Well it’s really late right now, and I’ve been working on a ton of thing, though I thought I’d release this.

This is a decompile version of Vending.odex (Vending.apk/Market.apk) for the G1. It was done using a slightly modified DeDexer by Gabor, mentioned in previous posts.

Enjoy — I’ll post more on it later!

Vending.rar

Was playing around with dedexer, mention in this previous post, and noticed it wasn’t working well on my ubuntu dev. machine. Turns out it just didn’t play well with the default ubuntu java - so switching it made all the difference. So if your getting the following error or something like this when running:

tstrazze@strazz-workstation:~/Desktop$ java -jar ddx.jar -d dump classes.dex
Processing com/android/im/util/QueryUtils
Exception in thread “main” java.lang.NoSuchMethodError: method java.io.PrintStream. with signature (Ljava.io.File;)V was not found.
at hu.uw.pallergabor.dedexer.JasminStyleCodeGenerator.generate(JasminStyleCodeGenerator.java:29)
at hu.uw.pallergabor.dedexer.Dedexer.run(Dedexer.java:116)
at hu.uw.pallergabor.dedexer.Dedexer.main(Dedexer.java:12)

Then run the following command;

tstrazze@strazz-workstation:~/Desktop$ java -version
java version “1.5.0″
gij (GNU libgcj) version 4.2.4 (Ubuntu 4.2.4-1ubuntu3)

Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
tstrazze@strazz-workstation:~/Desktop$ sudo update-java-alternatives -l
java-6-sun 63 /usr/lib/jvm/java-6-sun
java-gcj 1042 /usr/lib/jvm/java-gcj

We want to be using java-6-sun, not java-gcj so we’ll do the following;

tstrazze@strazz-workstation:~/Desktop$ sudo update-java-alternatives -s java-gcj
No alternatives for apt.
No alternatives for extcheck.
No alternatives for firefox-3.0-javaplugin.so.
No alternatives for HtmlConverter.
No alternatives for idlj.
No alternatives for javap.
No alternatives for java-rmi.cgi.
No alternatives for jconsole.
No alternatives for jdb.
No alternatives for jhat.
No alternatives for jinfo.
No alternatives for jmap.
No alternatives for jps.
No alternatives for jrunscript.
No alternatives for jsadebugd.
No alternatives for jstack.
No alternatives for jstat.
No alternatives for jstatd.
No alternatives for jvisualvm.
No alternatives for schemagen.
No alternatives for wsgen.
No alternatives for wsimport.
No alternatives for xjc.
Using ‘/usr/lib/jvm/java-gcj/bin/appletviewer’ to provide ‘appletviewer’.
Using ‘/usr/lib/jvm/java-gcj/bin/jarsigner’ to provide ‘jarsigner’.
Using ‘/usr/lib/jvm/java-gcj/bin/javac’ to provide ‘javac’.
Using ‘/usr/lib/jvm/java-gcj/bin/javadoc’ to provide ‘javadoc’.
Using ‘/usr/lib/jvm/java-gcj/bin/javah’ to provide ‘javah’.
Using ‘/usr/lib/jvm/java-gcj/bin/native2ascii’ to provide ‘native2ascii’.
Using ‘/usr/lib/jvm/java-gcj/bin/rmic’ to provide ‘rmic’.
Using ‘/usr/lib/jvm/java-gcj/bin/tnameserv’ to provide ‘tnameserv’.
Using ‘/usr/lib/jvm/java-gcj/jre/bin/jar’ to provide ‘jar’.
Using ‘/usr/lib/jvm/java-gcj/jre/bin/java’ to provide ‘java’.
Using ‘/usr/lib/jvm/java-gcj/jre/bin/keytool’ to provide ‘keytool’.
Using ‘/usr/lib/jvm/java-gcj/jre/bin/orbd’ to provide ‘orbd’.
Using ‘/usr/lib/jvm/java-gcj/jre/bin/rmid’ to provide ‘rmid’.
Using ‘/usr/lib/jvm/java-gcj/jre/bin/rmiregistry’ to provide ‘rmiregistry’.
Using ‘/usr/lib/jvm/java-gcj/jre/bin/serialver’ to provide ’serialver’.
update-java-alternatives: plugin alternative does not exist: /usr/lib/gcj-4.2/libgcjwebplugin.so
update-java-alternatives: plugin alternative does not exist: /usr/lib/gcj-4.2/libgcjwebplugin.so
update-java-alternatives: plugin alternative does not exist: /usr/lib/gcj-4.2/libgcjwebplugin.so
update-java-alternatives: plugin alternative does not exist: /usr/lib/gcj-4.2/libgcjwebplugin.so
update-java-alternatives: plugin alternative does not exist: /usr/lib/gcj-4.2/libgcjwebplugin.so
update-java-alternatives: plugin alternative does not exist: /usr/lib/gcj-4.2/libgcjwebplugin.so
update-java-alternatives: plugin alternative does not exist: /usr/lib/gcj-4.2/libgcjwebplugin.so

Ta-da! A simple (and probably obvious for most) work around. Just figured I’d throw it up here to help anyone who might bump into the problem.

So haven’t been around for a while, due to the flu. So it gave me plenty of time to play PapiJump and PapiRiver. Though I kind of got interested in the method of high scores so I took a more indepth look at it. I’ll posted all the code to emulator a papi* score submit. I took out the little tidbit that actually sends the request, so this just prints to the screen. I’ve also removed the “secret keys” which wouldn’t be too hard to find if your really wanted to use this.

/*
 * @file papihack.java
 *
 * @author Tim Strazzere
 *
 * @date Jan 20th, 2009 (finished same day)
 *
 * @desc:
 *    An attempt to spoof the high score function of papijump,
 *    and papiriver since they are just different secret keys
 *
 *    should produce a url similar to:
 *
 *    http://www.sunflat.net/android/cmd/postSc?gid=2001&v=1.0.1&lid=1&tid=4232145dfg8432145&dt=1232488839&sc=39927&ha=1007200355&tt=1&tn=T-Mobile+G1+Vi116143
 *    [broken down]
 *    http://www.sunflat.net/android/cmd/postSc?
 *    // game id
 *    gid=2000
 *    // game version
 *    &v=1.0.0
 *    // license?
 *    &lid=1
 *    // terminal id
 *    &tid=4232145dfg8432145
 *    // date / 1000
 *    &dt=1232171270
 *
 *    // score?
 *    &sc=844
 *    // CRC'ed hash
 *    &ha=3817043337
 *
 *    // eh? always 1
 *    &tt=1
 *    // terminal name
 *    &tn=T-Mobile+G1+Vi116143
 *
 */

import java.io.UnsupportedEncodingException;
import java.util.Date;
import java.util.zip.CRC32;
import java.util.zip.Checksum;

public class papihack {
	public static void main(String[] args) throws UnsupportedEncodingException{
		String comma = ",";
		//String appVersion = "1.0.0"; // version for papijump
		String appVersion = "1.0.1"; // version for papiriver
		//String secretKey = "6977616e74746f6368656174"; // secret key for papijump
		String secretKey = "69276d616368656174657221"; // secret key for papriver
		String terminalName = "T-Mobile G1 Vi116143"; // (Build.Model + " Vi" + Build.Version.Incremental) (needs to be websafe)
		String terminalID = "4232145dfg8432145"; // (Android_ID)
		//String gameID = "2000"; // papijump game id
		String gameID = "2001"; // papiriver game id
		String lid = "1";
		String score = "39927"; // score you want
		String postUrl = "http://www.sunflat.net/android/cmd/postSc?";

		Date date = new Date();
    	long dateLong = date.getTime()/1000;

    	StringBuilder hash = new StringBuilder();
    	hash.append(gameID + comma
    			+ appVersion + comma
    			+ lid + comma
    			+ terminalID + comma
    			+ dateLong + comma
    			+ secretKey + comma
    			+ score);
    	StringBuilder newHash = new StringBuilder(hash.toString().valueOf(hash));

    	newHash.append(",tt1");

    	Checksum checksum = new CRC32();
    	byte[] bytes = new byte[1024];
    	int len = newHash.toString().length();
    	Long value;

    	bytes = newHash.toString().getBytes("UTF-8");
    	checksum.update(bytes, 0, len);
    	value = checksum.getValue();

    	StringBuilder url = new StringBuilder();
    	url.append(postUrl);
    	url.append("gid=" + gameID);
    	url.append("&v=" + appVersion);
    	url.append("&lid=" + lid);
    	url.append("&tid=" + terminalID);
    	url.append("&dt=" + dateLong);
    	url.append("&sc=" + score);
    	url.append("&ha=" + value.toString());
    	url.append("&tt=1"); // const ?
    	url.append("&tn=" + terminalName);

    	System.out.println(url.toString());

	}
}

Ah, also - kudos to anyone who figures out what I replaced the keys with. It’s sort of a little joke…

On a little after thought, maybe it should be called papipwn? Eh - oh well, either way it will be easily bannable/removable by the administrators. It’s not hard as they are linked to your specific android id so I wouldn’t recommend using this or if you do, going over board with it.