And as I've said before they would need to do a crack per app and potentially per version of the app if the developer so desired. Its' a technique I've used for several years on various applications and I've always offered up the source code so people see for themselves it's not a trivial thing to crack.
Anyway, we're getting way off topic, so unless you're actually going to try and do what you think is possible I can't see any benefit in continuing this discussion, because from what you're saying you're putting across an opinion that a task is relatively trivial without any knowlege of the tools needed to do the job or having ever tried to do it. Al. On Jul 24, 12:01 pm, Kaj Bjurman <[email protected]> wrote: > As I said previously. I have tried to protected java applications, and > I have done what I described with pure java applications, without > having the source code (I have even done it in assembler/machine code > on non java applications). I don't know much about the dex format and > what tools that are available to modify compiled classes, but it's > only a matter of time before they are here, if they don't exist right > now. > > Crackers don't think about if a program is expensive or not. They only > want to get known for their talents, and they crack all popular > applications, even if they are almost for free. So all popular > applications get cracked, regardless of price, and time isn't an issue > for the cracker. He doesn't think in economical terms. > > On 24 Juli, 10:44, Al Sutton <[email protected]> wrote: > > > The confusion arose because your previous post said "Replace the code > > that downloads the certificate and encrypts it", in this post you're > > talking about the "download/decrypt code", the first is a combination > > of client code (download) and server code (encryption), the latter is > > client-only code. > > > Referring to the download/decrypt replacement, the problem here is the > > amount of time it would take to find where the download/decrypt code > > resides in a compiled app, replace it, and recompile it. If you had > > the original source code then yes, you could do a drop in replacement, > > but if you had the source code you could easily strip out any > > protection mechanism. > > > Seriously, try it on a compiled application, you'll find it takes you > > a lot longer than you think, and longer than many crackers would be > > willing to spend on a low-cost app. > > > Al. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
