How to remove root and apps detection from APK file (Smali modding)
Note: This tutorial is only helpful with simple detections. This tutorial will not be helpful in modern apps with strong protection.
In this tutorial, I will mod old game Age of Empires World Domination
When you run it on rooted device or have unauthorized apps installed, you will be greeted with this message. Remember this message for later use
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-m5LoJW3XdUPL6ebVJKmxlUx1Z9ucrO3_ddw9QTFWk3Qkma9OUSkxr5i2d1Uv-heVIB-7PEfu97R-wQOaJebGWH1A=s0-d)
1. Download any APK tool of your choice
2. Install Notepad++ or other text editors that support searching through all files
3. Decompile an APK file
4.
Open Notepad++,
click on "Search" -> "Find in files..."
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-lXTk_rci9I1bZYCO3P2Azjebr-q8P9ItxUkNc6cS5BIHUrk4mTT1-fwrqFI1VxdwKgegwcMcKtsOMPeA_8yEHMLQ=s0-d)
5.
Input the words of the error message in the “Find what :” field. In directory
section, click on “…” button
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-kwrrQInGA3eVU3w69-iD6hgsaxd4C6whkkg9UikRLMtqS0Rjwb7IWZkO7b5IiAYsjOsbbg7HT-acN2bG_ghBLbkA=s0-d)
6.
Select the path of the decompiled APK, and click OK
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-krLK3C7r-Mezx41zbtikU24YxVDgWlNvC4b7Lr7l0gmsbfFogoPIYtovwCmx8YptUcFh0U7-FaMZ4YSQwAOT3xqQ=s0-d)
7.
Click on “Find all”
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-mGwXoN1p47FlOeRt58mSF1ZnHcs-BB8DOkRdCntb80xdCDMGR8_UZNiYv-uCPQHq1Otc_HcvwnKJucdwlm7EvO=s0-d)
8.
The result will appear below. Double-click in it to open the html file and it
will highlight the word. See screenshot below
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-kT08aBoyynNXYEjxcEGgx5ruIV4U26W8ezMMWHEExAX8-AjcCA1qvbRxY4B4e2a6tjiEsdRV7L2Bcbh2ijDVfK=s0-d)
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-niIBi02lwaDhCO8uxgswtLq5JTHu1pHoh0hp_aXwxt5CILb975y3UB7xpQfwNk8qfg40hEt2s3XmdSIFoyMcoj8w=s0-d){kind=small}
9.
Look at bootup_stopped. Click on
"Search" -> "Find in files..." and type “bootup_stopped”
in the field, and select "smali" folder to be searched
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-n856u_FRBfX9Uw4d_evizDF46UroWt3JR7BmiuIBgkvVhUGxPaLQCSfdqrOhgQKuQ37jUK-1gYaNTusMMzSbExbg=s0-d)
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-k5dj2h24uoBX0KYzgYTPKJ5tLjkTJsRGgPjihe93IZWHEW-BwWmnjojQURpe-fCq26Xfcvgq66y8pjOhy7nrWOrw=s0-d)
10.
The result will appear below. If you found something interesting, double-click
on the line to open the smali file and it will highlight the word. See
screenshot below. Ignore the IDs because they are useless
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-mktm4g-K6w8mRBUOw3X9L0R-_-CMBEGH72rkjUhHtBDFaqN-L6HF2PXI3a0UMTaQqmr66ys9m6xNAwSf9TdM7ACA=s0-d)
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-kaM5SE_5dzV5GIZei41lmbXf3QRRmIT0AbUdNpRN1lPIIzazPekw1QtOut35IHLcuvMghbazaF_Z3_oBYM7GOI_A=s0-d)
11.
Scroll up until you see the name of the function. The function with ()V is
'void' which means the function returns nothing
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-mLcOoIUEdVRDJngmNA0gwAnCaj9DwgNCENpu_6hxh9oXtQVJBFj5YPS_d7O5Fh6nzMc6IUCwwShU5n_dQuN5-uew=s0-d)
12.
Clear the code inside so the code will look like
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-lhHlPaPF7mY01DNc9dO9LrWBbTduwgwlM33AeM1nyWP0kNqsqJWFoODTsdDrHhdMWeiuhypwd-nF0FETbva-E0Eg=s0-d)
13.
Null the function like this
.locals 0
return void
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-mUk12dImXxqQL0qvEk3ElKRYG7J0MqVoQ5V96LbEkUveNNP06ulqVBzsK8cElRjTdR9VRSsLO3AMawXiHwUfyDHA=s0-d)
14.
Find debuggable. The function with ()Z is boolean which means the function can
return false or true.
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-kkHr31XDuv5Py_YklbhfEVV-fKxm9wlCNjPyEtu1UFy3A1FKuW2UbWJk3w-vUfQUZFRWq4BIuvvZnlDX8a-dRbbQ=s0-d)
15.
Return it false. 0x0 means false and 0x1 means true.
.locals 1
const/4 v0, 0x0
return v0
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-mNdg49E_E6bxWy3vbBCEG8wH1mDZ_B1bthelnOKm6cTNyKagU5SW2juNOlctYzU2pOAWwuwGRMPU7meof7ssp8=s0-d)
16.
Find isSuBinaryPresent. The function with ()Z is boolean which means the
function can return false or true. Look at the keyword 'native'. The native is applied to a method to indicate that the method is implemented in native
code using JNI (Java Native Interface), so you can't add the code to it.
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-kBK2s6fYX6WFmrCr-wRqdjxZkEYDeeEqTPwq3xoSKW-6vblO6VS9DV5sxZBhCqgTkBZQWqXkdrqLJqu2SBXY2Buw=s0-d)
17.
Remove the 'native' and return false function like this
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AHs97-nPrjSCASQEt93IAH3aCbOX88uoRuFFWM9HtoNob5jD_YtvY1FjVCHk7AGkGbwlaiHwkGUDlhojO5JBuhrenh9PyQ=s0-d)
18.
Save the file and recompile the APK file with APKtool.
19. Zipalign and sign the APK file
Now you can play the game on any rooted devices with unauthorized
apps installed
Credits:
AndnixSH
Comments
Post a Comment