Hey, that's my first time I try to mod/remove premium feature from apk. Soo I watched some YT videos, but I noticed we didn't have same results in MT Manager, so I'm asking if someone could help me. App is called ''Kalorické tabulky''
PS: LP didn't worked as far it said first success, and then later billing error
This is the classical reasoning in enabling premium features, as long as they are enabled in Java (not in lib) Note: This reasoning may slightly differ from app to app
STEP 1:
Locate a UI element that changes according to whether premium features are enabled or disabled
After digging in the app and translating text to english, I found this interesting text:
This text "Aktivujte Premium" (Activate Premium) will only show up if premium is not activated, so this is a good find
SECOND STEP:
Find that UI element in code
This step is a little bit harder, and there are many ways to find the element according to how the app is coded.
We will pick the easiest at first, which involves analyzing strings in resources.arsc
- Press the apk in MT Manager and click "VIEW" to decompile it.
- Scroll down until you find resources.arsc
- Click it and choose "Arsc Editor"
- Click "Search resource by value" and Input the desired string. In our case the string is "Aktivujte Premium"
- Find the right string (make sure its text exactly matches the one displayed on our target ui element). In our case it is "cz.psc.android.kaloricketabolky/string/offer_analysis"
- Long Press and choose copy id
- Go back to the decompiled apk directory and decompile all classes.dex. Click classes.dex > Dex Editor Plus > Select All > Ok
- After decompilation is finished, head to the search tab and paste the id you copied earlier.
Search subdirectories -> checked
Match case -> unchecked
There are two results. The first one is just "R.string" which is for indexing the ids into code. So we pick the second one.
THIRD STEP: Find a conditional if statement that leads to this UI element being displayed and locate premium method afterwards
This may sound a little complicated, but you will see its very simple if you follow line by line
In line 3607 we can see our id being initialized. In line 3610, we can see that "getString" is being called, turning the id into a string.
Lets read the previous lines: we find in lines 3591 and 3592 two labels, these two are the only way to jump into this code section, since they are preceded by a return-object which obviously exits the method.
Lets see where each one comes from (long press).
line 3216 -> calls getUserInfo()
line 3218 -> moves userInfo to p3
line 3220 -> (ignore this line) v1 = 1
line 3222 -> if userInfo (p3) is null jump to cond_180 and show "Activate Premium" message
Probably this happens when user is not logged in
line 3225 -> calls userInfo(p3).isSubscribed()
line 3227 -> move the result to p3
line 3229 -> if isSubscribed jump to cond_22
line 3231 -> jump to goto_180
BINGO!
So "Activate Premium" shows in two cases: user is not logged in or user is not subscribed
We just have to make UserInfo.isSubscribed() always return true !
FINAL STEP: Activate premium.
Long press isSubscribed and click goto. Make the method always return true
This is the classical reasoning in enabling premium features, as long as they are enabled in Java (not in lib) Note: This reasoning may slightly differ from app to app
STEP 1:
Locate a UI element that changes according to whether premium features are enabled or disabled
After digging in the app and translating text to english, I found this interesting text:
This text "Aktivujte Premium" (Activate Premium) will only show up if premium is not activated, so this is a good find
SECOND STEP:
Find that UI element in code
This step is a little bit harder, and there are many ways to find the element according to how the app is coded.
We will pick the easiest at first, which involves analyzing strings in resources.arsc
- Press the apk in MT Manager and click "VIEW" to decompile it.
- Scroll down until you find resources.arsc
- Click it and choose "Arsc Editor"
- Click "Search resource by value" and Input the desired string. In our case the string is "Aktivujte Premium"
- Find the right string (make sure its text exactly matches the one displayed on our target ui element). In our case it is "cz.psc.android.kaloricketabolky/string/offer_analysis"
- Long Press and choose copy id
- Go back to the decompiled apk directory and decompile all classes.dex. Click classes.dex > Dex Editor Plus > Select All > Ok
- After decompilation is finished, head to the search tab and paste the id you copied earlier.
Search subdirectories -> checked
Match case -> unchecked
In line 3607 we can see our id being initialized. In line 3610, we can see that "getString" is being called, turning the id into a string.
Lets read the previous lines: we find in lines 3591 and 3592 two labels, these two are the only way to jump into this code section, since they are preceded by a return-object which obviously exits the method.
Lets see where each one comes from (long press).
line 3216 -> calls getUserInfo()
line 3218 -> moves userInfo to p3
line 3220 -> (ignore this line) v1 = 1
line 3222 -> if userInfo (p3) is null jump to cond_180 and show "Activate Premium" message
Probably this happens when user is not logged in
line 3225 -> calls userInfo(p3).isSubscribed()
line 3227 -> move the result to p3
line 3229 -> if isSubscribed jump to cond_22
line 3231 -> jump to goto_180
BINGO!
So "Activate Premium" shows in two cases: user is not logged in or user is not subscribed
We just have to make UserInfo.isSubscribed() always return true !
FINAL STEP: Activate premium.
Long press isSubscribed and click goto. Make the method always return true
