Recently, I found my application is crack by some anti-lvl tools.
T开发者_开发技巧his tool could easily crack the "Android License Verification Library" in my application, and generate a new cracked apk.
It also provide lots of function hooks to prevent the developer from detecting their application is cracked. Such as get file length function or check signature function ...
Any one know how to defeat it?
Thanks.
I don't like the standard response of "go check the google i/o presentation" simply because many of the techniques mentioned are defeated by antilvl. It is bad advice in my opinion as the topics, such as reflection and crc checking are already defeated.
Doing further research on antilvl, i came across the svn trunk to antilvl, with a very descriptive hint in a readme.txt file. Here is to prevent antilvl according to the author, prettied up by me. this will return true/false depending on the presence of smaliHook.java, which antilvl uses to hook normal package checks. This only works as a first line of defense, since the class name could be changed with a modded version of antilvl which is likely circulating somewhere. This is a good first check however, since it will defeat the average script kiddie.
protected boolean isAntiLVL(){
try{
Class.forName("smaliHook");
return true;
}catch(Exception e){}
return false;
}
In general - there is no way to fully protect your application in the wild. User might have root access on his/her device and then all bets are off. You can introduce some manual "hackarounds", but if your app is a high-profile one, you will be cracked anyway.
Its just power-play between you and crackers. And if you fight crackers too hard you might hurt your fair users as well.
I'd also refer you to check out this from Google I/O 2011:
Taken from: Avoid apk cracked
Thought it may be very useful to you!
Evading Pirates and Stopping Vampires
http://www.youtube.com/watch?v=TnSNCXR9fbY
EDIT The Presentation Notes: https://docs.google.com/viewer?url=http%3A%2F%2Fwww.google.com%2Fevents%2Fio%2F2011%2Fstatic%2Fpresofiles%2Fdgalpin_android_pirates_and_vampires.pdf
Some basic keypoints
- Modify the LVL
- Implement LVL Tamper Resistance
- Use obfuscation
- Use reflection
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论