spoof getinstallerpackagename with adb

as i wrote back in another post about anti-cracking technique examples, one method that is often used is getinstallerpackagename(). if the apk is installed from adb, it will be null, but if it's installed from the market it will be com.google.android.feedback. antilvl is well aware of this already, but there is an easier solution for when you're in a hurry. i learned it reading this post at tim's fantastic blog on reversing. he's not affiliated with me and for all i know he's an upstanding white hat who just loves hacking android.

all you need is adb. just give it this command either in a shell or as:

adb install -i com.google.android.feedback com.protected.app

 this will setup com.google.android.feedback as the installer for the com.protected.app. if you're not sure what the app name is for a given apk, just use aapt, from the android-sdk. ex: aapt d --values badging someapk.apk

original smalihook java source

i've noticed some interest about a file that antilvl sometimes uses when cracking a program. it's called smalihook and it's purpose is to provide "hook" (actually replacement) methods for things like getting device id or signature. it's not really anything special, unless you actually modify the places in the app that make use of certain function calls. there is also a smalihook.java floating around that is actually a badly decompiled, broken version. i'd rather people have the real thing.

the variable strings that start with "%!" (ex: %!AppPackage%) are for antilvl to replace with the actual information when it copies it over.

if you want to use any of the functions here you can simply use antilvl.

if you just want to spoof your android_id or getdeviceid, try this: http://strazzere.com/blog/?p=217

package lohan;

import java.io.File;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Random;

import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.content.pm.PackageManager.NameNotFoundException;
import android.telephony.TelephonyManager;
import android.util.Log;

/*
 * TODO:
 * I wonder if it's possible to check getClasses or getMethods to detect this
 * hook
 * Hooks:
 * PackageManager
 * getInstallerPackageName
 * getPackageInfo
 * getApplicationEnabledSetting
 * checkSignatures
 * getDeviceID - requires context
 * File
 * length
 * lastModified
 */

public class SmaliHook {

 // replace with random var per antilvl run
 private static String PrefsFile = "HookSettings";
 private static Context myAppContext = null;
 
 // random - always random, permute - unreversible permutation
 // session means until app is reinstalled
 private static enum DEVICE_ID_SPOOF {
  RANDOM, SESSION_RANDOM, SESSION_PERMUTE
 };
 private static DEVICE_ID_SPOOF myIDSpoof = DEVICE_ID_SPOOF.SESSION_RANDOM;
 private static String LOG_TAG = "lohan";
 private static boolean DEBUG = true;
 private static boolean DUMP_STACK = false;

 public static Object invokeHook(Method method, Object receiver,
   Object[] args) throws IllegalArgumentException,
   IllegalAccessException, InvocationTargetException,
   NameNotFoundException {

  boolean HookEnabled = true;

  String methodClassName = "unknown-static";
  String methodName = method.getName();
  if ( receiver != null )
   methodClassName = receiver.getClass().getName();
  else methodClassName = method.getDeclaringClass().getName();

  if ( DEBUG ) {
   String logStr = "Invoke Hook: " + methodClassName + "."
     + methodName + "(";
   if ( args != null ) {
    String argStr = "";
    for ( Object arg : args )
     argStr += arg.getClass().getName() + ":" + arg + ", ";
    if ( argStr.length() > 2 )
     argStr = argStr.substring(0, argStr.length() - 2);
    logStr += argStr;
   }

   Log(logStr + ")");
  }

  DumpStackIfWeShould();

  if ( !HookEnabled ) return method.invoke(receiver, args);

  if ( methodClassName
    .equals("android.app.ContextImpl$ApplicationPackageManager")
    || methodClassName
      .equals("android.app.ApplicationContext$ApplicationPackageManager")
    || methodClassName.equals("android.content.pm.PackageManager")
    || methodClassName.contains("ApplicationPackageManager") ) {
   if ( methodName.equals("getInstallerPackageName") ) {
    // Hook get installer package name
    return getInstallerPackageName((String) args[0]);
   }
   else if ( methodName.equals("getPackageInfo") ) {
    // Hook get package info for signatures
    int flags = (Integer) args[1];

    if ( methodClassName
      .equals("android.content.pm.PackageManager") )
     return SmaliHook.getPackageInfo(
       ((PackageManager) receiver), (String) args[0],
       flags);

    // Cannot simply recast receiver to
    // ContextImpl.ApplicationPackageManager or we get error
    Object result = null;
    try {
     result = method.invoke(receiver, args);
    }
    catch (Exception e) {
     result = method.invoke(receiver, "%!AppPackage%");
    }

    if ( (flags & PackageManager.GET_SIGNATURES) == PackageManager.GET_SIGNATURES ) {
     Signature[] spoofSigs = SmaliHook.spoofSignatures();
     // should only need to spoof the first one
     ((PackageInfo) result).signatures[0] = spoofSigs[0];
    }

    return result;
   }
   else if ( methodName.equals("getApplicationEnabledSetting") ) {
    int result = getApplicationEnabledSetting(
      (PackageManager) receiver, (String) args[0]);
    return (Object) Integer.valueOf(result);
   }
   else if ( methodName.equals("checkSignatures") ) {
    // This could be detected by comparing a known installed package
    // that will not match signatures. Will deal with that if it
    // ever happens. :D
    return checkSignatures((String) args[0], (String) args[1]);
   }

  }
  else if ( methodClassName.equals("java.io.File") ) {
   if ( shouldSpoofFileInfo((File) receiver) ) {
    if ( methodName.equals("length") ) { return length((File) receiver); }

    if ( methodName.equals("lastModified") ) { return lastModified((File) receiver); }
   }
  }

  // No hooks, work as normal
  return method.invoke(receiver, args);
 }

 public static int checkSignatures(String p1, String p2) {
  Log("checkSignatures returning SIGNATURE_MATCH");
  DumpStackIfWeShould();

  return PackageManager.SIGNATURE_MATCH;
 }

 public static int checkSignatures() {
  Log("checkSignatures returning SIGNATURE_MATCH");
  DumpStackIfWeShould();

  return PackageManager.SIGNATURE_MATCH;
 }

 public static String getInstallerPackageName(String packageName) {
  // LIE and say installed from market :D
  String result = "com.google.android.feedback";
  Log("getInstallerPackageName returning " + result);
  DumpStackIfWeShould();
  return result;
 }

 public static int getApplicationEnabledSetting(PackageManager pm,
   String packageName) {

  int result;
  try {
   result = pm.getApplicationEnabledSetting(packageName);
  }
  catch (IllegalArgumentException ex) {
   result = PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
  }

  // Fake value if it's disabled
  if ( result == PackageManager.COMPONENT_ENABLED_STATE_DISABLED )
   result = PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;

  Log("enabledSetting returning " + result);
  DumpStackIfWeShould();
  return result;
 }

 public static PackageInfo getPackageInfo(PackageManager pm,
   String packageName, int flags) throws NameNotFoundException {

  // Get regular package info
  PackageInfo pi = null;
  try {
   pi = pm.getPackageInfo(packageName, flags);
  }
  catch (NameNotFoundException e) {
   // Sometimes the app wants to know of other, helper apps are
   // installed or if trial / nonfull versions are installed
   // Fail normally if it's NOT checking for pro/full version stuff
   if ( !(packageName.toLowerCase().contains("pro")
     || packageName.toLowerCase().contains("full")
     || packageName.toLowerCase().contains("donate") || packageName
     .toLowerCase().endsWith("key")) )
    throw new NameNotFoundException();

   // Spoof with this package's info
   pi = pm.getPackageInfo("%!AppPackage%", flags);
  }

  // Populate with fake signatures if flags ask for it
  if ( (flags & PackageManager.GET_SIGNATURES) == PackageManager.GET_SIGNATURES ) {
   Signature[] spoofSigs = SmaliHook.spoofSignatures();
   for ( int i = 0; i < pi.signatures.length; i++ )
    pi.signatures[i] = spoofSigs[i];
   Log("spoofing signatures for " + packageName);
   DumpStackIfWeShould();
  }

  return pi;
 }

 public static Signature[] spoofSignatures() {
  final int certCount = Integer.parseInt("%!CertCount%");
  Signature[] result = new Signature[certCount];

  // Usually check signature of package and not individual files
  // This will only fool checks of entire package
  // Individual files would require a lot of smali generation
  String replace = "%!SignatureChars%";

  for ( int i = 0; i < certCount; i++ )
   result[i] = new Signature(replace);

  return result;
 }

 public static long length(File f) {
  long retVal = Long.parseLong("%!OrigFileSize%");

  if ( !shouldSpoofFileInfo(f) ) {
   retVal = f.length();
   Log("spoofing file length of " + f.getName() + " with " + retVal);
   DumpStackIfWeShould();
  }

  return retVal;
 }

 public static long lastModified(File f) {
  // long retVal = 1287850800968L;
  long retVal = Long.parseLong("%!OrigLastModified%");

  if ( DUMP_STACK ) Thread.dumpStack();

  if ( !shouldSpoofFileInfo(f) ) {
   retVal = f.lastModified();
   Log("spoofing file modified of " + f.getName() + " with " + retVal);
   DumpStackIfWeShould();
  }

  return retVal;
 }

 public static String getDeviceID() {
  if ( myAppContext == null ) {
   Log("getDeviceID has no context, can't spoof device id");
   return "";
  }

  // final TelephonyManager tm = (TelephonyManager)
  // myAppContext.getSystemService(Context.TELEPHONY_SERVICE);
  // Log("this is my device id: " + tm.getDeviceId());

  // fallback id
  String spoofID = "359881030314356";
  
  if ( myIDSpoof == DEVICE_ID_SPOOF.RANDOM )
   spoofID = generateRandomDeviceID();
  else {
   SharedPreferences settings = myAppContext.getSharedPreferences(
     PrefsFile, Context.MODE_PRIVATE);
   spoofID = settings.getString("android_id", "");

   if ( spoofID.length() == 0 ) {
    if ( myIDSpoof == DEVICE_ID_SPOOF.SESSION_RANDOM )
     spoofID = generateRandomDeviceID();
    else if ( myIDSpoof == DEVICE_ID_SPOOF.SESSION_PERMUTE )
     spoofID = getPermutedDeviceID();
   
    SharedPreferences.Editor editor = settings.edit();
    editor.putString("android_id", spoofID);
    editor.commit();
   }
  }
  
  Log("spoofing device id: " + spoofID);

  return spoofID;
 }

 private static boolean shouldSpoofFileInfo(File f) {
  boolean result = false;

  if ( f.exists() ) result = false;

  if ( f.getName().contains("%!AppPackage%")
    && f.getName().endsWith(".apk") ) result = true;

  return result;
 }

 public static void SetAppContext(Context c) {
  if ( myAppContext == null ) myAppContext = c;
 }

 private static String getPermutedDeviceID() {
  // permute device id
  final TelephonyManager tm = (TelephonyManager) myAppContext
    .getSystemService(Context.TELEPHONY_SERVICE);
  // lazy lazy lazy http://www.random.org/sequences/
  // this is a permutation with a loss of information
  // prevent anyone from knowing the id even if they knew the mapping
  final int[] p = { 12, 2, 10, 2, 13, 8, 0, 3, 14, 3, 6, 9, 5, 1, 12 };

  String deviceId = tm.getDeviceId();
  String result = "";
  if ( deviceId != null ) {
   for ( int i : p )
    result += deviceId.charAt(i);
  }

  return result;
 }

 private static String generateRandomDeviceID() {
  // device id is 15 digit number with seemingly no pattern
  // only changed by factory reset or with root
  // ex: 359881030314356 (emulators is all 0s)
  return generateString("0123456789", 15);
 }

 private static String generateString(String charSet, int length) {
  Random rng = new Random();
  char[] text = new char[length];
  for ( int i = 0; i < length; i++ )
   text[i] = charSet.charAt(rng.nextInt(charSet.length()));

  return new String(text);
 }

 public static void Log(Object o) {
  if ( !DEBUG ) return;

  Log.d(LOG_TAG, String.valueOf(o));
 }

 public static void DumpStackIfWeShould() {
  if ( !DUMP_STACK ) return;

  DumpStack();
 }

 public static void DumpStack() {
  StackTraceElement[] ste = Thread.currentThread().getStackTrace();

  // skip the first 4, it's just local stuff
  String trace = "Stack trace:\n";
  for ( int i = 4; i < ste.length; i++ )
   trace += "  " + ste[i].toString() + "\n";

  Log.d(LOG_TAG, trace);
 }

 public static void Toast(Object o) {
  // todo: implement
 }
}

smali syntax highlighting for vim

i've been doing a lot in linux lately and was working on a smali syntax highlighting file for vim, but vierito5 posted a comment with a link to Jon Larimer, who beat me to it. here's the link:
http://codetastrophe.com/smali.vim
https://sites.google.com/site/lohanplus/files/smali.vim (mirror)

it's vim so there are 20 different ways to get it working. google around if this doesn't work, i will be no help. here is how i did it:

mkdir ~/.vim
echo au BufRead,BufNewFile *.smali set filetype=smali >> ~/.vim/filetype.vim
mkdir ~/.vim/syntax
cp smali.vim ~/.vim/syntax

smali syntax highlighting for notepad++

update 10/8/2013:

thanks to Ádám Tóth for creating a dark themed version. i've linked to it next to the main version.

update: 11/10/2011:

thanks to Jho for pointing out how to get code folding to work. i updated the syntax file and made a few other tweaks. the link and picture have been updated and here are the instructions for installing (tested with v5.9.6.1):
View -> User-Defined Dialogue...

Click Import

Select smali_npp.xml
       no picture here, use imagination

There will be a message box that says "Import successful."
Any new files you open should have syntax highlighting.



several people have asked for smali highlighting for notepad++. thanks to furrelkt for having already sent me an example. here's what i've come up with: https://sites.google.com/site/lohanplus/files/smali_npp.xml
for dark backgrounds, try this:  https://sites.google.com/site/lohanplus/files/smali_npp_darkbg.xml

there are many limitations for notepad++'s user defined language. i could not get many tokens to highlight correctly, or as well as ultraedit or the highlighter used on this blog. perhaps a full lexer plugin could handle it. if you write one or make improvements to this xml, let me know.

Samsung I7500 with OLED touchscreen powered by Android Live

April 27, 2009, Seoul, Korea - Samsung Electronics Co., Ltd., a leading
mobile phone provider, today unveiled the I7500, its first
Android-powered mobile phone. With a launch of I7500, Samsung became
the first company among the global top three mobile phone manufacturers
to unveil an Android-powered phone.

"Samsung is among the
earliest members of the Open Handset Alliance and has been actively
moving forward to introduce the most innovative Android mobile phone,"
said JK Shin, Executive Vice President and Head of Mobile Communication
Division in Samsung Electronics. "With Samsung's accumulated technology
leadership in mobile phone industry and our consistent strategy to
support every existing operating system, I believe that Samsung
provides the better choices and benefits to our consumers" he added.

The
Samsung I7500 is a cutting-edge smartphone, featuring a 3.2" AMOLED
full touch screen and 7.2Mbps HSDPA and WiFi connectivity, giving users
access to Google™ Mobile services and full web browsing at blazing
speeds.

The Samsung I7500 offers users access to the full
suite of Google services, including Google Search™, Google Maps™,
Gmail™, YouTube™, Google Calendar™, and Google Talk™. The integrated
GPS receiver enables the comprehensive use of Google Maps features,
such as My Location, Google Latitude, Street View, local search and
detailed route description. Hundreds of other applications are
available in Android Market. For example, the application Wikitude, a
mobile travel guide, allows consumers to access details of unknown
sights via location-based Wikipedia articles.

Based on
Samsung's proven product leadership, Samsung I7500 comes with latest
multimedia features. The large and vivid 3.2"AMOLED display ensures the
brilliant representation of multimedia content and enjoyable full touch
mobile experience. Along with supporting a 5-megapixel camera and
various multimedia codec formats, the I7500 also provides a long enough
battery life (1500mAh) and generous memory capacity up to 40GB
(Internal memory: 8GB, External memory: Up to 32GB) to enjoy all the
applications and multimedia content. The phone also boasts its slim and
compact design with mere 11.9mm thickness.

The Samsung I7500 will be available in major European countries from June, 2009.

HSDPA 7.2Mbps / HSUPA 5.76Mbps (900 / 1700/ 2100MHz)
EDGE / GPRS (850/ 900/1800/1900)
OS
Android
Display
3.2" HVGA(320x480) AMOLED
Camera
5 MP Camera (Auto Focus), Power LED
Video / Audio
Video: MPEG4, H.263, H.264, WMV
Audio: MP3, AAC, AAC+, e-AAC+, WMA, RA
Value Added
Features
Full Web Browser Google Search, Maps, Gmail,
YouTube, Calendar, Google Talk, Android Market
Connectivity
Bluetooth® 2.0, USB 2.0, WiFi, MicroUSB, 3.5mm ear jack
Memory
Internal memory: 8GB
External memory: Micro SD (Up to 32GB)
Battery
1500 mAh
Size
115 x 56 x 11.9mm

* Google, Google Search, Google Maps, Gmail, YouTube, Google Calendar, Google Talk are trademarks of Google Inc.

1 Million Google Android Phones sold by T-Mobile

T-Mobile’s Google Android smartphone has reached one million in US sales in the six months since the phone launched. The smartphone now accounts for almost two thirds of all of the 3G devices available on the T-Mobile.

T-Mobile is the US’s fourth largest wireless network operator and has
over 32.1 million customers. The company started selling the G1
Smartphone on October 22, 2008.

It is being reported by mobile advertising specialist AdMob that the
Android OS now accounts for 6% for the entire smartphone market in the
United States. Though the popularity is increasing, Android still has a
while to go until it beats out Windows Mobile, which holds an 11%
market share, the Blackberry OS at 22% and the iPhone, which takes the
cake with 50% of the smartphone market in the U.S.

During a
conference call last week Eric Schmidt, Google CEO stated that he felt
the Android had a chance for great success this year. Schmidt claimed
that the open source strategy was gaining ground and hinted that the
company would deliver future announcements.

“There are
announcements happening between now and the end of the year that are
quite significant from operators and new hardware partners in the
Android space, which I won't preannounce except to say that they really
do fulfill much of the vision that we laid out more than a year ago,”
stated Schmidt during the call. “On the netbook side, there are a
number of people who have actually taken Android and ported it over to
netbook or netbook-similar devices.”

via: TGDAILY

HP Confirms Considering Android in Netbooks

Hewlett-Packard confirmed Tuesday that it is testing Google's Android operating system as a possible alternative to Windows in some of its netbook computers.

Analysts said the move would allow HP to develop a low-cost netbook
optimized for wireless networks that provides access to Web-based
services such as Google Docs, but others questioned whether the Google
software is ready for such a task.

"Right now Android is
barely finished for phones," said Avi Greengart, an analyst at Current
Analysis. While it works well enough for T-Mobile's G1 smartphone, the
software was released only last year and "the UI still feels
half-finished," he said.

HP stressed that it was still only
testing Android, an OS based on the open-source Linux kernel. It has
assigned engineers to the task but has made no decision yet whether to
offer Android in products, said HP spokeswoman Marlene Somsak.

Read the rest here.