[Fake bug] Bypassing X509 fingerprint & MD5 file check with fake crash


I still had 3 years old APKs of a racing game that fake crashes if using resigned APK but wasn't able to bypass it due to lack of cracking skills. Today I try to bypass it.

While comparing both old and new version, I discovered a new folder with 2 smali hidden pretending to be ads at \com\applovin\sdk\applovinsdkattributioninterface\. Attribution.smali is an X509 fingerprint check that checks if the APK's fingerprint match with the original fingerprint stored in-game but where the heck is string of fingerprint and fake crash code?

I deleted the folder applovinsdkattributioninterface, compile apk and launch to see what happen. Game gets stuck on black screen. I captured a logcat and got interesting logs


Now I know the signature check and fake crash come from Assembly C# code. After a while of searching I met this code. This code execute Attribution class code to get SHA1 fingerprint and forward data to Unity game. Quit(); is called if fingerprint does not match. Simply remove the whole code or just remove Application.Quit(); in IL editor if you have problem compiling the code


Sample smali code: https://pastebin.com/zaWBUUZx (only useful for code searching purposes)

Credit:
iAndroHacker

Kommentarer