Freyta's Little Notebook

Removing the mock locations check in 7Eleven Fuel App 1.6.0

Required files:

I'll be explaining how to remove the mock location check from version 1.6.0 in this tutorial.

Step 1 - Decompile the APK with APK Easy Tool, then drag and drop the APK you ripped from your phone or downloaded from online into jadx so it opens it up, and let it index the app.

Step 2 - The easiest/most obvious way to find what we are looking for is to search for "mock". So hit ctrl+shift+F and type in "mock". You should get 20 results. Lets start with the first one. Which sounds promising with the line

a(R.string.mock_location_hdr, R.string.mock_location_error, new OnClickListener(this)

So if we go to our decompiled APK folder, and enter the res folder (which is where all of the resources are stored, e.g. the XML files with the text strings for the app, the images used by the app, the XML files with all of the layout information etc) go into the "values" folder, and open the file strings.xml. After you have opened strings.xml, search for "mock_location_hdr" and you will find the corresponding string which is "Mock Location Error". Sounds like a good match!

Step 3 - Now that we have what we think is a good match, lets look 2 lines up from where we landed and we see that it says

if (q()) {

So that means if q() is true we will run the code which will throw up the mock location error to us! So if you hold down the ctrl button and click on the q it will take you to the function where q is set.
A quick look over and it basically sets the variable z to be false as soon as the function is called, and then it checks to see if mock locations are not enabled, and if it passes its checks it will set the boolean to be false. How about we make it always return false? That sounds like a good idea!

Step 4 - At the top of jadx you will see the currently open tab says "au.com.seveneleven.ar.a" that means that the file we will need to modify is called a in the folder smali/au/com/seveneleven/ar. So open that folder, and you will see there are 5 smali files ranging from a$1.smali to a$4.smali and a.smali. So lets start with opening up a.smali in your editor of choice.
Note: A smali file is essentially the assembly code for dalvik which is Android's Java VM implementation.

Step 5 - After we have opened up a.smali we will search for our code to modify. We want to modify the return value of the function q. If you scroll up and down you will see that every function starts with ".method" so we should simply search for ".method" and scroll down until you hit

.method private q()Z

Now, this all looks super confusing, and it is to start off with! At the top of the function there are 2 variables which equal 1 and 0 respectively. The function will at some point set v0 to equal either v1 (1 which is true) or v2 (0 which is false), and these 2 variables are only ever used for that purpose. So lets just set both of them to false (0). Your modified code should now read

const/4 v1, 0x0

Save and close a.smali.

Step 6 - Before we recompile our APK to look and see if our modifications worked, we need to edit strings.xml to include our Google Maps API key otherwise the map won't show. You will need to have your own API key to continue from here, to generate one follow the offical Google Maps SDK tutorial.
So copy your Maps API key and replace the one that exists in the value mapsAPIKey.

<string name="mapsAPIKey">AIzaSyC-IonQivluzvu2W3Tmr8ARkhEPrHqIJyw</string>

Now we can recompile the APK with APK Easy Tool, and install the new APK that was recompiled on your phone. You will need to uninstall any previously installed 7Eleven apps because they will have conflicting signatures.

Step 7 - Try setting a mock location with Fake GPS or a similar app and locking in a price! What happens? Dang it! An error still! Okay, lets fix this one.

So search for mock, and the next one that sounds promising is

au.com.seveneleven.ax.a.a("Error", "Mock Locations");

Double click that one we land in the middle of a what appears to be a mock location check. Open smali/au/com/seveneleven/ar/c.smali up in your text editor and lets modify this one to try and get around mock locations!

Step 8 - If you search for the term "Mock Locations" it helpfully will lead you to around line 1284. Now we can see that we are at the start of a conditional statement. Scrolling up only a couple of lines you can see that if something does not equal zero then we will jump to conditional statement 8 which we are in. Now you could try simply modify all of the lines to say

if-eqz v0, :cond_8

but that wouldn't work either. Note: eqz stands for EQuals Zero, as in the result that the checks are doing is false.
So why don't we simply just delete all of the checks? Scroll up to just below :cond_7 where it says

invoke-virtual {p0}, Lau/com/seveneleven/ar/c;->getActivity()Landroid/support/v4/app/h;

move-result-object v0

iget-object v1, p0, Lau/com/seveneleven/ar/c;->f:Lau/com/seveneleven/ad/b;

which is the start of all of our checks and simply highlight all of the code below the :cond_7 line until you reach :cond_9 and press delete, because we don't really need the error message either, do we? You should now have code that reads like this:

:cond_7
    
:cond_9
iget-object v0, p0, Lau/com/seveneleven/ar/c;->f:Lau/com/seveneleven/ad/b;

Step 9 - Recompile your app again, transfer it to your phone and look at the results! Congratulations, you've successfully modified your 7 Eleven app! What next? You can remove attempt to remove the root check in the same process as above, searching for "root" and then trial and error!

----------------

I find it a good idea to have 2 copies of jadx open while modifying APKs to see if the changes I made are what I intended them to be. For instance, if you delete just 1 of the if statements from step 7, you can see where in the code you are.