Advice / Help for reverse engineering / bypassing this?

[SulphateSO4]

Hello,

I thought this would probably be the best place to find out more about how to reverse engineer / get past this verification. I'm trying to reverse engineer a Corona application (android). I have easily unpacked the APK, unpacked the 'resource.car' file which contains the compiled Lua files, decompiled the files that will happily decompile, and then recompiled them and repacked the resource.car.

However - when the game is started, the app immediately closes after reaching the start screen. I saw somewhere else that this is due to the 'libcorona.so' library doing a verification check, which would make sense. I downloaded Relyze trial version, and searched for 'resource.car', and found one reference to it in the . rodata section, a db instruction, at 0x00271D84. Additionally, there were some other strings like 'failed to verify application', so this points to the fact it is verifying the resource.car file. I ran out of time in the demo (30 mins), and didn't get much further (I don't think I would have gotten much further anyway).

So, I would like to know if anyone has a patched version of libcorona.so, or alternatively some help in reverse engineering it or bypassing this verification check would be awesome

Thanks in advance.

[Hell_Demon]

A couple of years ago there would be a resource.car file that would need re-indexing along with a patch in libcorona to prevent the integrity checks from happening. This used to be quite simple, just needed to turn a conditional jump into an unconditional one. Depending on the architecture of your phone you'll need different instructions.

[SulphateSO4]

Ok, thank you. Sadly I have not got the skills or knowledge to be able to do this I guess I'll probably just leave it

[Hell_Demon]

I will PM you my Skype in case you're interested in pursuing this. It wasn't all that difficult back in the days, and I doubt they have changed much since then.

[Hell_Demon]

For future readers: It was even simpler than I remember. The architecture used was armeabi-v7a. All you need to do is search for the error message("Failed to verify") in IDA, then in the graph view you'll notice only one incoming red arrow to this block of code. Double click it to get to the code that it branched from, which should be a BEQ(branch if equal) with the error message on it's negative path. Since we always want to always branch to the positive side we need to change this to B(unconditional branch). Right click the BEQ and make sure synchronize with hex view is on, then switch over to hex view. The highlighted piece should be 12 00 00 1A. Write down the offset and open the .so file in a hex editor, go to the offset you've written down(in this case it was 12FF28 from the top of my head), you'll see the same 12 00 00 1A. Change the 1A to EA, save and verify your change in IDA. It should now be an unconditional branch, leaving you free to modify files to your hearts content.

[RubiconT]

For future readers: It was even simpler than I remember. The architecture used was armeabi-v7a. All you need to do is search for the error message("Failed to verify") in IDA, then in the graph view you'll notice only one incoming red arrow to this block of code. Double click it to get to the code that it branched from, which should be a BEQ(branch if equal) with the error message on it's negative path. Since we always want to always branch to the positive side we need to change this to B(unconditional branch). Right click the BEQ and make sure synchronize with hex view is on, then switch over to hex view. The highlighted piece should be 12 00 00 1A. Write down the offset and open the .so file in a hex editor, go to the offset you've written down(in this case it was 12FF28 from the top of my head), you'll see the same 12 00 00 1A. Change the 1A to EA, save and verify your change in IDA. It should now be an unconditional branch, leaving you free to modify files to your hearts content.

please can you talk to me on skype need some help from you ^^
add me please

[Hell_Demon]

please can you talk to me on skype need some help from you ^^
add me please

Just send me a PM here