Quote:
Originally Posted by parrotgeek1
I have found where the registration code is being checked.
inside the zip
http://182.254.232.41/firmtest/andro...dle.171102.zip
there is a file named esystem.bin. (It should be similar for the other devices and versions)
This file is really an ext4 filesystem (you can check with "file" command).
Mount it:
mkdir droid
mount -o loop -t ext4 esystem.bin droid
Now look inside:
cd droid
ls
you see the android filesystem (app/priv-app/etc)
I used apktool to decompile all apks, and found an interesting one JSONClient.apk.
It has code to force itself to be the default launcher, and lock out all other apps. It also checks the device serial number, etc. So it is almost certainly the registration check.
I used a java decompiler to read the code and found that it uses a jni library "libjnidemo.so" (LOL) to create some kind of hash of the serial number, upload it to kdroid.net, and check the result.
Rather than try to crack it I think that you could just delete that apk and then install the modified image. |
It stops at "starting apps" after installing the modified image. Could you give some help, thanks very much!