3.2 Bypass detections

3.2.1 SSL PINNING

TBD soon

3.2.2 ROOT DETECTION

TBD soon

3.2.3 EMULATOR DETECTION

Identify any detection

grep -Ei "isEmulator" -Ei "root" -Ei "carrierNameFromTelephonyManager" -Ei "smellsLikeAnEmulator" -Ei "SystemProperties" -R . 

grep -Ei "build.fingerprint" -Ei "build.hardware" -Ei "product.kernel" -Ei "product.brand" -Ei "product.name" -Ei "product.model" -Ei "product.manufacturer" -Ei "product.device" -Ei "Emulator" -Ei "qemu.hw.mainkeys" -Ei "bootloader" -Ei "bootmode" -Ei "secure" -Ei "build.version.sdk" -R .

grep -Ei "generic" -Ei "unknown" -Ei "google_sdk" -Ei "Android SDK built for x86" -Ei "Genymotion" -Ei "google_sdk" -Ei "goldfish" -R .

A lot of applications try detecting an emulator by querying known system values.

Know your own environmental values

adb shell getprop ro.product.name

adb shell getprop ro.product.device

adb shell getprop ro.product.model

adb shell getprop ro.kernel.qemu

adb shell getprop ro.hardware

adb shell getprop qemu.hw.mainkeys

adb shell getprop ro.bootloader

adb shell getprop ro.bootmode

adb shell getprop ro.secure

adb shell getprop ro.build.fingerprint

adb shell getprop ro.build.version.sdk

In order to bypass it:

1. Know your values (have a look above)

2. Modify the code accordingly, so YOUR device's values pass the validation

3. Recompile project

4. Sign apk

5. Install and give it a try

Recompile:

apktool b ./modified_app_project_dir

Sign apk (key-creation + signing):

 keytool -genkey -v -keystore my-release-key.keystore -alias myalias  -keyalg RSA -keysize 2048 -validity 10000

/home/<user>/Android/Sdk/build-tools/<27.0.3_OR_CHECK_YOUR_USED_VERSION>/apksigner sign --ks my-release-key.keystore ./modified_app_project_dir/dist/modified_app.apk

Install apk:

adb install /path/to/modified_app.apk

INFO

• No 100% success guaranteed

  • There might be fancy solutions out there (appreciate any input here)

  • If it is heavily obfuscated -> good luck with that

  • Emulator detection usually comes w/ root detection as well (give it a try, before you cry)

• The grep commands above do search for known method-names or values which might get executed/checked on app-startup

THINGS TO REPORT

If bypassing the emulator detection by simple code-tampering is possible!

MORE DETAILS

• Bypassing Android Emulator Part I

• Bypassing Android Emulator Part II

• Bypassing Android Emulator Part III