Tuesday, January 15, 2013

How to create a custom patch by using lucky patcher on your android smart phones.

Before starting with the lucky patcher you need to know few things about the lucky patcher.

-Firstly you should be having a root access to you device for which you need to root your android phone because this lucky pactcher works only with a rooted phone and it is impossible to work without having a root access on your device.
-Lucky patcher is the software which is used to modify .apk files(.apk is the format used for android apps and games).
-Its a great software used to change permissions, remove ads and helpful in changing a trail version software into a total full version software with all features as on a real full version software by using a custom patch in lucky pacher software.
-You can also backup files by using this lucky patcher without using titanium backup as these all are outdated and not in use now a days.
-Its quite easy to create a custom patch and to convert a trail version into a full version software by using this lucky patcher.
-The patch file must have the same name as the target APK (this is case sensitive).
-If the file is a custom patch for the application already exists, you can simply add at the beginning of the file name of any Text and save it as near the existing.

-WARNING! Do not remove jumps or make them unconditional! The Optimizer will crash and your patch will not work on ART! To avoid this, use conditional jumps. For example, if there is a need to jump, replace the jump with theif-eq v0,v0 (bytes: 32 00 ?? ??). If there is no need to jump in a particular place, you can insert a jump such as if-ne v0,v0 (bytes: 33 00 ?? ??); also feel free to use your own equivalent.

-The patch file must have the same name as the target APK (this is case sensitive).

-If the file is a custom patch for the application already exists, you can simply add at the beginning of the file name of any Text and save it as near the existing. If you want to write a patch once a series of programs on a single firm, then the end the custom patch file name, you can use_%ALL%, for example the name of the patch for all the votes SVOX will look like this: com.svox.classic.langpack_%ALL%.txt. On the _%ALL% is replaced by the name part of the package, which varies depending on the application of the firm.Do not use special characters/formatting in the patch file (single spaces only). If you need to make a patch for several programs of one firm and add a prefix at the beginning, you can use%ALL%_ and _%ALL%. (Example name: chelpus.%ALL%_com.android._%ALL%.txt). You can use to custom patch content %PACKAGE_NAME% for path to files, this %PACKAGE_NAME% replace to package name of target applications.

-To search for patterns of bytes use IDA Pro 6.1. It can open dalvik-cache, odex, libraries and classes.dex. If you want to patch dalvik-cache or odex, do not forget that the bytes of data in different firmware versions may vary. And keep in mind that not all classes.dex in the bytes coincide with dalvik-cache and odex. In this example you can see, if you open classes.dex and odex-file in IDA Pro.

[BEGIN] <patch comments that are visible to the user pre-patch> Patch for XYZ Pro 5.0.5

[PACKAGE] <unpacks classes.dex and applies all the patches from the [CLASSES] to it. And generates, based on the modified classes.dex, odex-file.>

[CLASSES] <pattern search/replace for classes.dex (see below)> {"search":"63 R00 R01 R02 38 00 04 00 12 10 0F 00"} {"group":"1"} {"original":"63 ?? ?? ?? 38 00 04 00 12 10 0F 00"} {"replaced":"12 00 6A W00 W01 W02 00 00 12 S0 0F 00"}

[LIB] <pattern search/replace for named native libraries (see below)> {"name":"libtitanium.so"} {"original":"00 ** 50 e2"} {"replaced":"00 00 50 e1"}

[LIB] <pattern search/replace for all native libraries> {"name":"*"} {"original":"00 ** 50 e2"} {"replaced":"00 00 50 e1"}

[OTHER FILES] <pattern search/replace for named other files in /data/data/Package_Target_APK/ (see below)> {"name":"/files/shell.dex"} {"original":"0F 00 00 00 1A 00 00 00 0F 00 00 00 59 00 00 00 2F"} {"replaced":"0F 00 00 00 0F 00 00 00 0F 00 00 00 59 00 00 00 2F"}

[OTHER FILES] <pattern search/insert for named other files in /mnt/sdcard/ (if /mnt/sdcard/ path not found, Lucky Patcher search other variants for sdcard)> {"name":"/mnt/sdcard/Android/package-name/files/lives.xml"} {"original":"63 68 65 6C 70 61"} {"insert":"63 68 65 6c 70 61 61 61"}

[FILE_IN_APK] <pattern search/replace for file from apk file (this patch working only for rebuild apk with this custom patch)> {"name":"assets/bin/Data/Managed/O7SharpCompress.dll"} {"original":"0F 00 00 00 1A 00 00 00 0F 00 00 00 59 00 00 00 2F"} {"replaced":"0F 00 00 00 0F 00 00 00 0F 00 00 00 59 00 00 00 2F"}

[ADD-BOOT] <automatically adds the current user patch to BootList. Should be used in the patch library (or in the patch [CLASSES] without [ODEX] or without [PACKAGE])>

[END] <patch comments that are visible to the user post-patch> Congratulations, the application has been cracked!

"search" - search allows you to search for a pattern and store bytes at specific positions. {"search":"63 R00 R01 R02 38 00 04 00 12 10 0F 00"} In this example the bytes in green make up your pattern mask, while bytes in yellow labeled R00 -> R02 will be stored. Stored bytes must be in order R00, R01, R02, R03... Stored bytes cannot be repeated.

"group" - marks patterns of the group (group number could be 1 or higher). You may be asking 'What does this mean?'. Well, what it means is that If at least one pattern from the group has succeeded, a successfully patched message will be shown. This is useful when you try to make a universal patch for multiple versions of a particular application (for example, patch all versions of Google Play to disable automatic updates). "original" - this is a pattern mask used to find the offset where the patch will be applied. {"original":"63 ?? ?? ?? 38 00 04 00 12 10 0F 00"} In this example the bytes in green make up your pattern mask, while bytes in yellow are wildcards (??, **) "replaced" - this will follow an "original" statement, this is what the offset will be overwritten with. {"replaced":"12 00 6A W00 W01 W02 00 00 12 00 0F 00"} In this example, bytes in green will overwrite the target location.. bytes in yellow are stored bytes from the previously executed "search" "name" - this is used to target a specific library by name (see above in [LIB]) S0 , S1, SQ - sets smali variable to 0 (convert hex number to: 43->03,54->04...) or 1 (convert hex number to: 43->13,04->14...) respectively or set, SQ convert hex 34->44, 51->11 ... For example, there is a variable :const/4 v?,0x00 . The question mark shows , that var\'s number is unknown (for example, it has been changed in the newer version), but you are sure, that this var equals 0, and you want to set it to 1. In this case pattern will look like: {"original":"12 ?? ?? ?? ?? ??"} {"replaced":"12 S1 ?? ?? ?? ??"} And vice versa, to set variable to 0: {"original":"12 ?? ?? ?? ?? ??"} {"replaced":"12 S0 ?? ?? ?? ??"} "replace_from_file" - this will follow an "original" statement, this is what the offset will be overwritten with bytes from the file (file must saved near custom patch). {"replace_from_file":"array.bin"} This is done in order to avoid writing very long templates to replace. "insert" - If you want to insert the data length is greater than the length of the original pattern. (Example)file before patch contain:"chelpa end" {"original":"63 68 65 6C 70 61"} {"insert":"63 68 65 6c 70 61 61"} file after patch contain:"chelpaa end"

[LIB-ARMEABI],[LIB-ARMEABI-V7A],[LIB-MIPS] or [LIB-X86] - for Libraries from/lib/armeabi/, /lib/armeabi-v7a/, /lib/mips/, /lib/x86/.

[ODEX-PATCH] - Uses for the patch has already been created odex. For example, an application has been patched with the automatic mode by Remove License Verification, but you need to make additional changes by using a Custom Patch. If we use a simple [PACKAGE]-[CLASSES], [ODEX] or [CLASSES]-[ODEX], odex-file will be created with no change and only then patched. Example:

[BEGIN] [ODEX-PATCH] {"original":"63 ?? ?? ?? 38 00 04 00 12 10 0F 00"} {"replaced":"12 00 6A ?? ?? ?? 00 00 12 00 0F 00"} [END] Congratulations! ODEX modified!

[CLASSES] without [PACKAGE] - Patches dalvik-cache applications. Do not forget that the system periodically updates dalvik-cache applications and all the changes will disappear. Therefore, we must add [ADD-BOOT]. The patch for dalvik-cache is outdated, as it is unreliable. But it is needed for the ROM Toolbox, because it does not work well with odex-files. Example:

[BEGIN] [CLASSES] {"original":"63 ?? ?? ?? 38 00 04 00 12 10 0F 00"} {"replaced":"12 00 6A ?? ?? ?? 00 00 12 00 0F 00"} [ADD-BOOT] [END] Congratulations!

[ODEX] - Copy dalvik-cache in /data/app/ and rename to odex-file, then all the patches applied to this odex-file. Checksums of the odex will be wrong and cannot pass inspection, unlike odex-file created [PACKAGE] - [CLASSES]. Example:

[BEGIN] [ODEX] {"original":"63 ?? ?? ?? 38 00 04 00 12 10 0F 00"} {"replaced":"12 00 6A ?? ?? ?? 00 00 12 00 0F 00"} [END] Congratulations!

[CLASSES]-[ODEX] - Patches dalvik-cache and then copy dalvik-cache in /data/app/ and rename to odex-file. Checksums of the odex and of the dalvik-cache will be wrong and cannot pass inspection, unlike odex-file created [PACKAGE] - [CLASSES]. Example:

[BEGIN] [CLASSES] {"original":"63 ?? ?? ?? 38 00 04 00 12 10 0F 00"} {"replaced":"12 00 6A ?? ?? ?? 00 00 12 00 0F 00"} [ODEX] [END] Congratulations!

[COMPONENT] - Enable or disable components of Applications. Example:

[BEGIN] [COMPONENT] {"disable":"com.superApp.adsActivity"} {"enable":"com.superApp.fullVersion.Provider"} {"disable":"com.android.vending.CHECK_LICENSE"} [END] Congratulations!

[SQLITE] - Sometimes the target application must change something in the database, then to help will come this possibility: Example:

[BEGIN] Trial Reset [SQLITE] {"database":"/data/data/com.package.megaapp/databases/settings.db"} {"execute":"DELETE FROM table_settings WHERE name = 'SETTING__LIC'"} {"execute":"UPDATE table_settings SET UsedDays=0 WHERE name='Trial_set'"} [END] Congratulations! Your Trial Period has been reset!

database - path to database on Device, or you can use only database name for Lucky Patcher self search file. execute - SQLite query.

[SET_PERMISSIONS] - Analog linux command "chmod permissions file_name" for files in data dir of Application: Example:

[BEGIN] Trial Reset [SET_PERMISSIONS] {"file_name":"/files/stats"} {"permissions":"777"}

[OTHER FILES] {"name":"/files/stats"}

{"original":"4D 4D 46 31"} {"replaced":"00 4D 46 30"}

[SET_PERMISSIONS] {"file_name":"/files/stats"} {"permissions":"444"}

[END] Congratulations! Your Trial Period has been reset!

[COPY_FILE] - Copy file from Lucky Patcher dir to path with new file name: Example:

[BEGIN] Copy file with money [COPY_FILE] {"file_name":"money_for_game.bin"} {"to":"/data/data/game_package/files/settings.xml"}

[END] Congratulations! Your File is copied and is modified now!

7 comments:

  1. Me and my friend were arguing about an issue similar to this! Now I know that I was right. lol! Thanks for the information you post.

    military pins

    ReplyDelete
  2. please post a video to understand i cant read this much matter

    ReplyDelete
  3. Hii how can i upload to lucky patcher

    ReplyDelete