Bypass Kakao Login for Signed APK (Bypass Signature Check)

<3OPStaff#3675834
Bypass Kakao Login in Self-Signed APK

Another signature check bypass tutorial for Android. I've modified the the template for this .smali from URET Team, kudos to them. If you haven't check out my first tutorial for Signature.hashCode() bypass, go check it out! ()

Requirement:
0. You'll need to know smali lang and some command line operation.
1. Text editor. (eg: Notepad++, Sublime Text, Atom, etc.)
2. ApkVer by @Xtreme Myst (https://boards.libre.io/resources/apk-verifier-and-certificate-info-retriever.69/)​

Steps for Bypass Kakao:
0. Download lolwut.smali 1. Move lolwut.smali to smali/ folder.
2. Use ApkVer to get Signature Bits, copy its content and replace "SIGNATUREBITS" with the copied data.
3. Open smali/com/kakao/util/helper/Utility.smali, find getKeyHash, scroll down a bit(still at the smae method) find Landroid/content/pm/Signature;->toByteArray()[B.
4. Continue to next line, you'll see move-result-object vx, at this point remember whats x in vx.
5. Enter new line right after move-result-object vx, and write
Code:
sget-object vx, Llolwut;->byte:[B
6. Change x in vx at sget-object vx, Llolwut;->byte:[B.
7. Done. Build, Sign, and Play.​

A video worth thousand words.


Steps for Bypass Signature (General): soon™
 
it can use with other signature?
 
OPStaff#3678849
it can use with other signature?
I have made an improvement to original template, which adds function for return Signature array, arraySig. Tried this with a game stats assistant that prevent access to its own API when apk is self-signed. Successfully bypassed it too. This might fail if apps is double signed tho, but.. AFAIK all apks are following goolge standards for sign apk only once(no 2 or more signatures).
tl;dr. yes.
 
Last edited by a moderator:
Please help to bypass signature check in game called critical ops
 
heeelp me,