Your hypothetical change of emulation tactics won't work. You're analyzing at the wrong abstraction level.
The "attestation tokens" to validate the integrity of the web browser environment would come from a 3rd-party (e.g. Google Play services).
For example... Today, hacks like youtube-dl work because implementing client-side code to "solve javascript puzzle challenges" is still inside the "world" that Google-server-to-browser-client present to each other. Same for client-side solvers for Cloudflare captchas. The "3rd-party attestation token" breaks those types of hacks.