Hello everyone! Welcome to pentestguy. In this post we are going to learn about how to do android root detection bypass using frida-tools. There are multiple ways to bypass android root detection but using frida-tools is super easy and successful.
Why we need to bypass root detection?
As security research we need root access while performing android application penetration testing includes various tasks like certificate pinning bypass, check storage for sensitive data and so on.
During this article, we’re going to focus on bypassing root detection by tools like Frida and Objection. Our trusty testing ground for this mission? That’ll be AndroGoat, an app ripe with vulnerabilities. Feel free to follow the link – https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk to download AndroGoat. To install it, you can either simply drag-drop the APK file or rely on the old faithful ADB command, as shown:
adb install AndroGoat.apk
Before begin, you’ll want to have Frida and Objection installed on your system. You can grab Frida with the following commands:
pip install frida-tools frida --version
And here’s how you get Objection:
pip install objection
Next, let’s move to prepping the Android device by integrating it with Frida-Server. Here’s a step-by-step to get you through:
Download Frida-Server for Android from Frida’s official page – https://github.com/frida/frida/releases. Make sure you’re downloading the version that matches your device.
Extract the file you just downloaded and rename it to ‘frida-server’.
Move the frida-server to your Android device via ADB:
adb push frida-server /data/local/tmp
Now access your device via ADB shell:
adb shell
Go to the directory /data/local/tmp, give frida-server the permissions it needs to execute, and run it:
cd /data/local/tmp chmod +x frida-server ./frida-server
Having laid the groundwork, let’s talk about two roads that lead to the same destination: bypassing root detection.
Road 1: The Way of Objection
For this route, you’ll need the package name of the target app. You can get this either using ADB or Frida, like so:
For ADB:
adb shell pm list packages | grep owasp
For Frida:
frida-ps -Uia
Once you have the name in hand, call upon Objection to turn root detection on or off. Change ‘owasp.sat.agoat’ to your target package name:
objection -g owasp.sat.agoat explore android root disable
Road 2: The Way of Frida Script
Here, instead of running a script directly from CodeShare , save it as a plain-text file. You can get the script here.
If the about script is not working (as I noticed in some cases) use the script from this repository – https://github.com/AshenOneYe/FridaAntiRootDetection
Replace ‘owasp.sat.agoat’ with your target package name to run the command:
frida -l rootbypass.txt -f owasp.sat.agoat -U
Keep in mind that there are several strategies you can use to bypass root detection, but Frida and Objection are some of the mightiest tools in your toolbox.
If you found this post helpful then please share it with your co-workers and friends. Please provide your valuable comment and let us know if there is any suggestion. Now you can also collab with us please check our collaboration page, thank you!
