Well, let me say, even though Ninty tried everything to stop derping with its runtime, they can't top us from RE-ing the app
I started with acquiring the apk (com.nintendo.zaaa) from a russian website. According to Play Store, the latest is 1.1.1, and luckily for me, it was available. This is the only 1.1.1 apk that was a proper zip file.
I started my trusty aLogcat (the free edition is perfectly enough, or you could even use Eclipse ADT's LogKitty tool for overkill), set the search term to "nintendo", and started Miitomo.
Well, the regular Holo-styled gradient showed up for a few seconds, black scree for a second, and this repeated a few times before the app finally decided to finally die. Ofc the logs said nothing related to the heartattack-y behavior, so I "extracted" the main Activity's class name from the logs (it would've been easier from the AndroidManifest.xml file though ), desmai'd and dex2jar'd the classes.dex, and unjdgui'd the classes-dex2jar.jar file, and started analyzing the main Activity file.
The app is kinda obfuscated, even the strings are!
Well, it was just too easy to RE the strings Ninty, and his "trusty" ol XORpads I wrote some tools to decrypt the strings as automatically as possible. I investigated the strings, and I found some interesting ones: "Error: isRooted" and "Error: isEmulator". I searched for the string's ID, and I found where it's printed out. Appearently, if itcs detected, that your device is rooted, a NativeAbort function is called, which causes SIGABRT(6), which prevents the app from starting, causing the app to eventually close.
I backtracked to the source of the detector function, and I investigated the .java file of the detector class (which btw is cruel what it can detect ). After I understood the Java code, I got back to APKStudio, and edited the smali file of the class, so most of the detector functions return the best values for me
I resmali'd the apk, pushed it to my phone, but it failed to install. Appearently, if you work with APKStudio (or everything that derps with the apk), you'll need ZipSigner (free and small app, get it from Play Store (kellinwood.zipsigner2)) to sign the apk file in order to allow the installation of it.
After I (successfully) installed the (signed) apk, I ran Miitomo, and SUCCESS! *insert FF win music here*
I can't use it, because it's crying about my clock being not properly set, but at least it starts
I'll post a tutorial SUUN about how to modify the apk yourself without downloading an edited one
Or if I upload the patched apk to that iso site, then get it from there
I started with acquiring the apk (com.nintendo.zaaa) from a russian website. According to Play Store, the latest is 1.1.1, and luckily for me, it was available. This is the only 1.1.1 apk that was a proper zip file.
I started my trusty aLogcat (the free edition is perfectly enough, or you could even use Eclipse ADT's LogKitty tool for overkill), set the search term to "nintendo", and started Miitomo.
Well, the regular Holo-styled gradient showed up for a few seconds, black scree for a second, and this repeated a few times before the app finally decided to finally die. Ofc the logs said nothing related to the heartattack-y behavior, so I "extracted" the main Activity's class name from the logs (it would've been easier from the AndroidManifest.xml file though ), desmai'd and dex2jar'd the classes.dex, and unjdgui'd the classes-dex2jar.jar file, and started analyzing the main Activity file.
The app is kinda obfuscated, even the strings are!
Well, it was just too easy to RE the strings Ninty, and his "trusty" ol XORpads I wrote some tools to decrypt the strings as automatically as possible. I investigated the strings, and I found some interesting ones: "Error: isRooted" and "Error: isEmulator". I searched for the string's ID, and I found where it's printed out. Appearently, if itcs detected, that your device is rooted, a NativeAbort function is called, which causes SIGABRT(6), which prevents the app from starting, causing the app to eventually close.
I backtracked to the source of the detector function, and I investigated the .java file of the detector class (which btw is cruel what it can detect ). After I understood the Java code, I got back to APKStudio, and edited the smali file of the class, so most of the detector functions return the best values for me
I resmali'd the apk, pushed it to my phone, but it failed to install. Appearently, if you work with APKStudio (or everything that derps with the apk), you'll need ZipSigner (free and small app, get it from Play Store (kellinwood.zipsigner2)) to sign the apk file in order to allow the installation of it.
After I (successfully) installed the (signed) apk, I ran Miitomo, and SUCCESS! *insert FF win music here*
I can't use it, because it's crying about my clock being not properly set, but at least it starts
I'll post a tutorial SUUN about how to modify the apk yourself without downloading an edited one
Or if I upload the patched apk to that iso site, then get it from there