[PAID] Anti Mod : Detect if app is modded

Extensions
#1

An aix to detect if your app is modded, useful for Apps with In App Purchases or Some premium subscription system.

Blocks
image
Triggered when some error is encountered. [event]

image
Triggered when the signature is retrieved. (Triggered by GetApkSignature() function). [event]

image
Retrieves a signature for given keyType and packageName. [function]

image
Returns if device is currently being monitored/debugged by someone, which can leak sensitive information about your app. [boolean]

image
Returns MD5 keyType which can be passed to GetApkSignature() method. [text]

image
Returns SHA1 keyType which can be passed to GetApkSignature() method. [text]

image
Returns SHA256 keyType which can be passed to GetApkSignature() method. [text]

Demo
Key retrieved by aix.

image
image416Ɨ900 64.6 KB

Key from Kodular Account

image
image839Ɨ128 9.96 KB

How to detect if my apk is modded?
We know that everything can be mimicked, but its nearly impossible in android to mimic an apk signature.

So, to detect if apk is modded :

image
image821Ɨ490 56.8 KB

Sponsored By
@Metion_Technologies

Suggestions
Always encrypt / hardcode your keys.
Never share your keystore to anyone.

To buy
Dm me

16 Likes
[ šŸ˜ NOW FREE FOR ALL šŸ˜ ] Get SHA signature extension
#2

Nice extension.

1 Like
#3

Can it protect from apps like Lucky Patcher?

#4

Yeh, since patched / modded apps doesnt have same SHA1 or SHA256

2 Likes
#5

I guess this only works if the modder ( or a potential user who tries to modify ) tries to tamper with AndroidManifest.xml, since they wouldnā€™t need any signature/modifications of keys whilst doing an ordinary de-compile and re-compile.

#6

Actually, after any edit to apks, signature is modified, let it be even putting a simple file in assets. Upon every single modification in apk, it becomes unsigned

1 Like
#7

Apktool site

image
image886Ɨ84 19.7 KB

Note : The last note suggests that the current changes you made to the AndroidManifest.xml would be lost since itā€™ll copy the original file.

apktool help -advance output

image
image876Ɨ25 4.87 KB

Recompiling using the -c flag will use use the original ones and you donā€™t have to sign the apk manually later on. Which means someone could potentially change any asset, smali ( java ) or resources without getting caught

I personally used this to avoid the signature change detection that most system apps possess ( atleast commercialized androidx86ā€™s do ). - I was experimenting with system apps btw and most people ( i know ) use the flag if they havenā€™t touched those files.

Iā€™ve got another question in my head.

So, if theyā€™re smart enough to modify the app, Iā€™m pretty sure atleast some of them would know how to modify smali. They could just tamper with your extension code and inverse the values just so itā€™d return False instead of True. It just takes an integer level change which ( a single character change ) would defeat the entire selling point of this extension. ( Correct me if Iā€™m wrong )

So, it just feels like. It prevents newbie ā€œmoddersā€ who try to do some basic level stuff which doesnā€™t affect the revenue of the app in any ways , but we donā€™t know about the people whose modifications affect you

Iā€™m not trying to be rude, Iā€™m curious on how thatā€™d be effective.

PS : Iā€™m not showing something unethical, itā€™s just a point being proven.

2 Likes
#8

image
image729Ɨ227 24.2 KB

image
image729Ɨ227 24.2 KB

Unfortunately, it doesnt retain your changes, :slight_smile: Thats how signature works, if any modification in file, it will become unsigned

Im open to tests obviously if anyone of you wishes to do some

image
image739Ɨ246 19 KB

image
image742Ɨ354 46.7 KB

Also, you can see on AOSP site about signatures :slight_smile:

SHA-1 can be penetrated (risky) but SHA-256 is secure from penetration.

Conclusion
Signature / Keystore canā€™t be recreated, you could do a bit of research on Android Site about signing

2 Likes
#9

Extension is currently proguarded, its source is split in 300 different files (thats how you make modders cry)

And nothing is fully secure, but we can atleast add detection for changes ~

2 Likes
#10

Iā€™m actually interested in doing so ( Iā€™m curious actually ).

What I meant before wasnā€™t actually recreating or impersonating, I mentioned about re-using the original key ( using the one that it had been built with ).

Honestly, relying on front-end isnā€™t that great ( especially when you interact with money ). If your platform/app is likely to be hacked or modded. Itā€™s recommended to do some measures and take legal actions.

PS
My bad, I actually searched it up Androidā€™s new scheme has restrictions and it makes those workarounds obsolete. Thanks for letting me know.

https://source.android.com/docs/security/features/apksigning

#11

yeh thats what I meant, thanks for your query, it might cler user doubts :slight_smile:

1 Like
#12

hey dev ā€¦any bug ?

#13

No bugs known as of now

#14

I avoid paid extensions because they check every time server-side. Why I avoid paid extention? The reason Low-end devices already have some lag. and sometimes display annoying popup

#15

Uhm, thereā€™s no such thing in the aix from my side, it finds the Signing Certificate on your device only and avoids opening of apk if thatā€™s modified

#16

Here is free alternative with same mechanism

#17

Both arenā€™t same extension.

1 Like
#18

Yesā€¦ but we can also use this extension to detect that our app is modded or not

#19

No, you canā€™t.

2 Likes
#20

Yes. I canā€¦

If you cant. It doesnt mean no one canā€¦