Android Pentesting-Bypassing Root Detection

InsecureBankV2

Setting up the backend server

python pip flask sqlalchemy simplejson web.py

Viewing the application

Root Detection bypass

Using Frida

frida -U -f com.android.insecurebankv2 --codeshare dzonerzy/fridantiroot --no-pause

Using Objection

objection -g com.android.insecurebankv2 explore
android hooking set return_value com.android.insecurebankv2.PostLogin.doesSUexist false

Using EdXposed RootCloak

Using EdXposed Unrootbeer

Manually bypassing root detection

apktool d -r InsecureBankv2.apk
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore InsecureBankv2.apk alias_name

References

--

--

--

Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Upload to AWS S3 from Android: S3 Integration & Customizations for large files

Spawning with Coroutines

Understanding Android Runtime and Dalvik

Flutter: Perform Background Job

Handle TransactionTooLargeException

Why Jetpack Compose is Not as Easy as it Looks? (For Real)

Jetpack Compose is tough and Irritating.

We are getting closer to our alpha release, so get yourself ready to our next Invite Competition…

How to build a generic paging source for Jetpack Paging?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ARZ101

ARZ101

Pentester | CTF Player

More from Medium

Android Pentesting-Setting up lab

Introduction to Spring Boot Related Vulnerabilities

PortSwigger Lab: Exploiting XXE via image file upload | WalkThrough

Mobile Static Analysis using Scrounger Framework