Paid apps on an italian G1
First let me just make a little disclaimer that this is my own translation from Italian to English and I used google-translate a little bit also. So try to hang in there with me since my Italian isn’t very good, and I’ve tried to rephrase things to make a little more sense in English. For the original article (Italian) go to androidiani.com and for the translated (via google-translate) go here translated androidiani.com.
As announced previously, today will be the launch day of the program we have called “Android Enabler”. This is a program that should help people across the world (and in the US) who have been restricted thus far with the inability to purchase applications on the Android Market.
If you have previously read the blog (and if you do not, perhaps it is time you subscribe 
) you would know that yesterday we launched a preview of the application and what will be going on. On to the news now though…
The Builders
We start by presenting Tim Strazzere, an American friend (in fact I recently discovered he has ancestors from Sicily), who write an interesting articles on reversing applications and control systems from the Android OS. (Link to blog)
He gas written a few “bomb shell” articles that have been about reversing the market. After contacting him I discovered that he was working on a scraper of the market.
Then we came to meet on gchat where we talked about the possibilities and how we could accomplish such a task of purchasing outside of the US. I provided the out-of-the-country phone and knowledge, and provided the reversing knowledge.
The other coder of this application is myself, Andrea Baccega, that was absolutely bored to ask his friend over the ocean to purchase applications, reimburse his fee, and then get the application to be able to review it for my site. (Tim: I was getting bored of that myself!)
The method
Tim and I quickly set to work to find ways to enable the market for pay applications outside of the US (which at the time was the only viable market, with UK soon to follow). First I will explain the methods we tried and the solutions we used, this will hopefully let you understand the process we used for which the final solution came about.
To be able to play around with the data the market would send to the phone, we needed to understand how the data was exchanged with google servers. It was not enough to simple snag the packages by a simple mitme (man in the middle) attack. As one might expect, the data being exchanged was not always clear…
At this point, if we wanted to understand what we where sending to google, we had to reverse the market and understand exactly what function is employed to encode and decode the data being sent and received. More importantly though, we had to understand what was going on within these two methods.
Surprisingly, we found that the method of encoding and decoding that are used are extensively documents and were Baser64.decodeWebSafe and Base64encodeWebSafe. Both part of the google data API. Though the values that the android where producing where often a little nerfed and not out-of-the-box uses of these functions.
Once we decoded and sniffed a good number of packages from both the US and Italy we knew what information apparently was going to be required to change:
- – Name of the operator (which in Italy would often be IT and Vodafone, in the US would often be T-Mobile)
- Operator number (which in Italy was 22210 though it needed to be 31026) This is a number made up of the MCC + MNC
According to our theory, simply by changing every occurrence of these values, we should be able to access the paid applications on the market from anywhere.
After a quick brainstorming session we figured the following routes would be the best solutions:
1. Intercept the outgoing packet and change on the fly (too costly, too time consuming and would probably require writing a driver or massive patch)
2. Change the core android functions that manages requests and posts to the internet.
3. Change the core android functions that return the operator name and operator number.
Framework.jar
At fire glance, I immediately worked to rebuild the entire Android OS and create a patch that would manage and restore the values from Italian to the US values.
Although this process had turned out to be a long and painful process, which I’ll spare you the details of. Essentially I was recompiling the ServiceState class. (it should be easy to guess where)
Once recompiled with the changed we crossed our fingers and with some effort, managed to get it to run on my Italian G1 running “thedude” patched firmware.
To our surprise, however, the enormous amount of work done was not enough to make it fully functional. The market seemed to be pulling data from other locations that just the ServiceState class. The data it was pulling turned to be half Italian and Half American, so we started to work on a different solution.
Setprop
In the amended version of “thedude” I wanted to make one more final test. For those who do not know android has a list of global variables that are used as real properties.
Some of the properties are written, while others are read-only values. Through a few bash commands, we discovered that the previous patch I had created was not changing all the properties that we needed to change, so these had to be manually changed through the shell.
After several attempts we succeeded … We finally saw paid applications! … Now Tim says:
“Why don’t we just see if we can do this through all setprop commands, opposed to even using the patched ServiceState class?”
Done… This method also worked, so it was much easier to do. Next I downloaded the latest version of the android firmware are just released by JesusFreke.
Retried all the setprop commands we had figured out, crossed out fingers – and then reopened the market. Success, it works!
The result of this discovery is that all the idea we had, we basically in vain. They all would have worked – though this was much more simple than we originally thought it would be.
Moreover, the final solution we came to, was not firmware dependent – there is no reason to patch framework.jar so you could use this on any firmware, as long as you have root.
Market Enabler
Application
I will just quickly go over the disclaimer for this applications and a quick how to;
Disclaimer
- – As usual, I am not responsible for the use of this application. This application is to be used as a Proof of Concept only, for enabling paid applications on your phone.
- If using this program to enable paid applications, I am not responsible for anything that happens to your phone or applications that you’ve purchase should this be fixed at a later date
- The application will be issues under the GPL shortly, once I can gather up the code and clean it up a little bit
How to User the program
The applications only has two buttons a right and a left one.
- The left button enables paid applications on the market
The right button restores the normal values (in case some applications have problems after changing the values)
That’s it! Doesn’t get much easier than that.
Note: Each reboot you must restart this application to enable the paid applications on the market.
Download Market Enabler
The Market Enabler can be downloaded from here.
To install the application you can simply run the command:
adb install MarketEnabler.apk
or open the Android Browser to this link: http://tinyurl.com/marketenabler
For problems with the application, refer to our forum! (Italian) Or post here for help in English.
Note: To use the market to pay for applications you have to register an account on google checkout. Google Checkout is a secure payment platform similar to paypal. To do this, use your pc to navigate to this web site. The instructions will guide you to sign up step by step
Donations: Donations are always welcome! Also I will publish a list of all donors, who have supported our work.
To donate (even $1), click here. (Click the “Donate” button that says paypal)
Copyright
You can copy of take ideas from this program/post and redistribute the post/application (which will soon be released under the GPL) as long as the source of the article and the download link is not changed.
So would it be possible to change this stuff to a provider other than US T-Mo in order to access tether apps and other stuff like that?
@Unk
Yeap, thats completely possible
Nice work. This will make many people happy.
Great work Tim and Andrea. Must feel good to have something to show for all of your hard work. Congrats.
I had the error “We got a proble Huston” what does it means?thnks (i’m in spain)
AMAZING! Mad props for this.
I can now buy people apps from Canada!
I hope this isn’t blocked.
Guys, you are heroes!
Finally I’m able to purchase some apps – in Jamaica!
Just tried it on HTC 1.5 image… no luck
Application displays OK message but market is unchanged.
I just rooted it back the old way: with adb copy sh to su and chmod… I can run su to be root but I think this app needs different root access?
Anyway… good work
Ignore my above post… I restarted the phone twice… the app force closed a few times and then the ok message was coming again and this time it worked…
WOWWW !! Finally !! I have been looking for something like this FOREVERR !!
I have JF ADP 1.5 and its WORKINGGGG perfectly well !!
Thank You Thank you Thank Youuuuuuuuuu
I get an error when i try to install an app
C:\android>adb install c:\android\marketenabler.apk
713 KB/s (22841 bytes in 0.031s)
pkg: /data/local/tmp/marketenabler.apk
Failure [-12]
any ideas?
tried both ways adb and also download it then install with astro
Hi there,
I installed your app with the tinyurl through my G1 browser but I can only press ‘done’ after install, not ‘launch’. I do have ROOT access, please advice?
Regards,
Top
THIS WORKS AWESUM..I CAN BUY APPS IN INDIA…thnx…!!!
@Top
The program was made my Andrea, not myself. It should be where most of you programs are located (swip the menu up, and look for market enabler)
Hi TIm,
Thanks, it’s just not there….very strange. Installed it twice now and rebooted the machine but not there. Maybe it has to do with my version (RC30)?
Doesn’t seem to work with haryuko’s 1.4 build
Guys when i download the market enabler from various links mentioned on the first page, it downloads ok ( the 23 kb file ) but when i install it, it says ” installation Unsuccessful ” …. i dont know why … i have root access …. i tried rebooting my phone :S ….. am i doing anything wrong … or is there anything i need to do before i install it … please help me
Regards
Hi, I have installed the official Cupcake 1.5 from UK on the phone, And now Market Enabler doesn’t work, it says Houston we’ve a problem !! Any solution?
i’m in HK
i have cupcake
install , no problem. market enabler say ‘done’
when i go to the market place, i still see only the free applications.
can you please help to see paid appl?
thanks
Hi, good post. I have been wondering about this issue,so thanks for posting. I’ll definitely be coming back to your site.
i have htc magic v1.5
got ‘we got a problem huston
guess it is a nogo
reboot
tried again
doing stuff
but still no go
keep me posted
Thank you from Dominican Republic!
Hello,
Not sure how can I get the “paid” app from the market, basically it’s charging my card… thanks god I can “refund” my money in 24 hours if I don’t “like” the app… it that the way it’s supposed to work?
The blocked app are working perfectly, not blocked anymore…
Thanks for the app!
Installed on my HTC Dream (G1) and get the same ‘Houston we got a problem” error message. Phone is not routed, using 1.5 firmware. Is this still being limited by the carriers in Canada?(Fido/Rogers)
Will not enable. “Houston we have a problem” error. HTC Dream, 1.5, Fido(rogers) carrier.
Hello.
If you are interested, I reverse-engineered most of the Android Market protocol (and have an explanation for each of the HTTP POST parameters that are encrypted), so that I’m able to access any application description, icon, comments, rating, perform searches by editor, by keywords, and eventually download their installation package. Those features are available through a private Java library. Let me know if you want to discuss that topic…
Regards,
Édouard
Very promising app but unfortunately does not work on my ADP1 with cyanogen mod 4.2.1 based on android 1.6 (donut). Is market enabler supposed to work under donut? Do you have any plan to support it?
@huba
I’m not sure that the applications will work on 1.6 — I honestly don’t use or develope for the application. Though the concept the application is based off of should still work, the whole setprop of certain properties.
Hey I have more free apps but there are still no paid apps.
On Htc magic from rogers
Hi, shouldn’t it be 310260 for T-Mobile? The app doesn’t work but when I enter to my android setprop to 310260 everything works excellent
Hi there… How can i reverse it? I saved the state and now i cant remember my countrys number:(
@KJ
If you’ve only dont a setprop — a reboot should restore the original settings
Hi, have a Motorola Xoom and needed urgently the Market enabler which I could download and install.
When setting any gsm.numeric it comes back with the error message:
We got a Problem Houston.
Any Idea is welcome
Thanks
hi and thanks for quick reply. Restore no problem. The thing is that I need to store the faked ones like from Germany or US. And this leads to the error message. It wants to force up the android market which I can not access.
IN principle, to sort out this I installed the Enabler