Android Pentesting-Bypassing Root Detection


This is a vulnerable bank application that I found from github ( which has a lot vulnerabilities that you can practice on

Setting up the backend server

It was mentioned on github that in order for this app to work properly we need to run the androlab server , so we need to install the dependencies that the python script needs

python pip flask sqlalchemy simplejson

Viewing the application

So now that application’s backend server is running let’s explore the application

Root Detection bypass

To bypass root detection I will be first showing to bypass it through frida script although we can try to use modules from EdXposed/Xposed or Magisk (which might not work ) also by decompiling the apk and modifying the code , building the apk again and then signing the apk with a certificate

Using Frida

Having frida already installed if it’s not you can install it with pip3 install frida , also pip3 intall frida-tools, if you have MobSF installed then frida might be already installed

frida -U -f --codeshare dzonerzy/fridantiroot --no-pause

Using Objection

objection -g explore
android hooking set return_value false

Using EdXposed RootCloak

I have already shown the way to install EdXposed on the device however it’s for version only from 8.0+ and EdXposed has a module called RootCloak

Using EdXposed Unrootbeer

Unrootbeer is an EdXposed module which is specially built for bypassing root detection on applications that are using RootBeer library for detecting root and in this case it will probably fail as this application isn’t using any library to detect root

Manually bypassing root detection

For static analysis I like to use MobSF which utilizes jadex to decomple apk which can also make a report of things it has find also we can analyze the source code

apktool d -r InsecureBankv2.apk
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore InsecureBankv2.apk alias_name




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store