1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bypassing DRM 101

Discussion in 'Tutorials' started by Duelist, Jul 30, 2016.

  1. Duelist

    Duelist Multi accounter

    Jul 17, 2016
    Likes Received:
    The latest version of GLTools comes with a DRM protection. While back engineering its code, I've found out what initially seemed like a simple LVL based algorithm had more interesting components to it, so I decided compile my procedures into a guide.

    Trying to launch a copy of GLTools without a verified Google Account will result in this screen.

    1. Requirements
    Unmodified GL Tools

    - Any .dex decompiler (ie. apktool)
    - Some sort of an APK signer
    - Android SDK & logcat, ability to use and read logcat
    - Decent knowledge on smali syntax, decompiling, & code editing, although I tried to make this guide as noob-friendly as possible.

    II. Procedures
    1. Decompile GLTools.

    2. Locate the warning message in the decompiled dalvik classes.

    3. Next, scroll down and look for any call to AlertDialog;->show()v. This is what creates the popup, so deleting this call will disable the message.

    However there's a jump to :goto_5. Take the branch & keep scrolling down to locate this call. Comment out the line by adding a hashtag.

    4. Build , Sign and Install

    5. Launching the newly compiled app will now result in a different error screen. Tell it to GTFO

    6. Repeat the procedure of search & nulling the dialog. Build, sign & install.

    7. This has disabled the popup message but also nothing loads up.

    8. Go back to the function in step 6 and more closely examine the code. Scrolling up to the beginning of the function will reveal that a boolean function is invoked, and depending on its response the onCreate method will determine whether or not to skip the "Hi c00lhax0r..." dialog. It's pretty clear that b(Landroid/content/Context;)Z has to return True, in this case.

    9. Locate the method. Strings like "hash", "MD5", "salt" hint that it evaluates some sort of a checksum. No matter how complicated the function seems, it will simply return 1 (true) or 0 (false). Simply scroll to the bottom and edit its return value. Build, sign, install.

    10. Now the app will simply force close upon launch. This is where logcat will come in handy.

    11. First, clear the buffer by typing

    adb logcat    -c
    Then run logcat and dump the result into a plaintext file

    adb logcat   > logcat . txt
    Launch the app, wait until it crashes and exits to background. Then press control+C on the console to terminate logcat.

    12. Examine the log output. In the red box shown below, it indicates that the app crashed while attempting to divide a number by zero at MainActivity.a() method.

    13. Locate the function. The code is obfuscated and there are several functions named "a", but it should be easy to locate by searching for "div-int" operation. Below's the analysis of this function and how to edit it.

    14. Finally compile & install the app. End result is a fully functional DRM-free copy of GLTools.

    kaizald likes this.
  • About Us

    Android Republic - Android Game Mods - Offering only the most advanced and exclusive android mods, protections like Xigncode are easily bypassed by our team.

    Exclusive Android Mods, android protections are no problem for us, only the best available games, here you will find only the best games such as Kritika, Summoners War, Raven, Dragon Striker, Avabel, Evil Bane, 7knights and seven knights, Darkness Reborn, Soul Seeker all fully modded and waiting for you! easy xigncode and dxshield bypass too!
  • Like us on Facebook