幸运的补丁，我怎样才能从它保护？ [英] Lucky patcher, how can I protect from it?

问题描述

我知道这个话题已经被多次打开，我学到了很多，但我偶然发现了一个问题，我真的需要咨询。

I know this topic has been opened multiple times and I learnt a lot but I stumbled across a problem I really need advice on.

我用单板层积材与混淆。我改变了默认的LVL ALOT使反LVL不破它。然而，幸运的补丁与点击打破它！我想看到新的破APK。是的，它简单地称为我的允许的方法。

I'm using LVL with Obfuscation. I changed the default LVL ALOT so that anti-LVL does not break it. However, Lucky Patcher with one click breaks it! I tried to see the new broken APK. Yes it simply called my "allow method".

我的问题是，如果有人可以推荐一种方法，prevent幸运补丁从打破它？我知道我不能让防弹，但我想它至少要进行一键式软件就不那么容易了。

My question is if someone can recommend a way to prevent Lucky Patcher from breaking it? I know I can't make it bullet-proof, but I want it at least to be not so easy for one-click software.

推荐答案

code，检查您的证书

Code to check your certificate

public void checkSignature(final Context context)
{
    try
    {
        Signature[] signatures = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;

        if (signatures[0].toCharsString() != <YOUR CERTIFICATE STRING GOES HERE>)
        {
            // Kill the process without warning. If someone changed the certificate
            // is better not to give a hint about why the app stopped working
            android.os.Process.killProcess(android.os.Process.myPid());
        }
    } 
    catch (NameNotFoundException ex)
    {
        // Must never fail, so if it does, means someone played with the apk, so kill the process
        android.os.Process.killProcess(android.os.Process.myPid());
    }
}

和如何找到哪个是你的证书，简单了。你必须产生一个APK，在释放模式，作为调试证书是从释放人们总是不同。输出证书的字符串到一个临时的TextView进行复制，或者与下一次调用一个文本文件，重要提示：不要将它输出的的logcat，作为字符串是太大，logcat中不会出现这一切，并削减了最后一个字符特点：

And how to find which one is your certificate, simple too. You must produce an APK, in release mode, as the debug certificate is different from the release one always. Output your certificate string to a temporary textview to copy it, or to a text file with the next call, IMPORTANT: DO NOT output it the logcat, as the string is too large and the logcat will not show it all and cut the last char characters:

signatures[0].toCharsString();

example: YourTextView.setText(signatures[0].toCharsString());

现在，请记住，当你回到调试模式，证书又是不同的，可能是不同的，有时每个版本，所以你会得到一个调试地狱。然后，它是更好地使用下一行，它开发时容易有，并将其放置在调用证书测试前右：

Now, remember that when you are back to debug mode, the certificate is different again, and might be different sometimes on each build, so you will get a debug hell. Then it is better to use next line to have it easier when developing, and place it right before calling the certificate testing:

if ((context.getApplicationContext().getApplicationInfo().flags &= ApplicationInfo.FLAG_DEBUGGABLE) != 0)
{
    return;
}

因此​​避免调用此认证code如果在调试模式

So avoid calling this certification code if in debug mode

而现在的幸运补丁检查

这code将检查它的存在。我反编译所有版本的幸运补丁的，而且我发现，它的创造者使用的所有realeases之间的2包名。所以，你只需要跟踪的新版本，并不断增加未来的幸运补丁包名的检查功能。

This code will check its existence. I decompiled all versions of Lucky Patcher, and i've found out that its creator used 2 package names between all realeases. So you only need to keep track of new versions and keep adding future lucky patcher package names to the checking functions.

另外一个建议，加密只是harcoding它们作为例子的包名字符串，而不是，那么幸运了补丁不拿出刚刚替换字符串修补他们的新版本。让我们很难让饼干。

Also a recommendation, encrypt the package names strings instead of just harcoding them as in the example, so lucky patcher does not come out with a new version which just replaces the strings patching them. Lets make it difficult for crackers.

private boolean checkLuckyPatcher()
{
    if (packageExists("com.dimonvideo.luckypatcher"))
    {
        return true;
    }

    if (packageExists("com.chelpus.lackypatch"))
    {
        return true;
    }

    if (packageExists("com.android.vending.billing.InAppBillingService.LUCK"))
    {
        return true;
    }

    return false;
}

private boolean packageExists(final String packageName)
{
    try
    {
         ApplicationInfo info = this.getPackageManager().getApplicationInfo(packageName, 0);

        if (info == null)
        {
            // No need really to test for null, if the package does not
            // exist it will really rise an exception. but in case Google
            // changes the API in the future lets be safe and test it
            return false;
        }

        return true;
    }
    catch (Exception ex)
    {
        // If we get here only means the Package does not exist
    }

    return false;
}

这篇关于幸运的补丁，我怎样才能从它保护？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！