On Sat, May 14, 2011 at 2:27 AM, Kostya Vasilyev <[email protected]> wrote: > Reflection too can be bypassed, by hooking getClass / getMethod and friends, > and it's only a matter of time before it's scripted.
The antilvl tool does reflection too. And apparently 'encrypted' strings (base64, etc.). It actually comes with a small test project, which is worth looking at. If you are doing anything that is in the test project, chances are it will be successfully bypassed/spoofed. > > One could run two signature checks: one for the reference value stored in > the .apk, the other for the signature of the installed .apk. Or get the > signature from the .apk directly, bypassing PackageManager (if that's > possible). If you can read it from the filesystem, since tt's just a jar file, you can get it by iterating the jar entries. > > But, as for me, I'd rather spend my time making a more popular app than > worrying about all of this :) > Sure, but it's still interesting :) -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
