Posts for: #Reverse-Engineering

Solving uncrackable1

bypass root

In the root bypass segement, we can see from the decomplied code that the segment where the check is taking place is:

if (c.a() || c.b() || c.c())
      a("Root detected!"); 
    if (b.a(getApplicationContext()))
      a("App is debuggable!"); 
    super.onCreate(paramBundle);

From digging down a bit more we can locate the functions declearations are under sg.vantagepoint.a.c. We will override all the functions so that they always return false and thus the application will believe that no su command exists and in the system implying that the system is not rooted.

Read more

Basic Frida commands

init

Frida is a reverse engineering framework which can be used to

installed apps

The below command will let you view applications which are on the virtual mobile device.

$ frida-ps -Uai
 PID  Name           Identifier                
----  -------------  --------------------------
3054  Calendar       com.android.calendar      
2463  Clock          com.android.deskclock     
3141  Email          com.android.email         
3175  Gallery        com.android.gallery3d     
3554  Hello App      com.example.helloapp      
3198  Messaging      com.android.messaging     
2547  Phone          com.android.dialer        
2299  Settings       com.android.settings      
3372  WebView Shell  org.chromium.webview_shell
   -  Calculator     com.android.calculator2   
   -  Camera         com.android.camera2       
   -  Contacts       com.android.contacts      
   -  Files          com.android.documentsui   
   -  Music          com.android.music         
   -  Search         com.android.quicksearchbox

run script

The below command will run the script on the application.

Read more