⚠️ When is PairIP not PairIP? 🤔

[Snailsoft]

This past month I have had several "PairIP" protected game's sent my way as no one could remove the protection.
At first I thought it might be a new version.
In some cases it was PairIP combined with other protection.
A few however just didn't jive.

When examining the apk library folder one finds the libpairipcore.so file.
However, looking at the size it is 4 times larger than an actual PairIP library.

When scanned by ApkID, it doesn't identify as PairIP protection.

When scanned by MT it says PairIP, but that is because it looks for the library.

Using MT, if one examines the DEX code, the PairIP protection and folder are not present.

So, if you are trying to remove PairIP and everything failed, perform some manual examination's and don't take the scan results for granted. Fake PairIP is appearing more often and can easily corrupt anti PairIP results.

 

[Sbenny]

Very interesting

 

[AnnaEnea]

Very interesting

I can't take it anymore with this Pairip

 

[AnnaEnea]

Very interesting but for now I've stopped looking for Pairip! I don't have much time but I'll try again later
Thank you for all your time and work

 

[Snailsoft]

Here is another situation I am seeing more of lately.
Simple, but effective.
As most PairIP removal/bypass tools rely on scanning for the libpairip.so library, if not found they will abort.
Scanners too will report no PairIP detected.

In the game, Alchemica, ApkID doesn't show any Google protection, although all the tells are there.

In this instance, an examination of the library folder reveals nothing alarming.

An examination by MT also reveals zero protection used, which contradicts ApkID.

An examination of the DEX code is far more revealing, showing PairIP is present.

In attempting to remove PairIP the process is a success but the outcome a failure.

Although the game installs, it exits without error.

Going back to the only library in this game, libdatastore_shared_counter.so and now being able to decode the manifest, we find yet another fake PairIP.

Less than a week ago, developers began reporting this library slipping into their builds without their knowledge!

Recently I noticed that in new projects where I use Jetpack Datastore I have a new native lib added to apps' bundle:

bundle.abb\base\lib\arm64-v8a\libdatastore_shared_counter.so

What is that exactly?

and yeah I didn't have it previously with:

androidxDataStore = "1.0.0"

but got it after updating to:

androidxDataStore = "1.1.0"

update:

the issue here that now Google Play Console shows me a warning about debug symbols and that modifying my own code is not permitted.

This appears to be related to: androidx/datastore/multiprocess/SharedCounter.kt, which may provide backend access control. It is a debugger being controlled by Google.

When examining the manifest, one begins to understand WHY Google doesn't want you to see what is being concealed in this "OFFLINE" game.

It is mandatory online at all times, boots with your device silently, downloads ad's, SCANS YOUR FINGER PRINT, bypasses biometric security on a device, and uses billing service's even without the user knowledge!!!

Albiriox is an Android Remote Access Trojan (RAT) and rumors are that Google has adapted the code for their own malicious purposes.
Developers are not even aware Google is adding this code and obfuscating it.

PairIP is just a red herring.

 

[Sbenny]

That is scary, I wonder how long it will take till someone brings this up at the court, especially now that digital privacy is a thing.

 

[Snailsoft]

In the States, Privacy is part of the national Constitution under the extended Bill of Rights and Universal Declaration of Human Rights, yet as with any aspect of the Constitution, unless the People take a stand to uphold and defend those Rights greed and corruption will prevail.
Laws created by the same corporate entity violating those Rights never benefits the People and only serves the offending powers.
One of the greatest deceptions is that laws somehow grant Rights, when it is just the opposite - laws take away Rights by removing the Peoples ability to self govern and give control to the corrupt elite.

Given how recent Google began adding RAT code and obfuscating it as well as approving apps containing it, along with the NSA spy hardware built into devices, clearly no amount of laws matter to these entities.

But I digress as this thread is about fake PairIP and not the absence of morals or ethics in corporations/governments.