-
Notifications
You must be signed in to change notification settings - Fork 26
Root Detection Bypass Solution
Tim Guenther edited this page Jul 24, 2017
·
1 revision
- Follow the challenge set up guide.
- Decode the apk with:
java -jar apktool d <apk>. - Browse to decompiled code and open
.smalifile. This can be done with your favorite editor. - Modify the smali code. E.g. change the file path, delete the root detection check or change the if statement.
An example can be found below. Many solutions are possible to solve this challenge. Here the if condition is modified:
(/base/smali/ruhrpott/owasp/com/vuln_app_1/Root_Detection$1.smali)
if-eqz v2, :cond_0
to
if-nez v2, :cond_0
- Rebuild the apk with apktool:
java -jar apktool b <smali project> <apk name>
(A subfolder with the name of the apk is create in the current folder.) - Sign the rebuild application.
- Create the keystore (this step is only needed once.):
keytool -genkey -alias mystore -keyalg RSA -keystore KeyStore.jks -keysize 2048
(The Ubuntu VM keystore has the password 123456) - Sign the application:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore KeyStore.jks <apk> <alias> -storepass <pw> - Uninstall old version from emultator /phone:
adb uninstall <package> - Install new version:
adb install <apk>
- It can be useful to decompile the source code with
JD-GUIto understand it better.JD-GUIcan't be rebuild but provides more readable source code.
- https://source.android.com/devices/tech/dalvik/
- https://source.android.com/devices/tech/dalvik/dalvik-bytecode
- http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
- https://github.com/JesusFreke/smali/wiki
- https://github.com/JesusFreke/smali/wiki/Registers
- https://github.com/JesusFreke/smali/wiki/TypesMethodsAndFields
Please open an issue in the case you found a mistake in the wiki.