Source Code of Droid Miner PRO Apk, that I just extract the modded apk with lucky patcher, and then i decompiled
Over the years I have cracked a lot of apps with the mythical Lucky Patcher,
and I've often wondered how his patches worked ...
One day I needed a miner for android and walking around the playstore I saw this that seemed valid,
but I needed the pro version to use different smarphones and workers, so I bought the app
and then I have extracted the apk with the full permits via lucky patcher.
Recently I shared the apk on youtube and of course some users have immediately thought about a malware....
Click on the image below to see the video:
But i think is also because if scanned on virus total 18 antivirus on 61 they detect it as malware
(most like Android: BitCoinMiner-R [PUP] or not- a-virus: HEUR: RiskTool.Linux.BitCoinMiner.ao
or other variants ... some even see it as a trojan) A little harsh :( :( :(
The funny thing is that if you try to scan the apk (find both files in the folder TESTS !!!) on total virus the file is infected for 18 vendors while if you scan the zip only 10 vendors detect it as malware, it is not the first time it happens, obviously some vendors have trouble detecting viruses with compressed format files...
So I took the opportunity to study a little apk and the code behind it,
and I decompiled the apk with a simple online service:
http://www.javadecompilers.com/apk
In this way I hope that: A people stop busting my balls, and B that serves high to understand how it work an android miner.
If you need it, in the "TESTS !!" folder! find the apk file already compiled, of the pro version of Droid Miner.
With this version you can mine with different smartphone and use different workers.
Or if you prefer you can obviously compile it yourself (the funny way :) :) :))
https://m.allfreeapk.com/droidminer-btc-ltc-doge-miner,252154/
And for the record: I tried to download the same apk on another site
and as many as 27 vendors on VirusTotal have detected it as malware!
Then I decompiled the apk manually with the the legendary apktool.
This is because the online decompilers pull out the java code, but for the cracking of android they need the files in smal language (a kind of assembly code).
In the folder droidminer.smali you find the apk file decompiled with apktool
For now I have performed only a brief analysis, and first I noticed that the apk modified with lucky patcher did not touch the classic string "CHECK_LICENSE" contained in 'AndroidManifest.xml
The patch is probably contained in the LicenseChecker.smali file that you can find in the smali \ com \ google \ android \ vending \ licensing path
I have not analyzed the crack yet, but as soon as I do it I will post the results.
In any case, the most suspicious users can sleep peacefully and analyze the code, so as to ensure that there are no trojans, rat, etc.
Finally placed a series of links to articles and resources on reverse engineering of the apk, android security, LVL, etc.,
personally i have been very useful.
https://developer.android.com/google/play/licensing/adding-licensing
https://samsclass.info/128/proj/p9-decom.htm
https://www.html.it/articoli/decompilare-ed-offuscare-il-codice-di-unapp-android/
http://androidcracking.blogspot.com/2010/09/examplesmali.html
http://androidcracking.blogspot.com/2010/10/android-market-license-validation.html
http://www.androidlab.it/il-sistema-di-licenza-del-market-android-cose-e-come-rafforzarlo-4800/
https://ibotpeaches.github.io/Apktool/
https://julianberton.com/2015/01/30/root-detection-bypass/
https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/
https://stackoverflow.com/questions/13445598/lucky-patcher-how-can-i-protect-from-it
https://android-developers.googleblog.com/2010/09/securing-android-lvl-applications.html
http://www.necronet.info/2011/12/hacking-android-lvl-cracking.html
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent