+---------+
| H O M E |
+---------+
Unlocking the full version of WikiCamps Australia version 2.6.3
The WikiCamps Australia App is a good app that lets you find and review campsites around Australia.
There is a 14 day trial before you are locked out of the app. To bypass this there are a couple of methods you can use.
Step one: Download the APK. Once you have the APK open it up in JADX and wait for it to decompile the code.
Step two: If we search for the word "trial" it leads us to a file called "au.com.angryrobot.wccore.Adverts" which has an interesting piece of code where it shows us how much longer we are allowed to trial the app before we need to purchase it.
Step three: There are a few interesting pieces of code here, the first obvious one is line 595 which says
if (!WikiSettings.isExplorer && registered == 3) {What this means is that if the variable "isExplorer" isn't set and if our registration type is 3 then run the following code. If you scroll to the top of this file you will see that registered is given 3 options, they are
STATE_NOT_PURCHASED = 3
STATE_PURCHASED = 4
STATE_UNKNOWN = 0
So by looking at this we either can set isExplorer to 1 (so it is set) or we need registered to not equal 3. How do we do this? Well, by scrolling up we see that there is an option to enter a code, and there is an interesting line in that function,
Adverts.setRegistered(4);This should mean that if we can run this line then the program will be registered!
Step four: So now we need to decompile the APK to smali code. So open up APK Easy Tool and click decompile.
Step five: Now that we have decompiled the code, open up the folder where it decompiled to. You will see there are a whole bunch of smali files now. We want the one called Adverts$8$2.smali. Search for ".line 404" which is where it sets
Adverts.setRegistered(4);and you will land in an if statement. What the app is now checking is whether the response data contains the words "activate:". If you change the
if-nezto
if-eqzit will register the app.
Step six: Recompile the APK with APK Easy Tool and then copy it to your phone. You will need to uninstall the original APK since the signatures will no longer match. Now try and enter a random code in the box and see what happens!
Note: This method will only work if you don't enter a valid code, otherwise it will fail!
Method two
The second method is just as easy as the first.
This time open Adverts.smali and search for the code
invoke-interface {v1, v2, v6}, Lcontent/SharedPreferences;->getInt(Ljava/lang/String;I)IIf you look at this what it does is it will call prefs.getInt (v1), and insert the variable "registered" (v2) with int 0 (v6). So we can just modify the 0 to a 4 and we are instantly registered!
With smali code you need to make remember that the .locals starts at 0, and if we want to insert a new value into the array we need to add a 1 onto the .locals , so it should now be ".locals 8".
If you look just below the .locals 8, you will see .prologue where it says const/4 v6, 0x0. Just below that write what we want our registered preference to be, in our case it is 4 so our prologue should now look like this
.prologue
const/4 v6, 0x0
const/4 v7, 0x4Notice that we now use v7 instead of v6? That is because there are other preferences that will want to be set to 0. Smali likes to reuse as much code as possible, so we want to create a new variable.
Now, if we were to just compile the code now, nothing would change since we haven't told the prefs.getInt to pull our number 4. So we need to change the code from
invoke-interface {v1, v2, v6}, Lcontent/SharedPreferences;->getInt(Ljava/lang/String;I)Ito
invoke-interface {v1, v2, v7}, Lcontent/SharedPreferences;->getInt(Ljava/lang/String;I)IOnly 1 number needs to be changed (v7), and as simple as those 2 small changes, we have a fully registered app!
+-------+
| E N D |
+-------+