Closed venkata16sidhartha closed 3 years ago
Ciao @venkata16sidhartha, can you share the script and the name of the app you are testing? Thanks
I am testing Uncrackable 1 from owasp.mstg I have run the following code using frida(frida -U --no-pause -l script.js -f owasp.mstg.uncrackable1) and spawned the app and able to bypass root detection: The code: Java.perform(function() { var c = Java.use("sg.vantagepoint.a.c"); c.a.implementation = function(v) { return false; } console.log("Bypassed c.a") c.b.implementation = function(v) { return false; } console.log("Bypassed c.b") c.c.implementation = function(v) { return false; } console.log("Bypassed c.c") })
When i run the same using RMS(enter the script in Run frida script at startup) root is not getting bypassed, the script is running but root is not getting bypassed. I think its loading the script after app is booting. Could you please look into it!
As per logs of RMs it says that the process is spawned and then script is loaded.
And If there is root detection based on some button for ex: app loads then press some button to detect root, that is getting bypassed. But root detection upon boot is not getting bypassed. Hope i am clear
Suppose i run this script: var sysexit = Java.use("java.lang.System"); sysexit.exit.overload("int").implementation = function(var_0) { send("java.lang.System.exit(I)V // We avoid exiting the application :)"); };
Which holds app upon exit being clicked, this is executing, coz this is running after app is booting. But the root detections upon boot are not !! Please look into it!
Hey @venkata16sidhartha, We discussed a similar issue here #9.
I think this is a design limit and I don't know if there is a trick to solve it. You have to use frida cli sometime ;)
When i run frida -l script.js --no-pause -U i am able to bypass root detection, but in rms if i load the script in device tab, it isnt loading the full script Could you please look into it!