Bypass Kakao Login in Self-Signed APK
Another signature check bypass tutorial for Android. I've modified the the template for this .smali from URET Team, kudos to them. If you haven't check out my first tutorial for Signature.hashCode() bypass, go check it out! ()
0. You'll need to know smali lang and some command line operation.
1. Text editor. (eg: Notepad++, Sublime Text, Atom, etc.)
2. ApkVer by @Xtreme Myst (https://boards.libre.io/resources/apk-verifier-and-certificate-info-retriever.69/)
Steps for Bypass Kakao:
2. Use ApkVer to get Signature Bits, copy its content and replace "SIGNATUREBITS" with the copied data.
getKeyHash, scroll down a bit(still at the smae method) find
4. Continue to next line, you'll see
move-result-object vx, at this point remember whats x in vx.
5. Enter new line right after
move-result-object vx, and write
6. Change x in vx atCode:
sget-object vx, Llolwut;->byte:[B
sget-object vx, Llolwut;->byte:[B.
7. Done. Build, Sign, and Play.
A video worth thousand words.
Steps for Bypass Signature (General): soon™
arraySig. Tried this with a game stats assistant that prevent access to its own API when apk is self-signed. Successfully bypassed it too. This might fail if apps is double signed tho, but.. AFAIK all apks are following goolge standards for sign apk only once(no 2 or more signatures).