[PAID] Anti Mod : Detect if app is modded

An aix to detect if your app is modded, useful for Apps with In App Purchases or Some premium subscription system.

Blocks
image
Triggered when some error is encountered. [event]

image
Triggered when the signature is retrieved. (Triggered by GetApkSignature() function). [event]

image
Retrieves a signature for given keyType and packageName. [function]

image
Returns if device is currently being monitored/debugged by someone, which can leak sensitive information about your app. [boolean]

image
Returns MD5 keyType which can be passed to GetApkSignature() method. [text]

image
Returns SHA1 keyType which can be passed to GetApkSignature() method. [text]

image
Returns SHA256 keyType which can be passed to GetApkSignature() method. [text]

Demo
Key retrieved by aix.

Key from Kodular Account

How to detect if my apk is modded?
We know that everything can be mimicked, but its nearly impossible in android to mimic an apk signature.

So, to detect if apk is modded :

Sponsored By
@Metion_Technologies

Suggestions
Always encrypt / hardcode your keys.
Never share your keystore to anyone.

To buy
Dm me

16 Likes

Nice extension.

1 Like

Can it protect from apps like Lucky Patcher?

Yeh, since patched / modded apps doesnt have same SHA1 or SHA256

2 Likes

I guess this only works if the modder ( or a potential user who tries to modify ) tries to tamper with AndroidManifest.xml, since they wouldn’t need any signature/modifications of keys whilst doing an ordinary de-compile and re-compile.

Actually, after any edit to apks, signature is modified, let it be even putting a simple file in assets. Upon every single modification in apk, it becomes unsigned

1 Like

Apktool site


Note : The last note suggests that the current changes you made to the AndroidManifest.xml would be lost since it’ll copy the original file.

apktool help -advance output

Recompiling using the -c flag will use use the original ones and you don’t have to sign the apk manually later on. Which means someone could potentially change any asset, smali ( java ) or resources without getting caught

I personally used this to avoid the signature change detection that most system apps possess ( atleast commercialized androidx86’s do ). - I was experimenting with system apps btw and most people ( i know ) use the flag if they haven’t touched those files.


I’ve got another question in my head.

So, if they’re smart enough to modify the app, I’m pretty sure atleast some of them would know how to modify smali. They could just tamper with your extension code and inverse the values just so it’d return False instead of True. It just takes an integer level change which ( a single character change ) would defeat the entire selling point of this extension. ( Correct me if I’m wrong )

So, it just feels like. It prevents newbie “modders” who try to do some basic level stuff which doesn’t affect the revenue of the app in any ways , but we don’t know about the people whose modifications affect you

I’m not trying to be rude, I’m curious on how that’d be effective.


PS : I’m not showing something unethical, it’s just a point being proven.

2 Likes

Unfortunately, it doesnt retain your changes, :slight_smile: Thats how signature works, if any modification in file, it will become unsigned

Im open to tests obviously if anyone of you wishes to do some


Also, you can see on AOSP site about signatures :slight_smile:

SHA-1 can be penetrated (risky) but SHA-256 is secure from penetration.

Conclusion
Signature / Keystore can’t be recreated, you could do a bit of research on Android Site about signing

2 Likes

Extension is currently proguarded, its source is split in 300 different files (thats how you make modders cry)

And nothing is fully secure, but we can atleast add detection for changes ~

2 Likes

I’m actually interested in doing so ( I’m curious actually ).

What I meant before wasn’t actually recreating or impersonating, I mentioned about re-using the original key ( using the one that it had been built with ).

Honestly, relying on front-end isn’t that great ( especially when you interact with money ). If your platform/app is likely to be hacked or modded. It’s recommended to do some measures and take legal actions.

PS
My bad, I actually searched it up Android’s new scheme has restrictions and it makes those workarounds obsolete. Thanks for letting me know.

https://source.android.com/docs/security/features/apksigning

yeh thats what I meant, thanks for your query, it might cler user doubts :slight_smile:

1 Like