Android Application Reversing Tutorial:


1. APKtool :
2. Android SDK installed : Secured URL
3. JDK 6 or above : Secured URL
4. Auto Sign APK : Secured URL
or from here: Secured URL


Program : Sercret Audio Recording Pro v1.4 [SARP.apk]


The above link posted by DragoN HearT is Pro version of program, but I found that once I installed & Run on my Mobile, a Pop-Up opened saying "This is Illegal Copy".

Very Sad actually :-)

So I thought to give a try to remove the Nag Screen...

[I have Windows 7 64bit, however, instruction will remain the same for other OS also]

Step 1:

I have downloaded APKtook from Link no. 1 above, apktool-install-windows-r04-brut1.tar.bz2 & apktool1.4.3.tar.bz2
Extracted them & put all three files [aapt.exe, apktool.bat & apktool.jar] in a same folder.

Step 2:
I have copied SARP.apk in the same folder of apktool

Step 3:
Run the following command in command prompt inside that folder:

apktool d SARP.apk SARP

This will create a directory named SARP in same folder.

Step 4:

a) Goto SARP folder.
b) then navigate to smali\com\terboel\sarp folder.
c) here you will see a lot of *.smali files [These are Java source code files & can be opened in Notepad]

As we are interested to remove "Illegal Copy" I searched withing files to know which file contains the Text "Illegal Copy"

and I found that "SarpActivity.smali" contains the Text "Illegal Copy" :-)

If we examine the file, we can found that the following ".method private warnAboutIllegalAppCopy()V" initiate the Pop-up of "Illegal Copy" when it found that the installation source is other than Google.

--------------------Code Start----------------------

.method private warnAboutIllegalAppCopy()V
.locals 4

.line 240
invoke-virtual {p0}, Lcom/terboel/sarp/SarpActivity;->getPackageManager()Landroid/content/pm/PackageManager;

move-result-object v1

.line 241
.local v1, pm:Landroid/content/pm/PackageManager;
invoke-virtual {p0}, Lcom/terboel/sarp/SarpActivity;->getPackageName()Ljava/lang/String;

move-result-object v2

invoke-virtual {v1, v2}, Landroid/content/pm/PackageManager;->getInstallerPackageName(Ljava/lang/StringLjava/lang/String;

move-result-object v0

.line 244
.local v0, installationSource:Ljava/lang/String;
if-nez v0, :cond_0

.line 247
const-string v2, "WARNING: ILLEGAL COPY!"

.line 248
const-string v3, "As this seems to be an Illegal Copy, it may not work properly.\n\nIf this IS a Purchased App, you can fix this problem by uninstalling the App, and download it (again) from the original vendor (e.g. Google Play Store).\n\nPlease report to [email protected]"

.line 247
invoke-direct {p0, v2, v3}, Lcom/terboel/sarp/SarpActivity;->showIllegalOkDialog(Ljava/lang/String;Ljava/lang/StringV

.line 260

.line 258
invoke-direct {p0}, Lcom/terboel/sarp/SarpActivity;->startRecording()V

goto :goto_0
.end method

--------------------Code End----------------------

LOOK at .line 244;

.local v0, installationSource:Ljava/lang/String;
if-nez v0, :cond_0

This implies that if v0 is Not Equal to Zero, goto cond_0 [Which says nothing & start recording]

In our case, as we do not have installed the file from Google Play, the v0 returns ZERO & hence this will trigger the POPUP of Illegal copy.
What if we change the if-nez condition to JUMP when v0 is ZERO [our case] :-)

for this we have an OPcode [See Reference no. 2 below] "if-eqz" JUMP if EQUAL to ZERO :-)

so we will replace "if-nez" to "if-eqz" and save the FILE :-)

Step 5:

Now come out from SARP folder where apktool is lying.
Type the following command:

apktool b SARP SARP-Patched.apk

and this will create the file "SARP-Patched.apk" in same directory.

Now we need to sign this file before testing in our mobile.

Step 6:

1. Download the "Auto Sign APK" Zip file from Link no. 4 above.
2. Unzip the file in a folder.
3. Put SARP-Patched.apk file in same folder.
4. rename the file "sign apk.bat" to "signapk.bat" [this is one time job to avoide command prompt errors becasue of space in between the "sign" & "apk" -- Windows Problem]
4. Open command prompt in that folder.
5. run the following command:

signapk SARP-Patched.apk

6. this will create a file named "SARP-Patched-signed.apk"

NOW you can copy the Patched & Signed APK file to your Mobile & Install it and Enjoy without NAG Screen :-)

Disclaimer: This reverse enginering is done just to understand how Android Application works and not intended to promote PIRACY. I shall not be responsible for any damages done because of using the above instructions. :-)



1. Android Reversing Blog:

Secured URL

2. Dalvik opcodes

Secured URL