Just FYI, Jesusfreke has posted a dex [de]compiler set: http://jf.andblogs.net/ (Smali and baksmali).
So there are already tools to do that (and Al, if you want to put up a bounty for a simple/repeatable hack, that'd go a lot farther than handwaving. Everyone else, if you want to claim that bounty, that'd go a lot..etc :) ..) On Fri, Jul 24, 2009 at 7:01 AM, Kaj Bjurman <kaj.bjur...@gmail.com> wrote: > > As I said previously. I have tried to protected java applications, and > I have done what I described with pure java applications, without > having the source code (I have even done it in assembler/machine code > on non java applications). I don't know much about the dex format and > what tools that are available to modify compiled classes, but it's > only a matter of time before they are here, if they don't exist right > now. > > Crackers don't think about if a program is expensive or not. They only > want to get known for their talents, and they crack all popular > applications, even if they are almost for free. So all popular > applications get cracked, regardless of price, and time isn't an issue > for the cracker. He doesn't think in economical terms. > > > > On 24 Juli, 10:44, Al Sutton <a...@funkyandroid.com> wrote: > > The confusion arose because your previous post said "Replace the code > > that downloads the certificate and encrypts it", in this post you're > > talking about the "download/decrypt code", the first is a combination > > of client code (download) and server code (encryption), the latter is > > client-only code. > > > > Referring to the download/decrypt replacement, the problem here is the > > amount of time it would take to find where the download/decrypt code > > resides in a compiled app, replace it, and recompile it. If you had > > the original source code then yes, you could do a drop in replacement, > > but if you had the source code you could easily strip out any > > protection mechanism. > > > > Seriously, try it on a compiled application, you'll find it takes you > > a lot longer than you think, and longer than many crackers would be > > willing to spend on a low-cost app. > > > > Al. > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
