Prerequisite
Download Frida
install in your Windows, linux or mac , see tuto here
I have some here
Android Root Detection
These day developers tried to add root-detection function in order to avoid debugging and atttacking to their application. But it can always be bypassed in some ways.
Bypass
First tried to understand the code.
some app search the package like supsersu , busybox , cydia
diging to code
below is example , not applications could be same.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 public static void checkRootedDevice(Activity paramActivity) { if (("Staging".compareToIgnoreCase("Live") == 0) && ("Staging".compareToIgnoreCase("Staging") == 0) && ("Staging".compareToIgnoreCase("Production") == 0)) { return; } new SafetyNetHelper("", paramActivity).requestTest(paramActivity, new SafetyNetHelper.SafetyNetWrapperCallback() { public void error(int paramAnonymousInt, String paramAnonymousString) { Log.d("My App", "errorCode:" + paramAnonymousInt + " and errormsg, " + paramAnonymousString); } public void success(boolean paramAnonymousBoolean1, boolean paramAnonymousBoolean2) { if (!paramAnonymousBoolean2) { Helper.showAlertNotCancelAble(this.val$activity, "Alert", "Root/Jail break detected on this device. App cannot run on rooted/jail-broken device.", new DialogInterface.OnClickListener() { public void onClick(DialogInterface paramAnonymous2DialogInterface, int paramAnonymous2Int) { Helper.10.this.val$activity.finish(); } }); } } }); }
hook with frida 1 2 3 4 5 6 7 8 Java.perform(function() { var myClass = Java.use("com.myapp.package.Helper") myClass.checkRootedDevice.implementation = function(v) { send("checkRootDevice got called! Let's call the original implementation "); return false; } })
now applicaiton is hook and return false
run with in frida
frida -U -l disableroot.js -f com.myapp.package
