stackoom
  简体   繁体   中英

How should I code to resist “one-click piracy”?

 原文  2012-02-29 11:12:38       android/ security/ piracy

Question

The app I am working on is automatically cracked by antiLVL (although I am not using the LVL in my app).

In order of protecting my app from "one-click piracy", I am implementing tampering detection techniques explained at Google IO .

I have tried checking the signature both with getPackageInfo() and reflection ( invoke() ), but AntiLVL was able to crack the app automatically in both cases.

How can I write code that will not be automatically cracked by the current version of antiLVL (1.4.0)? I mean, apart from using JNI.

PS: I am not talking about preventing piracy in general. I just want the pirate to dig into the code by hand rather than using an automatic cracker.

2 answers

solution1
 1  2012-03-03 19:20:38

The problem is, any API that only serves to check the validity of your application can be subverted and replaced with a version that always returns the result you expect. I haven't looked at Anti-LVL in detail, but I would imagine it is doing this, which is why your attempts to verify your code using Dalvik's built-in APIs for this purpose are failing.

In order to make it work, you'll have to do the work yourself, using only APIs that have multiple purposes and cannot be so easily subverted.

One way of doing it is to calculate a checksum of either your .apk file or just the classes.dex file inside it, and verify it against some external resource (online server with list of known correct versions, file downloaded to SD card on first execution, etc, resource in the .apk file that isn't included in classes.dex). This prevents code modification, which I believe is how anti-LVL works. I haven't tried this myself, but suspect it should work.

solution2
 0  2012-05-16 00:40:24

The Presentation Notes from Evading Pirates and Stopping Vampires

Some basic keypoints

Please note, the #:r.page.X at the end of the links I've provided will not always bring you to that specific slide page number for whatever reason. If it doesn't, take note and browse manually.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question One-click download for Phonegap app? Piracy, piracy, piracy. What can I do? How to secure my app against piracy Android code obfuscation and secure android application from piracy If I dont want to stop a service in android after a button click,but after a certain block of code…how does one one do it? How can I fix my code to prevent it not responding to my click/touch and why does it only display one number sometimes? How can you make Constraint Layout resist expansion to cover other views How can I keep on adding preferences when i click one? I'm using android simple_list_item_checked how should I highlight it when I click it I have button in my app, I want that whenever I will click on that dailer should be open how to that?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM