]

please explain @zAWS! the mistake ? those extra digits needs brute forcing is that what you talking about ?

PS i dont have source code left anymore by mistake i deleted the wrong folders and my source code was gone as well but i remember the idea not full but yes how key was generated

i will check out your results soon at home!

good work,also could you share your views here to make it better and feedbacks ?

 

EDIT :- first keygen works,second doesnot work for me

PS it creates only one serial if you know it does not accept the same again,but anyway serial not working

also now days the root can cause problem which adds boolean in serial,sometime phone is rooted systemless but binaries are not present in system <- you mean this mistake ?

you could do like add boolean to user to say if your phone rooted add 1 or not rooted add 2 and generate serial sometime on new android OS keygenme wont detect root as systemless for example and boolean stays false in this case so asking for user is good option

Edited May 11, 2018 by Jasi2169

[zAWS!]

Hi jasi2169

Quote

“PS i dont have source code left anymore by mistake i deleted the wrong folders and my source code was gone as well but i remember the idea not full but yes how key was generated”

Please read Pdf file ..it is a quick Guide charts to remember what’s going inside your keygen.

Quote

“please explain the mistake ? those extra digits needs brute forcing is that what you talking about ? “

1- yes ..that’s the point..  I wrote an external code to brute force this two digits and I generated these digits for values from(350 to 1500), I found strange thing

Every hundred,  there are an (8 to 9 values) that can’t be generated those digits!)-:

Example: (if the SUM OF ASCII Numbers (without two digits) are from (589 to 596) or (from 688 to 695) ext.... WE CAN’T get these digits..

And in some cases I generated the fives keys(MD5-SHA-1, SHA-256, SHA-384, SHA-512) for the same username and got the SUM between those magic numbers(BAD LUCK) and I can’t generate the two digits, so for that reason I generated only one key based of (MD5) hash AND doesn’t care with other keys So We can easily generated other hash values..and add its to keygen.

Quote

“sometime on new android OS keygenme wont detect root as systemless for example and boolean stays false in this case so asking for user is good option “

No ..i do not agree with you ..it’s weak point for keygener to ask the customer input special Expression ..maybe he – she did not know what the meaning of root?! I think developer must get it by code.. and don't let anyone know what's going inside keygen.

Quote

  “PS it creates only one serial if you know it does not accept the same again,but anyway serial not working “

AS I explain I generated only one key (Based on MD5 hash) and that key only work with First check, or you must click multi check button to re write MD5 value again IN(億.xml) file. (億 – Billion in English)and got good boy message again.

So ..If  serial not working ..maybe there is a problem of detecting  device rooting.. i did not test on new devices..

I test my root detected code on (Emulator,lolliopop OS ,KTKAT OS) and works great ..

Now on my case:

Root value : 2

BRAND : Samsung

Serial :dbe26236

If we apply the routine we got view result as screen shots!

 

 

Uert offical keygen me charts analysis.pdf

[Jasi2169]

Hi ,i can see that i got the idea but the two guys

https://www.uret.in/topic/2910-uret-android-official-keygenme-01/

bruteforced with every single hash properly

when i coded the keygen i also made the keygen which bruteforced properly i didnot remember the trick i used but i brute forced the 2 characters within freeze of 5seconds max with any serial, also the way niko and djmen bruteforced i liked that but i dont have their keygenme solution anymore either my bad

but yes you analyzed it the algo and i see use used b4a android to develop the application

[zAWS!]

thx..

the link above need  a special access permission.. i think  website need an invitation code to register!😀

[Jasi2169]

12 minutes ago, zAWS! said:

thx..

the link above need  a special access permission.. i think  website need an invitation code to register!😀

i will send you invitation,send me PM with the email and username you want to register with