Adventure with Android. Part 1.

I was playing one mobile game for some time and one day I wanted to check how something is done in this game. That day I didn’t know that my curiosity will start long adventure full of interesting discoveries. And I decided to share it as whole thing was quite interesting and surprising (at least for me).

As everybody knows applications for Android are supplied in form of single file with APK extension and it is actually zip file. And my initial thought was extract content of APK file and check it. Quick search revealed many sites that have APK file for that game. So, I downloaded it and extracted. Then was first surprise. Pretty much everything interesting was encrypted. I found in internet that few people were able to decrypt it, but nobody shared result or tell much about whole process. And I decided to have fun and find out how to decrypt it. All my experience with Android was quite limited and I never developed anything for it. And I decided that this will be good opportunity to learn.

First thing I found that APK file contains this directory lib\armeabi-v7a and it was telling me that this application will work only on ARM processors. I did spend some time trying to find x86 versions, but I couldn’t find it. As result I decided to go with ARM. After all it is one of the most popular CPU in the world, right?

My previous search revealed that all files has 7 letters prefix and then something that looks like encrypted data. After searching internet, I found that everybody talking about xxtea encryption. And I found xxtea_decrypt in exports of one of the .so files in lib\armeabi-v7a directory. Then I found in disassembler that there is some code that checks for 7 letter prefix and then calling xxtea_decrypt. But decryption function actually needs encrypted data and key. I spent quite some time analyzing code and I couldn’t find where is key passing from. As result I decided to actually run application in debugger, put breakpoint on this function and then I will find out key.

My favorite development IDE is Visual Studio. I know that Visual Studio supports some kind of development for Android and there is some android emulator. I’m using currently latest Visual Studio 2019 and after spending quite some time reading documentation and I found out that you need to check following items in Visual Studio Install: Mobile Development in C++, Mobile Development in .NET. Last one specifically important as it will install emulator and most of the tools that supports it.

My initial thought was similar to what I do in Windows: run application, attach Visual Studio to it, put breakpoints in interesting places and observe. But to do this I need to run application. I don’t have any Android device in my household, so I need Android emulator.

As side note: All Android related infrastructure provided by Google. Microsoft just put few GUI applications on top of it to glue everything together. You can install Android Studio and you will see similar stuff.

After I installed everything above, I started Visual Studio and when to Tools|Android menu (and there is similar toolbar) where you can find Android Device Manager. Start it and you will see that there are few pre-created Android devices.

From my previous discoveries I knew that I do need ARM based device and I decided to create new one. I selected armeabi-V7a as processor and there was my next surprise. If you select x86 or x86_64 then you will be able to check Google Play Store. But if you select any ARM CPU then this checkbox became disabled and you cannot have Google Play Store.

And I did verify that Android Studio has exactly the same behavior. I have no idea why Google decided to do it this way. I found it very unhelpful. Out of curiosity I did start all x86 versions with Google Play and confirm that my game is missing in Google Play. Again, searching confirms that there is pretty much no software for x86 in Google Play.

At this moment I decided to go with ARM emulator and find way to install game on it. I started my emulator just to discover that it is extremely and painfully slow. I bought new computer recently and it is quite fast, but it took like 10 minutes for emulator to boot. Few times I thought that it stopped working. For quite some time I just observe black screen on emulator. But finally, I saw standard Android desktop. And I thought that perhaps it does initial setup and after that it will be fast. I was wrong. It continues to be really slow. There are at least few seconds between you press somewhere and something happens. But I can deal with that. But main issue was that Android keeps killing apps as it believes that applications just takes too long to respond. And that was main issue. You have to repeat the same a lot of times before it actually able to start. So, if you want to do any actual development for ARM then forget about emulator. It just does not work. If you can you can do it in x86 that works about 10-20 times faster but if you need ARM, then go for real device. You will save a lot of time.

As side note: I did some development for handheld devices like Pocket PC for Windows CE 3.0 in 2001 and 2002. Their emulator was much much faster. And keep in mind it was very first days of virtualization. There was no hardware support for it and yet it was still faster that these days with all this goodness we have these days.

Anyway, device is ready and now I need to install my game. Spoiler alert. There is much simpler way to install via adb install command. More about that later. But for now, I know that I should go to site where I downloaded APK but this time from device itself and then click on APK file and Android will suggest installing it. Really easy. Started Google Chrome on device. It started in 2 minutes. It took about 3 tries and 15 minutes to type address of web site. Remember Android will kill unresponsive app automatically.  After 15 more minutes page was loaded. APK file was on second page, so 15 more minutes. About 30 minutes to download it and about 10 more minutes to install it. Finally. It was time to laugh like doctor Evil.

Well that laugh was really premature. I spent a lot of time and I couldn’t figure how can I attach Visual Studio to running process on emulator. And as result I decided to go hardcore and go for command line debugger.

But more about that in my next post.