Who tried "LuckyPatcher by ChelpuS" tool to check your paid applications with Licensing lib ?
Seems, it easily helps to patch our APKs... :-(
Seems, it easily helps to patch our APKs... :-(
-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Licensing lib and cracking tool LuckyPatcher by ChelpuS
- Thread starter peacemaker
- Start date
- Similar Threads Similar Threads
Someone told me about this yesterday and I was shocked.
You can get Pro versions of most software, and remove ads...
I havent tried it yet, but looks scary at how powerful this app is
You can get Pro versions of most software, and remove ads...
I havent tried it yet, but looks scary at how powerful this app is
Upvote
0
It needs a rooted device to test, i have no, but i guess, if Lib and other for b4a are in our hands - we can try to add some to make cracking more difficult...
Upvote
0
This should be simple to get around.
Use the PackageManager, look for the package's uri
eg.
com.approb.lucky (this is isn't the exact one as I don't really want to install this on my dev phone, please post it if you know it)
if you see the package is installed, then refuse to run your app by showing a message that we do not support piracy, or that to protect their privacy the app will not run because malware called lucky patcher was detected. That should scare em into removing it probably.
They can patch all they want, but we can always know if it's installed.
AdAware blocks ads differently. It just makes a local list of ad websites and redirects them to nothing, causing ads to appear transparent since most people don't think to color a box black before drawing an ad. This one seems like much more of a menace since it does who knows what to apk's.
The second way is gonna be harder but might worth for the b4a guys to look into, somehow generating an encrypted md5 checksum and storing it with the app as a second level of verification protection specific to b4a apps so when they open, they can check if its been tampered with.
Use the PackageManager, look for the package's uri
eg.
com.approb.lucky (this is isn't the exact one as I don't really want to install this on my dev phone, please post it if you know it)
if you see the package is installed, then refuse to run your app by showing a message that we do not support piracy, or that to protect their privacy the app will not run because malware called lucky patcher was detected. That should scare em into removing it probably.
They can patch all they want, but we can always know if it's installed.
AdAware blocks ads differently. It just makes a local list of ad websites and redirects them to nothing, causing ads to appear transparent since most people don't think to color a box black before drawing an ad. This one seems like much more of a menace since it does who knows what to apk's.
The second way is gonna be harder but might worth for the b4a guys to look into, somehow generating an encrypted md5 checksum and storing it with the app as a second level of verification protection specific to b4a apps so when they open, they can check if its been tampered with.
Last edited:
Upvote
0
I believe it registers with the package manager during installs. If they were to change this name in future versions of their app, it would make a crap load of icons inside a users phone causing confusion probably
. from what I understand the package manager works basically like a DNS server, except instead of holding domain names etc.., each app is a host record so it wouldn't make sense to allow changing this. It would be extremely difficult to do so and probably make a bunch of apps crash in the process making it even less wanted.
I think this should definately be one of the apps that google should auto-remove. I know it kind of goes against what they do most of the time (let people make what they want) but when it's specifically made to bypass their licencing scheme it's not a good deal.
Last edited:
Upvote
0
I just threw lucky patcher into my android vm, and came up with this workaround. Now just Base64 -> UrlEncode the string. and then store that string in a variable. Decode it when comparing for the name, so it's not obvious to them that we're checking for that namespace when using fancy hex editors
B4X:
Dim p As PackageManager
Dim pkgs As List
pkgs = p.GetInstalledPackages
For i = 0 To pkgs.Size-1
Dim pk : pk = pkgs.Get(i)
If pk.ToLowerCase = "com.chelpus.lackypatch" Then
Msgbox("To protect your private data, this app will not open. A malware application has been detected called Lucky Patcher. Please remove it in order to use this app.","Malware detected")
Activity.Finish
End If
Next
Upvote
0
Ok guys
my first copy protect has used this technique for over one year but this is easy to bypass with this fu---beep.... tool and when the customer buy the app withhout patching it will be not cool when it not runs... gives bad ratings i know what i say.... im using now a more effective technique wich is top secret and not cracked one times. it is a very simple tehnique but very effective. patching tools base machanism is every the same, the manipulation of any license certificate, for code maipulations the most guys are to stupid...
my first copy protect has used this technique for over one year but this is easy to bypass with this fu---beep.... tool and when the customer buy the app withhout patching it will be not cool when it not runs... gives bad ratings i know what i say.... im using now a more effective technique wich is top secret and not cracked one times. it is a very simple tehnique but very effective. patching tools base machanism is every the same, the manipulation of any license certificate, for code maipulations the most guys are to stupid...
Upvote
0
