Bypass root detection

by Vinnie Vanhoecke — on  ,  , 

cover-image

Introduction

During mobile penetration tests I usually have to set up a local access point to connect my mobile testing devices to it. This access point is set up via a USB wifi dongle on my penetration testing laptop. By setting it up on my penetration testing laptop I have more control about where the traffic should go from the mobile devices. For example I could use some iptable rules to forcefully redirect all HTTP(S) traffic to my proxy server to intercept all the web requests and responses.

Setup Overview

  1. Install the frida tools on your system (I am using Ubuntu) ```pip install frida-tools # CLI tools pip install frida # Python bindings npm install frida # Node.js bindings

  2. Get the frida android server from: https://github.com/frida/frida/releases Select one of these options: frida-server-12.2.6-android-x86.xz frida-server-12.2.6-android-x86_64.xz frida-server-12.2.6-android-arm.xz frida-server-12.2.6-android-arm64.xz

Push the file to your android device adb push frida-server-12.2.6-android-x86 /data/local/tmp/frida-server adb shell "chmod 755 /data/local/tmp/frida-server" adb shell "/data/local/tmp/frida-server"

Then see if frida is working with frida-ps -U: (TODO Screenshot)