Android Black Tech Series-Crack a perpetual free web Access tool

First, preface

Because recently personal needs, want to use "Advanced search" on the mobile phone, but find a lap found are need to pay for the network tools, but I have no money, so only through professional skills to get a cracked version.

Second, application analysis

The following is a direct entry into the topic. First we see the expiration interface as follows:

Remind members there are 0 days, so this is our breakthrough, directly decompile the app, and then find this string information:

Then open the apk file with JADX and search globally for the name value:

Direct point entry for viewing:

Will eventually be traced to this method, we found here two key points: one is the program will save the user's validity period to the local XML, one is the program vulnerability, does not close the log information, so we directly exploit this vulnerability to view the log information can be, but here first not to view, Continue global Search Save XML Key value: Service_expired_time, to see where to save, guess here is the server issued configuration information:

Here we see a lot of places to save, and we looked at it at once, and finally found this place:

Why do you say this is the place? Because we found the tag here and the above log tag is the same, are mainactivity. And we look directly at the log information:

Indeed, see here first to get the configuration information, and then local decryption, the JSON into a map structure. Here we are to introduce more. Look at his decryption algorithm implementation:

A very simple AES algorithm. Key is also locally written to die. We verify that the decryption algorithm is valid for the back. We are writing an Android program separately, copy this part of the decryption function, and then use to decrypt the data:

We then use the Get configuration URL in the log we just printed and put it in the browser to access the view:

Copy this ciphertext to the Android decryption program, then run the Android program to view the logs:

After decryption is a JSON data, we use the tool to format the View information:

See here three fields, one is the number of days that can be used, one is the expiration time, the other is the current time.

Iii. Extension of Technology

Well, here we are, the process of the tool: first go to the server to get the configuration information, then decrypt the JSON format into the map structure, and then parse some of the fields, such as the validity period and the number of days to save the information to local. If the discovery expires, you cannot use the tool directly. And we will find the breach is his log loopholes, so in the development process must remember the program released cleared key logs, in fact, there is a switch control is not reliable, before the analysis of an app, his log although there are switches, but we can manually turn on the switch. Therefore, for the most secure, it is best to delete the critical information log.

First, analysis of mobile phone TCP packet information

So since this app doesn't have log information, how do we break it? We can grab the packet, and we can see this gets the configuration information is the HTTPS protocol. So using Fidder and other grab bag tools to get it may fail. So here you can use Tcpdump+wireshark to directly analyze TCP packet information:

See the TLS protocol. If someone has analyzed this security protocol, know this process, the online great God summed up a picture:

Then we can see his application data:

Confined to the reason, not in detail how to decrypt the protocol data, the content will be written in a separate article how to decrypt the TLS data.

Second, root-free management device Network

Now in the Android VPN function, all uses the vpnservice to develop, this I mentioned before in the interception video advertisement app, also mentions, his principle is uses the Vpnservice to carry on the root-blocking advertisement request thus achieves the filtering advertisement function, This feature requires authorization:

About this Vpnservice how to develop and use, online some information, interested students can search by themselves.

Four, crack solution

The above transition a bit extended some of the content, now we are back to the point, the above has analyzed the use of the app's validity process, then the crack is very simple, there are many ways. Here we directly use the insertion code method to modify the server data. For simplicity, we have directly modified the values of the important fields in the map structure, the validity period, and the number of days to use. After we get the Smali code, we do not need to write the Smali code manually, but we can use the demo to write the data structure information of the inserted map:

Then decompile the demo program and get the corresponding Smali code:

Then insert it into the Smali code of the Anti-compilation app:

Then, after the compilation, after signing with the JADX tool to see if the insert succeeds:

has finished inserting function, we install to see if it is valid:

See here, crack success, can normal use, to here we are finished, how to hack a VPN tool for free.

V. Technical SUMMARY

We found in the process that this tool has a lot of security implications, about tool security proposals:

First: Delete key core information before publishing. Especially the log, do not use the switch control. deleted directly.

Second: Key information is best to do a layer of core encryption. For example, the above AES decryption function can be placed in so security will be high.

Third: Do a security protection for the entire app to prevent it from being cracked.

About the Hack tool class app, in fact very simple, because the tool app words generally we want to charge the function is definitely put on the local just have a switch control up. And for this kind of app crack, just find this switch, directly tamper can. And for some server-controlled functions such as video member information cracking is a bit troublesome, because your information in the server, the server will be based on whether you assign a specific video information to the member. So later if you want to crack the tool-like app, believe a little. Must be able to succeed. And the train of thought is very simple and clear.

After reading this article, we can learn about some of the techniques:

First: Android-free root interception network request or VPN development can be aided by the System class Vpnservice function. This feature needs to be authorized.

Second: Learn about the Tcpdump+wireshark tool to analyze the TCP packet information of the phone. This later article will describe the analysis process in detail.

Third: The app must remember to delete the log of critical information before launching the launch. Avoid causing security risks.

Android Black Tech Series-Crack a perpetual free web Access tool