detect modification

Previous topic - Next topic

MrPlow

Hi

Is there any handy or crafty way to check if someone messes with the apk files or apk contents - some kind of check sum process... ?

Comp:
Speccy-48k, Speccy-128k, Amigas, PCs

spacefractal

No. Imposssible to do Anything. Android is quite piracy.....

You Can so some hash for tre content and some shops implement DRM.

Same with iOS.
Genius.Greedy Mouse - Karma Miwa - Spot Race - CatchOut - PowerUp Elevation - The beagle Jam - Cave Heroes 2023 - https://spacefractal.itch.io/

UBERmonkeybot


spacefractal

There is possible to detect the shop and the installer, but sometimes its does not work. Android sadly does impose quite high piracy. Here iOS is qutie better.

You can do use hash to checking if content is changed in the code. Im also did some code to change colors in the png files, but its does take longer time to read. Im thinks the code is in code snippets.

But you dont need the final size of the apk, so its impossible to do anything with that without some drm from the shop site. Google for some years ago dropped its drm system. Amazon still can impose a drm.

So nothing im can do.
Genius.Greedy Mouse - Karma Miwa - Spot Race - CatchOut - PowerUp Elevation - The beagle Jam - Cave Heroes 2023 - https://spacefractal.itch.io/

spacefractal

the best bet (which would been cracked sooner or later anyway) is doing something like this:
https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app

by checking for the key, and its might only works for Google Play, and Not on Amazon Store (because Amazon changes the signed key as im are aware).

com.android.vending is possible by checking using KEY(). See line around 426 in the SDLActivity.Java. Not bullutproff throught (the Amazon part seens fails last time).
Genius.Greedy Mouse - Karma Miwa - Spot Race - CatchOut - PowerUp Elevation - The beagle Jam - Cave Heroes 2023 - https://spacefractal.itch.io/

MrPlow

Cool thanks!

I was also thinking that the ad.load function might return a different value or an error in an ad-hacked version - that I could utilise?

Comp:
Speccy-48k, Speccy-128k, Amigas, PCs

spacefractal

you should not rely with that for ads, because phones can simply been set in airplane mode (some people does that to avoid ads). So im will not touch anything with ads at all. You can do checking if the ads was been loaded or not.

signer is property better in a different code, not doing with ads checking at all.

Its two different thing.
Genius.Greedy Mouse - Karma Miwa - Spot Race - CatchOut - PowerUp Elevation - The beagle Jam - Cave Heroes 2023 - https://spacefractal.itch.io/