Open rodirigos opened 2 years ago
Hi @rodirigos,
I'm the friendly issue checker. Thanks for using the issue template :star2: I appreciate it very much. I'm sure, the maintainers of this repository will answer, soon.
Hi, could you or somebody check if this implementation prevents the bypass https://github.com/DarkIrata/xamarin-fingerprint/tree/android-cryptoobject I added the CryptoObject to the authentication and cipher validation. Currently i don't have any devices i could install frida on and problems with the Android Emulator.
If it fixes the problem, I will create a pull request.
Any update on this?
Didnt heard anything back
@DarkIrata thanks for your response, I saw that you made a fix but it hasn't been merged right?
@DarkIrata thanks for your response, I saw that you made a fix but it hasn't been merged right?
right, not merged yet. I just compiled it myself and use it like that for now
Hi Everyone. This implementation of the Biometric is not 100% accurate. It allows users to bypass the security since it does not implement the android secret and cypher. I can find here the script: https://codeshare.frida.re/@Saket-taneja/biometricauthenticationbypassnullcryptoobject/
Steps to reproduce
Expected behavior
The authentication should fail after the script. It should have some crypto object, at least for Android devices. It does not contain the cipher to ensure the CryptoObject is decrypted.
Actual behavior
It allows bypassing the fingerprint verification
Configuration
Version of the Plugin: 2.1.5
Platform: Android
Device: Any