It's based on the fact that the LFI emulation must enable you to get to /proc otherwise it doesn't make sense to serve the other files which are the goal of emulating the LFI vulnerability (etc/passwd and /etc/shadow). From there are multiple ways to understand that it's not a real system (/proc is impossible to simulate).
POSSIBLE FIX: the easiest one is to return permission denied on /proc but that might still raise eyebrows.
Quoting an email:
It's based on the fact that the LFI emulation must enable you to get to /proc otherwise it doesn't make sense to serve the other files which are the goal of emulating the LFI vulnerability (etc/passwd and /etc/shadow). From there are multiple ways to understand that it's not a real system (/proc is impossible to simulate). POSSIBLE FIX: the easiest one is to return permission denied on /proc but that might still raise eyebrows.