[Fake bug] Bypassing X509 fingerprint & MD5 file check with fake crash
I still had 3 years old APKs of a
racing game that fake crashes if using resigned APK but wasn't able to bypass
it due to lack of cracking skills. Today I try to bypass it.
While comparing both old and new
version, I discovered a new folder with 2 smali hidden pretending to be ads at \com\applovin\sdk\applovinsdkattributioninterface\.
Attribution.smali is an X509 fingerprint check that checks if the APK's fingerprint
match with the original fingerprint stored in-game but where the heck is string
of fingerprint and fake crash code?
I deleted the folder applovinsdkattributioninterface,
compile apk and launch to see what happen. Game gets stuck on black screen. I
captured a logcat and got interesting logs

Now I know the signature check and fake
crash come from Assembly C# code. After a while of searching I met this code.
This code execute Attribution class code to get SHA1 fingerprint and forward
data to Unity game. Quit(); is called if fingerprint does not match. Simply
remove the whole code or just remove Application.Quit(); in IL editor if you have problem
compiling the code

Sample smali code: https://pastebin.com/zaWBUUZx (only useful
for code searching purposes)
Credit:
iAndroHacker
Comments
Post a Comment