There is way to counteract frida toolkit in android app?

About

Asked 10/4, 2020 at 10:55 Answered 10/4, 2020 at 11:19

Solved android frida public-key-pinning android-network-security-config

in app i use native network security config for public key pinning.

using frida toolkit our security team can bypass pinning.

the question is simple: there is any way to protect against that or not ?

Paschall answered 10/4, 2020 at 10:55 Comment(2)

There's always protection against some tampering and then there's always more tampering to circumvent the protection. It's a cat and mouse game and this question is a bit broad to give a clear answer. – Scrubby 10/4, 2020 at 11:4

@Scrubby yes, which are the cat against frida ? i do not want invulnerable app, bug to protect against basic use of frida – Paschall 10/4, 2020 at 11:16

Short answer - "yes... but"

Long answer(s)

https://github.com/darvincisec/DetectFrida

https://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida

https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05j-testing-resiliency-against-reverse-engineering

For each one of them there is a way to bypass as @JensV said, for example;

Detecting Frida by scanning local ports and or doing the D-Bus auth dance? Start "frida-server with --listen=unix:/path/to/sock" and then forward the socket to a local TCP port with adb forward tcp:27042 localabstract:/path/to/sock. Credit: t@leonjza

Expostulate answered 10/4, 2020 at 11:19 Comment(7)

thanks so much, there is any library like "rootbeer" for detect frida? each of this 3 link seams require long implementation. i don'n need a complete shiled against frida but like rootbeer a basic detection – Paschall 10/4, 2020 at 11:41

@Xan As a rule of thumb you can say that a "basic Frida detection" also requires only "basic measurements" to bypass this check - hence it is next to useless especially if it comes form an well known library. For such libraries within days standard Frida bypass scripts will be available. – Milne 10/4, 2020 at 12:28

@Milne correct but library like rootbeer exists anyway. – Paschall 10/4, 2020 at 13:55

what do you mean by library ? use of them, wrap the JNI and invoke the detection method/s before any pinning occurs. – Expostulate 10/4, 2020 at 14:12

@JimWest for library i mean something like rootbeer make for root detection. i'm not expert for this specific situation, i like something (if it exists) that can be easy used and (for the best) mantained and updated with improvement over detection. like rootbeer..... – Paschall 10/4, 2020 at 14:20

I think there isn't any open source lib that does detect frida like rootbeer does with detecting root. – Carmeliacarmelina 21/2, 2021 at 2:27

This article was useful for me (the vantagepoint link mentioned above does not redirect to the article anymore): web.archive.org/web/20181227120751/http://www.vantagepoint.sg/… – Hoenack 18/4 at 15:23

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags