Remove emulator detection caused by LIAPP

[eliottalderson]

Hello everyone, I would like to know if it possible to remove the emulator detection from an app or not.
Here is what I tried (from what I have been looking around this forum and other youtube videos):

- searching for emulator keywords in game guardian (searched ":emulator") and tried changing the values but they didn't.
- tried decompiling the app and see if its possible to remove detection functions but I don't think decompiling was successful in the first place to my knowledge.

is there anyone that can guide me on how to do so? 

should every app be dealt with in a specific way than the rest due to this LIAPP protection? Any help is highly appreciated.

P.S. this is my first post so I hope am in the right category.

[MC874]

Hi @eliottalderson, it is depends on how the game/app implements emulator detection. Some through java classes and some through compiled library. My approach is to use: frida for java classes and do reverse engineering using: IDA Pro or Ghidra for compiled library. So for LIAPP use frida instead.

Quote

Should every app be dealt with in a specific way than the rest due to this LIAPP protection?

Yes. Developers can name the 'emulator detection' whatever they want, also the approach can be different. So different app, different approach, unless they are under the same system with the same version (ex: tersafe/anog, liapp, etc)

Quote

P.S. this is my first post so I hope am in the right category.

You're in the right category, don't worry.

Quote

- searching for emulator keywords in game guardian (searched ":emulator") and tried changing the values but they didn't.
- tried decompiling the app and see if its possible to remove detection functions but I don't think decompiling was successful in the first place to my knowledge.

Welp, I've seen some videos that it is possible to disable LIAPP from being launched through smali. However, decompiling the APK requires you to disable the APK Signature first for most game/app which is a different kind of story. You're on the right track, keep tracing the game and you're a reverse engineer!

[eliottalderson]

@MC874Hello Mc. Now thats a quick and very helpful reply! so thanks a lot!

I have more questions regarding your reply please.

13 hours ago, MC874 said:

My approach is to use: frida for java classes and do reverse engineering using: IDA Pro or Ghidra

frida and Ghidra/IDA Pro should be used together to achieve the task right?

 

13 hours ago, MC874 said:

I've seen some videos that it is possible to disable LIAPP from being launched through smali. However, decompiling the APK requires you to disable the APK Signature first for most game/app which is a different kind of story

I used apktool to decompile the app to smali but it showed errors. I tried searching online to see if the errors are caused due to the protection applied but didnt find any info.

I also tried jadx on the same app but didn't get much info.

so are the errors I got from apktool due to the protection of LIAPP or is the tool not very good? the same goes for jadx.

is disabling the APK signature not possible or just very hard?

Again, any help would be really appreciated as am very new to the world of reverse engineering.

 

[DoDevil]

I'm still finding a way too bcuz LIAPP detect virtual phone (Cat&Soup Cute Game)