There are multiple possible ways to bypass emulator detection for a particular or all applications. Here we will discuss two of their methods.

Method #1

Generally, Ldplayer is used to bypass emulator detection. Ldplayer is a best and unique product of one of the leading Android emulator research and development company developed. It contains a fast and efficient operating system that uses world-leading kernel technology to avoid any type of performance issue.

Step 1

First of all, you have to install and download LD player latest version from its official website https://www.ldplayer.net/

Step 2

After installing the LD player, you have to open an LD player and install the app you want to use in your device. You can use the play store or LD player’s default store easily to download the app once you have finished the downloading close the emulator. Now you have to download the bypass configuration file for the LD Player.

Step 3

Download Bypass Config File from here. This tool was made for PUBG Mobile.

CRN Bypass Tool

Step 4

Run LD Player after fixing emulator bypass. Basically, this hack was made for a game PUBG Mobile but can be used for any application. Second & more advance method below.

Method #2

At some point, while performing vulnerability assessments on android applications, you will encounter apps that don’t want to run within an emulator. We can’t blame application owners for wanting to ensure that the user interaction they see comes from genuine devices, but it doesn’t help us do any security testing on it.

There are several ways to detect an emulator; however, this example is only relevant to the most common way we see. In this application, a check performed for an IMEI value of 000000000000000, which is the value used by the emulator that ships with Android SDK. The code segment below checks for this value and exits if correct. While we could quickly patch the matter from within the application, it may be more efficient in the long run to change the IMEI value of our emulator. This way, we don’t have to patch the next application that does this.

The IMEI is stored as a text string so that we will search for a ‘text string’ accordingly. Open the binary with hex-editor, hit ^W, and search for the fifteen zeroes. Note that the binary we wish to open is not the “emulator” binary, but the “emulator-arm” binary. If you are using a different architecture, you may be using the MIPS or x86 binary.

cp emulator-arm emulator-arm.bak
hexeditor emulator-arm

Note once again this is an ascii string, so the zeroes are 0x30.

In this case, we just replace four characters with 1234 by updating 0x31, 0x32, 0x33, and 0x34. Do not change the length of data in this segment or overwrite bytes outside this segment or you will corrupt the binary.

Just save and exit. Now our emulator will be using our new custom value.

Related Post

Leave a Comment