Theory
I use a x96 mini android device to extend the capabilities of my not smart TV. This is one among many chinese brands that convenient for those who do not want to replace their TVs with smart TVs just as soon. So I installed some applications (I don’t have fees for lawyers, so I won’t mention them). After login, I went straingt to my favourite show. After watching for like 2 minutes, voila, the box stopped playing and a message ‘We cannot play bla bla because your device is not google certified. To check cerfication status, go to Play Store, settings bla bla’ and my otherwise good day was spoiled, just like that. My pursit of restoring my viewership led me to these conclusions:

  1. There is no google API to check if device is certified.
  2. For a developer to restrict their app to a list of devices, they have to add the list manually on the google play console.
  3. The developer keeps on adding more devices as they wish.
  4. Once a user installs the app on their device, the app will query this list of devices and compare it with the device that it’s running on, and then perform the necessary action the developer has set in place. This is an if else condition.

This therefore means that if we can remove the condition, then the app won’t know what to do.

Technical

  1. My OS is Linux. Haven’t tried this on Windows to know that tools are needed. We need the apk file. There are 2 ways we can get this:
    a. Download it from apkpure.com
    b. Download it on your phone, use an app such as ‘App Backup and Restore’ found in Play Store, then backup the app.
  2. Transfer the file to your laptop/PC.
  3. We use apktool to decompile our application
    apktool d apkname.apk
  4. Navigate to res/values/strings.xml in the code directory and search for ‘certified‘ keyword. The objective is to find out the name/variable that is called when the device is not in the list of the developer.
  5. Now let’s look for all occurrences of this variable using e.g. mine was verification_error_message
    grep -Ril verification_error_message
  6. Use an text editor to open the files and look for the file where there are conditions and delete the lines with the condition e.g.

    if-eqz v1, :cond_4 .line 13
    sget p0, Lb/c/a/b/n;->verification_error_title:I invoke-virtual {p1, p0}, Landroid/content/Context;->getString(I)Ljava/lang/String; move-result-object p0 invoke-virtual {v0, p0}, Lcom/appname/jes/android/k/h/j$a;->b(Ljava/lang/String;)Lcom/appname/jez/android/k/h/j$a; sget p0, Lb/c/a/b/n;->verification_error_message:I
  7. Save your file
  8. Compile the apk with
    apktool b <apk_source>
  9. We need to sign the apk, otherwise we’ll get errors like ‘Cannot parse file’ during installation. To create a signature:
    keytool -genkey -v -keystore keystore.jks -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
  10. Sign the apk using
    jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 unsigned.apk alias_name
  11. Transfer the apk to the device and install it. You should now be able to play your favourite movie without interuption.

About the author

Am trying lot's of stuff in cyber security, machine learning and artificial intelligence.

Leave a Reply

Your email address will not be published.