Open marcotrumpet opened 1 year ago
msikyna
commented
1 year ago Hello @marcotrumpet ,
thank you for reporting the issue. The jailbreak detection bypass using Hopper and NOP region is quite advanced and will not be a problem in our businessRASP (https://github.com/orgs/talsec/discussions/5). However, we might look if we can help to prevent it in the freeRASP version as well.
Kind regards, Matúš, Talsec developer
marcotrumpet
commented
1 year ago Thanks a lot for the clarification!
marcotrumpet
commented
1 year ago Hi, reopening this for different reasons. The previous issue was regarding using NOP in you native talsecruntime framework (so it's a technique valid for nativa iOS and all other platform you support).
Now I want to point out that I'm able to bypass all your methods in the flutter package simply swapping hexadecimal. I used hopper but it should be possible also to do that with vim and no payed license in hopper.
syakymchuk
commented
1 year ago Plan to be solved in the next release of freeRASP
marcotrumpet
commented
1 year ago Awesome! Thank you guys
reyesmfabian
commented
1 year ago Hi, I'm just wondering if this will be in the new version of the plugin.
msikyna
commented
1 year ago Hello @reyesmfabian , it is not yet in the new version of the plugin.
The new version will be mainly about better developer experience, solving the debug vs release integration issues, removing HMS dependencies and enhancing root detection capabilities.
Hi,
I created a new flutter project to test freerasp capabilities and found out that jailbreak detection could be bypass using hopper and NOP region. I'm also aware that anti tampering protection and other methods are still valid (didn't test to bypass them yet) so even if someone bypass jb detection the framework should still be able to inform the app about that.
So I'm just opening this one to let you know what you probably already know.
Feel free to close this if you think that jb detection bypass is not a big deal and thanks for your amazing framework.