Root detection bypass by Objection and Frida Tutorial by Sakshi Sharma, a Cyber Security consultant.
What is Root Bypass?
When an application is developed, developers implement root detection mechanism to prevent the user from using that in the rooted android device. When a user tries to install some application, it throws an error message and doesn’t allow the application to install on rooted device. While performing the root bypass we make changes in the code and restricts the application from closing which further leads to installation of the application on rooted android device. So for performing this first of all I will install frida and after that i will bypass the root detection.
Open cmd and type the following command as shown in the below fig, one can check the version of Frida also.
Command: pip install frida
Now I have to set up frida on Android for the I need to download the Frida server for the specific android platform from Github.
Copy Frida server file into the android phone tmp directory using adb push command as shown in fig. Here I have used Genymotion as an android emulator. After the copying the file change the permissions of the frida server files.
Command: adb push frida server /data/local/tmp/
Step 4 :
I will install the application from playstore in genymotion android emulator and you can easily connect to frida server by cmd and can use the following command to list all the process running. When I tried to install the application, it shows an error message that the device is rooted.
Command: frida-ps -U
Next I have used objection and frida scripts to perform root bypass as shown in the figure.
Script used: $ frida — codeshare dzonerzy/fridantiroot -f YOUR_BINARY
So, to connect to one of those apps (which is shown in above figure), specify the name with the –gadget (names are referred as gadgets in Objection) flag.
Command: objection -g “com.abc.xyz” explore
Now i will use the command : android hooking list activities which will list all the activities that have been specified by the AndroidManifest.xml and activity classes found using this command could be used with the`android intent launch_activity` command to launch them. Here I have launched the intent for OTP for login.
Command : android hooking list activities
Hope you will like this tutorial.