WayoftheAndroidCracker

September,2010,rev.1,bylohan+
pooldemo.exe
Lesson0:LayingtheFoundation
Includes:crackme0.apk,crackme0solved.apk,smali.uew,testsign.jar,example.smali
cracking,v.understanding,broadlyindividuating,locatingexactlyandeliminatingorsuspendingordeferringoneormore
protectionschemesinsideasoftwareapplicationyoudonotpossessthesourcecodeof.

Contents
Background
o Furtherreading
SettinguptheEnvironment
o Optional:SettingupanEmulator
o TestingADB
InstallingtheApp&Inspection
GettingtheApk
UsingApktool
Cracking
o StartingPoints
o Understanding
CompilingandSigning
FinalNotes

Background
Mobileapplicationdevelopmentisthefuture.Everynewgenerationofphonesbringsincreasedprocessingspeedand
power,betterscreensandlongerbatterylife.Atthedawnofthecomputingage,expertsclaimedcomputerswouldgrowlargerand
smallerinnumberbuttheoppositetrendhasbeentrue.Mobileplatformsarealogicalextensionofthistrend.Nowyoucanhave
yourMP3player,email,web,GPS,YouTube,socialnetworks,etc.inyourpocket.Mobiledevelopmentisstillyoungandifyoubegin
yourjourneyintotheWayoftheCrackeryoucanobserveasprotectionmethodsareborn,growandevolveandcrackthemevery
stepoftheway.
ThistutorialcoverscrackingontheLinuxbasedoperatingsystemcalledAndroid.Itsopensourceandoptimizedforrunning
onmobileplatformswiththeirlimitationsonprocessingpowerandmemory.Applicationsarecontainedin.apkfileswhicharejust
special.zipfilesthathavebeensignedwithacertificate.ThecertificateisusedasafingerprintbytheMarketandAndroidto
uniquelyidentifyanAppandDeveloper.Anymodificationofan.apkfileinvalidatesthesignaturewhichmeansthe.apkfilewont
install.CrackedormodifiedAppsmustberesigned.Thisisoftendonequiteeasilywitharandomlygeneratedcertificate.Thereare
specialcircumstanceswhereaspecificallygeneratedcertificatemustbeusedandthiswillbecoveredinalatertutorial.
AsofnowtherearetwowaysfordeveloperstoprotecttheirmobileApps.ThemainlineofdefenseistheofficialApp
Market.UserspayforAppsthroughtheMarketwhichthenallowstheusertodownloadthe.apkfiletotheirphone.Mostofthe
timeitisafullversion.apkbutsometimesitismerelyaspecialKeyorDonateversionthatthemainAppchecksfortounlock
features.Theproblemwiththis,ofcourse,isthatthe.apkisleftunprotectedintheusershands,literally.Theonlyprotectionisthe
directorywherethepurchased.apkisstoredrequiresrootpermissionswhichyoudonothaveunlessyourootyourphone.
Rootingisastraightforwardprocedure,slightlydifferentforeachdevice.Itisnecessarytorootyourphonetoinstallacustom
AndroidROMsoinstructionsforrootingarewidelyavailable.Ontopofthis,theAndroidMarketallowsforafullrefundupto24
hoursfrompurchase.SorippinghundredsofAppsrequiresonlyaninitial,refundableinvestmentof~5$,arootedphoneandtime.
ThismakescrackinganyApporAppKeythatcansimplybedownloadednotworthyourskills.Youmaybethinking"Butlohan,ifthe
Marketissovulnerable,whyisitstillviable?"Myguessispeoplearelazy.Noteveryoneiswillingtoevenfindcrackedversionsof
Apps,letaloneroottheirphoneandgothroughthetroubleofgettingarefundforanAppthatprobablycostaround1$.Another

reasonmightbethatmanyAppsaremadebyoneoracoupleofdevelopersandtheApplistingoftenhasthedevelopersfullname
whichmayhelpfosteramorepersonalconnectionbetweenusersanddevs.ItsoundssillybutIhavebeenmorethanoncecriticized
byafanforcrackinganApponanAppcrackingforum.
ThealternativetotheMarketisexactlywhatyouseewithcomputersoftware:serials,licenses,servervalidation,etc.
ThesemethodswillrequireTheWayoftheCracker.TheseareAppswhichyoucanusuallydownloadforfreebuthavefeaturesthat
canbeunlockedbysomemeans.Asofnow,manyprogramsrelyentirelyonMarketprotectionbutasmobileAppsbeginto
representlargerandlargerinvestmentsoftimeandlaborwewillseeincreasedprotectionmeasuresandproductsofferingcode
protectionavailabletodevelopers.BecausetheDalviksupportsreflectionandthevirtualmachinehastobeabletointerpretthe
bytecodenoobfuscationcaneverhopetobecomplete.Itisthesamecasewith.NETcode.ObfuscationproductslikeProGuardmay
becomemoreadvancedwithtimebutintenseobfuscationwilllikelyhaveaverynegativeimpactonperformance.
TheprogramlogicforanAndroidAppiscontainedinafilecalledclasses.dexintherootofthe.apkfile.Itisavariantof
Java'sJarformatcalledtheDEX(DalvikEXecutable)formatandcanbedisassembledtoproduceDalvikbytecode.ItissimilartoJava
bytecodebutoptimizedforlimitedhardware.Thetwomaintoolsfordisassembling.apkfilesareSmali/BaksmaliandApktool.
Smali/Baksmaliisanassembler/disassemblerwhichdecompilesonlythecodewhileApktoolactsasawrapperforSmali/Baksmaliin
additiontodecodingresourcesfilesandimagesinadditiontodebuggingwithouttheoriginalsource,whichwillbecoveredinalater
tutorial.
ThisfirsttutorialwillholdyourhandalotmorethanIenjoybutIdoitanywaybecauseAndroidcrackingisnewand
informationisstillsomewhatsparse.Ido,however,skipoverafewdetailsthatarecoveredmuchbetterelsewheresuchashowto
useDOSorLinux.Ifyoudon'tknowyourwayaroundDOSorLinuxthentakealookatsomecheatsheetswithyourgoodfriend
Google.FuturetutorialswillassumeahigherskilllevelandwillfocusmoreontechniquesandthespecificsofDalvik.Thesetutorials
assumeyouarerunningWindows.IfyouareusingLinux/Macyouwillbesmart/coolenoughtofigureoutwhattododifferently.
Furtherreading:
http://developer.android.com/guide/publishing/appsigning.html
http://en.wikipedia.org/wiki/APK_(file_format)
http://www.dalvikvm.com/
http://en.wikipedia.org/wiki/Dalvik_virtual_machine
http://en.wikipedia.org/wiki/Obfuscated_code

SettinguptheEnvironment
First,youwillneedaworkingJavaenvironment.IfyouarenotsureifyouhaveJavainstalledgohere:
http://www.java.com/en/download/index.jsp.ThereisalinkcalledDoIhaveJava?thatshouldsortyouout.Ifyoudonthaveit,
installatleasttheJRE(JavaRuntimeEnvironment)butIwouldsuggestalsogettingtheJDK(JavaDevelopmentKit)becauseit
includesjarsigner.YoucangettheJDKhere:http://www.oracle.com/technetwork/java/javase/downloads/index.html.Whenyou
arefinishedinstalling,testtomakesurejavaisworkingbyopeningacommandpromptandtyping:
javaversion

Ifyougetanerror,itcouldjustbethatyourPATHvariablewasnotsetcorrectly.PATHcontainsalistofdirectoriestosearchwhen
youissueacommand.SoyoutypejavaanditlooksinallthePATHdirectoriesforjavaandwhenitsnotfoundresultsinanerror.
WejustneedtoaddeithertheJREorJDKpath.FortheJREversionIhaveinstalleditisC:\ProgramFiles\java\jre6\binandforthe
JDKitisC:\ProgramFiles\java\jdk1.6.0_21\bin.Makesurewhatyoursisandfollowtheseinstructionsforsettingyourpath:
http://www.java.com/en/download/help/path.xml
Next,youwillneedtheandroidsdkwhichcontainsvarioususefultoolsincludingtheallimportantADBorAndroidDebug
Bridge.Thistoolallowsyoutopush/pullfiles,install/uninstallAppsorconnecttotheshellofthephoneoremulateddevice.The
androidsdkalsocomeswithAndroidemulatorssoyoudonotevenneedaphonetobegincrackingApps.
BeginbydownloadingtheSDKhere:http://developer.android.com/sdk/index.html
IsuggestinstallingittoaneasytoreachlocationsuchasC:\androidsdkor%HOMEDRIVE%\androidsdk
FollowthewellwrittendocumentationforsettinguptheSDKhere:
http://developer.android.com/sdk/installing.html

DownloadtheUsbDriverpackage,whichisrequiredforADBonWindows,andfollowthestepsprovided.Instructionsfor
installingthedriverareattheAndroidDeveloperwebsite.
Youwillalsoneedatleastoneplatformifyouwishtorunanemulatorwhichishighlyadvisableconsideringyouwillwantto
testyourcrackedAppsinseveralenvironments.Formoreinvolvedcrackseverythingmightworkfineonyourphonebutfailon
anotherbecauseyourROMorversionisslightlydifferent.GetthelatestversionofGoogleAPIsbyGoogleInc.Theotherchoice,
SDKPlatformAndroid,isstrippeddownanddoesnothavemanyofthenecessarylibrariesyourAppswillneedandattemptsto
installwillresultinamissinglibraryerrorfromADB.

Optional:SettingupanEmulator
OpentheandroidsdkfolderandstartSDKManager.exe.IfyouhaveanolderSDKtoolsversionitwillbecalledSDK
Setup.exe.Itwillrunandshowyoualistofpackagestoinstall.ClosethatWindowandproceedtotheVirtualDevices
selectioninthelistboxontheleft.
ClicktheNew...button.
Anewdialogwillopenandyoucangiveitanynameyouwish.
Somethingcleverthatmakesyougiggleeverytimeyouseeitworkswell.
IntheTargetdropdownselecttheAndroidversionyouwanttheemulatortobe.
ForSDCard,intheSizeboxputsomethinglike100MiB.
YouwillonlylikelyeverneedasmallamountofspaceontheemulatedSDcardforcrackingandtesting.
ForSkin,Builtinresolutioncanbeleftasdefault.Ifyoupreferalargescreen,asIdoselectWVGA800.
ForHardware,thissectionallowsyoutosetupthedetailsofthehardwareofyourvirtualphone.YoucaninstallGPS,
increaseRAMofcachesize,etc.Bewarnedthatsomeoftheseoptionscanimpairtheemulatedphone'sabilitytoconnect
throughyourinternet.OnethatisproblematicistheGSMModemsupport.IfyouwishtoaddalltheoptionsclickNewand
thenholddownenteruntilallofthedifferentoptionsareadded.
ClickCreateAVD.
Onceyouhavecreatedthisvirtualdeviceyouwillnotbeabletomodifyiteasilybutasyouhavejustseenitisnotdifficult
tosimplycreateanewconfiguration.
AftertheAVDiscreatedamessageboxwillappearandgiveyoutheresults.ClickOK.
SelectyournewvirtualdeviceandclicktheStart...button.
Youhavetwooptions:ScaledisplayandWipeuserdata.IhaveneverusedscalebutWipeuserdataisusefulasitwill
completelyformattheuserdatapartitionwhichisacompletefactoryreset.

Thisstepwilltakeafewminutes.WhileitisloadingwewillproceedtothenextstepoftestingADB.Ifyoudonothaveanactual
phonethenreadonanywaysoyouwillknowwhattodo.Whenyourefinishedyoushouldseesomethinglikethis:

TestingADB
Ifyouhaveaphysicaldevice,connectittoyourPCwithyourUSBcable.
Openacommandpromptandgotoyourandroidsdk\toolsfolder
AfastwaytogettothepromptisWindowsKey+R>cmd>Enter.
IprefertocreateabatchfileshortcutinanyfolderIaccessfrequentlywhichcontainsthecommand:cmd
IfyouhaveyourphoneANDyouremulatorconnected,youwillhavetotellADBwhichonetouse.
Foranactualphoneusedandfortheemulatorusee.
adbdshell
ThiswillstarttheADBdaemonandconnectyoutoyourdevicesshell.Ifyouseesomethinglike:
*daemonnotrunning.startingitnowonport5037*
*daemonstartedsuccessfully*
#

thenyouaregoodtogo.NowyouareontheLinuxshellonyourmachine.Itisnotimportantbutitisilluminatingtopoke
aroundabitandseehowthingsarelaidout.Typeexittoquittheshell.Leavethiswindowopenforlater.TheADBdaemonwill
continuerunninginthebackgroundofyourcomputeruntilyouclosetheprocess,rebootorusethecommandadbkillserver.

InstallingtheApp&Inspection
NowweknowthatADBworkswecaninstallan.apkeitherfromMarketorfromthePC.I'llassumeyoucanworkthe
Market.Forthistutorialyoualreadyhavethe.apkonyourPCsoinstallitwiththisADBcommand:
adbinstall\path\to\crackme0.apk

Onceitisinstalled,runitandtakealookaround.Ingeneralyouwanttobelookingforwordslike"trial","expires",
"license","order","validation","serial"andsoon.Don'trushthisstep,especiallywithmorecomplexprograms.Itissometimeseasy
tocrackonepartoftheAppsoitshowsyouarerunningthefullversionbutsomefeaturesmaystillfailtowork.Takenotesofthe
exactstringsyouseeonmessagesaboutneedingtopurchaseorregister.Youwillbesearchingthecodeforthemlater.
Ifitisatrialversionthensettheclockonyourphoneforwardafewmonthssothetrialwillexpireandseewhatitsays.
Thentryuninstallingandreinstallingandseeifitstillknowsitisexpired.Ifitstillexpiredthenitissomehowcommunicatingwitha
serverandprobablysendingauniqueidentifierofyourphoneandtimeitwaslastused.Actually,thisismorelikelytohappenifit
expiresnaturallybecausetheclientwillprobablynotbetellingtheserverwhenaspecificdeviceshouldexpire.Thiscanbecracked
thequickanddirtywayperhapsbygettingthetrialtoreseteverytimetheAppislaunchedorbycompletelybypassingtrialchecks.
Ifitrequiresaserialthentryenteringarandomserialandmakenoteofwhattheerrormessageis.Lookforstringslike"Not
Validated"or"NotFullVersion"becausewhentheAppisbuildingupthatmessageitwillbeperformingcheckstoseeifitis
registeredornotandwhateverfunctionsitiscallingcanbecrackedtoalwaysreturnthatitisregistered.Oritcouldbecrackedso
thatanyserialwillcountasagoodserial.
Licensefileprotectionsometimeshascodetoloadthelicense,validateitandthencreateanobjectwiththelicense
informationwhichisthenaccessedlater.Forexample,maybetheApphasaloadingscreenthatshows"LicensedtoLinusat
ltorvalds@microsoft.com".TheApploadsthelicenseandusernameandemailthenvalidatesthelicense.Then,whenthewelcome
screeniscreatedtheinformationisdisplayed.Forthisthecrackercouldbypassthevalidationfunctioncompletelyandbuildupthe
objectmanually.ItcouldalsobethattheAppchecksforaspecial"key"version.ItmaylikelycheckthesignatureoftheKeyAppwith
themainApptoseeiftheyareidenticaloritmaycheckthesizeofthepackagewithaknownvalue.Thiscanbeeasilycircumvented
bychangingthemainApptocompareitssignaturewithitselforfindthejumpthatexecuteswhenitfailsthecheckandcircumvent
it.Nearlyeverytimeyouseecodecheckingfilesizesorespeciallysignaturesyouarelookingatprotectioncode.
WebvalidationismoreoftenemployedthanwithPCprogramsbecauseitisassumedthatifyouhaveamobileyoualso
haveeitherwirelessoradataplan.Manyprogramsinthewildmayemploywebvalidationmixedwithalicensecheckorweb
validationofaserial.ThesearenotbydefaultmoredifficulttocrackbutthecrackermustobservehowtheApphandlesdifferent
responsesfromtheserverandfigureoutwhattheproperresponseshouldbe.Moreadvanceddebuggingandwatchingwebtraffic
arecoveredinalatertutorial.Onceyouknowtheproperresponseyoucandisablethephoninghomeandsimplybuildupthe
properserverresponsemanuallysotherestoftheApplogicisunaffected.
Theincludedcrackmeusesaserialcheck.Tryenteringabogusserialandseewhatmessageitgivesyou.Youcanusethat
stringasastartingpoint,thoughwithcrackme0therearemanyobviousstartingpoints.
NomatterwhatprotectiontechniquesareusedyoumustchallengeyourselftocracktheAppinthecleanestwaypossible.
ThisistheWay.Thereareoftenanynumberofdifferentmethodsthecrackermayemploybutthedifferencebetweenascriptkiddie
andamasteristhemastersubvertsprotectionatthesourcewithquick,precisestrikes.Ifyoufindyouarechangingmanylinesof
codethereisprobablyaneasierway.Askyourself:CouldIdothisanycleaner?Istheprogramgoingtorunexactlyasifitwere
legitimatelypurchased?Isitcrackedsuchthatitworksforeveryone?WhenwasthelasttimeIwentoutside?Days?Weeks?DoI
evenrememberhowtogetthere?

GettingtheApk
Afteryouhaverunthroughtheprogramforatimeandhavestartedthinkingaboutyourcrackingstrategyandhavesome
notesonwheretobeginlooking,wearereadytodisassemble.Forthistutorialwewilluseapktool.Youcandownloadithere:
http://code.google.com/p/androidapktool/

ForeditingtheDalvikwewilluseUltraEditwithcustommadesyntaxhighlighting.UltraEditisacommercialprogramwith
morefeaturesthanonecouldpossiblyeverlearnwhichsometimescomesinhandy.YoucanuseanyeditorbutIdonotknowofany

othersthathavesyntaxhighlightingforDalvik,whichmosthelpfulwhenstaringatcodeforhours.Ifyouwanttogivetothe
community,considercreatingsyntaxhighlightingconfigurationsforyoureditorofchoice.FeelfreetotakealookattheUltraEditfile
includedwiththistutorial(smali.uew).IfyougetorhaveUltraEdityouwillwanttoinstalltheWordfiletoenablesyntaxhighlighting.
Forinfoonhowtodothis,seehere:
http://www.ultraedit.com/downloads/extras.html

Thistutorialcomeswithcrackme0.apk,soyoucanskiptotheUsingApktoolsection,butifyoudidnothavethe.apk
alreadyyouwouldpullitfromyourphone.StartADBshellandwewilllookforthe.apkfile.Itwilllikelybeinoneofthefourplaces:
/data/app
/data/appprivate
/sdext/app
/sdext/appprivate
IfyourversionofAndroidhasApps2ExtorApps2SD,whichallowsyoutoinstallAppstoanexternalSDcardextpartition,itwill
probablybein/sdext/app.MostappsareinappbutAppsyoupayforfrommarketgointo.../appprivateandleavea.zipfile
behindin.../app.Nonrootedphonescannotpullfromappprivatesoifthisisyoursituationyouwillneedtoeitherrootyourphone
ordownloaditwithyourcomputersomehow.GoodinformationonhowtorootyourphoneisprovidedbyCyanogenModWiki,
whichisagoodqualitycustomAndroidROMwithmanyextrafeaturesandimprovements.YoucancheckouttheirWikihere:
http://wiki.cyanogenmod.com/

Onceyouknowwherethe.apkfileis,exitADBshellandtype:
adbpull/sdext/app/nameofapppackage.apk
Forthistutorialtrysomethinglike:
adbpull/sdext/app/com.lohan.crackme0.apk
ThesecondpathgiventellsADBwheretoputthefileitjustpulled.Ifyoudonotgiveitthisparameteritwilljustputit
whereveradb.exeisrunningfrom.

UsingApktool
Openacommandpromptandgotothesamedirectlywhereapktoolandyour.apkfileare.Todisassemblegiveitthe
command:
apktooldcom.lohan.crackme0.apkdumpcrackme0
Andwhileyou'reatit,runapktoolagainwithnoparametersandfamiliarizeyourselfwiththeoptions.
Apktoolshouldhavecreatedafoldercalleddumpcrackme0.Thiscontainsallofthesourcecodeanddecodedresourcefiles
forwindowlayouts,images,logosandsoon.

Cracking
StartingPoints
Therearemanydifferentwaystobegin.Youcouldlookatthenamesofallthe.smalifilesandseeifanyofthemlookgood.
FilenameslikeLicenseCheck.smaliorTrialController.smaliaresometimesagoodplacetostart.Thestringsyoufoundduringthe
inspectionphaseareeitherdynamicallygeneratedinthesmalicodeortheyexistinstrings.xml.Ifyoufindtheminstrings.xml,look
atthename=partofthelineandcopythename.Example:
<stringname="pro_version">ThanksforbuyingtheProVersion!</string>

Fortheaboveexamplecopy"pro_version"andthensearchforthatstring.Youshouldfinditinafilecalledpublic.xmlwhich
containstheIDnumbersforeachstring.Let'ssayyoufinditontheline:
<publictype="string"name="pro_version"id="0x7a080001"/>

Copythestringinsideid=andthensearchthecodeforthatnumber.The0xinfrontisstandardnotationforahexadecimalnumber.
Thatsnotimportantherebutitishelpfulwhenlookingatcodebecauseallnumbersinthecodearehex.Googlearoundifyoure

cluelessastowhatthismeans.Whenyoufindthecodethatusesthatnumberitwillprobablybeperformingchecksinthatareaon
whetherornotitisactuallytheproversion.Sometimesyoumaynotfindanycodethatreferencesthatnumber.Ifthisisthecase
thenitcouldbethatyouaredealingwithastrippeddownlightversionofanAppthatdoesnotcontainthecodeforthepro
version.Orcouldjustbealeftoverstringthatisnotusedsodon'tgiveupimmediately.
Ifyou'reunluckyenoughtobedealingwithboring,unobfuscatedcodeyoucanprobablystartbylookingforkeywordsin
thecode.FunctionnameslikeIsLicensedorCheckDonateStatusaregoodplacestostart.Trysometermsyoupickedupfrom
yourinspection.

Understanding
YouwillabsolutelyneedaDalvikopcodereferenceguide.Googleprovidesthisonehere:
http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html.ThisisalistofalltheDavikfunctionsyouwillseeandhowtheywork.
Programming,especiallyJava,andAssemblyexperiencearehelpfulhere.It'snotpossibletolearnDalvikbyjustreading;youwill
havetounderstandbylookingatcode.ForthisreasonI'veincludedexample.smaliwithlotsofcommentstohelpyougetstarted.
Sometimesworkingbackwardfromyourstartingpointhelps.Ifthelicensecheckfunctionsreturnsaninteger,searchinthe
codeforwherethatfunctioniscalledandseewhatreturnvaluesitexpects.Sometimesitmayreturndifferentvaluesfordifferent
levelsofregistration.Lookforcomparisonoperations.Youwillalmostalwaysseeonerightbeforeajumpintheprotectioncode.
Youcanremovethejumporalwaysmakeitjumporfixthevaluesbeforesothecomparisonisalwaysfavorable.
Whenyoumakeachangetoalineleaveacommentsoyoucankeeptrackofyourchanges.Itisveryeasytoforgetwherea
changewasmadeandithelpstohavealittlenotewhyyoudidsomethinglater.Commentsarestrippedfromthecompiledversion
soyoudonthavetoworryaboutsomeoneelseseeingthem.Also,anylinesyouaddshouldbekepttogethertoseparatethemfrom
normalcode.Thiswayyourchangesareveryclearandeasytofind.Heresanexample:
const/v4v0,0x0

invokedirect{v0},Lcom/someapp/IsLegit(I);I

moveresultv0

#cracknote:replacev0withtrueandreturnthat
const/4v0,0x1
returnv0

CompilingandSigning
Aftermodifyingthedumpwesimplyrecompile,resign,zipalignandinstalltothephone.Sometimesyouwillhavemany
attemptsatacrackbeforeitworksperfectlyandthesestepsmayberepeatedmanytimessoIsuggestyoucreateseveralbatch
scriptstohelpyousavetime.Zipaligningisanoftenignoredstepin.apkoptimization.Todescribewhatitdoes,hereisaquotefrom
Androidsownwebsite:
TheresourcehandlingcodeinAndroidcanefficientlyaccessresourceswhenthey'realignedon4byteboundariesby
memorymappingthem.Butforresourcesthatarenotaligned(thatis,whenzipalignhasn'tbeenrunonanapk),ithastofall
backtoexplicitlyreadingthemwhichisslowerandconsumesadditionalmemory.
http://developer.android.com/resources/articles/zipalign.html
Tocompileusesomethinglikethis(yourfilenamesmaybedifferent):
apktoolbdumpcrackme0crackme0cracked.apk
Nowusetestsign.jartosignwitharandomcertificate:
javaclasspathtestsign.jartestsigncrackme0cracked.apk
Tozipalign:
zipalignf4crackme0cracked.apkcrackme0crackedza.apk

UseADBtouninstall/installthe.apk
adbuninstallcom.lohan.crackme0
adbinstallcrackme0crackedza.apk
UninstallingwillautomaticallyclosetheAppifitisrunningsoyoudon'tneedtoworryaboutclosingitbeforeupdating.

Nowloadupthenewversiononyourphoneandtestitout.Ifitdoesn'tworkthefirsttime,don'tbefrustratedor
intimidated.Justthinkofitasapuzzle.Hopefullyyoulikepuzzlesandchallengesoryoutrulyhavethewrongkindofhobby.After
youcrackafewAppsyouwillbegintoseepatternsandeachnewAppwillbeeasierandeasiertocrackuntilyouaresoboredyou
becomeexcitedwhenyoufinallymeetaworthyadversary.Ifitgetstootoughthentakeabreak.Thinkaboutitduringthedayand
sometimesaflashofinspirationwillenterintoyou.
Ifyougetstuckonthecrackme0checkoutthesolution.Itcanbesolvedinoneline.Itmakesitsoanyserialworksfor
activationwhichisnotbad.Itwouldbebetteriftheprogramrequirednovalidationatall.SinceitisasimpleAppitwouldnotbe
difficulttosimulatethis.Seeifyoucanfigureoutbothwaysonyourown.

FinalNotes
Bealittleparanoid.It'sallfunandgamesuntilsomeonedecidestosueyou.Ifyoureleaseyourcracksdoitunderanalias
thathasnothingtodowithyourFacebookorTwitterorwhatever.Ishouldn'thavetogointodetailherejustuseyourbrain.
Peoplewilleventuallystealyourcracksandtakecreditforyourstuff.Ifthisbothersyouthenyouareinitforthefamea
littletoomuchandthatisnotTheWay;itisaweakness.Fame,recognitionacrackerseeksnotthesethings.Doitbecauseyoulike
toknowthingsyourenotsupposedtoknow.Doitbecauseyouenjoybeingthefirstpersontofiguresomethingout.Dontmake
enemiesorengageinpointlessflamewars.Noonewinsandyoubothlookstupid.JustcrackyourAppsandsetthemfree.
Comments,suggestions,corrections,criticismsandespeciallyneworinterestingAndroidcrackinginformationarewelcome
ifyoucanfigureouthowtoreachme.Belowisahint.
Ykc5b1lXNHVjR3gxYzBCbmJXRnBiQzVqYjIwPQ==