How should I release DATA for an APK that crashes on Startup if not downloaded from Google Play?

[LolHappy]

Q1: Is there a way to patch it?
Q2: What should I try on the APK?
Q3: Should I just release the DATA/Make a Shortened URL that auto downloads the app from google play?

App I've Modded (Google Play Link): Gin Rummy - Offline Free Card Games - Apps on Google Play
Mods I have added to the data: 99999999999999999+ Coins
Status: Can't add toast because of this, can't provide Working APK for data.
IDK if I can release without APK.

 

[Yas Kashije]

If it crashes when not downloaded from playstore, it's very likely it has signature or origin verification; that means it's protected.
You should try using logcat to debug, find when the crash is called, and tamper the instructions to bypass the crash.

 

[LolHappy]

Ok, Thank You.

 

[LolHappy]

@Yas Kashije
Can you tell me what this log part means (I think it might be how it verifies the signature):
PackageManager W Failure retrieving resources for com.sngict.rummy.gin: Resource ID #0x0
DebugConnMana... W getNetworkInfo() on networkType 1 (3x)
ContextImpl W Calling a method in the system process without a qualified user: android.app.context.Impl.sendBroadcast: 1333 com.androi...
Prcoess I Sending signal. PID 14422 SIG: 9
DebugConnMana... (3x again, same text)
Killing pid 14464 in uid 10076 as part of process group 14422( 9x (PID might be Process ID))
ActivityManag... I Process com.sngict.rummy.gin (pid 14422) has died

and how
I could tamper/erase/modify that section of code.

 

[Yas Kashije]

Check the following tutorials and search for more:

Bypassing smart fake init crash 📖 Tutorial

A year ago, A modder asked for help with Bike Race, so I had decided to look into it. I had bypassed fake crash long time ago but now I will finally make tutorial to help you get smarter with the fake crash situation. Devs think they are smart enough to create fake crash to troll cheaters but...

forum.sbenny.com

How to capture a logcat (non-root and root) 📖 Tutorial

Logcat helps you diagnose the errors of app, hardware, etc There are two ways to capture a logcat Non-rooted device: Install adb if you haven’t install it yet [OFFICIAL][TOOL][WINDOWS] ADB, Fastboot and Drivers - 15 seconds ADB Installer v1.4.3 On your device, enable USB-debugging and connect...

forum.sbenny.com

How to remove server-sided cheat detection error (Smali)

Got this error and you can't find the string anywhere in the APK file? Well, the string are stored in the server. It uses JSON script to detect unofficial version of APK and retrieve the string, but it is still possible to remove the error completely I used the game Hero Legend as an example...

forum.sbenny.com

Since we are talking about security bypass, I'm sorry I won't be able to help you any further; you will have to figure it out by yourself.

Good luck.

 

[LolHappy]

ok, well thank you anways!

 

[Sbenny]

The first step to find out if it's a signature detection or not would be simply resigning the apk without modding it at all, and launching it. If it crashes on startup, it's definitely a signature check, otherwise it's more likely a cheat detection. Anyways, being an offline game I wonder how come developers spend their time trying to protect such things.. did you, by any chance, try lowering the amount?

99999999999999999+ seems to be a very very high value, if it falls outside the limits of an Int32/Float/Double, there's a chance this causes a crash, too.

 

[LolHappy]

@Sbenny
I just spammed 9's to represent 999,999,999+ (D-word) which is under the limit, I have tried to get an APK from Google Play, extract with Nox's Inbuilt "export" feature then reload it onto NOX, I'm almost certain it extracted it as signed, but I will use an APK signer to make sure. Thank You.

 

[LolHappy]

I know, the only thing they make off these games are AD revenue (If the user even has internet) and In-App Purchases (WHICH YOU CANT BUY UNLESS YOU GET INTERNET). So they basically barely make ANY Revenue off these people who usually don't have internet and go to a cafe or something to use it maybe every other week, who probably don't wanna spend money on the offline game and are going to play it offline because of ads.

At that point I'd just not put in effort for protection and hope 4 the best.

 

[LolHappy]

I'm just gonna use LDPlayer to mod it again instead of NOX so I can patch out license verification (gamble) and make it work. (Also, I have no clue where the Coins are stored (where the data is in my files) cuz I erased the Cache, OBB, and DATA Manually and it still didn't work (unless it's Google Play Games). Wish Me Luck!

 

[LolHappy]

@Sbenny I have an idea... what if i used APK-SIGNER (I have full features to add keystores) and ApkSignature (Google Play Store Apps) to grab the MD5 Hash of the app (In this case, Gin Rummy) and apply it to the keystore and then sign the modded version with the original key? Would that work? and how would I should I go about doing it? I would appreciate your thoughts. (I'm almost certain it is not blocking the Mods I applied)

 

[LolHappy]

Also, My APK has a signature section that shows the "android.content.pm.Signature@_#____#_ (_ = letter and # for number, since I don't know weather it would be safe to share, it also shows the CN, OU, O, L ,ST (Unknown), and C. I don't know what it means but it might be important. (Sorry if this counts as spam for so many messages).