Bypassing Root Detection on Android Devices

Introduction

• Two methods to bypass root detection on Android:
  1. Dynamic Approach using Frida
  2. Static Approach patching the APK with APK Tool

Background

• Previous episode focused on rooting Android devices using Magisk and SuperSU.
• Issues faced:
  • Root detection checks were simplistic.
  • SuperSU gave a different APK name.
  • Original root detection methods (like checking system xbin which) were outdated.
• Solution:
  • Patched the APK to correct the root detection issue.

Dynamic Approach with Frida

• Frida allows runtime hooking and modification of functions.
• Set up involves running the insecure app, using Android Studio, and MobSF with Frida scripts.
• Example: Override does SU exist function to always return false.

Steps

1. Set Up Environment
   • Run necessary applications: Android Studio, MobSF.
   • Use Frida's built-in scripts or code editor to modify scripts.
2. Script Execution
   • Example script hooks post login function and modifies does SU exist.
   • Use generic anti-root script for more robust checks.
3. Command Line Usage
   • Use Frida via command line or scripts without MobSF.
   • Address issues with Frida versions by downgrading if necessary.

Static Approach with APK Tool

• Involves decompiling and modifying APK files.

Steps

1. Decompiling APK
   • Use apktool to decompile the APK.
   • Find and modify relevant code sections (e.g., changing check paths).
2. Rebuilding APK
   • Rebuild using the latest APK Tool version.
   • Sign the APK since rebuilding removes original signing.
3. Installation and Testing
   • Uninstall the existing app.
   • Install the patched APK and test the functionality.

Conclusion

• Both methods have their own tools and setups.
• Encourages familiarity with tools like Frida and APK Tool.
• Programs with APKs may require deeper understanding of these methods.