Closed shahmharsh closed 3 months ago
Hello @shahmharsh,
thank you for reporting the issue, we will look at it.
Kind regards, Talsec team
I am also facing this issue in my production application and because of that it has affected my new deployment as well. Is there a solution for this issue? I have tried adding a delay after starting the talsec engine but still issue is coming and hooking/root detection can be bypassed using Magisk/Frida etc. If a solution can be provided as soon as possible it will be really helpful.
Hello @shahmharsh,
Thank you for reporting this issue.
Root Issue
After further investigation, I've been able to reproduce the issue with adb root
rooting. We will work on a fix for this. Please note that other forms of root detection are not impacted by this bug and will continue to function correctly.
Hooking Issue I've also reproduced the hooking issue. The challenge with this detection is conceptual. freeRASP relies on periodic checks rather than proactive protection due to the nature of mobile platforms. Mobile platforms have limited computing power and energy resources mean that proactive detection could make app slower and/or significantly drain the battery.
freeRASP performs security checks at startup and then periodically after a set interval. This creates a time window that could be exploited for an attack. If you start the app directly with frida, it will be detected. However, if you run the app and then attach frida within this time window, frida won't be detected until the next periodic check.
BusinessRASP+ offers the option to adjust the length of this period, allowing for more or less frequent checks.
We will add this issue to our backlog and work on improvements for the future.
Best regards, Jaroslav from Talsec
Closing this issue and dividing it into bug issue and enhancement issue.
Describe the bug I have integrated the freeRasp SDK in my flutter app. I am mainly interested in the root detection and hook detection capabilities. On testing I have observed that I am able to run on my rooted android emulator (no callback), and when I try to dump the memory there is a delay in getting a
onHooks
callback.To Reproduce
Here's how I've integrated the SDK
class _MyAppState extends State {
final _callback = ThreatCallback( onHooks: () => _exitApp(), onPrivilegedAccess: () => _exitApp(), );
@override void initState() { super.initState(); _initializeRasp(widget.environment); }
@override Widget build(BuildContext context) { return const MaterialApp( title: 'Demo app', home: SplashPage(), ); }
Future _initializeRasp(Environment environment) async {
final config = TalsecConfig(
androidConfig: AndroidConfig(
packageName: AppConfig.getPackageName,
signingCertHashes: [
hashConverter.fromSha256toBase64(AppConfig.androidSha256)
],
),
iosConfig: IOSConfig(
bundleIds: [AppConfig.getPackageName],
teamId: AppConfig.iosTeamId,
),
watcherMail: 'test@test.com', // TODO: Update this email address
isProd: true,
);
}
static void _exitApp() async { await SystemChannels.platform.invokeMethod('SystemNavigator.pop');
}
}
Expected behavior
onHooks
should be called immediately (or during execution of) whenpython3 fridump.py -U -s MyApp
is executedPlease complete the following information: