Thursday, August 26, 2010

smali/baksmali used for great evil

I wanted to take a moment to respond to the recent buzz about using smali/baksmali to break the new Google licensing framework for the Android market.

I do not support/encourage/condone the use of my tools for any form of application piracy, copyright infringement, etc. Given the nature of the tool, it's natural that it will be used for these types of things. Some people even seem to think that piracy is the sole purpose of these type of tools. However, there are plenty of legitimate uses as well.

I'll admit, when I first heard the details of the new licensing scheme, my first thought was "I bet that will be easy to crack with smali/baksmali". But I can almost guarantee that the Google engineers who designed the licensing framework took this possibility into account as well. I hear they're usually pretty bright over there at Google. To think that they didn't consider it is almost absurd. What they did was to raise the bar on the effort required to pirate applications. Sure, it's still possible, but I think that overall it will have a positive effect on piracy rates.

I do find it interesting on an intellectual level to try and break these types of protections. Just to see if I can do it/if it's possible. There's a difference between cracking something just to see if you can crack it, and cracking something with the sole purpose of pirating applications. One is good (or at least neutral). The other is evil.

So in the spirit of Google's motto, I'll conclude by imploring everyone to use my tools for non-evil.


  1. Same here.

    Some time ago I was talking with people, who were saying that "It is NOT intended for piracy and other non-legal uses. (...)" sentence on the main page of apktool is ridiculous and funny, cause it's obvious apktool was created for piracy. There were other people, who were giving examples of good usage of this tool, but first group said these are all lies, cause everybody know, what is the main, real purpose of apktool. I think if some people don't have at least a little of good will in their hearts, then they can't even imagine someone else is doing something for good purposes. It's unbelievable for them.

    And yeah, when I was reading LVL documentation for the first time, I was surprised because it was obvious to me, that it's really easy to bypass it. And the fact that developers have to include LVL library to their app makes possible to even create some fully automatic patcher tool. So this is weird to me that Google has created LVL, but you are right: this protection makes impossible to pull apk from one device and install it on another just like that. Apk must be cracked, so stealing is a little harder if app is protected by LVL.

  2. I hope my research spurs developers to not rely just on Google for copy protection, and to think for themselves. I truly started my research as an intellectual quest, wanting to learn more about copy protection, and smali.

    Thank you for all you have provided the Android community, including baksmali/smali.

  3. How dare you crack CoPilot! YOU LEAVE BRITNEY ALONE!

  4. I agree. I don't have anything against your work/article. In fact, I think it is awesome that my tools are being used for this type of security research. But since the subject came up, I wanted to make sure my stance on the whole piracy/copyright infringement thing was clear.

    Thanks for the comment!


Note: Only a member of this blog may post a comment.