Closed VendorAttestation closed 10 months ago
Ya game guardian use this same thing
Hey thanks for your suggestion, have you got any more info on how exactly they do this? You mentioned a native .so file do you know which one exactly?
As far as I know lucky patcher uses it too but it needs apktool or something to randomise that stuff. I ain't sure about it
On Sun, 4 Jun, 2023, 2:16 pm auth, @.***> wrote:
Hey thanks for your suggestion, have you got any more info on how exactly they do this? You mentioned a native .so file do you know which one exactly?
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1575472827, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXRS7LMFUARJ6NZADUDXJRDNJANCNFSM6AAAAAAYZUAZHU . You are receiving this because you commented.Message ID: @.***>
@authorisation its in the libscplugin.so you won't be able to see its obfuscated with LLVM custom by SC
but they use fstat64 to scan the file system for the package name
Better you can do one thing. @authorisation
Return fake package names like youtube/chrome/google/facebook and all safe package names. Whenever snapchat scans for app packages. One such xposed module which can fake it is Xprivacylua
@RevealedSoulEven not how that works. It's in the native fstat64 calls it it's better to be unique for all users and repackage on install.
but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
@authorisation you can't do it with xposed you can with frida or emulate native scplugin.so
it is there tho and its not easy. A Guy named AeonLucid wrote this up before. But alot has changed since then i was able to get them tho with this tool
@authorisation you can't do it with xposed you can with frida or emulate native scplugin.so
it is there tho and its not easy. A Guy named AeonLucid wrote this up before. But alot has changed since then i was able to get them tho with this tool
The article you provided is very old and outdated. There have been many changes to the Android framework since then. Starting from Android 11, Google introduced a new permission called 'QUERY_ALL_PACKAGES' and started to remove all apps that have this permission without a good reason from the Play Store. Snapchat does not have this permission, as it would result in them getting removed from the Google Play Store. Therefore, they cannot scan your installed apps. In theory, the only way they would be able to do this is by exploiting an Android vulnerability. However, considering that they are a very popular app, I doubt they have done something like that as it would also get them removed. The only thing they really check for is SafetyNet, AFAIK if that fails you will not be able to login or signup but feel free to correct me if I'm wrong.
@authorisation lol they do they don't care and they've been doing it for years
https://github.com/FrenchYeti/interruptor
use this it will dump it
@authorisation Better add bypass for them so that it won't get package names, it's that simple
According to the Snapchat Privacy Policy, the list of apps you have installed on your device is one of the many data points that they collect.
If you are really worried about this, just install Hide My Applist and configure Snapchat with a whitelist to prevent it from seeing anything other than system apps.
@RecursiveRegistrations https://github.com/rhunk/SnapEnhance/tree/randomize_package_name
they have already starting working on it and i rather have a random application name then a jank solution. that way each users package is uniquely named.
According to the Snapchat Privacy Policy, the list of apps you have installed on your device is one of the many data points that they collect.
If you are really worried about this, just install Hide My Applist and configure Snapchat with a whitelist to prevent it from seeing anything other than system apps.
They can try to collect all they want, it won't work due to the Snapchat app not having the required permissions and specific android limitations on android 11+ Anyways as @TheVisual said we already started working on it because I like the idea either way
Wth? I already told that instead of making the app package random, just hide the app list somehow lol.
If it would have random packages, everytime dump people will somehow install 2-3 snapenhance',s and ruin snapchat🤣
Better implement feature to automatically hide the applist(or only snapenhance to let snapchat doesn't detect in future that you're hiding the applist) that's more easier and better to implement lol.
You're chosing the path with stones and thrones if you've a easier way🤣
On Thu, Jul 13, 2023, 12:54 PM TheVisual @.***> wrote:
@RecursiveRegistrations https://github.com/RecursiveRegistrations https://github.com/rhunk/SnapEnhance/tree/randomize_package_name
they have already starting working on it and i rather have a random application name then a jank solution. that way each users package is uniquely named.
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1633707170, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXR43VCQV73QFIXHUSLXP6PCJANCNFSM6AAAAAAYZUAZHU . You are receiving this because you were mentioned.Message ID: @.***>
@RevealedSoulEven Stop spamming here he is adding my feature if you're dumb you shouldn't be using android in the first place you will get malware then especially if you're rooted. Everything you post here is off topic and the owner flags.
Oh common' Ya that's well said I don't have any experience in Android😅 but you can google my name once
On Tue, Jul 18, 2023, 8:58 PM TheVisual @.***> wrote:
@RevealedSoulEven https://github.com/RevealedSoulEven Stop spamming here he is adding my feature if you're dumb you shouldn't be using android in the first place you will get malware then especially if you're rooted. Everything you post here is off topic and the owner flags.
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1640448272, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXRY7GL7KRYHNPX3X7TXQ2TQBANCNFSM6AAAAAAYZUAZHU . You are receiving this because you were mentioned.Message ID: @.***>
"You'll get a malware if you're rooted"
Wow! I never heard of it. Where were you lord till now🙏🙏
On Tue, Jul 18, 2023, 8:58 PM TheVisual @.***> wrote:
@RevealedSoulEven https://github.com/RevealedSoulEven Stop spamming here he is adding my feature if you're dumb you shouldn't be using android in the first place you will get malware then especially if you're rooted. Everything you post here is off topic and the owner flags.
— Reply to this email directly, view it on GitHub https://github.com/rhunk/SnapEnhance/issues/21#issuecomment-1640448272, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALYHMXRY7GL7KRYHNPX3X7TXQ2TQBANCNFSM6AAAAAAYZUAZHU . You are receiving this because you were mentioned.Message ID: @.***>
but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
Just disassembled it, no imports of fstat64 or any checking for libs. Must be removed.
but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
Just disassembled it, no imports of fstat64 or any checking for libs. Must be removed.
your full of it i talked to dev and hes seen it to. it's in libscplugin.so which is obfuscated not the apk lmao.
Legit on latest apk it's not removed lmao.
but they use fstat64 to scan the file system for the package name
Upon hooking fstat64 calls the only thing the libscplugin.so actually checks is the hosts file and some CPU calls, are you sure they are using fstat64 calls?
Just disassembled it, no imports of fstat64 or any checking for libs. Must be removed.
your full of it i talked to dev and hes seen it to. it's in libscplugin.so which is obfuscated not the apk lmao.
There's a nicer way to say this
This will be most likely implemented together with a manager for SnapEnhance which should make patching easier and more convenient for non rooted users but that is not our priority right now
Description
Snapchat has been known in the past to detect package names like com.snapmodhere.name (and hand out 3rd party bans)
They do this in the native .so so making the package name random will help security
Agreement