Changing the properties..

Just randomly looking to do specific things with the Market, I finally figured out a way
to force the Market into accepting any certificate. It turns out there is actually a little bit
of code (leftover from testing?) that if special parameters are set, will allow you to
disable ssl certificate checking. This essentially allows us to well, do lots of things we
otherwise wouldn’t be able to do!

Obviously your going to need root to enable this - and I’m going to provide you the
way I’ve enabled it; using adb. Again like I’ve stated countless times, anything you do
via ADB you should be able to do via a console on the device, I’m not sure why people
always repaste everything and say just do it via a console thinking it’s some big news…
The two variables we’re going to have to set are ro.secure and
vending.disable_ssl_cert_check. Personally, my devices both have ro.secure
already set (properly) to 0. Vending.disable_ssl_cert_check is a new variable that we
will be creating, setting it to “TRUE”. Simply fire up adb and run the following
commands (as root);

setprop ro.secure 0
setprop vending.disable_ssl_cert_check TRUE

You can quickly run a “getprop” to verify you typed everything correctly; ro.secure
should be located as the first variable and the vending one is the last (since it is new).
You can verify that these settings are correct and working by watching your console
log for the Vending.apk via DDMS. The following string should appear while loading
the Market: “Turning off SSL certification check.” This can be seen below:

Also as a final reminder, every reboot these variables must be reset, since there is no program actually setting them already. You must reinitialize these variables (in my case, I only have to initialize vending.disable_ssl_cert_check) if you would like to use this mode.

Hopefully this will be of use to someone other than myself!

So I was skimming through some code looking for some specifics when I ran across the following stuff in Settings;

        /**
         * Frequency in milliseconds at which we should sync the locally installed Vending Machine
         * content with the server.
         */
        public static final String VENDING_SYNC_FREQUENCY_MS = "vending_sync_frequency_ms";

        /**
         * Support URL that is opened in a browser when user clicks on 'Help and Info' in Vending
         * Machine.
         */
        public static final String VENDING_SUPPORT_URL = "vending_support_url";

        /**
         * Indicates if Vending Machine requires a SIM to be in the phone to allow a purchase.
         *
         * true = SIM is required
         * false = SIM is not required
         */
        public static final String VENDING_REQUIRE_SIM_FOR_PURCHASE =
                "vending_require_sim_for_purchase";

        /**
         * The current version id of the Vending Machine terms of service.
         */
        public static final String VENDING_TOS_VERSION = "vending_tos_version";

        /**
         * URL that points to the terms of service for Vending Machine.
         */
        public static final String VENDING_TOS_URL = "vending_tos_url";

        /**
         * Whether to use sierraqa instead of sierra tokens for the purchase flow in
         * Vending Machine.
         *
         * true = use sierraqa
         * false = use sierra (default)
         */
        public static final String VENDING_USE_CHECKOUT_QA_SERVICE =
                "vending_use_checkout_qa_service";

I located a few more interesting snippets - mainly about vending and requiring a sim card.

If there is anyone who is interested in testing some stuff out and has a dev/adp phone without a sim card - let me know. I’d be interested to see if a few patches I worked up would work :)

Vending Assets Database; /data/data/com.android.vending/databases/assets.db

CREATE TABLE assets(
_id INTEGER PRIMARY KEY AUTOINCREMENT,
server_id INTEGER UNIQUE,
content_uri TEXT,
state TEXT,
download_pending_time INTEGER,
download_start_time INTEGER,
install_time INTEGER,
uninstall_time INTEGER,
size INTEGER,
type TEXT,
package_name TEXT,
is_forward_locked TEXT,
signature TEXT,
refund_timeout INTEGER,
version_code INTEGER,
server_string_id TEXT);

Here is an example entry:

_id: 173
server_id: -8619153599380214487
content_uri: content://downloads/download/240
state: UNINSTALLED
download_pending_time: 1233920808560
download_start_time: 1233920811792
install_time: 1233920833173
uninstall_time: 1233936584707
size: 498702
type: 1 (1 = app, 4 = game?)
package_name: com.netdragon
is_forward_locked: false
signature: 7LARjEsYODOYdkX2eWj8yP0Ye-M#498702
refund_timeout: NULL
version_code: NULL
server_string_id: -8619153599380214487

Didn’t have much time as of lately to post, so I figured I’d drop this schema and an example entry on the blog. It shows how the Vending application stores “assets”. I’m still doing more research, but it looks like the previous “DRM” that we’ve mentioned isn’t the only security measure that will be in place. As you can see “is_forward_locked” is a field, though all applications I’ve run across have this disabled (both protected and unprotected). The “version_code” and “refund_timeout” also seem to not be used.