search

3.2 Bypass detections

hashtag
3.2.1 SSL PINNING

circle-info

TBD soon

hashtag
3.2.2 ROOT DETECTION

circle-info

TBD soon

hashtag
3.2.3 EMULATOR DETECTION

hashtag
Identify any detection

grep -Ei "isEmulator" -Ei "root" -Ei "carrierNameFromTelephonyManager" -Ei "smellsLikeAnEmulator" -Ei "SystemProperties" -R . 
grep -Ei "build.fingerprint" -Ei "build.hardware" -Ei "product.kernel" -Ei "product.brand" -Ei "product.name" -Ei "product.model" -Ei "product.manufacturer" -Ei "product.device" -Ei "Emulator" -Ei "qemu.hw.mainkeys" -Ei "bootloader" -Ei "bootmode" -Ei "secure" -Ei "build.version.sdk" -R .
grep -Ei "generic" -Ei "unknown" -Ei "google_sdk" -Ei "Android SDK built for x86" -Ei "Genymotion" -Ei "google_sdk" -Ei "goldfish" -R .
circle-info

A lot of applications try detecting an emulator by querying known system values.

hashtag
Know your own environmental values

adb shell getprop ro.product.name
adb shell getprop ro.product.device
adb shell getprop ro.product.model
circle-info

In order to bypass it:

  1. Know your values (have a look above)

  2. Modify the code accordingly, so YOUR device's values pass the validation

  3. Recompile project

  4. Sign apk

  5. Install and give it a try

Recompile:

Sign apk (key-creation + signing):

Install apk:

hashtag
INFO

circle-info

  • No 100% success guaranteed

    • There might be fancy solutions out there (appreciate any input here)

    • If it is heavily obfuscated -> good luck with that

    • Emulator detection usually comes w/ root detection as well (give it a try, before you cry)

  • The grep commands above do search for known method-names or values which might get executed/checked on app-startup

hashtag
THINGS TO REPORT

triangle-exclamation

If bypassing the emulator detection by simple code-tampering is possible!

hashtag
MORE DETAILS

Previous3.1 Install application & use itNext3.3 Analyze local storage

Last updated

Was this helpful?