RevealedSoulEven
commented
1 year ago Ya game guardian use this same thing
Closed VendorAttestation closed 10 months ago
RevealedSoulEven
commented
1 year ago Ya game guardian use this same thing
authorisation
commented
1 year ago Hey thanks for your suggestion, have you got any more info on how exactly they do this? You mentioned a native .so file do you know which one exactly?
RevealedSoulEven
commented
1 year ago As far as I know lucky patcher uses it too but it needs apktool or something to randomise that stuff. I ain't sure about it
On Sun, 4 Jun, 2023, 2:16 pm auth, @.***> wrote:
Hey thanks for your suggestion, have you got any more info on how exactly they do this? You mentioned a native .so file do you know which one exactly?
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1575472827, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXRS7LMFUARJ6NZADUDXJRDNJANCNFSM6AAAAAAYZUAZHU . You are receiving this because you commented.Message ID: @.***>
VendorAttestation
commented
1 year ago @authorisation its in the libscplugin.so you won't be able to see its obfuscated with LLVM custom by SC
but they use fstat64 to scan the file system for the package name
RevealedSoulEven
commented
1 year ago Better you can do one thing. @authorisation
Return fake package names like youtube/chrome/google/facebook and all safe package names. Whenever snapchat scans for app packages. One such xposed module which can fake it is Xprivacylua
VendorAttestation
commented
1 year ago @RevealedSoulEven not how that works. It's in the native fstat64 calls it it's better to be unique for all users and repackage on install.
authorisation
commented
1 year ago but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
VendorAttestation
commented
1 year ago @authorisation you can't do it with xposed you can with frida or emulate native scplugin.so
it is there tho and its not easy. A Guy named AeonLucid wrote this up before. But alot has changed since then i was able to get them tho with this tool
authorisation
commented
1 year ago @authorisation you can't do it with xposed you can with frida or emulate native scplugin.so
it is there tho and its not easy. A Guy named AeonLucid wrote this up before. But alot has changed since then i was able to get them tho with this tool
The article you provided is very old and outdated. There have been many changes to the Android framework since then. Starting from Android 11, Google introduced a new permission called 'QUERY_ALL_PACKAGES' and started to remove all apps that have this permission without a good reason from the Play Store. Snapchat does not have this permission, as it would result in them getting removed from the Google Play Store. Therefore, they cannot scan your installed apps. In theory, the only way they would be able to do this is by exploiting an Android vulnerability. However, considering that they are a very popular app, I doubt they have done something like that as it would also get them removed. The only thing they really check for is SafetyNet, AFAIK if that fails you will not be able to login or signup but feel free to correct me if I'm wrong.
VendorAttestation
commented
1 year ago @authorisation lol they do they don't care and they've been doing it for years
https://github.com/FrenchYeti/interruptor
use this it will dump it
RevealedSoulEven
commented
1 year ago @authorisation Better add bypass for them so that it won't get package names, it's that simple
RecursiveRegistrations
commented
1 year ago According to the Snapchat Privacy Policy, the list of apps you have installed on your device is one of the many data points that they collect.
If you are really worried about this, just install Hide My Applist and configure Snapchat with a whitelist to prevent it from seeing anything other than system apps.
VendorAttestation
commented
1 year ago @RecursiveRegistrations https://github.com/rhunk/SnapEnhance/tree/randomize_package_name
they have already starting working on it and i rather have a random application name then a jank solution. that way each users package is uniquely named.
authorisation
commented
1 year ago According to the Snapchat Privacy Policy, the list of apps you have installed on your device is one of the many data points that they collect.
If you are really worried about this, just install Hide My Applist and configure Snapchat with a whitelist to prevent it from seeing anything other than system apps.
They can try to collect all they want, it won't work due to the Snapchat app not having the required permissions and specific android limitations on android 11+ Anyways as @TheVisual said we already started working on it because I like the idea either way
RevealedSoulEven
commented
1 year ago Wth? I already told that instead of making the app package random, just hide the app list somehow lol.
If it would have random packages, everytime dump people will somehow install 2-3 snapenhance',s and ruin snapchat🤣
Better implement feature to automatically hide the applist(or only snapenhance to let snapchat doesn't detect in future that you're hiding the applist) that's more easier and better to implement lol.
You're chosing the path with stones and thrones if you've a easier way🤣
On Thu, Jul 13, 2023, 12:54 PM TheVisual @.***> wrote:
@RecursiveRegistrations https://github.com/RecursiveRegistrations https://github.com/rhunk/SnapEnhance/tree/randomize_package_name
they have already starting working on it and i rather have a random application name then a jank solution. that way each users package is uniquely named.
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1633707170, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXR43VCQV73QFIXHUSLXP6PCJANCNFSM6AAAAAAYZUAZHU . You are receiving this because you were mentioned.Message ID: @.***>
VendorAttestation
commented
1 year ago @RevealedSoulEven Stop spamming here he is adding my feature if you're dumb you shouldn't be using android in the first place you will get malware then especially if you're rooted. Everything you post here is off topic and the owner flags.
RevealedSoulEven
commented
1 year ago Oh common' Ya that's well said I don't have any experience in Android😅 but you can google my name once
On Tue, Jul 18, 2023, 8:58 PM TheVisual @.***> wrote:
@RevealedSoulEven https://github.com/RevealedSoulEven Stop spamming here he is adding my feature if you're dumb you shouldn't be using android in the first place you will get malware then especially if you're rooted. Everything you post here is off topic and the owner flags.
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1640448272, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXRY7GL7KRYHNPX3X7TXQ2TQBANCNFSM6AAAAAAYZUAZHU . You are receiving this because you were mentioned.Message ID: @.***>
RevealedSoulEven
commented
1 year ago "You'll get a malware if you're rooted"
Wow! I never heard of it. Where were you lord till now🙏🙏
On Tue, Jul 18, 2023, 8:58 PM TheVisual @.***> wrote:
@RevealedSoulEven https://github.com/RevealedSoulEven Stop spamming here he is adding my feature if you're dumb you shouldn't be using android in the first place you will get malware then especially if you're rooted. Everything you post here is off topic and the owner flags.
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1640448272, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXRY7GL7KRYHNPX3X7TXQ2TQBANCNFSM6AAAAAAYZUAZHU . You are receiving this because you were mentioned.Message ID: @.***>
pinkestflamingo
commented
12 months ago but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
Just disassembled it, no imports of fstat64 or any checking for libs. Must be removed.
VendorAttestation
commented
12 months ago but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
Just disassembled it, no imports of fstat64 or any checking for libs. Must be removed.
your full of it i talked to dev and hes seen it to. it's in libscplugin.so which is obfuscated not the apk lmao.
VendorAttestation
commented
12 months ago Legit on latest apk it's not removed lmao.
authorisation
commented
12 months ago but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
Just disassembled it, no imports of fstat64 or any checking for libs. Must be removed.
your full of it i talked to dev and hes seen it to. it's in libscplugin.so which is obfuscated not the apk lmao.
There's a nicer way to say this
This will be most likely implemented together with a manager for SnapEnhance which should make patching easier and more convenient for non rooted users but that is not our priority right now
rhunk
commented
10 months ago 
Description
Snapchat has been known in the past to detect package names like com.snapmodhere.name (and hand out 3rd party bans)
They do this in the native .so so making the package name random will help security
Agreement