[Android_cracker] Antilvl How to download and use

Antilvl-android License Verification Library Subversion

[What is it?]
Antilvl ' s purpose is to subvert standard license protection methods such as the Android license verification Library (LVL) , Amazon AppStore DRM and Verizon DRM. It also disables many anti-cracking and anti-tampering protection methods. Because every implementation of the LVL is potentially (and often are) quite different, it's not possible to automate patch ing in every case. It won't always work. However, it has been designed to get around obfuscation and to apply many variations.

Under the hood, ANTILVL is a configurable Smali code patcher with rules defined in user-modifiable XML files stored inside The jar called fingerprints. Brief Summary of how it works:
* Decompiles the APK
* Perform Regular expression matching
* Carrie out defined modifications
* Recompile, update classes.dex
* Resign and Zipalign


[Who's it for?]
* Android developers that wish to test their protection methods against common types of attacks. The fact, the tool exist may encourage developers to either give up in protection and focus on making better Apps or, On the other extreme, to develop a robust protection mechanism that would detour all but the most adamant crackers.

* Those wishing to automate the task of patching Apk files for whatever reason.

* The curious that wish to know more about Android cracking. ANTILVL is a easy-to-understand several typical techniques.


[Usage]Typical usage:
Java-jar Antilvl.jar sample-lvl-app.apk

This would create sample-lvl-all-antilvl.apk.


Usage:java-jar Antilvl.jar [options] <apktool/baksmali Dump | APK file> [Output apk]
Options:
-F,--force allow overwriting of any existent file
-S,--skip-assembly decompile and modify but does not rebuild
-D,--detect-only detect protection information only
-N,--lvl-only Skip all protections except Android market LVL
--sign-only sign APK file then exit
--info-only Get App Info then exit
--assemble-only assemble dump, update Output APK, sign, zipalign, exit
--skip-cleanup do not delete dump directory after running
--sign-key PK8 key to sign with (requires--sign-cert)
--sign-cert PEM certificate to sign with (Reqires--sign-key)
--sign-pass Password to use with signature
--fplist List installed Fingerprints
--fpexclude comma-separated List of fingerprints to exclude
--fpinclude comma-separated List of fingerprints to include
-v#,--verbose# verbose level (1-3)
-H,--help Show this friendly message

Specific DRM Options:
--amazon-only Skip Non Amazon App Store DRM Subversion
--verizon-only Skip Non Verizon App Store DRM Subversion

Advanced Hook Parameters:
--chksigs # Check Signatures behavior
0-*default* only match signatures if installed
1-always return Signature Match
--GETPI # Get PackageInfo behavior
0-*default* spoof key/pro/full Apps if not installed
1-do not spoof apps not installed

If The app fails to work properly after processing (Ex:force closes), it could is the app uses a hooked method in an UNPR Edicted. Play with the--lvl-only, and--fpexclude options to prevent ANTILVL from hooking those methods. You can use--fplist to see all of the fingerprints. Anything that starts with "hooks" is a likely candidate for exclusion.

I assume you know how to Install/uninstall Apps. My preferred method is with ADB. If you need to uninstall first, ANTILVL would give the package name when it first starts if it knows.

To uninstall:adb Uninstall Sample.package.name
To install:adb install sample-lvl-app-antilvl.apk

This package includes the BINARIES:AAPT and Zipalign. AAPT is for getting package information and zipalign are for optimizing performance of the APK. They must is in the same directory as ANTILVL or in your path. For more information about Zipalign works, check out:
Http://developer.android.com/guide/developing/tools/zipalign.html

If you were using Linux, you could need to set the Execute permissions on them. For example:
chmod 755 AAPT
chmod 755 Zipalign


[antilvl Hacking]
Included is an Apk called Testtarget. It ' s used as a test for ANTILVL before release. It contains examples of all the protection methods Antilvl knows what to defeat. It ' s included with the Eclipse project source. If you want to develop your own fingerprints, you can use the Testtarget to test it afterward. It mainly tests just the anti-cracking and Anti-tamper methods, not the LVL or market-specific DRM.

To add your own custom fingerprints, open the antilvl jar with a zip archive viewer, such as 7zip and browse To/fingerpri Nts. Check out Fingerprints.xml for documentation and examples, and also look at the others-get a good idea's how stuff wor Ks. You can add your rules to any of the XML files, but custom.xml are empty and just for you! The XML specification is _way_ overkill for what's needed for just some simple patching, so it should be flexible enough To does all kinds of weird stuff.

If you find antilvl are making false positives or incorrectly modifying a file, you can score yourself some bonus points by Fixing it yourself in the fingerprint definitions, and super bonus points for sending in the fix.


[Caveats]
ANTILVL won't work well against any type of bizzare custom protection. It understands some trivial license checks but any sort of the advanced non-lvl protection won't work. If This happens, the your best bet is the use ANTILVL as a means of detecting anti-cracking code. Just run it normally using--skip-cleanup and modify the resulting Smali dump by hand until satisfied. Reassemble with--assemble-only with the previously created *-antilvl.apk as target.

If you had any questions, comments, suggestions or if ANTILVL does don't work and you were reasonably sure the App is using Market LVL, Amazon or Verizon DRM, contact me. :D


[Contact]
Lohan.plus (at) g M a I l (dot) com
Http://androidcracking.blogspot.com



[Changes]
October 18th, 2011-1.4.0
-Complete rewrite (because no developer is happy until it ' s been rewritten _at Least_ 3 times)
-Added--sign-pass,--sign-key and--sign-cert options to sign with your own signatures
-Added support for patching Verizon DRM
-Added support for patching/stripping Amazon DRM (Thanks zart!)
. Stripping is the default, patching can be enabled in place of stripping with--fpexclude "Amazon DRM Strip"
-Added file permission checks for AAPT and zipalign
-Added--fpinclude,--fpexclude and--fplist
. They is case insensitive and would work with regex.
Ex:to exclude all Hooks,--fpexclude hook.*
-Added--GETPI option to determine how hook handles getting PackageInfo
-Major changes to Smalihook
. Split up to multiple sections so they can be included as needed
. Added Recursive method invocation Hook
Instead of hard coding hooks, use script vars of the form%! Hook:hook_name.methodname% "
-Changed how Afterop and Beforeop is handled so they work as you would think
It is really applied to inserts and replaces, but now they work for finds/matches
-All fingerprint operation types can is defined with: #, ex:type= "Insert:3" where 3
Is the limit on the number of times it'll attempt that operation.
-Properly implemented multiple fingerprint region support
-Testtarget updated with cool icon, more info and new ANTI-CRACKING/ANTI-ANTILVL checks


April 18th, 2011-1.1.5
-Tweaked (hopefully improved) LVL detection (Thanks Notion and survive!)
-Added hooks for app is debuggable and debugger connected checks

April 8th, 2011-1.1.4
-Added Amazon DRM Subversion
-Fingerprint improvements
. Fixed Some LVL detection
. Fixed problem with start of method not always being correctly found
. Removed the possibility for several unnecessary checks, increasing speed
-Several smalihook improvements, including more informative log messages
-Updated documentation in Fingerprints.xml but it's wise to also look at examples.
-Added Notifications for suspicious behavior
. Getting the installed apk path-reason:usually a file size check
Apps usually want to look at themselves-check for tampering (MD5 hash, file size, etc.)
. Getting Device ID, wireless mac, Bluetooth mac, sim serial number-reason:unique identifiers
Some services use these as unique identifiers for your device and they must is spoofed to avoid bans
-Added spoof-id option for device/android_id spoofing
-Included testtarget.apk as a demo/educational resource

February 13th, 2011-1.1.3
-Added--fplist,--fpexclude options (for Warezhka), so can exclude certain
Changes that's think might be breaking your Apk
-Fixed several possible problems with hooks (thanks survive)
-Major refactoring to create reusable libraries I'll release when they ' re isn't so ugly

February 6th, 2011-1.1.2
-Fixed--skip-nonlvl,-n option
-Fixed improper instances of packages being unnecessarily detected as installed
Though this may hinder some key/pro/unlock checks
-Improved accuracy of a few checks
-Added anti-cracking Hooks
-Added Limited support for API key replacement
Full support requires resource decoding/building which are planned for 1.2
-Improved signature spoofing
-Now creates output APK path if it does not exist

January 30th, 2011-1.1
-introduced many anti-cracking bypassing methods. It ' s better than me!
-Improved--sign-only behavior though it still errors every other time
-Fixed issue with modification ' s sometimes being done improperly
-Several under the hood improvements for future features

January 21st, 2011-1.0
-Complete rewrite of previous versions
-Acts more like a engine, with modification information stored in Fingerprints.xml
-Many, many more Apk files can be decompiled and recompiled
-Handles several new types of protection methods
-Signature checking, a common anti-tampering technique, is subverted
-File size/last Modification checks is more accurately detected
-Pro/full Unlock app protection is correctly handled sometimes
-Much More compact/optimized Java byte code,--clever option:D

Download (current version 1.4.0):

• Windows-https://sites.google.com/site/lohanplus/files/antilvl-1.4.0-win.zip
• Linux-http://sites.google.com/site/lohanplus/files/antilvl-1.4.0-linux.zip

Older versions:

• Windows-https://sites.google.com/site/lohanplus/files/antilvl-1.1.5-win.zip
• Linux-http://sites.google.com/site/lohanplus/files/antilvl-1.1.5-linux.zip

[Go to official website, need to turn over the wall] http://androidcracking.blogspot.com/p/antilvl_01.html

[Android_cracker] Antilvl How to download and use