Android/App개발2010. 9. 3. 21:11
Wednesday, September 23rd, 2009 | Author: Tim
Mmmmm... Market Data...

Mmmmm... Market Data...

It turns out downloading a free application is actually pretty easy to reproduce. The things required by the google android servers are just four variables. The server needs to know your userIdauthToken,deviceId and the applications assetId.
The 
userId is a unique number that is associated only with your gmail account, the one that is currently linked to the phone. I’m working on getting a generic way to grab this number, though I believe the request is buried in an ssl request to the google servers. So for now, you can obtain your own userId by doing a tcpdump of your market traffic, just do a download of an application and look for a “GET” request in wireshark. There does not appear to be a “hard” maximum character on this, I’ve seen userIds as low as 8 in length and as high as 13. A bad userId will return a 403 forbidden response.
The 
authToken is sent in cookie form to the server, to authenticate that the user is using a valid and non-expired token and well, is who they say they are! This is linked to the userId and must match the account that the userId is taken from. Expired tokens will return a 403 forbidden response.
The 
deviceId is simply your Android_ID, and is linked in anyway to the authtoken or user-id, so feel free to spoof this.
The 
assetId is a number (negative or positive) that identifies the current stream of the application you wish to download. More on this later when I cover how to get live market data. Note that this number is not always the same - it (appears) to change when something from the application is changed. Originally I referred to this in my research as a “cacheAppID” for just that purpose.

  1. // Downloading apk's without vending/market 
  2. // Coded by Tim Strazzere 
  3. import java.io.FileNotFoundException; 
  4. import java.io.IOException; 
  5. import java.io.InputStream; 
  6. import java.io.BufferedOutputStream; 
  7. import java.io.FileOutputStream; 
  8. import java.io.UnsupportedEncodingException; 
  9. import java.net.MalformedURLException; 
  10. import java.net.URL; 
  11. import java.net.URLEncoder; 
  12. import java.net.HttpURLConnection; 
  13.  
  14. public class main { 
  15.     public static void main(String[] args) { 
  16.         // current assetId for the yahoo search apk 
  17.         String assetId = "7884814897504696499"
  18.         // input your userId 
  19.         String userId = "12345678901"
  20.         // spoof your deviceId (ANDROID_ID) here 
  21.         String deviceId = "2302DEAD532BEEF5367"
  22.  
  23.         // input your authToken here 
  24.         String authToken = "DQAAA...BLAHBLAHBLAHYOURTOKENHERE"
  25.  
  26.         String cookie = "ANDROID=" + authToken; 
  27.  
  28.         try { 
  29.             // prepare data for being 'get'ed 
  30.             String rdata = "?" + URLEncoder.encode("assetId""UTF-8") + "=" + URLEncoder.encode(assetId, "UTF-8"); 
  31.             rdata += "&" + URLEncoder.encode("userId""UTF-8") + "=" + URLEncoder.encode(userId, "UTF-8"); 
  32.             rdata += "&" + URLEncoder.encode("deviceId""UTF-8") + "=" + URLEncoder.encode(deviceId, "UTF-8"); 
  33.  
  34.             // Send data 
  35.             URL url = new URL("http://android.clients.google.com/market/download/Download" +rdata); 
  36.             HttpURLConnection conn = (HttpURLConnection)url.openConnection(); 
  37.  
  38.             // For GET only 
  39.             conn.setRequestMethod("GET"); 
  40.  
  41.             // Spoof values 
  42.             conn.setRequestProperty("User-agent""AndroidDownloadManager"); 
  43.             conn.setRequestProperty("Cookie", cookie); 
  44.  
  45.             // Read response and save file... 
  46.             InputStream inputstream =  conn.getInputStream(); 
  47.             BufferedOutputStream buffer = new BufferedOutputStream(new FileOutputStream("out.put")); 
  48.             byte byt[] = new byte[1024]; 
  49.             int i; 
  50.             for(long l = 0L; (i = inputstream.read(byt)) != -1; l += i ) 
  51.                 buffer.write(byt, 0, i); 
  52.  
  53.             inputstream.close(); 
  54.             buffer.close(); 
  55.  
  56.             System.out.println("File saved..."); 
  57.         } 
  58.         catch (FileNotFoundException e) { 
  59.             System.err.println("Bad url address!"); 
  60.         } 
  61.         catch (UnsupportedEncodingException e) { 
  62.             System.out.println(e); 
  63.         } 
  64.         catch (MalformedURLException e) { 
  65.             System.out.println(e); 
  66.         } 
  67.         catch (IOException e) { 
  68.             if(e.toString().contains("HTTP response code: 403")) 
  69.                 System.err.println("Forbidden response received!"); 
  70.             System.out.println(e); 
  71.         } 
  72.     } 

Hopefully someone will find this stuff useful ;) Better than me just sitting on it forever!

Posted by 삼스